Tuesday, July 14, 2009

Verient and DCS Introduce Customized Payment Product

DCS and Verient introduce instant issuance of customized payment products

Englewood, Colo., July 14, 2009 -- Dynamic Card Solutions (DCS), the leading instant card issuance, PIN selection and PIN change provider for financial institutions, and Verient, a leading developer of technologies and products for customizing multiple payment choices, today announced a technology integration that allows financial institution customers a more convenient and secure way to create an advanced payment customization program. By combining DCS' CardWizard® instant issue software and Verient's flagship InfiniPAY™ payment customization platform, financial institutions can now instantly offer their customers highly tailored multiple payment products from a single cardholder account.

DCS' patented CardWizard software and Verient's patent-pending InfiniPAY™ platform can be securely integrated into financial institutions' card management systems and online banking portals. Consumers can simply sign on to their banking website and, through Verient's software application, create a "Made-to-Order" payment product with the features and parameters they require. Customers will be able to use any of their accounts, such as credit card, checking, savings or home equity line of credit, and can create multiple payment products in a variety of form factors, including a physical card, contactless sticker or NFC chip on a mobile phone.

Delivery of the "Made-to-Order" payment card is simple. Once the payment controls and parameters have been set up by the customer, Verient's InfiniPAY™ platform works in conjunction with DCS' CardWizard instant issue software and associated hardware to instantly issue the card or other payment form factor at the branch location. DCS' CardWizard software interacts with Verient's InfiniPAY™ platform to securely transfer all the data and then personalize it onto an associated plastic, fob, sticker or other NFC-chip enabled device. Customers can simply walk into their full service location and immediately receive their "Made-to-Order" payment product.

Within Verient's InfiniPAY™ application, each card or other payment form factor has a unique pseudo number and can have unique controls defined by each individual customer, such as authorized amount, merchant type, location, time and channel of use, as well as activation and expiration date. For example, a customer who is traveling internationally can create a card that is linked to their bank or credit card account and set it so that it can be used only in specific countries at specific times; a customer can ask for a card product to be used only in a specific merchant type(s); or a parent can create a card for a child with full parental control. The solution works seamlessly with the merchant and financial institution legacy systems, and the unique pseudo number protects against fraud and identity theft because the merchant never receives the customer's original account number. In addition, customers can instantly change control parameters on the "Made-to-Order" card through a web browser, by sending an SMS message, or though an interactive voice system.

"We are pleased to be integrating Verient's InfiniPAY™ platform to CardWizard and offering financial institutions another way to increase customer service and satisfaction through our instant issue platform with "Made-To-Order" cards," said Ron Zanotti, senior vice president of DCS. "We live in a high-tech, high service, instant information and gratification society. A customer waiting for their cards to arrive in the mail five to 10 days after they order them just doesn't make sense today, especially if the financial institution has a branch delivery network. Consumers want everything quickly and instant issue gives them what they want."

"Integrating our innovative InfiniPAY™ platform with the industry leader of instant card issuance, Dynamic Card Solutions, provides financial institutions with a powerful combination they cannot find anywhere else," said Rajesh Shakkarwar, founder and chief executive officer of Verient. "Today's customers ask for instant, highly customized solutions and now they will be able to create multiple cards or other payment form factors each one tailored to their unique and individual needs and delivered on demand."

For more information about Verient's payment customization platform, please visit www.verient.com .

For more information about DCS' instant issue technology offerings, please visit www.instantissuance.com .

About Verient

Verient develops technologies and products that enable financial institutions and merchants to customize payment choices for their customers, thereby offering more convenient and more secure transactions for both Internet and in store purchases. This capability results in the capture of additional customer payments for the financial institution, thus increasing revenue, while at the same time reducing fraud losses.

The Verient InfiniPAY™ platform is compatible with existing merchant acquirers, card and EFT networks as well as financial institutions' legacy authorization and settlement systems. Verient's unique architectural approach (one issued and nine pending patents), and software-as-a-service model, provides financial institutions a fast, easy and economical path to offering payment options specifically tailored to customer needs.

Verient is located in the heart of Silicon Valley and is funded by DoCoMo Capital and Global Catalyst Partners. For more information about Verient, please visit our Web site at www.verient.com .

About Dynamic Card Solutions

Founded in 1996 and a wholly owned subsidiary of Dynamic Solutions International, Dynamic Card Solutions (DCS) develops instant issuance and PIN selection solutions for banks, credit unions and retailers that issue EMV, contactless and magnetic stripe cards. DCS is the leading instant issuance provider for Visa® and MasterCard® debit cards. The company offers fully integrated solutions that allow financial institutions and retailers to quickly and securely issue debit, credit and ATM cards instantly at branch or store locations. Issuing cards instantly increases customer service, card sales and revenue, and eliminates current card issuance costs. DCS' system includes a user-friendly administration component that provides full reporting, card inventory and more. All solutions utilize encryption and are compliant with recommended security procedures for instant issuance. For additional information, call +1 303.754.2000 or visit the Dynamic Card Solutions Web site at www.instantissuance.com .

Source: Company press release. 

Reblog this post [with Zemanta]

4 Out of 5 Households Use Online Banking and Subject to Phishing Attacks

Fiserv Survey Shows Online Banking Growing, Now Used by Four of Five Online Households

Paperless e-bills also growing in popularity, with many citing environmental benefits

Editor's Note: Now we need to secure the environment in which they conduct e-transactions as Username and Password is passe'.  Phishing is a growing threat, as are cloned websites, DNS attacks and malware which "swipes" log-in credentials.  Again, Bank issues card and the Bank issues PIN.

Therefore there is only one issue to contend with...and that's securing online banking log-in with a secure two-factor-authentication which 100% replicates accessing an ATM.  With the HomeATM, consumers can do exactly that.  The HomeATM can be "issued" to a bank's online banking base for a mere fraction of the cost they currently spend on fighting phishing threats (or reimbursing customers who are subject to sucessful phishing attacks.

Click here to request more information on how our PCI 2.0 Certified PED can empower your financial insitution and protect your valuable customers.   Here's Fiserv's Press Release concerning their online banking and bill payment study:

BROOKFIELD, Wis.--(BUSINESS WIRE)--Fiserv, Inc. (NASDAQ:FISV), the leading global provider of financial services technology solutions, today announced that more than two million U.S. households adopted online banking and bill payment during the last year, according to a recent consumer survey. A total of 69.7 million households, representing four out of five households with Internet access, now use online banking services, primarily to access balance and account history and transfer money between accounts. In addition, 64.4 million households pay at least one bill online, either at a bank website or directly at a company website.

The Fiserv-sponsored survey – which reflects the habits of the 88.2 million households in the United States with Internet access - was conducted by The Marketing Workshop and Harris Interactive. Fiserv has conducted the Consumer Billing and Payment Trends survey since 2001.

“We believe that consumers will continue to conduct more and more of their financial activities online,” said Geoff Knapp, vice president, Online Banking & Consumer Insights, Fiserv. “Online banking and bill payment is a free service, and a convenient and environmentally friendly way to bank. Consumers are actively becoming fans of the user-friendly, secure services financial institutions are implementing.”

To view a video of Geoff Knapp discussing the most significant findings of the Consumer Billing and Payment Trends survey, visit www.fiserv.com/trends.htm.

With today’s hectic lifestyles, consumers are looking for faster and easier ways to get things done, and it is estimated that people who pay their bills online save five hours a year compared to those that pay using checks. Of those surveyed, 41 percent of current online banking users indicated they planned to pay more bills online at their financial institution’s website in the coming months, while 35 percent of those who pay bills directly at company websites said they planned to pay more bills online at those sites.

Benefits of Online Bill Payment

The survey examined the reasons people choose to pay bills online and determined that the leading benefits are:
  • Speed – 79 percent of consumers said that they preferred to pay bills online because it was faster than other payment methods.
  • Ease of Use – 72 percent of consumers said paying online was easier than paying by check.
  • Cost Savings – 71 percent of consumers said they liked saving money on stamps.
  • Control – 71 percent of consumers said that paying bills online gave them more control over the timing of their payments.

Environmental Concerns Drive Use of Paperless E-Bills

While any bill can be paid online, regardless of how it is received, a growing number of consumers are also adopting paperless electronic bills (e-bills). E-bills contain the same information as a typical paper bill, but are delivered directly to a consumer’s online banking account or a company website. According to the survey, 24 percent of consumers who pay bills online also receive at least one bill online each month, up from 22 percent last year.

Fifty-eight percent of e-bill recipients said that environmental impact was either important or very important in their decision to view and pay bills online, up from 51 percent last year.

Consumers also cited convenience and clutter reduction as reasons to receive their bills online. Fifty seven percent of consumers said they had lost a paper bill in the mail, while 64 percent admitted to losing a paper bill in their own home – inconveniences that many indicated made them receptive to receiving paperless e-bills online.

Impact on Relationship with Financial Institution

According to the survey, consumers who pay bills online at a bank website are more likely to continue banking with their bank, as well as encourage others to join their bank.

  • 49 percent of consumers who use online bill pay said they are less likely to switch banks due to their experience, up from 43 percent last year.
  • 67 percent of online bill pay users would recommend their bank to a friend or relative.
  • Over a period of three months, 38 percent of online bill pay users recommended the service to others. Those recommending the service did so an average of two times.

Proving the power of a personal recommendation, the bank branch was cited as the most influential source of information leading to enrollment in online bill payment.

Impact on Relationship with Billing Company

Similarly, electronic billing and payment helps improve customer satisfaction and retention with the company from which the bill is received. Consumers receiving a bill electronically at their bank are 30 percent less likely to leave the company from which they receive the e-bill. Additionally, customers receiving an e-bill at the company’s own website are 28 percent less likely to leave. Importantly, customers receiving e-bills via their bank continue to visit the company website—56 percent of them go to the biller’s site six or more times annually. Billing organizations can thus reap the cost-savings and customer loyalty benefits of delivering e-bills to financial institution sites, while maintaining a strong branded relationship with the many bank e-bill customers who will continue visiting the company’s own site.

The Consumer Billing and Payment Trends survey is an initiative of Consumer Insights from Fiserv. Consumer Insights is an example of Fiserv's customer and channel management core competency, and shares findings from primary studies on consumer behavior with Fiserv clients and industry experts.

About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.

Reblog this post [with Zemanta]

Pulling the PIN on Older Systems

Pulling the PIN on older systems

The compliance clock is ticking. It is estimated that more than 500,000 PIN entry devices (PEDs) that predate security certifications are in use in the U.S. market. These devices predate the Visa Inc. PED standard - now the Payment Card Industry (PCI) PED Standard - and were "never approved" by the card brands, which have mandated they must be removed from service by July 2010. Are you ready for that challenge and opportunity?

Liability landing

Criminals are increasingly targeting older, unsecure PIN pads and terminals as a relatively easy means to gain access to cardholder data. The liability for these attacks is being placed with greater frequency squarely at the feet of merchants and acquirers.

The 2009 Verizon Business Data Breach Investigations Report examined 98 confirmed data breaches that compromised almost 300 million consumer records. Of the organizations victimized, 81 percent were not PCI Data Security Standard compliant, according to Verizon Business.

PINs beguiling

While many of these breaches had nothing to do with PIN pad compromises, obtaining PINs by exploiting vulnerable elements of computer networks is now the primary game in town for a number of criminal organizations.

Offending breaches range from highly sophisticated computer networking assaults to crude efforts that might be equated to "smash and grab" attacks in which criminals simply replace an existing terminal with a device that appears identical but has been bugged.

For example, according to The News Journal of Delaware, two men pled guilty in February 2009 to using a skimmer at the counter of a Rite Aid Corp. store to scoop up account numbers and PINs and use them to make counterfeit cards, with which they stole more than $500,000 from bank accounts.

Continue Reading at The GreenSheet

Microsoft Office Users Attacked by Cybercriminals

Microsoft Office users attacked by cybercriminals

  • By Jim Finkle - Tue Jul 14, 2009 4:06PM EDT
BOSTON (Reuters)

Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair.

The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.

"Despite today's fixes, Windows users continue to be under attack. Microsoft is taking two steps forward, while attackers are putting it one step back," said Dave Marcus, McAfee Inc's Avert Labs director of security research.

Hackers booby-trap websites with malicious code that loads onto computers running the vulnerable Office software. Infected PCs are commandeered into a botnet, a network of hijacked computers. They are used for identity theft, spamming and other cybercrimes.

Microsoft did not say how many machines were attacked. It estimates that some 500 million people use its Office suite, which includes Word, Excel and PowerPoint software.

The software maker said in a security bulletin that it has developed a temporary workaround for the problem, which users must manually install on PCs to protect them from attack.

A company spokeswoman said that program would soon be available through Microsoft's website. Office XP, 2003 and 2007 are vulnerable to the attacks.
Reblog this post [with Zemanta]

Man-In-The-Phone Attacks -Banking Fraud

Fraudsters innovate with “man-in-the-phone” technique

Actimize this week warned of a new telephone banking fraud where fraudsters impersonate a banking representative.

The anti-money laundering specialist said the “man-in-the-phone” (MitP) fraud is becoming popular as internet banking sites become increasingly difficult to hack.

“We’ve noticed an accelerating trend in Man-in-the-Phone attacks,” said Paul Henninger, fraud specialist at Actimize.

“We hope that by publicising this new trend, we can help reduce its impact on individuals and our banking clients.”

In a typical MitP attack, the fraudster calls up a banking customer telling them their account may have been compromised.

They tell the victim that they need to verify a few details.

The fraudster then connects the call to the customer’s actual bank while secretly recording the phone call - thereby gaining full access to the security details of the victim.

Actimize advised banking customers to avoid giving out their banking details to anyone that initiates a call.

Instead, they should tell callers that they will call back the bank to verify information., Actimize said.

In related news, research firm Javelin has recorded a huge upsurge in fraudsters using telephone banking to commit ID theft.

“Access through mail and telephone transactions grew from 3 percent of ID theft in 2006 to 40 percent in 2007,” said James Van Dyke, Javelin president.

“Fraudsters are getting creative and leveraging new techniques to commit fraud, so consumers need to be as diligent as ever in protecting their personal information.”

Click here to discuss this: Security Forums

Daily Kos Story on Massive Bank Data Breaches/Vulnerabilities

Massive Bank Data Breaches Reveal Huge Vulnerabilities

by gsadamb
Fri Jul 10, 2009 at 03:13:09 PM PDT

When we put our money into banks, there are certain assumptions that most customers believe.

The one assumption we've probably wondered the most about lately is the notion that money we put into our bank accounts is safe, even if the bank itself fails. This is the point of the FDIC, which has recently proven its ability to carry out its promise when banks failed.

But that's not what this diary is about.

A number of banks are withholding some very crucial data about an eye-popping heist that has gone on and is allowing practically unhindered access to the cash in massive number of accounts, and it reveals huge gaps and lapses in electronic financial systems that most of us assume are secure.

Most bank users have another assumption: that if they create an account, it will be secure. To wit, if I create a new checking account and put a thousand dollars in it, I should be able to access that thousand dollars, and unless I've explicitly stated otherwise, the only one who should be able to access the contents of the account is... well, me.

There may be several ways for me to access my new checking account. The most obvious is to just withdraw cash from a bank branch. Or I could write a check perhaps, or use a debit card to pay, or go withdraw money from an ATM.

The point is, all these methods require me to authenticate myself. Some methods, like checks, require very minimal authentication. But my signature is needed on any check I write, and it ultimately provides a paper trail with my bank once it's redeemed.

Clearly, though, the principle instrument of most checking accounts nowadays is the Debit card. They offer the versatility of credit cards, but are instead tied to actual funds in the holder's checking account. To use it as a credit card, it requires the holder's signature if processed on site, otherwise other security measures like the card's CVV code and holder's zip code, sasme as with normal credit cards.

Increasingly, retailers are providing the option to purchase items with the "Debit" feature of the card, which requires you to key in your secret PIN number. You also need the PIN when trying to use an ATM to pull cash out of your account. The PIN, of course, is intended to be a very personal, private piece of information. Usually at account creation, a PIN is selected, and not even the teller can see what it is.

So the debit card should in theory be quite secure: to use it to get money from an account, it follows a dual-token authentication: you must have something and you must know something. That's why a stolen ATM card should essentially be useless. Likewise, if someone snuck a peak at the PIN I was entering at a checkout stand, that's obviously useless without the card. Only the card plus the pin allows authentication.

So this system is secure, right?

Well, a close friend was recently making a purchase using her card, and the transaction was unexpectedly declined with a message asking for her to call the bank. When she got in contact with that bank, Bank of America, they informed her that her several cards had been deactivated because of a "mass compromise with Visa" and that new ones should be on the mail. Indeed, when she checked the mail that very day, there were new cards, with new numbers.

There was also a letter included, which struck me because it was sent to "Valued Customer." suggesting perhaps that these were printed in large numbers instead of customized for a small group of users. That's just speculation.

But here's the letter, which maybe can shed some light on the situation?

And so that's the explanation we get: account information may have been compromised at a third party location. What does this mean?

In a couple instances over the last few years, a couple organizations have contacted me about a personal data breach. But without exception, these notifications have always been very straightforward over what kind of breach it was, what caused it, how it was being addressed, and a feeling that at least there was a bit of transparency and acknowledgment of making a mistake.

There's none of that here though. Just silence. So I decided to see if this problem was widespread by Googling it. Turns out, a couple articles have already been written in mainstream newspapers, but it's mostly staying under the radar.

USA Today (yes, them), has run an article about this very thing appropriately entitled "Lack of answers in debit-card fraud troubling."

It's fairly disturbing:

The U.S. is in the midst of a major debit-card fraud event that is affecting dozens of banks and thousands of people.

Somewhere in the giant interconnected system of banks, merchants, and transaction processors, someone got hold of not only debit card numbers, but the PINs used to access those accounts as well.

The problem for you and me is, either no one knows where the security breach occurred or no one is telling.

When you use your card as a debit card at a point of sale, you have to swipe the card and key in your PIN. This data is encrypted and sent to a processing company that uses this data to send an electronic request to your bank yo check whether your account has the funds necessary to approve the current transaction. It then forwards the answer back to the point of sale, and the sale is completed or failed based on the answer.

The middleman clearinghouse should immediate discard the information send by the point of sale - the information containing the card number and pin. Of course, if a system in the middle were compromised, or if there was an inside job, or if there was a horrible misconfiguration, this data could end up getting stored on the server. Let's assume that a person had access to this data and also the ever important decryption key to get the decrypted data - let's say, again, because of lax security, then that person would have access to a list of card numbers and a list of corresponding PINs.

With this data, sophisticated thieves can create counterfeit cards and walk up to the nearest ATM, which will happily let you withdraw cash from the corresponding account.

This only seems to be affecting Visa cards at the moment, confirmed by some banks' randomly "upgrading" their customers from a Visa to a Mastercard.

How widespread is this?

It's unknown at this point, and instead of informing customers about a very real threat, companies are in CYA-mode, big-time. Did Visa issue a standard "We're investigating and cooperating..." message? Nope, this is their comment:

"[A]ccusing a single source of the compromise before the investigation is complete could be inaccurate and unfair," the company said in a statement.

There is so much stonewalling on this that questions about number of affected people and likely culprits are purely matters of speculation. There's been some unscientific comparisons between people who hav ebeen affected by this, and one early tentative match MAY be OfficeMax, or more specifically, the company that does debit processing for them. OfficeMax has issued a statement saying only that their systems are secure, while saying nothing about the companies it uses to handle the transaction data.

And the silence from all the financial organizations, including that banks we put our trust in, has been deafening. Numerous banks have quietly been re-issuing cards or doing massive changeovers to MasterCard, including Bank of America, Citibank, National City Bank, PNC Bank, Washington Mutual, Wells Fargo, and several smaller banks as well. To their credit, it doesn't appear as if the banks are responsible for the vulnerability, but I believe it is their responsibility to let customers know the reality of the situation.

It's amazing how stifled this information has been until now, but maybe if it starts to get some publicity, we'll start to get real information instead of generic letters and non-denial denials.
Reblog this post [with Zemanta]

An Amazon' Concept: We'll Pay You to use Us To Pay

Win the Amazon Payments prize

With the third annual 2009 AWS Start-Up Challenge,Amazon Web Services (AWS) is looking for the most promising start-upsthat can grow into significant, meaningful, and lasting companies thatleverage AWS to build its infrastructure and business. Start-ups in theUnited States, United Kingdom, Germany, and Israel are encouraged toapply for a chance to win $100,000 in combined AWS cash and credits.

Thisyear, AWS has included an exciting prize from Amazon Payments for theAWS Start-Up Challenge finalist with the most creative monetizationstrategy and use of Amazon Payments solutions. Winner of the AmazonPayments prize will go home with $10,000 in combined cash and AmazonPayments credits.

How does it work?
  • To enter, complete the online application by August 26, 2009.
  • Thejudges will review all applications and choose finalists based on thefollowing criteria: originality and creativity of the idea, likelihoodof long-term success and scalability, how well it addresses a need inthe marketplace, implementation of payments functionality, quality ofpresentation, and implementation of AWS infrastructure services and/orother paid services.
  • The Amazon Payments winner will bechosen based on the most creative use of Amazon Payments solutions toenable their revenue model. The monetization model will be judged onthe following criteria: implementation and integration of AmazonPayments solutions – Amazon FPS or Amazon Simple Pay, creativity and originality, and overall customer experience of the payment implementation.
See details, terms and conditions.

Get Started
Choose the Amazon Payments solutions right for your revenue model to get started today!
Submit your entry

Reblog this post [with Zemanta]

Mi-Pay Mobile Money Focuses on Africa

Mi-Pay paves the way for African success

London, July 14, 2009 -- Mi-Pay, the global mobile money company, is building on its African achievements by confirming three new contract successes, which it expects to announce in detail over the next few months.

With its international and domestic remittance services going live in North and West Africa; and a multi country roll-out of its agent-based, person-to-person, mobile money service already underway, Mi-Pay is fast emerging as a key partner and preferred supplier for operators and banks as they seek to make financial services accessible to Africans across the Continent.

As CGAP* predicts developing markets will see more than 120 mobile money implementations by the end of the year, creating a mobile financial services business that will reach $5 billion by 2012, Mi-Pay confirms demand for its solutions are growing across Africa. Indeed, the company foresees a new era of social and economic development for the region facilitated by mobile money services.

Norman Frankel, CEO of Mi-Pay, explains, “With mobile penetration at over 270 million, there is now a viable springboard to service Africa’s unbanked, which currently stands at around 75 per cent of the population. The demand and infrastructure is here and, with the growing presence of companies like Mi-Pay, the expertise to implement change is now here too. We are, effectively, the operational ‘glue’ that will unite banks and operators; providing them with more flexible, commercially viable and sustainable mobile money business models that carry less risk and bring more benefits than ever before.”

About Mi-Pay

Mi-Pay the leading mobile money company, provides an innovative range of products and services that enable consumers around the world to undertake safe and secure financial transactions from their mobile phones. With its International HQ based in the UK, Mi-Pay recognises the need to be local as well as global and has offices and operations in Dubai, Romania, and India, bringing a global perspective to the provision of secure transactions from the consumer’s handset through to settlement. Mi-Pay has vast expertise and service offerings that span mobile money transfer, mobile initiated payments, mobile banking, and pre-pay top ups. For more information visit: www.mi-pay.com .

Source: Company press release.

Reblog this post [with Zemanta]

EV SSL Sessions are Safe...Yeah Right! Part Deaux

Security is only as strong as the weakest link in the chain, and I'd be willing to bet you have come across a "broken link" or 100 while browsing.  Can you make the connection?  The web is NOT a safe place for eCommerce transactions.  They say it is, heck there was the https, then the SSL and after those were all breach they came up with EV SSL.  Well, what's next?  How about just realizing that hackers will get past any security you can come up with...unless it's done outside the browser space. 

In a post from last week entitled: "
EV SSL Encryption Is Safe! "Yeah...Right!" I talked about how https = httBS, how SSL is SOL and that  EV Sessions are EZ targets for Hijacking ...here's more on the subject from DarkReading

Researchers To Release Tool That Silently Hijacks EV SSL Sessions - DarkReading

Researchers To Release Tool That Silently Hijacks EV SSL Sessions
Black Hat USA session will demonstrate new man-in-the middle attacks on Extended Validation SSL

Jul 13, 2009 | 04:37 PM  by Kelly Jackson Higgins - DarkReading

If you think you're safe from man-in-the-middle (MITM) attacks as long as you're visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user's session on an EV SSL-secured site.

Mike Zusman and Alex Sotirov -- who in March first demonstrated possible MITM attacks on EV SSL at CanSecWest -- will release for the first time their proxy tool at the Las Vegas conference, as well as demonstrate variations on the attacks they have discovered. The Python-based tool can launch an attack even with the secure green badge displaying on the screen: "It doesn't alert the user that anything fishy is going on," says Zusman, principal consultant at Intrepidus.

All it takes is an attacker having a non-EV SSL certificate for a Website, and he or she can hijack any SSL session that connects to it. That's because the Web browser treats the EV SSL certificate with the same level of trust as an SSL domain-level certificate. "There's no differentiation between the two certs beyond the green badge," Zusman says. If an attacker has a valid domain-level certificate, he can spoof EV SSL connections and execute an MITM attack, with access and view of all sensitive data in the session -- all while the unsuspecting victim still sees that reassuring green badge displayed by his browser.

Continue Dark Reading

Reblog this post [with Zemanta]

Get Prepared for iPhone Security Threat

Organizations unprepared for iPhone security threat

A new survey conducted by Vanson Bourne reveals that companies arefailing to appreciate the risks attached to iPhone use among employees.The survey quizzed senior IT decision-makers in medium-to-large firmson their attitude towards the security threat posed by the iPhone.

The survey revealed that while 65 per cent of IT decision makersrecognised that unauthorized users could access valuable company datathrough the iPhone, 64 per cent said they had not taken any steps tosecure company data against this threat.

Given the high number of companies with inadequate protection againstdata breaches via an iPhone, the survey also revealed that 40 per centof businesses knowingly allow staff to download company data ontoremovable devices without any security provision.

Continue Reading at NetSecurity

Reblog this post [with Zemanta]

Debit Cards Gain in India

Debit cards gain ground in India

Debit cards gain ground in India

Debitcards continued to gain in popularity in India in the 2008/09 fiscalyear to 31 March with the number in issue at the end of the periodstanding at 137.4 million, up 34.2 percent compared with the end of2007/08, according to the Reserve Bank of India (RBI).
The number of debit card transactions increased at an even faster pace, rising 44%...

Reblog this post [with Zemanta]

SmartStream Moves Swiftly with TLM OnDemand

SWIFT And Smartstream Partner To Reduce TCO 

Customers can reuse their existing SWIFT infrastructure to process reconciliations with SmartStream’s TLM OnDeman
Dubai City Guide: SWIFT and SmartStream, thefinancial Transaction Lifecycle Management specialist, have partneredto enable financial institutions to communicate with SmartStream’s TLMOnDemand reconciliation service via SWIFT.

Existing SWIFT customers can reuse their SWIFT infrastructure to useSmartStream’s service, reducing transaction breaks, operational riskand time to process transactions, while maximising their return oninvestment and minimizing total cost of ownership (TCO).

TLM OnDemand is SmartStream’s Software as a Service (SaaS) offering forreconciliations. Its subscription-based approach requires no upfrontexpenditure on software licences and a rapid on-boarding processdelivers a live service in a matter of weeks.

This non-exclusive partnership is a strong example of the kind ofcollaboration between key providers of solutions, services andconnectivity that will ensure SaaS delivers financial institutions atrue step-change in the performance and efficiency of their coreoperational processes. SWIFT will forge similar partnerships with otherproviders of SaaS solutions where there is a clear benefit to the SWIFTcommunity.

SaaS enables financial institutions to access software solutions in acost-effective way, eliminating the burden and cost of in-housemanagement and maintenance of applications and giving firms flexibilityand agility in the way they deploy software.

TLM OnDemand’s transaction-based pricing model offers a low-cost routefor investment managers and banks to access a market-leadingreconciliation solution. It enables SWIFT customers to automate theirreconciliations to cost-effectively reduce transaction breaks, drivingdown their cost per transaction and minimising operational risk. TheSWIFT network provides the highest levels of security and reliability,and enables standardised communication with TLM OnDemand.

Continue Reading at Dubai City Guide


SWIFT is theindustry-owned co-operative supplying secure, standardised messagingservices and interface software to more than 8,100 financialinstitutions. SmartStream Technologies works closely with SWIFT toensure SWIFTReady Gold accreditation for all of its solutions.

SmartStreamis also a SWIFT partner – the first vendor to attain that status –creating the industry’s first SWIFT-integrated SaaS reconciliationservice . This enables TLM OnDemand users to seamlessly use SWIFT Net’sFileAct and FinInForm services, to cost-effectively reduce transactionbreaks, driving down their cost per transaction and minimisingoperational risk.

Reblog this post [with Zemanta]

GM: Who Needs Car Dealerships When There's eBay?

GM Looking to eBay to Rev Up Auto Sales

Fresh from bankruptcy, GM gears up to solidify online auto sales at eBay Motors, though details remain sketchy.

InternetNews.com  By Michelle Megna
Can eBay help save General Motors?

That's the question being asked after comments by GM CEO Frederick Henderson suggested that the U.S. auto giant is working with eBay to enable customers to buy new cars online.

After GM emerged from bankruptcy protection Friday, Henderson said teaming up to offer cars on eBay Motors would help make auto purchasing more convenient.

"We're also working on new ways to make car buying more convenient for our customers, including an innovative new partnership with eBay in California to revolutionize how people buy vehicles online," Henderson said in a statement.

But eBay (NASDAQ: EBAY) responded on Friday with a statement saying no deal has been finalized, though today the online marketplace company is sounding less surprised and more positive about the GM statement.

"At this time, discussions are underway but not finalized with General Motors. We hope to support GM's new company and vision going forward," an eBay spokesperson today told InternetNews.com. "We are excited about a potential new adventure that supports GM's dealers by expanding on how they already reach consumers through new approaches."

Continue Reading at InternetNews.com

, , , ,

Test in the Works for European Card
Cardline Global | Tuesday, July 14, 2009

The Belgian retailing chain Colruyt Group plans to begin testing a new European payment card in October, according to a payments executive.

Dominque Buysschaert, the chief executive of European Payment Solutions, a Belgian processor, said last week that Colruyt would begin accepting the Payfair debit card at about five stores.

European Payment is one of the companies developing the Payfair network, which is one of several European efforts to create a card company that would compete with Visa Inc. and MasterCard as the region moves toward a common payments market.

Buysschaert said the Colruyt test could eventually expand to 10 stores, and that he expects the Payfair card to be offered outside Belgium sometime next year.

However, Belgian banks have been reluctant to offer the cards, and the Payfair cards involved in the Colruyt test will be issued by the retailer, Buysschaert said.

A second European card network could debut in October. Several major French and German banking companies are said to be backing the Monnet debit card, and said last week that they expect to create a company then that would focus on building a payments network.  See "Is Monnet Painting Visa and MasterCard into a Corner?


Reblog this post [with Zemanta]

Fiserve 2 ServeFi(ve) Credit Union Platforms

BROOKFIELD, Wis. - (Business Wire) Fiserv, Inc. (NASDAQ: FISV), theleading global provider of financial services technology solutions andthe largest provider of business-driven technology solutions for creditunions, announced today that it has signed five credit unions to newaccount processing contracts for its PorticoSM, CubicsPlus® and Galaxy® credit union platforms.
In addition to choosing a Fiserv account processing solution, all ofthe credit unions also selected a wide range of value-added Fiservsolutions, such as Card Services, Virtual Branch® Internetbanking, Wisdom™ accounting tools, ConvergeIT™ interactive voiceresponse and other best-of-breed products to help streamline workflowsand drive efficiencies across their enterprise.

“Fiserv continues to win in competitive bids due to our unmatchedresources and diverse portfolio of credit union-focused platforms.Clients also tell us they appreciate the company’s solid financialposition in these uncertain times. We are finding that the Fiservcombination of stability and choice gives credit unions a comfort levelin selecting a technology partner, reliable platform, and exciting newservices to offer to their members. Credit unions continue to turn tous for the technology tools that deliver a better experience for theirstaffs and their members,” said Jeff Givens, senior vice president andnational sales manager, Credit Union Solutions at Fiserv.

Reinforcing Fiserv’s core competency in Processing Services among otherareas of expertise, Fiserv’s newest credit union clients include:

Seasons Federal Credit Unionin Middletown, Conn. will implement the Portico credit union platformfrom Fiserv. Leaders of the $101 million credit union found the Fiserventerprise-wide strategy appealing and believe it will best supportthem as they implement solutions that will enable them to achieve theirstrategic goals for serving their 13,200 members.

“We like the flexibility Fiserv offers to select the account processingsolution that meets our needs, and being able to choose from their vastarray of integrated, value-added solutions to create a customizedtechnology platform designed for our specific business needs,” saidMark Labbe, chief financial officer for Seasons FCU.

Ashtabula County School Employees Credit Union inAshtabula, Ohio will also implement the Portico credit union platformand add several tightly integrated Fiserv solutions to its platform,including EFT processing; DocumentIT paperless processing, e-fichencysmimage storage; Reporting Analytics; National Audio Response Center(NARC); and Virtual Branch Internet Banking with Bill.Pay and NotiFIelectronic statements. Credit union officials at the $62 million, 6,900member organization estimate the move to Portico will save 1.5 manhours per employee per day thanks to the system’s ability to streamlineand automate service delivery.

United Police Federal Credit Unionin Miami, Fla. is also moving to the Portico credit union platform andhas selected a wide variety of additional Fiserv products and services,including EFT processing, Virtual Branch, Wisdom and e-fichencydocument imaging. United Police, which has $42 million in assets andserves 4,650 members, selected Portico for its ease of use and becauseFiserv offered a cohesive and comprehensive solution.

Eastern New York Federal Credit Unionin Napanoch, N.Y. will be moving to the Galaxy credit union platformfrom Fiserv, choosing Galaxy ASP processing as well as the Wisdomaccounting suite; Wisdom 5300 Call Report Assistant; STARS rewardprogram; Account.Create online account opening; and Member RelationshipPlus relationship pricing tool from Fiserv. The $51 million creditunion plans to use the Member Relationship Plus platform as the launchpad for all contact with its 6,929 members.

“We were not only impressed with the Galaxy system’s robust processingand reporting capabilities, but also with its client-centric designthat matches our goals: to provide personalized, relevant products andservices – efficiently and economically,” said Chris Langley, presidentand chief executive officer of Eastern NY FCU. “The Galaxy system andthe integrated Member Relationship Plus solution will enable us tomanage the overall service experience rather than just handle thetransaction.”

Morris Sheppard Texarkana Federal Credit Union in Texarkana, Tex., the first federally chartered credit union in the United States, plans to implement the CubicsPluscredit union platform from Fiserv. In addition to the accountprocessing solution, the $7.1 million credit union will install VirtualBranch Internet banking and debit card processing from Fiserv.The local reputation of Fiserv, coupled with Fiserv’s financialstability, were key factors influencing the credit union’s choice.Morris Sheppard Texarkana FCU, with 1,120 members, holds Federal CreditUnion Charter Number One. It was founded in 1934 and named for Sen.Morris Sheppard (D-Tex.).

About Fiserv
Fiserv, Inc. (NASDAQ: FISV) is the leading global provider ofinformation management and electronic commerce systems for thefinancial services industry, driving innovation that transformsexperiences for financial institutions and their customers. Ranked No.1 on the FinTech 100 survey of top technology partners to the financialservices industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.


Fiserv, Inc.
Media Relations:
Alicia Bell
Director of Communications
Credit Union Solutions
Fiserv, Inc.
Additional Fiserv Contact:
Lori Stafford-Thomas
Assistant Vice President
Corporate Communications


Reblog this post [with Zemanta]

Disqus for ePayment News