Tuesday, June 2, 2009

Intuit Into It (PayCycle) for $170 Million

Intuit Buying PayCycle for $170 Million
Posted on: June 2nd, 2009 | PIN Payments News Blog

Intuit Inc. (Nasdaq: INTU) has agreed to acquire PayCycle Inc., a Palo Alto, Calif.-based provider of online payroll services, for approximately $170 million in cash. PayCycle had raised nearly $30 million in VC funding since 2000, from firms like August Capital, CCP Equity Partners, DCM, Irwin Ventures and Total Technology Ventures. PayCycle was advised on the sale by Raymond James & Associates.


Intuit Inc. (Nasdaq: INTU) has signed a definitive agreement to purchase PayCycle Inc., one of the nation’s fastest-growing online payroll services, serving more than 85,000 small businesses. The cash transaction is valued at approximately $170 million, subject to adjustment. Privately held PayCycle, based in Palo Alto, Calif., is a leader in online payroll for small businesses, accountants and financial institutions.

The acquisition will give small businesses access to one of the most innovative, easy-to-use and cost-effective online payroll solutions from one of the strongest and most trusted brands in financial management software. In addition, it will provide hundreds of thousands of accountants with the ability to easily and profitably offer services as stand-alone payroll providers for their small business customers.

Customer Value

“We’ll offer small businesses a range of low-cost, high-value alternatives to expensive payroll outsourcers and time-consuming, error-prone manual payroll methods,” said Nora Denzel, senior vice president and general manager of Intuit Employee Management Solutions. “In addition, the acquisition will enable Intuit to develop and deploy the next generation of online payroll tools more quickly.”

PayCycle chief executive Jim Heeger, a former Intuit chief financial officer, said the two companies’ strengths complement each other.

“We share a common vision: using the Internet to deliver a secure and easy-to-use payroll solution to small businesses,” said Heeger. “Like Intuit, our employees are proven innovators and industry thought-leaders who develop and deliver game-changing offerings that redefine traditional ways of doing things.”

Strategic Importance

The acquisition supports Intuit’s strategic goals in two ways.

First, it underscores the company’s connected services strategy, which is designed to give customers online access to its products and services. Today, Intuit derives more than half its total revenue from connected services offerings.

Expanding the online capability of its payroll offering advances Intuit’s move into the “software as a service” markets for small business. As a result, the company expects to accelerate the growth rate of its overall payroll business.

In addition, PayCycle’s partnerships with financial institutions are expected to extend Intuit’s ability to offer integrated payroll solutions to an even larger set of partners and deliver a simple payroll solution to a greater number of small businesses.

Terms and Conditions

The transaction is expected to close during the third quarter of calendar year 2009 and is subject to regulatory review and other customary closing conditions. Intuit expects the acquisition to reduce its GAAP earnings by approximately 2 cents per share in the fourth quarter of fiscal year 2009. Intuit does not expect the acquisition to have a material effect on fiscal year 2010 earnings. After the transaction is complete, PayCycle will become part of Intuit’s small business group. PayCycle CEO Heeger will serve as a strategic advisor to Intuit for six months to help ensure a smooth integration of the two companies.

About Intuit Inc.

Intuit Inc. is a leading provider of business and financial management solutions for small and mid-sized businesses; financial institutions, including banks and credit unions; consumers and accounting professionals. Its flagship products and services, including QuickBooks®, Quicken® and TurboTax®, simplify small business management and payroll processing, personal finance, and tax preparation and filing. ProSeries® and Lacerte® are Intuit’s leading tax preparation offerings for professional accountants. The company’s financial institutions division, anchored by Digital Insight, provides on-demand banking services to help banks and credit unions serve businesses and consumers with innovative solutions.

Founded in 1983, Intuit had annual revenue of $3.1 billion in its fiscal year 2008. The company has approximately 8,000 employees with major offices in the United States, Canada, the United Kingdom, India and other locations. More information can be found at www.intuit.com.

About PayCycle

PayCycle is America’s No. 1 online payroll service, serving more than 85,000 small businesses. PayCycle provides an easy-to-use, innovative, efficient service for small businesses, backed by outstanding customer support. PayCycle also powers payroll services for leading financial institutions including Capital One and PNC Bank, and provides client payroll services through many of the nation’s accounting professionals. The PayCycle® service integrates with leading accounting programs, such as QuickBooks®, Quicken®, Peachtree® and Microsoft® Money. PayCycle’s unique “Do-It-With-YouSM” (DIWYSM) technology platform guides customers through the entire payroll process from paycheck to W-2 forms. PayCycle also holds PC Magazine’s highest editorial honor for small business payroll, the PC Magazine Editors’ Choice Award. Visit www.paycycle.com for a free trial of the service.

, , ,

Security Top Concern for Online Bankers

Editor's Note: Had you not yet noticed, today is kindova "What's Wrong with Online Banking day" at the PIN Payments News Blog.

Today's theme is the lack of security attached to online banking and how easy it would be to fix it by adding the missing piece to the puzzle.

There's been so much news lately regarding phishing, XSS attacks, what-have-you, that it will be easy to populate this blog with stories that are no older than 3 days old... stories which "clearly" evoke the message that it's time we start doing things differently.

There will be several posts today concerning online banking.  

Here's one from the Beijing Morning Post. 

ITWeb :Security top concern for online bankers

The Beijing Morning Post in conjunction with iResearch, recently conducted a survey on consumer attitude toward the use of online payments, says People's Daily.

The survey result shows security is still the main factor that netizens take into consideration when making online payments, with 66.3% of all users surveyed considering security the most important thing when it comes to the use of online banking.

The survey indicates that 79.2% of participants currently use online banking services, while 8.46% used online banking services in the past but no longer do. 

American Banker Reports the following:

Reblog this post [with Zemanta]

Fraud Standing Firmly in the Way of Online Banking

In my ongoing onslaught of recent stories about the lack of security involved with online banking, and the repercussions of such, I bring you this story from yesterday's Crains Manchester. 

BTW:  This is just the beginning of the fallout.  It will get worse and more people and more businesses will pull back from online banking because of security fears.  Just read today's postings if you disagree.  Or at least read between the lines. 

There's only one way to secure financial transactions and that is outside the browser space. 

It's what we at HomeATM do.  We're the FIRST and ONLY company in this whole wide World to design, patent and manufacture a World Wide Web PCI 2.0 Certified PIN Entry Device.

More Good News for Financial Institutions: We've got our cost down to the point whereby you could "give it away."  The ROI could be as little as 30 days.   Want to find out more?  I'd be happy to show you how our device can not only provide ehance login security with 2FA, but also enable your online banking customers to securely pay their bills, transfer money, and make secure E2E 3DES Encrypted, Protected by DUKPT e-commerce transactions. 


Fraud fear turns firms off online banking - Crain's Manchester Business

Fraud fear turns firms off online banking
By Michael Fahy

Greater Manchester's businesses are rejecting online business banking because of the risks involved, according to accountancy firm Saffery Champness.

The firm said the risk of online banking fraud, which increased by 132 per cent last year to £52.2m according to industry association Apacs, is putting SMEs off from using online account facilities, despite being encouraged to do so by the high street clearing banks.

“Bosses are suspicious of online banking because this key control is often unwittingly removed when access to online facilities is delegated to another person,” said Simon Kite, a partner in the Manchester office of accountancy firm Saffery Champness.

“The shocking thing is that banks will only compensate a business for losses if the directors can show the bank has been negligent with its online banking facility.

Reblog this post [with Zemanta]

Down Goes HSBC - ATM & Online Banking Systems Fail

HSBC has launched an investigation after systems failed at the weekend leaving customers unable to withdraw cash from ATMs. Online banking was also down.

"HSBC would like to apologize to those customers that were affected by issues relating to its ATM network over the weekend. A full investigation is currently underway to establish the main cause of the problem," said HSBC.

One reader said when he tried to withdraw money from a Lloyds ATM he was greeted with the message "Unable to perform this function, please contact your card holder."

When he contacted NatWest he was told he had exceeded his daily card limit.  Fearing he had been defrauded he tried unsuccessfully to go online. He telephoned HSBC and was told all HSBC UK customers were unable to access their funds electronically and that it was working to fix the problem.

HSBC said the investigation could take several weeks.
Continue Reading at ComputerWeekly.com

, ,

Something Phishy About Not Using PCI Certified 2.0 2FA for Online Banking

Something Phishy About Bank's Not Using 2FA from HomeATM

Researchshows that most online banking sites have inbuilt flaws which couldpotentially put valuable customer data into the wrong hands.

Now there is a way (since March 17th, 2009) to vastly increase the security of online banking. 

HomeATMengineered AND manufactures the world's FIRST and ONLY PIN Entry Devicesolely designed for online authentication and eCommerce to achieve PCI2.0 certification.  What that means is:

Banks now have achoice.  They can use what many consider to be a very obsoleteUserName/Password login OR they can provide a methodology which safelyand securely authenticates their online banking customers withtwo-factor authentication. 

Logging on to a bank's online banking site is now quick/convenient and easy.

Bank customers would simply swipe their bankcard through HomeATM's SafeTPIN device and enter their bank assigned PIN. 

HomeATMis proud to introduce the security of "True" 2FA (two-factorauthentication) to the online banking community AND provide the impetusfor banks to procure more online banking customers via the allure ofthe most secure online banking platform in the industry.

I don'tmean to oversimplify how easy it would be for a financial institutionto implement "True 2FA" with HomeATM's device, but it's unavoidable.

To keep it short, I'll provide but one recent fact from Gartner Research:
According to research firm,Gartner, banks, online payment organizations and other financialinstitutions are bearing most of the financial cost of phishingattacks.  (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.) 

The average loss was $350 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved.  (That's $196 to the banks and $154 to the consumers)  "The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner.  (Yes, the very same Avivah Litan who says "never" enter your PIN on the Internet unless it's hardware based)
Guess what?  The HomeATM "SafeTPIN" device would not only eliminate "phishing attacks" but it would also eliminate the threat of "cloned cards," "cloned bank sites", AND provide "True 2FA." for online banking customers. 

Additional benefits include empowering online banking customers with the ability to perform:

  • Person to Person Money Transfers,
  • Bill Payment Online (with "True PIN" vs. PINless Debit)
  • Secure online transactions with online retailers.
As I said, I don't mean tooversimplify WHY they banks should investigate our solution further,but sometimes the simplest things in life are the best...aren't they?

In closing out this week's edition of the PIN Payments News Blog, 'll state one more "food for thought" item. 

According to a trustworthy source, Bank of America spent $129 Million on PCI DSS compliance last year. 

Now I'm not saying that our SafeTPIN device would eliminate the entire cost of PCI DSS compliance, BUT...on account of how we are "already" PCI 2.0 PED certified, any bank that utilizes our device for "True Two Factor Authentication" during the log-in process, would effectively be removed from the scope of PCI DSS requirements. 

  • at least for their online banking application
  • and Bill Pay
  • and online eCommerce Transactions
  • and Money Transfers
So...to anybody out there that knows some high level banking executives...pop me an email and let's talk. 

I'll make you some serious money, save the bank's some serious money, enhance the banks' image AND provide consumers with the peace of mind knowing that their financial information is secure!

Consumers fear financial security threats more than the threat of a terrorist attack (see graph on left)  

Here's a quote from:  Convenience or Security?  How About BOTH?

American's "DEFINITELY" want security.

Infact American's worry more about credit and debit card fraud than theydo about a terrorist attack...according to a new report from Unisys.

Oh...andin quantity, our device costs about 10% of what it currently costsbanks and consumers for each "phishing incident."  Simple...ain't it?

Nothing Phishy About PCI 2.0 Certified Cardholder Present 2FA!

Nothing Phishy About PCI 2.0 Certified "Card Present 2FA"

Attn: Banking Institutions:  The phishing problem can be immediately solved with "Card Present" Two Factor Authentication.  And two of the steps are already in place.

1: Bank issues Card, 
2. Bank Issues PIN, 
3. Bank Issues HomeATM's iSwipe. ($12.00...less in quantity) 

A: Customer Swipes Card
B: Customer Enters PIN. 
C: Log-in authenticated, phishing problem solved. 


The growing popularity and success of Internet banking has brought on unprecedented attacks from gangs of well organized cybercriminals, according to AIB today.

For example, the number of phishing attacks on AIB in April 2009 surpassed the total number experienced in the whole of 2008, it said.

Online banking is growing in Ireland with AIB's Internet Banking service showing continued growth with over 570,000 customers (up 18pc) now regularly banking online. The number of transactions completed online also continues to grow strongly (up 27pc) in 2008.

HomeATM eliminates phishing attacks completelybecause the user MUST authenticate themselves by 1. swiping their bankissued card and 2. entering their bank issued PIN.  So even if thephisher obtained the Primary Account Number (PAN) and the Personal Identification Number(PIN) they would still be unable to log-in without physically swipingthe card.  (Editor's Note:  It is highly unlikely anyone could obtainboth the PAN and the PIN, I just use that to demonstrate how secure our2FA log-in is.  It's not only two-factor-authentication,it's "card present" 2FA.  What the world needs now is "Card Present ina Card Not Present World."  It really is that simple.  See "Something Phishy About Bank's not Using Card Present 2FA"
Reblog this post [with Zemanta]

Online Banking Phishing Scams (since Saturday)

Here's just a small (and recent) sampling of some of the Phishing Attacks experienced by Online Banking Customers, all of which could be solved by HomeATM's PCI 2.0 Certified PIN Entry Device...  (links provided by millersmiles.co.uk)

 Phishing Scam Target: Veneto Banca Italy Customers
21 reports:

Commonwealth Bank of Australia 30th May 2009
Urgent Notification

"As part of our security measures, we regularly screen activity in Commonwealth Bank Australia system."
Cahoot Bank 30th May 2009
Cahoot Internet Banking Security Information

"Toensure you are always protected, we are introducing a new programme onsecurity called BankSecure-cfx-09 and you'll see a number ofinitiatives that will be put in place to enhance your Internet bankingexperience."
Cahoot Bank 30th May 2009

"DearCustomer, We are Using this medium to Notify you of the ongoing OnlineFraud on our Website, You might not always be aware of it, but we spenda lot of time in the background making sure you're safe."
Commonwealth Bank of Australia 31st May 2009
Important message from the Commonwealth Bank!

"Werecorded a payment request from "Internet Friends Network -iFriends.net-Girls Show" to enable the charge of AU$317 on your account."
Egg Bank 31st May 2009
You Have One Unread Message On Your Online Banking Account

Bank of America 31st May 2009
Bank of America Alert: Important Message Alert!

"Due to the high number of fraud attempts and phishing scams, it has been decided to implement EVSSL Certification on our Internet Banking website."
Commonwealth Bank of Australia 31st May 2009
Customer Satisfaction Survey.

PayPal 31st May 2009
Paypal Member Notification

"Security Center Advisory!"
Cahoot Bank 31st May 2009
Cahoot Bank-Your Account Is Temporarily Suspended

"Cahoot Bank temporarily suspend your account."
Alliance and leicester Bank 1st June 2009
2009 Alliance and leicester CUSTOMER SERVICE MESSAGE

"To access your Alliance and Leicester personalized Secure Messages Center, click on the link below:"
Alliance & Leicester 1st June 2009

"We are excited to announce that…"
Egg Bank 1st June 2009
Online Security Update

"This is an important email alert ."
CIBC 1st June 2009

"We offer you secure access to your online banking and investment accounts."
Lloyds TSB Bank 1st June 2009
Your Online Banking Service Could Be Suspended.

"Whileperforming customers account maintenance and verification procedures,we have detected a slight error in your account information."
PayPal 1st June 2009
PayPal Email ID PP4896

"Your account has expired."
Alliance and Leicester Bank 2nd June 2009
Customer Notice: Your Account Security.

"Our Maintenance Division is carrying out a scheduled Direct and Digital Banking Service on all account for your security purposes."
Egg 2nd June 2009
Egg Card Security Message

"It has come to our attention that your Egg Card needs to be updated as part of our continuing commitment toprotect your online card in this year 2009 and to reduce the instance of Fraud on our website."
Abbey 2nd June 2009
IMPORTANT SECURITY NOTICE - Together We are Stronger

"Online Security Services:"
Commonwealth Bank of Australia 2nd June 2009
You have one unread message

"You have one unread message from NetBank"
Bank of America 2nd June 2009
Digital Certificate Updating Procedure

"Bank of America Direct Digital Certificate Updating Procedure"
AOL 2nd June 2009
Important: Billing Confirmation 331858*

"If you could please take 5-10 minutes out of your onlineexperience and update your personal billing records so you will not run intoany future problems with the online service."

To see the Top 100 Phishing Scams from May 15-30th, click here
Reblog this post [with Zemanta]

Latest Trojan Steals Login Before Bank Website Can Encrypt

Editor's Note:  Look what came across my desk AFTER I decided to dedicate a day to the perils of online banking!  I've said all morning, Don't Type, Swipe, but naysayers are like, "C'mon, if it wasn't safe, then why would they be doing it that way?  To which my reply is a chuckle.  Because it's convenient!  That's why. 

May I humbly suggest, I'm Right, they're Wrong, and everyday there's more evidence that the missing piece to the puzzle is HomeATM.

The Latest Incarnation (Trojan) Can Steal Internet Banking Login Information Before the Bank's Website Can Encrypt It.

Editor's Note:  Yeah, because you let your customer "type" in their login information. If your customers "don't type" the hackers "can't swipe."  Fortunately, your customers can.  An exponentially better approach to authenticated log-in.  "Swipe" the "bank issued" bankcard, and then securely enter the "bank issued" PIN.  The cardholder data is instantaneously "encrypted" (meaning it's never in the clear) so the hacker can't get to it "before" it's encrypted.  With HomeATM you are in the clear, because your data never is.  Today's theme... "onliine banking is so weak it's time they showed the strength to admit they were wrong" continues...

June 2, 2009
Trojans target online banking
By Tan Weizhen

THE big Singaporel banks - DBS, OCBC and UOB - have once again beentargeted by the latest trojan horse computer program, which trickscustomers into revealing their Internet banking passwords.
Late last month, banks were alerted to the trojan, which could gain scammers access to customers' accounts.
UOB Bank warned on its website that scammers may be able to'make unauthorized funds transfers within a short period of time.'

DBS Bank had reportedly more than a million Internet bankingcustomers as of last month. The other two banks declined to reveal howmany they had.

The three banks last came under attack by trojans - computerprograms infiltrating users' computers - in December, but this latestincarnation can steal Internet banking login information even beforethe bank's website can encrypt it. 

Continue Reading

Reblog this post [with Zemanta]

28% of Chinese Consumers Reduced Online Banking on Security Fears

Study: Fearful Chinese Cut Online Banking
Cardline Global  |  Tuesday, June 2, 2009

Nearly28% of Chinese consumers have reduced their online banking and paymentactivities over fears that their personal information could becompromised, according to a report last month by iResearch Consulting Group.

TheBeijing research company found that 63% of consumers said they arebeing more careful about using the Internet for financial activitiesand 3% said they no longer do any banking or shopping online.

However, 18% of respondents said phishing activities and other online scams have had little impact on their financial habits.  The research firm surveyed 2,328 consumers in March.

Reblog this post [with Zemanta]

Costin: Online Banking Needs More Defense Against Phishing

Kaspersky - e-banking Needs More Defense against Phishing Attacks - SPAMfighter

Chief Security Expert of Kaspersky Lab EEMEA, Costin Raju, claims that out of the thousands of Trojans discovered by Kaspersky Lab daily, 1/3rd attack e-banking.

Costin further adds that banks should provide more protection to their customers against these Trojans.  (Editor's Note:  I would further add the it's "Costin" the banks $350 per phishing attack)

At the ITWeb Security Summit held in Midrand (South Africa) on May 26, 2009, Raju states that malware has tremendously augmented for the last few years, causing a severe trouble as security firms could not raise the number of analysts.

Despite the fact that banks worldwide are coping with the economic slowdown, Raju says that this is not the time for them (banks) to reduce their security resources regardless of gloomy economic forecasts and cash flow issues. He says that though security expenses have minimized, online financial dealings are not reducing.

Banks have lessened their physical security expenses in today's economic slowdown time and it alarms Raju that online security will also follow the same trend. IT security estimates between 5% and 12% of the whole IT spend. As the IT expenditure comes down, security also suffers along with everything else.

The closure of many international financial institutions has also aggravated the trouble and carried it with a latest ambush of phishing attacks. Raju states that customers, who are unsure about whether their
funds invested in one of these institutions will be paid back or not, are prone to become victims of these phishing attacks. These customers are more likely to reply to phishing mails claiming they will not get
their money back if they do not furnish their online information within 1 day.

Some other security experts also acknowledge that this is one of the methods hackers use to make money. They employ malware to trace passwords typed through a keyboard, phish for private account details and finally redirect online banking customers to fake sites made to gather login and password information.

Further, Trojans also employ screenshots, taking each mouse click on the virtual secure keyboard. (oops, does that mean that a "floating PIN Pad" which uses "mouse clicks" is not* safe?) * denotes sarcasm
Hence, Raju recommends that banks should be frank with their customers and not only accept them (attacks) but also provide suggestions and guidelines to curtail these dangers.

Editor's Note:  Let me "B. Frank" with the online banking community.  If your customers "don't type" the fraudsters "can't swipe."  The only one's doing the "swiping" will be your customers, and that's okay!  Because when "they" swipe, the data is never in the clear.

End Result?  HomeATM eliminates phishing, eliminates the threat of "fake sites" (or official looking sites) and your customers are in the clear...not their card data.  Got IT?

Reblog this post [with Zemanta]

Clearly Puzzlin' Evidence

CommBank cops sustained online fraud attack - Security - Technology - smh.com.au
Asher Moses
June 2, 2009 - 3:25PM

Commonwealth Bank customers are being inundated with phishing attacks, some at a rate of several scam emails a day, sent by cyber criminals seeking to steal passwords and credit card details.

The scammers, who are specifically targeting the bank in a sustained assault, are bombarding customers with several clever variations of the email ruse - such as using bogus call centres - in an attempt to hook even tech-savvy web users.

The emails have largely managed to evade spam filters using methods such as images instead of text.

Commonwealth Bank spokesman Steve Batten said the bank was working closely with the Australian Federal Police's Australian High Tech Crime Centre to track down the scammers. However, the bank appears to be losing the war.  

"As soon as we close them down they are opening up elsewhere," Batten said.

This is backed up by figures from the Australian Payments Clearing Association, which reported a 33 per cent increase in both the volume and value of fraudulent online payments in Australia for the year ended December 31, 2008.

The scam emails, which look authentic and include the Commonwealth Bank's logo, try to trick the victim into handing over sensitive information by telling them they need to unlock an account, activate a card, claim a fee refund, update internet banking details, view an important security message or complete a survey in exchange for payment.

When the victim clicks on the link in the email, they are either infected with a password-stealing virus or presented with an official-looking page that asks them to enter their details, which are then harvested by the fraudsters.

Continue Reading

Editor's Note:  An "Official Looking" page is officially "USELESS" if banks "required" their customers to "Swipe" their "bank issued" card and Enter the "bank issued" PIN.

Banks wouldn't be "losing the war" they would be closing down the "Phisheries." 

With HomeATM's PCI 2.0 Certified PIN Entry Device, the card holder data is NEVER in the clear. 

End Result:  Our SwipePIN device eliminates the threat of "phishing" it eliminates the threat of a "cloned website"  (i.e. "official looking page") and it enhances security for online banking with 2FA, 3DES E2E Encryption protected by DUKPT. 

I'm relatively "puzzled" as to banks don't see this as clearly as hackers see cardholder data.

, ,

XSS Hits Barclays & HSBC

Plague of web bugs descend on British sites • The Register
Plague of web bugs descend on British sites:  HSBC & Barclays bitten

Dan Goodin reports from in San Francisco

It's been a busy week for high-profile web vulnerabilities, with discoveries of careless bugs on the sites of three British companies.
Online banking sites for HSBC and Barclays Group and the website for The Telegraph were caught with their pants down, as hackers published screenshots and other details that showed all three were susceptible to attacks that could compromise the security of people who visit the properties.

The XSS, or cross-site scripting, errors on HSBC were still present on a variety of HSBC sites on Monday afternoon California time, some 48 hours after the XSSed blog first reported them. The bugs allowed attackers to inject javascript and content into HSBC websites simply by tricking a user into clicking on a specially manipulated web address.

"Malicious people can exploit these bugs to conduct phishing attacks and infect bank customers and site visitors with crimeware," the blog warned.
Continue Reading at The Register UK

, , , , , ,

Disqus for ePayment News