Monday, July 20, 2009

Credit Card Rewards May Fuel Debt: Study

Credit-card reward plans may fuel debt: study

Last Updated: Monday, July 20, 2009 | 4:21 PM ET
'As rewards programs have become increasingly popular and generous, interchange fees charged to merchants have also increased.'—Andrew Ching and Fumiko Hayashi
Many Canadians collect such rewards, typically travel points or cash rebates, and many merchants grumble about paying for them through transaction fees.

"As rewards programs have become increasingly popular and generous, interchange fees charged to merchants have also increased," said the study, which focused on U.S. data.

"A merchant pays different interchange fee rates for credit-card transactions: non-rewards cards have the lowest fee rates, while high-end rewards cards have the highest rates," it added.

The authors — Andrew Ching, an assistant professor of marketing at the U of T's Rotman School of Management, and Fumiko Hayashi, a senior economist at the Kansas City Fed — conclude that "removing rewards today would cause a small percentage of consumers to switch from electronic payment methods (credit/debit cards) to paper-based methods (cash/cheques) at five types of retail stores.

"The majority of consumers who currently receive rewards on credit/debit cards would continue to use credit/debit cards, even if rewards were no longer offered."

An example from Australian policy on card fees

This conclusion is "consistent with the experiences in Australia, where the three major credit-card networks, Bankcard, MasterCard and Visa, were mandated to reduce their interchange fees in 2003," the study says.

"Although the value of the rewards points for these three networks has been reduced dramatically since the reform, we observed that the usage pattern of credit cards has remained essentially unchanged."

Even so, they conclude that eliminating credit-card rewards would have a bigger effect than eliminating debit-card rewards.

"We also find that rewards encourage consumers to use credit cards even if they carry balances," the authors say.

"This suggests that removing credit-card rewards could have some effects in reducing consumers’ credit-card debts. This could increase consumers’ welfare, but reduce credit-card issuers’ revenue from interest charged on their balances."

Torpig (Sinowal/Mebroot) Trojan Just Got Nastier for eBanking

Here yet is more alarming e-vidence and another reason to not trust the web when it comes to either e-banking or e-payments.   ALL financial transactions MUST be done OUTSIDE the web browser.  Yesterday in a post entitled: "Online Banking Data Fed to the Phishes"  there was a quote (pictured on left) which, in no uncertain terms, sums up the potential for "creating a large-scale secure transaction system on the web."  Here's another quote from the same article:

"Internet banking experts say without coordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters."

So, based on those two statements of fact, it would seem that we need to replace "typing" with "swiping."  The hackers are getting better, and the "type" system we use is an "ideal" format. 

But it gets we learn that: (from Finextra blogs)

 The nastiest ebanking trojan just got nastier

On Friday, the team at TrustDefender Labs releaseda report on one of the nastiest pieces of malware which has just becomeeven nastier.

Now you may think that some of the older malware is badenough, the bad guys have released a new version of one of the mosthighly successful e-banking Trojans but this time with majorenhancements. And the 'bad news' is that they changed the lot!

Basically, these guys have been busy over the last few months with anew version of Mebroot/Sinowal/Torpiq that performs the same tasks anddoes the same badness as the previous versions (for more informationsee,however the big difference is that this Trojan is hiding in the systemwith improved stealthiness than ever before, to make sure:

1.    it can infect your system without you knowing
2.    collect as much information as possible and
3.    stay there undetected as long as possible

To reiterate in plain English: Everything that was previouslywritten on how to detect Mebroot/Sinowal/Torpiq is now invalid anddoesn’t apply anymore… No rg4sfay file in Windows\temp anymore, noreference to  \!win$… No detection with GMER’s special mbr.exe programand GMER itself only lists a couple of detached threads… Nothing reallysuspicious…

The troubling issue is that the research team found this new versionand noted it has the most exhaustive list of banking and brokingwebsites they have seen – with virtually all major financialinstitutions in UK, Australia, USA, Spain, Italy, Germany and more.
Butinterestingly, more and more non-bank websites are part of this list,like (the online payment from a popular poker site)and government sites (FED to the Phishes) like (electronic payments to the US Govt).

The challenge now for the 'good guys', when will they catch up and can they stop this nasty e-banking Trojan?

Editor's Note:  Yeah, just "stop typing." Trojans work because people are still inexplicably "typing" their Primary Account Number (PAN) or online banking authentication (username/password) into boxes on websites. 

Until they start swiping we will be boxed in by the bad guys.  It really is that simple. 

The cardholder data/authentication credentials MUST be encrypted "outside" the browser space.  We swipe our card and enter our PIN to get cash in real-time at an ATM, so the encryption standards used by the banking industry are safe. (it's the skimming devices and camera's that put ATM's at risk) 

Thus, considering that HomeATM 3DES encrypts and utilizes DUKPT key management, (and is PCI 2.0 certified with imminent TG-3 certification) I stand by my belief that instead "typing" puts fraudsters at a level playing field, whereby "swiping" with end-to-end encryption puts them at a disadvantage they cannot overcome. 

Take a look at some of the related articles to read more on the subject of online banking insecurity

Reblog this post [with Zemanta]

SPVA Builds Membership to Accelerate Enhanced Security Guidelines

SPVA Builds Membership to Accelerate Enhanced Security Guidelines

Atos Worldline, Heartland Payment Systems, Moneris Solutions,
Radiant Systems, Inc. and Witham Laboratories join SPVA

– July 20, 2009 – Five electronic payment companies have joined the non-profit Secure POS Vendor Alliance (SPVA), created by Hypercom (NYSE: HYC), Ingenico S.A. (EURONEXT: ING) and VeriFone (NYSE: PAY) to foster widespread compliance of existing security standards to protect cardholder information and defend merchants and acquirers against security breaches.

“Membership in the SPVA reinforces our commitment to advancing security within our industry, enables us to gain first-hand knowledge of current security threats and proactively shape future security guidelines,” said Antoine van Diem, general manager technologies & products, Atos Worldline.

The SPVA’s expertise includes education and a focus on best practices,” said Steven Elefant, executive director of end-to-end encryption at Heartland Payment Systems®. “It is vital that we as stakeholders continue to innovate so that ultimately, we enhance the security of our industry as it grows.”

SPVA members provide the key security elements among consumers, merchants and transaction acquirers and issuers. Members of the SPVA deliver a unique experience with security guidelines, ensure best practice implementation and continue to evolve security enhancements and interoperability required to reduce fraud and lower risk for all participants in card payment transactions. Membership is open to all vendors that develop secure POS payment systems or have products or solutions that interact with secure POS payment devices such as retailers, acquirers and banks.

New members that have signed up with the SPVA since May 2009 include:

Joining as a General Member, Atos Worldline is the European leader in electronic payments and transactions delivering innovative solutions to advance its clients’ businesses. It specialises in end-to end payment services (issuing, acquiring, payment solutions and card processing), services for financial markets as well as CRM and eServices (Internet, voice and mobile solutions). Every year Atos Worldline wins prestigious market awards in recognition of its continuous commitment to research and development of leading edge solutions. Awarded solutions cover expertise in areas such as mobile payments, secure IPTV, online CRM, ticketless solutions. A 100% subsidiary of Atos Origin, Atos Worldline generates annual revenues of around €800 million and employs over 4,800 people in Europe.

Heartland Payment Systems, Inc., a NYSE company trading under the symbol HPY, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices.

Moneris Solutions, one of North America's largest providers of payment solutions. Moneris offers credit, debit, wireless and online payment services for merchants in virtually every industry segment and processes more than 3 billion transactions annually. Through its Ernex division, Moneris offers electronic loyalty and stored-value gift card programs. With more than 350,000 merchant locations, Moneris provides the hardware, software and systems needed to improve business efficiency and manage payments. For more information please visit

Headquartered in Atlanta, Radiant Systems, Inc. (Nasdaq: RADS) is a global provider of innovative technology to the hospitality and retail industries. For more than two decades, Radiant's point of sale hardware and software solutions have helped to redefine the consumer experience in more than 100,000 restaurants, retail stores, stadiums, parks, arenas, cinemas, convenience stores, fuel centers and other customer-service venues. Radiant has offices in North America, Europe, Asia and Australia.

A leading provider of specialist payment security evaluation services, Witham Laboratories is accredited to perform evaluations and audits against local and global security standards including all PCI standards (PCI PED, PCI DSS, and PA DSS). With its head office in Melbourne, Australia, Witham Laboratories has clients around the globe and works directly with vendors of POS and PIN entry devices, merchants, and acquirers and card schemes, to assist in their understanding of compliance to the payment standards. Witham Laboratories is an active member of many industry standards bodies, and uses its intimate knowledge of these standards to provide the best possible service and advice to its clients.
To learn more about membership opportunities, visit

About Secure POS Vendor Alliance
(                                                                                                    The Secure POS Vendor Alliance (SPVA) is a non-profit organization that works with the multiple stakeholders of the payment value chain. Its aim is to develop an end-to-end security framework and to enhance security elements of payment solutions which protect cardholder information and defend merchants and acquirers against security breaches, while helping reducing fraud and lowering risk for all electronic payment stakeholders.

About Hypercom (                                                                                                             Global payment technology leader Hypercom Corporation delivers a full suite of high security, end-to-end electronic payment products and services. The Company's solutions address the high security electronic transaction needs of banks and other financial institutions, processors, large scale retailers, smaller merchants, quick service restaurants, and users in the transportation, petroleum, healthcare, prepaid, unattended and many other markets. Hypercom solutions enable businesses in more than 100 countries to securely expand their revenues and profits. Hypercom is a founding member of the Secure POS Vendor Alliance (SPVA) and is the second largest provider of electronic payment solutions and services in Western Europe and third largest provider globally.

About Ingenico (
Throughout the world, banks and retailers rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico solutions leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them.
About VeriFone Holdings, Inc. (
VeriFone Holdings, Inc. (“VeriFone”) (NYSE: PAY), a global leader in secure electronic payment technologies, provides expertise, solutions and services for today with a migration strategy for tomorrow. VeriFone delivers solutions that add value to the point of sale, resulting in improved merchant retention and the generation of new sources of revenue for its partners and customers. VeriFone solutions are specifically designed to meet the needs of vertical markets including financial, retail, petroleum, government and healthcare.
Safe Harbor Statement under the Private Securities Litigation Reform Act of 1995

This press release includes statements that may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including statements regarding the development, adoption, implementation, interoperability, performance and effectiveness of electronic payments industry security standards, the development of future security standards and guidelines intended to
reduce and prevent fraud and other threats to electronic payment transaction integrity, and lower risk for all participants in card payment transactions. These forward-looking statements are based on current expectations and beliefs and are subject to risks and uncertainties that could cause actual results to differ materially from those described in the forward-looking statements. In particular, factors that could cause actual results to differ materially from those in forward-looking statements include: the ability of the Alliance to attract significant industry membership and participation in its activities and adherence to its policies and guidelines; industry, technological and regulatory changes; industry and market acceptance of and compliance with new security standards and guidelines; compliance with disparate certification requirements and government regulations;  the state of the U.S. and global economies in general and other risks detailed in the companies’ filings with the Securities and Exchange Commission, including the companies' most recent 10-K and subsequent 10-Qs and 8-Ks. Forward-looking statements speak only as of the date made and are not guarantees of future performance. We undertake no obligation to publicly update or revise any forward-looking statements.
Editorial Contacts:
Candace McCaffery/Carol McEntee
678.640.7822 Mobile                     

National Arbitration Forum Pulling from Business in Minnesota

In a followup to a post I did on July 15th entitled: "Firm that Settles Credit Card Disputes Accused of Fraud" the state of Minnesota announced that the nation's largest arbitration firm, used by Bank of America, JP Morgan Chase, Citigroup, Discover Card, and American Express is pulling out of the business.  So what's Minnesota's backup plan?  How will consumers address issues in the future?  Well, they're on their own now.

American Consumers to Lose Affordable Access to Justice through Nation's Largest Administrator of Consumer Arbitration Disputes

BusinessWire -- The National Arbitration Forum (FORUM), the largest U.S. administrator of consumer arbitrations, today announced that it will voluntarily cease to administer consumer arbitration disputes as of Friday, July 24, 2009, as part of a settlement agreement with the Minnesota Attorney General.

"The National Arbitration Forum remains committed to consumer arbitration as the best and most affordable option for consumers to resolve disputes quickly and efficiently. However, the FORUM lacks the necessary resources to defend against increasing challenges to arbitration on all fronts, including from state Attorneys General and the class action trial bar," said Forthright CEO Mike Kelly. "Mounting legal costs, a challenging economic climate, and increased legislative uncertainty surrounding the future of arbitration have prompted the FORUM to exit the consumer arbitration arena. At this time, the costs of providing consumer arbitration services far exceed the revenue generated. Until Congress resolves the legal and legislative uncertainty the cost is simply too high for users and providers of consumer arbitration."

Legislative proposals pending in both houses of Congress threaten to eliminate pre-dispute arbitration as an effective means of alternative dispute resolution. The Arbitration Fairness Act of 2009 (S. 931/H.R. 1020) would invalidate every pre-dispute contractual arbitration agreement that is part of a consumer, financial or franchise dispute – in effect, every contract. The Fairness in Nursing Home Arbitration Act (S. 512/H.R. 1237) would eliminate pre-dispute mandatory arbitration in all nursing home contracts. Legislation before the House to create a new Consumer Financial Protection Agency (H.R. 3126) addresses arbitration and would give broad regulatory authority to restrict or eliminate all consumer arbitrations.

"The National Arbitration Forum provides fair and affordable access to justice to American consumers regardless of size of their claims. Without access to arbitration, consumer disputes will now be forced into an overcrowded and underfunded legal system, where many consumers who cannot afford attorneys will have to navigate complex court procedures," continued Kelly. "The consequence to American consumers is that there will be no meaningful alternative to costly and unpredictable litigation."

Notably, nothing in the Minnesota Attorney General’s complaint alleges that arbitration proceedings administered by the FORUM are unfair; the fairness of arbitration is ensured by the independence of the neutral arbitrators.

National Arbitration Forum consumer arbitration claims are decided by an independent panel of more than 1,600 highly experienced and impartial legal professionals, including former judges and experienced attorneys. FORUM neutrals are bound to a code of professional ethics, and decide cases outside of any influence from the FORUM or the other parties.

About the National Arbitration Forum (FORUM)
Founded in 1986, the National Arbitration Forum (FORUM) is a world leader in arbitration and mediation services. The FORUM provides accessible civil justice through the recruitment, selection, and management of a highly experienced and distinguished panel of over 1,600 former judges and seasoned lawyers. Now optimized by Forthright, the FORUM is the faster, lower cost, and superior alternative to litigation, that ensures parties receive the same outcomes they would in court.

Waitress Who Stole Credit Card Info Gets Probation

Waitress who stole credit card information gets probation -

Waitress who stole credit card information gets probation
Daily News Wire Services

A waitress who stole credit card information from customers at a West Los Angeles restaurant has been sentenced to five years probation and fined about $3,000.

April DuBoise, 29, used a "wedge" -- a small skimming device that reads and stores data from a credit card for downloading to a computer -- over a 1 1/2-month period while working in early 2006 at the Hamburger Hamlet restaurant at 2927 Sepulveda Blvd. in West Los Angeles.

DuBoise, who had no previous criminal record, sold the information to an unidentified man, resulting in unauthorized charges being made on credit cards, according to former City Attorney Rocky Delgadillo.

She was initially charged with misdemeanors but eventually pleaded no contest to 34 felony counts of identity theft and credit card fraud, according to Deputy District Attorney James Toro.

Prosecutors had estimated losses of around $28,000, but in court papers filed Thursday, Toro said that figure "appears to be a gross underestimation of the true damage caused by the defendant."  According to the director of operations for the Hamlet Restaurant Group, the case received nationwide publicity, forcing the Hamburger Hamlet to close due to lack of business, costing 50 employees their jobs.

Reblog this post [with Zemanta]

Disqus for ePayment News