Monday, August 17, 2009

Internet Fraud Challenges Today’s Online Business Banking Applications

You've got to hand it to the hackers.

Actually you don't.

But that would require for you to stop typing your credit/debit card numbers and/or online banking credentials into boxes on a website.

Keep on typing and you'll keep on "handing" your cardholder data and online banking "username" and "password" over to the hackers.

SSL is hackable. EV SSL is hackable. HttpS: is really HttB.S and if you type they WILL swipe...

If your cardholder/online banking credentials are going to be swiped...wouldn't you rather be the one doing the swiping? You DON"T have to hand it to the hackers...swipe/don't type!

From Online Banking Solutions:

In a recent article from The Washington Post, light was shed on the current state of online business banking security. Businesses are increasingly falling victim to Internet fraud with billions of dollars lost each year. The problem, however, is not online business banking, but rather the commercially available browser and security levels offered for these solutions.
Malware is focused on the browser and banks have little or no control over customers’ computing environment

In today’s networked world, the browser and e-mail are the ubiquitous software tools used for information exchange. When applied to business banking, bill payment and ecommerce, the Internet is a haven for hackers waiting to steal identities and perpetrate fraud.

Increased business banking malware attacks represent a change in the way hackers are operating. It is no longer a game, but a business.

About Online Banking Solutions
Founded in 2002 by a management team that pioneered Web cash management and business banking technology, launching two successful financial technology companies, Online Banking Solutions (OBS) provides next-generation Online Messenger multi-channel reporting, transaction and file delivery services to banks including seven of the top 50 U.S. financial institutions. For more information, visit

Reblog this post [with Zemanta]

PCI DSS Self-Assessment Questions Tool Takes Toll

If you're a Tier 2 Merchant for MasterCard you can no longer "self assess."  However, if you are Tier 3 or 4 you can fill out this 41 page "self-assessment" and learn that you are more than likely not compliant. 

Then you can figure out how much the fines would be at MasterCard's website, who recently published them. 

After you are done, you can take a step back and realize that you better get compliant or the cost of a breach will probably end your business as you know it. 

Then again, a simpler way would be to utilize a PCI certified device, such as the one manufactured by HomeATM, which not only End-to-End Encrypts the data so that it is never in the clear, but puts your organization into a position where you neither handle the data, nor store it...therefore you are removed from the scope of PCI compliance...and your business is safe from the exorbitant fines that could be levied against your business entity...

 Here's the SAQ from WatchGuard...

Oh...for more information, CyberSource is holding a
webinar entitled Payment Data: Don't Store It, Don't Handle It.  

I share this with you because it is
the best way to remove your business from the scope of PCI Compliance. 

Simply remove yourself from all contact with payment data. 
It the way
HomeATM designed it's eCommerce platform from the beginning...

Our PCI 2.x
Certified PIN Entry Device encrypts the data instantaneously, and
simply utilizes the "internet" as the conduit with with to send the
encrypted packet.   Since the data is never in the clear, a web
merchant would be in the clear when it comes to PCI Compliance.  It's
easy to protect your business from potential breaches with HomeATM's
secure 3DES DUKPT end-to-end encryption.  And you'll save money on processing costs with True PIN Debit.

payment security doesn’t require adding even more proverbial locks and
bolts to your infrastructure. In fact, you can secure your payment
process – including complying with PCI-DSS
standards - with less cost, complexity, and time.   In the upcoming
CyberSource webinar Payment Data: Don’t Store It, Don’t Handle It,
you’ll see how your peers are adopting a safer, more secure approach by
eliminating all contact with payment data – a strategy we call
Enterprise Payment Security 2.0.

Reblog this post [with Zemanta]

Mercator Research Report on U.S. Merchant Acquiring Space

New Research Examines Developments in the  U.S. Merchant Acquiring Space

The US Merchant Acquiring Market 2009: Accelerating Change in a Down Economy

Boston, MA - August 17, 2009 -- Mercator Advisory Group's annual report on the merchant acquiring industry in the United States is now in its third year. While developments in this market unfold at a surprising pace, the old clich?? about "the more things change" has never rung so true. Accelerating change seems to be the new constant.

In our first two years doing the acquiring market overview, we identified and delineated trends in the space that have accelerated and, in some cases, have come to their full fruition. Notable among the topics we've analyzed and discussed in reports, as well as in advisory sessions with our clients, has been growing competition for merchant customers between banks and non-banks (ISOs), and the seeming push on the part of banks to "reintermediate" themselves in the merchant card acceptance value chain in a more significant way. Value-added services and technology continue to play a larger role as the commoditization of payment processing services truly begins to hit home for acquirers. The evolving scope of PCI is also fresh in the minds of our clients and other participants in the space as the industry saw the announcement of two major breaches of payment card information at payment processors over the last year.

Last year's report predicted a perfect storm converging on the acquiring space that would significantly alter the industry landscape. Many of the same issues are still brewing - a still-foundering economy and lingering recession, new laws regulating the payments space, and another round of pending legislation targeting interchange and the cost associated with merchant card acceptance being chief among them. The third key issue that we identified last year, however - dissolution of the largest acquiring operation in the world - has evolved into a new instance of market consolidation with the announcement of a different joint venture between two of the top 3 acquirers in the US market. The space has been ripe for consolidation over the past few years, and the economy and the other market forces we've alluded to have pressed the issue.

As merchant acquiring faces its existential crisis, the question of what it truly means to be a merchant acquirer naturally arises. In this year's report, we update our discussion of the various basic business models used by acquirers and other participants on the merchant side of the payments value chain to go to market in the US, and increasingly in other parts of the world. We also examine updated industry data concerning the market performance of the top players in the space and we make projections about how these players might stack up in the years ahead. Finally, we further explore the impact and potential impact of some of the secular trends within Payments and their effect on the acquiring business in particular, now and in the future.

"The economic downturn was the single biggest determining factor in the various performance records of the nation's largest acquirers in 2008. Merchant attrition and declining volume growth due to reduced consumer spending both had a large impact on merchant acquirers' business," comments David Fish, Senior Analyst in Mercator Advisory Group's Credit Advisory Service and author of the report. "As we consider the merchant acquiring space currently, and where it might be headed, we need to take into account many of the trends and the market events that stand to have a broad impact, either as catalysts or symptoms of these trends. Whether the issues at hand are a root cause of market dynamics or the result of them, change is happening in the space either way. Fortunately, the acquiring side of the payment chain has a long history of fighting tooth and nail for its slice of the action."

Report Highlights Include:

  • Change is the new constant in the US merchant acquiring space, with the pace accelerating as pressure from market forces intensifies.

  • However, the forces impacting the domestic acquiring market remain largely the same. Acquirers have been adapting to the new normal in a variety of ways.

  • We provide an expanded taxonomy of the 7 basic business models acquirers use to further clarify what it means to be an acquirer.

  • Market data covering the top 10 US acquirers is delineated and analyzed, and our projections for acquired bankcard volume suggest a very different landscape within five years.

  • The market is poised to continue a trend of consolidation, driven by the economy, new complexities arising from data security issues, and increasing competition between banks and non-banks.

One of the 11 Exhibits included in this report:

This report contains 29 pages and 11 exhibits

Companies Mentioned in This Report:
International; Alliance Data; American Express; Banc of America
Merchant Services; Chase Paymentech; Citi Merchant Services; Discover;
Elavon; Fifth Third Processing; First Data; First National Merchant
Solutions; Global Payments (GPN); Heartland Payment Systems (HPY);
Intuit Payment Solutions; Kohlberg, Kravis & Roberts (KKR);
MasterCard; Moneris; National Processing Corp. (NPC); Network
Solutions; RBS WorldPay; SunTrust Merchant Services; TSYS; Visa; Wells
Fargo Merchant Services.

Members of Mercator Advisory Group
have access to these reports as well as the upcoming research for the
year ahead, presentations, analyst access, and other membership

Please visit us online at

For more information and media inquiries, please call Mercator Advisory Group's main line: 781-419-1700 or send email to

Mercator Advisory Group is the leading independent research and advisory services firm exclusively focused on the payments and banking industries. We
deliver pragmatic and timely research and advice designed to help our
clients uncover the most lucrative opportunities to maximize revenue
growth and contain costs. Our clients range from the
world's largest payment issuers, acquirers, processors, merchants and
associations to leading technology providers and investors.

Reblog this post [with Zemanta]

In an article written by David Taylor, the founder of the PCI Knowledge Base, he discusses Tokenization vs. End-to-End Encryption.  Here's an excerpt:

The hottest trends in payment security concern two technologies that go beyond PCI as the standards are currently written. These are tokenization and end-to-end (E2E) encryption.

E2E Encryption addresses a major insider threat today. For many companies, encryption is not centrally managed. It is a feature that is easily added to applications; it's built into operating systems, databases, POS devices and so on. Even within the cardholder environment, it's not uncommon to find a half dozen different implementations of encryption and multiple key management systems.

In this situation, card data may have to pass through multiple systems internally on the way to the acquiring bank or processor. The result is the dreaded "encrypt, decrypt, re-encrypt" scenario, which opens up holes to unauthorized insiders.

With E2E encryption a company encrypts the data at the entry point (the point of sale [POS], the e-commerce payment software and the call center software) and the data remains encrypted throughout the process of passing it to the acquirer. The card number is never stored unencrypted by the merchant.

The other key point of E2E is that some companies are focused on an enterprise view of end-to-end, rather than defining one of the endpoints as the acquirer. In addition, the policies for and the processing of chargebacks in some companies tends to mess up the end-to-end scenario.

Speaking of things that are no longer needed, there is a lot of discussion about tokenization solving all problems. Tokenization involves the replacement of credit card numbers (or other confidential data) by a surrogate number or "token" and then centralizing (or outsourcing) the card data to reduce (some say eliminate) insider threat.

Bottom line: Our research suggests that end-to-end encryption and tokenization will likely exist side-by-side in nearly all large and most midsize businesses for the next two to three years. Suggesting that one can take the place of the other does not take into account the reality of the large, multi-channel merchant or service provider.   Continue Reading

Reblog this post [with Zemanta]

Fifth Third Supports way5000

Fifth Third Gets Behind way5000

Boston, Maine, Aug. 17, 2009--WAY Systems, manufacturers of mobile POS solutions and Apriva announced today that Fifth Third Processing Solutions has launched the way5000 as a fully supported point of sale device available for their merchant processing clients. “WAY Systems is excited to launch the way5000 with such a national payments powerhouse as Fifth Third Processing Solutions,” said Tim McWeeney, VP, North American Sales for WAY Systems. “They will be offering their merchants cutting edge technology in the way5000 and WAY Systems has built a reputation for bringing high quality, low-cost mobile point of sale devices to the market”, said McWeeney.

“We know that every transaction counts for our clients,” said Donald Boeding, President, Merchant Services at Fifth Third Processing Solutions. “Our commitment is to deliver the customized technology solutions our valued clients need to help them attract and retain customers and grow their business.”

“ Apriva strives to offer our resellers a variety of options to fulfill merchants’ needs. We are pleased to include the newest WAY device, the way5000, to our list of certified and supported terminals,” commented Bill Clark, General Manager for Apriva’s Secure Payments Division.

About WAY Systems, Inc.

WAY Systems has designed, developed, tested and delivered end to end payment solutions for mobile merchants all over the world. Our products and services are designed to meet the payment transaction needs of mobile merchants and exceed industry security standards. We empower merchants to conduct business any time any where and increase their revenue by accepting credit and pin based debit cards.

WAY’s innovative mobile POS devices and dedication to service make us the ideal partner for you to conduct Transactions Without Boundaries. Users of WAY terminals are invited to explore the limitless possibilities of commerce.

About Fifth Third Processing Solutions

Fifth Third Processing Solutions, LLC delivers innovative payment transaction processing and acceptance solutions to create and support complex payment strategies for merchants, businesses, and financial institutions around the world. A pioneer in card payment acceptance in the early 1970s, Fifth Third Processing Solutions is headquartered in Cincinnati, Ohio and is a joint venture with Advent International and Fifth Third Bank. As a premier full service payment solutions provider, the Company provides servicing solutions and product engineering for financial institutions’ and retailers’ credit card, debit card, merchant and private label programs processing over 28.4 billion ATM and point of sale transactions and over $292 billion in debit and credit card sales volume annually. The Company supports over 173,000 merchant and financial institution locations and 11,000 ATMs in 44 states and 11 countries. According to the Nilson Report (March 2009), the Company is the fourth largest U.S. merchant purchase transaction acquirer. Learn more at .

About Apriva:

Founded in 1999, Apriva is the leading secure wireless solution provider integrating the hardware, software and network infrastructure required to develop and deploy high-performance, high-reliability solutions in the Point of Sale (POS) and Secure Mobile Messaging markets. Apriva offers end-to-end solutions for Point of Sale that make it easy and cost-effective to develop, deploy and maintain highly secure and reliable business critical mobile applications. Visit for more information.

Source: Company press release.

Reblog this post [with Zemanta]

First Data Introduces Wireless, Battery Operated POS Solution

On-the-Go Merchants Can Now Accept Electronic Payments Wherever their Business Takes Them

Wireless-Enabled FD400 is the Newest Addition to First Data's Terminal Line

DENVER - August 17, 2009 - First Data, a global leader in electronic commerce and payment processing services, announced today that it is launching the FD400, the first low-cost, battery-powered, wireless point-of-sale terminal for merchants who do not have constant access to both a power source and communication line, like an Internet or phone connection.

The FD400 is the latest device in First Data's family of proprietary terminals, and is best suited for on-the-go merchants such as taxis, limousines, home delivery, farmer markets, and in-home and onsite services. It is the first device to offer a low cost to appeal to merchants of all sizes, providing them with the ability to accept electronic payments at card present rates. Merchants can take the terminal directly to the customer, and customers can pay at the point of delivery. For example, taxi and limousine drivers can obtain authorizations in seconds, and concessionaires can sell refreshments and souvenirs conveniently to fans in their seats. The terminal features long battery life and runs on 3G wireless protocol.

"For merchants whose business is not always in a location with Internet or dial up connections, this terminal really solves their connectivity dilemma," said Russell Bird, senior vice president, First Data. "This compact, lightweight device makes accepting payments remotely effortless with multiple payment options, performance and dependability in a small package."

The First Data FD400 offers a one-stop solution for wireless payment processing including credit, debit, gift card, loyalty, check and electronic benefits transfer. It is also a 3G terminal, which means, where a 3G broadband network is available, it can take advantage of greater efficiency and increased transaction speed.

Other features include an over the air software download ability for fast, on-the-go application updates, as well as a built-in, rechargeable battery, store-and-forward capability for offline capture and upload of transactions in non-coverage areas and a compact form factor, which is small enough to fit in a coat pocket.

The First Data™ FD400 Terminal is a lightweight, hand-held solution
that lets mobile merchants accept payments at the
point-of-sale—wherever the sale takes place. One wireless device that
does the work of three: terminal, printer and Payment Card Industry PIN
Entry Device (PCI PED)-approved PIN pad.

The terminal of choice for on-the-go businesses such as:

  • Home and Repair Services

  • Special and Charity Events

  • Limousines and Taxis

  • Towing Services

  • Outdoor Entertainment (stadiums, arenas, golf, tennis)

  • Pizza Parlors and Restaurants that deliver

About First Data
First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit

Media Contact
Cara Taylor
First Data



Online Banking: Gateway to Fraud

The first step to prevent online banking fraud is to secure the log-in process.  It's not a difficult concept to comprehend.  Instead of giving away Smokey Joe's, Toasters, Fans, Tupperware, etc. banks need to start giving away something that will benefit their consumers and protect their valuable data and money.  Until financial institutions instruct their customers to "stop typing" and "start swiping" hackers will be the ones doing the swiping.  In the meantime, we can listen to webinars like the one below on how to try and "trace" these "sophisticated attacks."  Trace?  How about "eliminate?"

Guardian Analytics to Speak About Online Banking Security at CUIAA Conference

Stephen Kiel will reveal the latest multichannel fraud schemes and provide advice on online fraud prevention strategies.

San Diego, CA (PRWEB) August 17, 2009 -- Stephen Keil, senior solutions architect at Guardian Analytics, a provider of online fraud prevention software for the financial services industry, will deliver a presentation at the CUIAA 19th Annual Internal Auditor and Supervisory Committee Conference today at 1 p.m. entitled "Online Banking: Gateway to Fraud." The conference, organized by the Credit Union Internal Auditors' Association (CUIAA), takes place from Sunday, Aug. 16 through Wednesday, Aug.19 at the Embassy Suites Hotel San Diego Bay in San Diego.

The effects of phishing, malware and other Internet banking fraud schemes are felt far beyond the online channel.

In his presentation, Kiel will discuss a variety of fraud schemes that have online account takeover at their roots, and how they are used to execute sophisticated attacks that are difficult to trace.

Editor's Note:  Why are we trying to "trace them" when we can eliminate eliminating typing?  Can somebody please explain this to me!   Data sniffers don't work if there's no stink...Type Stinks!

Specific anecdotes shared will include multichannel fraud, pump-and-dump scams and Automated Clearing House (ACH) fraud. Kiel will also outline strategies for financial institutions in combating today's threats for the ongoing development of their online banking security solutions.

Online Banking: Gateway to Fraud.

For more information about Guardian Analytics, visit:

Who: Stephen Kiel, senior solutions architect at Guardian Analytics
What: Session entitled "Online Banking: Gateway to Fraud"
Where: CUIAA 19th Annual Internal Auditor and Supervisory Committee Conference, Embassy Suites Hotel San Diego Bay, San Diego
When: Monday, Aug.17 from 1:00 to 2:30 p.m.

About Guardian Analytics
Headquartered in Los Altos, Calif., Guardian Analytics is focused on the prevention of online account fraud. The company's real-time risk management approach to fraud detection, forensics and risk monitoring is built on strong analytics and predictive models of individual behavior. Leading financial services institutions rely on Guardian Analytics to protect individual account assets and the integrity of their online channels. Founded in 2005, Guardian Analytics is privately held with venture funding from Foundation Capital.

For more information, please visit

# # #

Reblog this post [with Zemanta]

The Recession Takes a Toll on UK E-Commerce

The Recession Takes a Toll on UK E-Commerce

AUGUST 17, 2009

A spot of bother.

in UK business-to-consumer (B2C) e-commerce sales (including travel)
slowed in 2008, as the recession became a reality for many consumers.
And the financial squeeze is expected to continue to influence online
buying activity through 2010. The news isn’t all bad.

eMarketer estimates that 72.5% of UK Internet users ages 14 and older will buy at least one item online in 2009.

Furthermore, between 2009 and 2013, the number of online buyers will
rise from 26.9 million to 31.8 million—over one-half of the UK

“For the
first time ever, e-commerce activity in the UK is not supported by a
buoyant economic climate,” says Karin von Abrams, eMarketer senior
analyst and author of the new report, UK E-Commerce: Fighting the Downturn.

Continue Reading

Reblog this post [with Zemanta]

Forensics Help Constantine Cannon Notch $2.75 Billion Win for Discover

Financial Detective Steve Lee Helps Notch $2.75 Billion Win for Discover Financial Services

 Work of forensic investigator leads to third largest antitrust suit settlement in U.S. history

LOS ANGELES, Aug. 17 /PRNewswire/ -- In a
world where financial scams, schemes, meltdowns and fraudsters dominate
the headlines, Steve Lee
knows when a business deal, transaction or activity simply doesn't pass
the smell test.

As a forensic investigator, Lee helped lay the
groundwork for Discover Financial Services' landmark $2.75 billion
antitrust settlement against credit card giants Visa and MasterCard in
October 2008.

His firm, Steve Lee & Associates (SL&A) is among
the foremost companies involved in worldwide high-stakes litigation and
forensic accounting work. More like an economic swat team, this cadre
of highly skilled professionals solve complex commercial matters in
such areas as corporate and fraud investigations, loan workouts,
insolvency and reorganization, electronic discovery, computer security,
competitive intelligence, class action defense, transaction advisory
services and theft of intellectual property. Headquartered in LA, with
offices in NY, Chicago and London, SL&A has operated in more than
50 countries across the globe.

The Discover case turned on whether Visa and MasterCard
had essentially blackballed their smaller rival from doing business
with the big boys of banking - like Citibank and Bank of America. After
Discover received a favorable ruling on restraint of trade, Lee and his
team ideated and analyzed damages as a result of inequities in the
marketplace. They also undermined the defendant's experts. To do all
this, Lee re-created the financial landscape as if Discover had been
able to freely compete alongside Visa and MasterCard. Rather than face
a losing trial, at the 11th hour the credit card behemoths backed down,
resulting in the third largest antitrust settlement in U.S. history.

"We worked principally with Jeff Shinder, Managing
Partner of Constantine Cannon's New York office
. They were litigation
counsel to Discover," Lee says. "Jeff and his colleagues were brilliant
and they understood how to use our work as a lethal and effective
weapon in high stakes litigation."

Often times more CSI than CPA, Lee and his team
frequently conduct covert operations and clever detective work that may
include stings to recover ill-gotten assets. They follow the money and
the people trying to steal or launder it. "Our success depends on
having smart, creative people, sophisticated technology and perhaps
most important," says Lee, "a highly developed sense of professional

As the recent Madoff case attests, today's biggest heists
don't involve gun-toting, ski mask-wearing desperados. Lee has delved
into the shady business dealings of a real estate developer engaged in
a scheme to defraud lenders out of hundreds of millions in financing.
He has tracked down perpetrators of a Grand Canyon-size hole in the
network security of a Fortune-50 financial services company that, if
left unchecked, had the potential to ricochet throughout the entire
economy. His firm has penetrated the thought-to-be-impenetrable data
system of a gaming-industry giant, going so far as being able to leave
a business card taped to the inside of a mission-critical computer in
his client's network operations center.

The current economic morass comes as no surprise to Lee.
"In the boom times, we saw lots of merger and acquisition due diligence
work for banks, funds and Fortune 500 companies that was little more
than a paper exercise to cover the buyer's tracks in doing transactions
they had already decided to do," he says. "That policy was costly. The
thrust at the time was to get the deal done and don't worry about the
consequences. I fear that when this recession ends, it will be that way

    News contact:

Cindy Rakowitz
(818) 783-3307

Reblog this post [with Zemanta]

Jack Henry to Aquire Goldleaf

Jack Henry to buy Goldleaf

payments processor Jack Henry & Associates has agreed to buy
Goldleaf Financial Solution in a cash deal worth around $19.1 million.

acquisition of Goldleaf supports our strategy to acquire companies that
provide proven solutions that we can cross sell to our core bank and
credit union clients
, that generate new cross-sale opportunities among
our respective client bases, and that expand the specialized products
and services our ProfitStars division sells to virtually any financial
services organization regardless of core processing platform or size."

Read Article at Finextra

ProPay Implements End-to-End Data Security Platform

http://www.propay.comCredit Card Payment Security Goes Beyond PCI, Says ProPay

Removing Sensitive Payment Data is the Only Real Way to Remove the

LEHI, Utah--(BUSINESS WIRE)--In light of recent security breaches and announced plans by other companies in the industry to address End-to-End (E2E) data security solutions, ProPay has been implementing an End-to-End data security solution over the past several months. To that end, ProPay is announcing a complete End-to-End data security solution which reduces, and even eliminates, the risk merchants bear of having sensitive payment data compromised.

“Fees and fines for payment card breaches has cost companies millions of dollars in 2009, underscoring the need for companies’ End-to-End data security strategies to extend beyond PCI compliance,” says Gary Goodrich, CEO of ProPay, one of the first companies in the United States to offer a comprehensive End-to-End data security offering for the payment card industry.  (Editor's Note:  As is/was HomeATM when it engineered it's PCI 2.x certified E2EE platform)

The foundation of ProPay’s approach starts with removing the existing sensitive data from a merchant and then providing a means of accepting and processing payments that don’t require a merchant to store, transmit, or process sensitive payment data. From the point-of-sale where sensitive payment information is obtained, and a large percentage of credit card data is stolen, ProPay’s products and services safely capture the data and protect it throughout processing, transmission and storage. With this data removed from a merchant’s system, the merchant’s PCI scope is significantly reduced and the associated risks of losing the data are removed.

“ProPay believes End-to-End is much more than just encryption – it’s a full strategy that comprises security, compliance, storage, and single-vendor partnerships, as appropriate, to fit every organization’s individual needs,” continued Goodrich. “ProPay provides an End-to-End solution that we believe is unique in its ability to secure sensitive data by entirely removing it, while still enabling the merchant to perform their necessary business functions with the customer information.”

ProPay’s full E2E strategy takes a four-pronged approach:

  • E2E Security – From the
    point where sensitive payment information is obtained and throughout
    transmission, processing and storage of the data, ProPay removes
    sensitive payment information from the merchant so they never touch
    the data. Removing the data removes the risks.

  • E2E ComplianceProPay
    alleviates most of the merchant’s PCI validation requirements. Rather
    than having to deal with the burdens of evolving security standards
    and then hope that they are not breached, business owners can offload
    the information to ProPay, which specializes in the secure storage and
    handling of such sensitive data.

  • E2E Data StorageFrom
    payment card transaction data to financial, health care information
    and other sensitive personal information, ProPay ensures that
    sensitive data is archived and stored in a secure environment. A
    unique ID or token is used by the merchant for further transactions on
    the data.

  • E2E Single Vendor Partner
    – ProPay has more than a decade of experience providing simple, safe
    and affordable merchant payment solutions to its customers, having
    gained knowledge and expertise in all areas relevant to acquiring,
    issuing, processing, and storing sensitive data.

“ProPay has demonstrated an industry leadership position by ensuring continual compliance with the PCI standard as well as ensuring security remains a core competency of their organization,” said Chris Mark of the Aegenis Group. “ProPay developed the third generation ProtectPay and MicroSecure technologies specifically to reduce the risk to cardholder data and reduce the PCI DSS compliance burden of their clients.”

For more information about ProPay’s end-to-end suite of products and services, visit

About ProPay

Since 1997, ProPay has led the market in providing simple, safe and affordable credit card processing and electronic payment services for businesses ranging from the small, home-based entrepreneur to multibillion-dollar enterprises.

ProPay understands the unique needs of these businesses and has created merchant services specifically for them. With ProPay, merchants can set up accounts online and begin accepting credit cards without buying special equipment or making long-term commitments or investments. ProPay leads out in educating merchants about how to reduce or eliminate the risk of touching or holding sensitive cardholder data. The company also leads the payments market in the development of secure end-to-end solutions for protecting sensitive data and of alternative payment options that significantly reduce business costs.

ProPay is a privately held company, headquartered in Lehi, Utah. For information, visit


Snapp Conner PR
Clay Blackham or Josh Berndt



Reblog this post [with Zemanta]

Techmiso: Navy Federal's Online Banking Security Flaw

Navy Federal Credit Union Web Site Operating with Security Issue

Navy Federal Credit Union Login FormOnline
banking users are hopefully aware of the need to login to their banks
web-based system using secure means, such as via a web site protected
using SSL encryption. (Editor's Note:  "Yeah Right!" SSL encryption is is the more supposedly advanced  "EV SSL" encryption. (see my posts on the subject below)

Zusman and Sotirov have also demonstrated that the same flaw can be leveraged to launch browser cache poisoning attacks against EV SSL protected web sites. Both attacks can cause significant exposure and silently expose "encrypted" ...


EV SSL Sessions are Safe...Yeah Right! Part Deaux
Jul 14, 2009

They say it is, heck there was the https, then the SSL and after those were all breach they came up with EV SSL.
Well, what's next? How about just realizing that hackers will get past
any security you can come up with...unless it's done ...


Jul 08, 2009


Extended Validation (EV) SSL is considered by all to be more secure than SSL: Calls for widespread EV SSL implementation are on the rise as SSLExtended Validation Secure ... threats increase. Two years after its rollout, the "more secure"

Every legitimate bank offers such
protection, normally disallowing customers the ability to login via
unsecure means. But not every bank appears to be conscious of the
myriad of potential security risks associated with their site. Navy Federal Credit Union
is plagued by a huge security vulnerability on their web site and is
possibly the easiest bank on which to perform a phishing expedition

Updated – August 12, 2009: Added correspondence
from the RSA Anti Fraud Command Centre and SliceHost Support regarding
a take-down notice and trademark infringement claim. This little
article has apparently generated some interest and visibility by an
NFCU “security” contractor.

Updated – August 15, 2009
: The saga
appears to have come to an end as the RSA AFCC responds to SliceHost
after TechMiso stipulates the content was not infringing. The attack
dogs are ostensibly caged for now.

Read the full story …

Reblog this post [with Zemanta]

George Will: A Call for Online Poker

Government looks hypocritical over this game of skill.

George Will: A call for online poker |

Howard Lederer, aka "the Professor," is a professional poker player, not a gambler. If Congress will acknowledge this distinction, it will rectify a recent mistake.

In 2006, Congress, cloaking cunning with moralizing, effectively outlawed Internet gambling by making it illegal for banks or credit-card companies to process payments to online gambling operations. This was more than moral pork for social conservatives. It also blocked online competitors from poaching gamblers from the nation's most aggressive promoters of gambling -- state governments, which are increasingly addicted to revenues raised by lotteries and from taxation of other legal gambling.

Having turned gambling, which once was treated as a sin, into a social policy, government looks unusually silly criminalizing online forms of it. Granted, some people gamble excessively (although not nearly as many people as eat excessively). Granted, gambling becomes addictive to a small minority (although it is not nearly as addictive as smoking and drinking). Granted, gambling is morally dubious when it is only the unproductive pursuit of wealth without work (although gambling is productive of pleasure for tens of millions of Americans for whom it is a frequent pastime). But never mind whether government should try to tightly circumscribe a ubiquitous human activity that generally harms nobody.

Continue Reading

Reblog this post [with Zemanta]

Disqus for ePayment News