Sunday, August 30, 2009

PIN Payments Blog on Zimbio

The PIN Payments News Blog is now also available on Zimbio under the Wikizine:

ePayments News

Or, continue to read the advertisement

free version here at:


HomeATM: "Inevitably For Our Own Good"

Here's an excerpt from an article written by Rhodi Mardsen which unequivocally states the reality of what it takes to secure online banking and credit/debit card transactions conducted online.  It's the economy typing stupid! Don't Type: Swipe!

HomeATM encrypts the card details so that hackers only find "random gobblygook" and manufactures the "only device" designed for eCommerce to be PCI 2.x Certified.   We did it because "it's for your own good."  The shift towards everyone using a HomeATM to conduct secure transactions and online banking continues...

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password (or typing "anything" into online banking sites or merchant checkout) just because we are "instructed to.")  – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, (sounds like he has one...Clu that is) from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

Editor's Note:  HomeATM believes that they shouldn't even be stored.  This is why HomeATM instantaneously encrypts the card details (including the Track2 data).  By doing so the Internet Retailers (IR) never store it, in fact never even handle it. This provides three distinct benefits.  1.  It  keeps the data safe, 2.  instantaneously places the IR within the realm of  PCI compliance and 3. protects the IR from significant fines which would be levied against them by V/MC in the event of a breach.  Those are three pretty significant benefits...but first, we have to eliminate typing. 

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else.

"We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

Source: Independent

Reblog this post [with Zemanta]

You Say You Want an Evolution?

Fraud Schemes  Evolving Payments Instruments

While some of the latest schemes borrow from scams
past, today’s fraud schemes are as sophisticated as banks’ most
advanced payments systems. And stopping them is still a challenge.

Maria Bruno-Britz - Bank Tech

Payments: Facing the Challenges

Evolving Fraud Schemes Keep Pressure on Evolving Payments Instruments
Retail Payments Risk Forum Collaborates to Fight Payments Fraud
The SEPA Direct Debit Scheme and the Payment Services Directive Pose Challenges and Opportunities

Name a payment method and there is probably some scheme to defraud it.

Since the Chinese introduced paper money,
banks have been concerned about fraud. More than a thousand years
later, payments fraud continues to haunt banks, consumers and

"Fraud is still rampant," comments Paul Sussman, VP with First
Manhattan Consulting in New York. "The majority of businesses over $1
million in revenue are going to be exposed to payment fraud, and almost
every bank is being hit by fraud today.

From simple "Dumpster diving" to organized crime rings that rely
on complex computer programming, fraud scams grow in sophistication to
match the evolution of payment forms. "Fraud trends continue to
evolve," notes Douglas Twining, director of fraud services for
Cleveland-based KeyBank ($99 billion in assets)....

click box to continue reading this or other articles...

Disqus for ePayment News