Tuesday, September 1, 2009

Bizzare (sic) Congratulations: "Your Site Passed PCI Scanning Test!

Don`t Look Now

New PCI data security rules coming in 2010 and threats of fines loom over web retailers

by Don Davis

Mark Wilson thinks it`s important to guard his customers` credit card numbers. But without an information technology specialist at his small online retail business, Night-Gear Inc., he had about given up on achieving compliance with the PCI security standards designed to protect cardholder data.

After months of notices from a security service that his site did not meet the requirements of the Payment Card Industry Data Security Standard—notices he struggled to comprehend—Wilson was prepared to go on paying the small monthly fines his processor assesses non-compliant merchants.

Then he received an e-mail saying his site had passed the PCI scanning test.  "It was a bizarre," Wilson says. "We get this congratulatory letter saying, `You`ve done it.` Well, what have we done?"

Continue Reading at Internet Retailer.com

Web.com and First Data Form Strategic Partnership

Atlanta & Jacksonville, Fla., Sept. 1, 2009--(BUSINESS WIRE)--First Data, a global technology and payments processing leader, and Web.com (NASDAQ: WWWW), a leading provider of online marketing for small businesses, today announced an agreement to provide small and medium-sized businesses with secure payment processing and online marketing and eCommerce solutions.

Web.com and First Data will provide a wide array of tools to help small and medium-sized businesses find, connect and transact with new or existing customers online. Businesses can work with Web.com’s team of experts to create and strengthen their Web sites through the effective use of search engine marketing, search engine optimization tools and eCommerce solutions. First Data’s suite of payment processing products and services gives merchants the ability to transact payments securely both online and at the point of sale.

“Web.com has the breadth and depth of products and the expertise to improve a business’s visibility online,” said Souheil Badran, senior vice president and division manager for eCommerce at First Data.

“Our customers know they can depend on First Data to provide superior eCommerce tools and services. Our partnership with Web.com allows us to expand our offerings to include products that meet our small business customers’ Internet marketing needs."

“By partnering with First Data, our customers have the ability to work with one of the most trusted and recognized electronic payment leaders,” said David Brown, chairman and chief executive officer, Web.com. “The current economic climate has encouraged our customers to recognize the increasing importance of eCommerce and the true value they can derive from cost efficient and reliable payment processing tools. As such, we’ve made it a top priority to provide them with the best multi-platform, diversified payment options available.”

Businesses interested in obtaining a free rate analysis, can call 866-739-4494. Additional information can be found at: http://www.web.com/firstdata .

About First Data

First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit www.firstdata.com .

About Web.com

Web.com Group, Inc. (NASDAQ: WWWW) is a leading provider of online marketing for small businesses. Web.com offers a full range of online services, including Internet marketing and advertising, local search, search engine marketing (SEM), search engine optimization (SEO), lead generation, contractor quotes, website design and publishing, logo and brand development and eCommerce solutions, meeting the needs of small businesses anywhere along their lifecycle. For more information on the company, please visit www.web.com or call 1-800-GETSITE.

Source: Company press release.

Reblog this post [with Zemanta]

Visa CEO to Present at Barclays Capital Global FS Conference

San Francisco, Sept. 1, 2009--Visa Inc. (NYSE:V) announced today that Joseph W. Saunders, Chairman and Chief Executive Officer, will present at the Barclays Capital Global Financial Services Conference in New York on Wednesday, September 16, 2009. The fireside chat will begin at 12:00 p.m. Eastern Time and last for approximately 40 minutes.

A listen-only audio webcast and replay will be accessible for 30 days on the Investor Relations web site at http://investor.visa.com/ .

About Visa Inc.

Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit www.corporate.visa.com .

Source: Company press release

Cynergy Data Files for Chapter 11

Long Island City, N.Y., Sept. 1, 2009 -- Cynergy Data today announced that it has voluntarily initiated proceedings under Chapter 11 of the U.S. Bankruptcy Code in the U.S. Bankruptcy Court in Delaware and is pursuing a sale process under Section 363 of the Bankruptcy Code.

Cynergy Data has entered into an asset purchase agreement with "stalking horse" bidder Cynergy Holdings, LLC, an affiliate of The ComVest Group, a private investment firm focused on providing debt and equity solutions to middle market companies, to buy substantially all of the company's assets. ComVest is a leading provider of capital to the financial technology markets and owns controlling interests in a number of companies in the electronic payment processing industry, including Pipeline Data, CardAccept, AirCharge, SecurePay and Northern Merchant Services. The asset sale is subject to an auction and Bankruptcy Court approval.

The sale process is expected to enable a sale of the business to ComVest or any higher and better bidder approved by the bankruptcy court on an accelerated basis, thereby creating a financially stronger business entity with less debt and more economies of scale that is better positioned for the future. Cynergy Data expects to complete the sale process in 90 days or less.

Cynergy Data's operations are open and the company is providing uninterrupted services to its network of independent sales organizations ("ISOs") and merchants during its restructuring and sale process. The company plans to conduct business as usual through the process and has asked for court approval to continue paying vendors, employees, ISOs and merchants in the ordinary course. At the conclusion of the bankruptcy sale process, Cynergy Data will emerge as a dynamic standalone company that will receive strong financial backing from ComVest.

According to Marcelo Paladini, chief executive officer of Cynergy Data, the Chapter 11 process will allow the company to continue providing its merchant credit card processing services while the business completes a structured sale of the company's assets. "We are grateful for the continuing support of our employees, vendors, merchants and independent sales organizations as we undertake our restructuring process. We expect to emerge from this process as a new company with a much stronger financial position focused on continuing to provide excellent, cost-effective solutions to our merchants and ISO partners," he added.

ComVest also anticipates tremendous opportunities for Cynergy Data. "ComVest is excited to partner with Cynergy Data to help the company restructure debt and emerge as a leading acquirer. We believe that Cynergy has a significant competitive advantage in its processing business offering superior service and technology to its many merchants and ISO partners. As a firm that has a great deal of experience in payments processing, we are committed to Cynergy's success in the future and look forward to partnering with Cynergy's management team in serving the industry for many years to come," said Pete Kight, managing partner, ComVest.

Cynergy Data has secured a commitment from its existing lenders for so-called Debtor-in-Possession (DIP) financing which it believes will provide ample liquidity to meet its ongoing obligations during the sale process. The company has filed customary "First Day" motions seeking Bankruptcy Court approval of various types of relief designed to support its employees, customers and suppliers during the sale process, including motions to allow the company to continue to pay suppliers under normal terms for goods and services; to pay its employees in the usual manner and to continue their benefits; to continue performing its obligations to merchants and ISOs without disruption; and to approve an auction and sale process.

The Company's legal advisor is Nixon Peabody LLP; its financial and restructuring advisor is CM&D Management Services LLC; its industry expert is Unicorn Partners, LLC; and its investment bankers are Stifel, Nicolaus & Company and Peter J. Solomon Company.

Additional information on the restructuring is available on the Company's website at

http://www.cynergydata.com/restructuring .

Review: False Layer of Security = Insecurity

This is the "Type" of Security That Will Empty Your Bank Account

Excerpts from the Economic Times

All one needs to do to make an unauthorized transaction from your card is to steal three security details,  namely your card number, card expiry date and 3-digit or 4-digit card verification value (CVV) number.  But now some banks are requiring a fourth step..."typing" a password.  (Why don't they just ask you to type in your social security number.  Only you know that right?  LOL)  The point is, you can type all you want...it doesn' make it safer, in fact the opposite is true...it just means you have to jump through more hoops to make a purchase.  Where's the convenience?  (I stopped looking for security long ago.  Why? 

 Because banks are still instructing you to "type!" your personal information into boxes in a browser. How dangerous is that?  Pretty dangerous based on yesterdays headline from Gartner which simply states:  Online Banking Dangerous!   Why?  Well, besides keylogging, just click on the box on the left to enlarge and see what has happened to the state of the malware threat from Janaury to July. Besides, it's clear from the paragraph below that the purpose of this "added layer of non-security" is to provide a false sense of one and to PIN the fraud liability on the consumer!
This is what bankers have to say on the subject:

1.   If the wrong password is entered as part of this extra authentication, the bank informs e-commerce merchant and if the merchant still goes ahead with the transaction, it becomes merchant’s liability

On the other hand, if the password is correct even if customer disputes the transaction, it is still a customer’s liability.”

(Hmmm...interesting.  It appears that from now on, fraud is now either the merchants liability or the consumers.  Didn't see a scenario where it was the banks, did you?
)  Stumped? Here's what does the new security layer implies for you as a cardholder. Editor's Note: It's no accident they wrote: "Implies"... (vs. Provides...because all it provides is the hacker the fourth layer of information to prove to the bank it's not them hacking into the account.)

“From the cardholders’ perspective, (Editor's Translation: "perception") another layer of protection gives a lot more comfort in terms of security for the online transactions using credit/debit cards . (reality: another layer of this type of non- protection simply provides another way for hackers to intercept financial data, whether it be via malware (see malware growth chart above right) keylogging, phishing, XSS, etc.

Though it will also mean you may have to go through another step to complete your transaction online (the extra step is only there to determine whether banks hold the merchant or consumer is liable for the fraud)  but doing that (from the banks perspective) is always better than having to deal with fraud and face the risk of losing your hard earned money,” says Basant Shroff, associate director, financial services — advisory services, Ernst & Young.

Editor's Note:

This is what I have to say on the subject

This is such Bullcrap!
  Adding another false layer of "bullcrap protection" will "only" provide a bullcrap "false sense of security" 

Adding another bullcrap step which they say will get rid of the bullcrap fraud actually provides hackers with "ANOTHER OPPORTUNITY" to steal your money. 

C'mon people!  Read between the lines on this one.  It's 100% BS..  Let me sift through the stink here. 
Consumers have fears about security, so they are cajoled, no scratch that, "fooled" into thinking online shopping is more secure because banks added another layer of "Emperor's Clothing." 

So, in reality, the only thing they have provided here is yet another step for hackers to steal passwords under the "false pretense"  of "enhanced security." 

Question:  If it's truly safer, then why have they covered their butt by stating that if the password is correct, (it doesn't matter if you dispute the transaction)...you are liable!   If it was truly secure, then they would assume liabiility! 

Talk about stanky!...open the windows, turn on the fan, spray some air freshener, scratch that, call in the fumigator!  This is Smoke and Mirrors,  plain and simple.

As per RBI figures, Indian banks lost out on almost Rs 37 crore in 12,959 credit card fraud cases reported last year.

(Editor's note:  Hence the introduction of a "third new layer" of authentication designed to shift bank  liability to merchants and consumers in a most "shifty" way. 

According to the article, "Some banks, in fact, have gone a step ahead creating the security wall."   (Editor's Note:  Wait til you read this one.  Are you strapped to your chair?  Because I almost fell out of mine when I read the folowing. 

For instance, while generating 6-digit PIN as an additional security layer at ICICI Bank, you are also asked to type a message, known as personal assurance message. (PAM).

(Editor's Note: Add an S to be beginning of that word and you'll find out how the bad guys will phish your PAM silly) This PAM is known only to you.
  (Editor's Note: Are they joking?  For how long?  Here's for how long.  Until you "type" it into a box somewhere....!)

When you type your credit card number on the merchant’s website, "IT" will take you (what/who will take me?) to the bank’s website to complete the transaction, where you need to "type" in the PIN, explains a ICICI Bank spokesperson.  
Editor's Note:  This is beyond bullcrap, it borders on insane.  What's so hard to understand that it's the stupid typing of their passwords, usernames, card numbers, this new "PAM" garbage, etc. that is the root of the problem.  So the NEW system now asks you to type, even more of your information into boxes and double/quadruple your chances of getting hit by fraud.

Another question:  What is this "
IT" that takes me to the bank's website?  It "IT" the web browser?  Is "IT" an API that simply takes you to another website?  There is NO WAY anyone could know whether or not they are being redirected to a legitimate versus a cloned bank website.

This is their idea of the future of ecommerce?  To increase risk by creating more steps which require more typing?

Why is that so "puzzling" for supposedly "learned" people to understand that the problem IS the typing?  See blog post entitled: "It's the Typing Stupid"

Suppose that after you "type" your credit card number on the merchants website, you are "redirected" to a "cloned bank website?"  Hackers can do this in one of many ways.  And how would you know?  The cloned website looks authentic.   The "https" says it's authentic.  (for those who think that still means anything) Maybe it will display their EV SSL certificate!    Ooops, nevermind.  Those were exposed last week. 

Anyway, once you get to either the bank website, you follow the bank instructions and "type" in your PIN.   Even if you ARE on the "legitimate" website, hackers can steal whatever you type.   If you are on a cloned bank website guess what happens after you "type" your PIN?  Did you say your bank account gets emptied.  Correct you are.

Now what?  You have to try and get your money back right?  Well, here's the bad news...according to this article, and I quote:
"if the password is correct and even if customer disputes the transaction, it is still a customer’s liability.”
  Oh...now I get it.  They just shifted the responsibility of the loss from the bank onto the consumer. So, I guess this post is directed at consumers:   "If you expect a secure eCommerce transaction, you won't "type" anything into the browser.  It's really not that hard to understand.  Is it?   If it is, take a look at some of the related articles below.

How Can HomeATM's Technology Help? 
HomeATM is proud to offer consumers the immediate availability of our PCI 2.x Certified SafeTPIN, a personal credit/debit card reader that keeps your credit card information and identity completely safe when you’re banking or shopping online. Simply plug the SafeTPIN into your computer’s USB port, (no software or driverss needed) visit your favorite online banking site and swipe your card and enter your PIN exactly like you would at an ATM.  There is no safer way to log in to your online banking account.  When it comes to shopping, just visit your favorite shopping site, swipe your credit card and the SafeTPIN scrambles and 3DES encrypts the user’s track2 data  before it reaches the user’s computer or Internet providing instant protection from malicious software attacks. 

HomeATM provides complete End to End Encryption (Zones 1-4) for Track2 data. (to the Card Brands) PIN Debit transactions via HomeATM provide 100% "Zone 1 through Zone 5" (including Card Brands) End to End Encryption.

Regarding our PIN Debit transactions...there is not an ePayment method that is safer.  Period.  The ONLY PCI 2.x PIN Entry Device designed for eCommerce in either hemisphere.  With HomeATM's solution, the consumer will NEVER TYPE.  HomeATM has a pending patent on assigning PIN's to credit cards via our PIN MY Card application.    

Weapon of Phish Destruction - The HomeATM

The following is a reposting of an article I did on August 20th, talking about how banks should stop giving away your log-in details by requiring you to type vs. swipe.  (in this particular case, Citi could save $88 bucks by giving away our PCI 2.x Certified persona magnetic card/PIN Entry Device) vs. giving away $100 bucks.  

HomeATM's Weapon of "Phish Destruction"...

There a lot of banking promotions cropping up designed to "lure" customers over.

Want to lure them over? Use phishing. Did I just say "use phishing" to lure them over? I did.

$100 isn't going to do it. When it comes to innovative marketing ideas, bribing a customer has never been near the top of the list. But...instead of customers being lured away from your bank by becoming a victim of phishing, "lure" them to your bank by using "phishing" as bait. It'll work hook, line and sinker.

Here's what I'm thinking. How about running an innovative promotion in which a bank guarantees their customer is 100% protected from phishing. If you lure them by protecting them from the bad guys (which would also protect the $1000's, not $100, of dollars in their bank account), you would attract more customers than $100 would attract AND, at the same time, enhance your bank's image. It's all about security. Here's proof:

HALF (49%) Would Consider Changing Banks Following Card Fraud...22% "Would" Change Banks!

Editors Note: Wow, if I was a financial institution offering "online banking"that headline would haunt me 24 hours a day until I figured out a wayto either change it or use it to create an opportunity for my onlinebank to flourish.

My first thought would be: "If 50% would consider "changing banks AFTER" they get hit by card fraud/onlinebanking/phishing fraud, how many would consider "changing banks" to"AVOID" getting hit?

And to which competitor would they go?

I'd conclude that if they "left because of insecurity" they would probably "come on board BECAUSE of security."

Soif I wanted to open a portal for dissatisfied online banking customers,I would use a uniquely positioned product to ensure my customerssecurity. I'm thinking Swipe vs. Type here. Then I would think...howmany potential customers could my bank procure by "guaranteeing" onlinesecurity? Research would determine if it was millions or only"Hundreds of Thousands." I think I made my point. If not, I challenge you to continue reading...

Banks have a "serious issue" with phishing and I am suggesting that there is a low-cost solution to completely eliminating this on-going threat.

Eliminate typing and you'll eliminate phishing. First a quick backgrounder...

The nature of this beast known as "phishing" is to lure these onlinebanking folks, with a sophisticated and genuine looking trap whichincludes genuine looking emails which provide links to genuine lookingsites. (a new "type" of bait and switch)

Once there, users are simply instructed to do what they've been programmed to do since day one with online banking. And therein lies the problem...
They are told to "type" in their username and password to log-in.

Problem is, once they "type" in their "username | password" they provide full access to their accounts to the phisheries.

Ifyou haven't figured it out already, (something phishy goin' on here) allow me to point out the majorflaw in this process...

If online banking customers had not beenoriginally programmed to "type" anything into a box the first place, then this type of phishing would not have cropped up in the second place. A simple case of "cause and effect."

Case in point: Imagine if you will, that when ATM's first came out, users were instructed to "make up" a username and password for whichwould have provided full access to ATM's? How smart would that havebeen?

Fortunately the banks were smarter than that and they required that their ATM customers insert their card into a built-in card reader AND enter their PIN. Two factor authentication 101. What you "have" (card) and what you "know" (PIN)

Why should it be any different for online banking log-in?

What has happened since then to make them believe "typing" is safer than "swiping?" Why are they suddenly dissin' the card?

Window of Opportunity

Instead of dissin' the card, I say "DISCARD" the antiquated username and password log-in process and instruct customers "USE THEIR CARD" (what they have) and their PIN (what they know) thereby replicatingthe exact same process these customers use gain access to an ATM.

True2FA. The only difference would be that authentication would be done inthe safety (no skimmers/no cameras) of the online banking customers own home...with a PCI 2.x certified (not compliant..."certified") personal PIN Entry Device. (providing 2FA 3DES E2EE DUKPT Security)

If the online banking community introduced their customers to a simple(not) new log-in process, one whereby they require that theironline banking customers log-in the "same way" they do at ATM's...by "swiping" with "THEIR CARD, and securely entering "THEIR PIN" they would greatlyenhance the security of their online banking sites.

This two factor secure log-in would eliminate the issues they arehaving with these phishing attacks altogether. A secure 2FA 3DES E2EE DUKPT log-in would also eliminate threats created by cloned bank websites, cloned cards, DNS Hijacking,etc. The data is never in the clear...so when it comes to becoming a victim of fraud, your customer is in the clear.

In effect, banks would be arming their online banking customers with aweapon of phish destruction, one that fights cybercrime and "empowers"them as mini-profit centers. Does anyone disagree with the statementthat "Bill Payments, Money Transfers, and secure online transactions"ALL make money for banks? (again, see previous post)

That said, I humbly suggest it's high time to "studythree key issues" more closely.

Let's look at "these issues" one at a time:

  • Bank "ISSUES" the Card,

  • Bank "ISSUES" the PIN,

  • Banks ISSUES a $12 PCI 2.x Certified 2FA 3DES E2EE DUKPT Secure Card/PIN Reader

$12! Yes (in quantity)...banks could save $88 per customer (compared to Citi's offer above) and PROTECT their customer. Protect them from what? Did you know that the average phishing attack costs the bank and thebank customer $350. Want proof?

Okay, here it is from Gartner Research:

According to research firm,Gartner, banks, online payment organizations and other financialinstitutions are bearing most of the financial cost of phishingattacks.

(A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.)
The average loss was $352 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved. (sounds like the $100 bribe above is lost in the first phishing attack to me)

"The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner.
(Yes, the very same Avivah Litan who says "never" enter your PIN on the Internet unless it's hardware based)

Want to read more on this subject?...click here.

Reblog this post [with Zemanta]

Watch This!

For your amusement:

Wanted: Consumers Using Signature Debit...Reward!

Excerpt from USA Today:  As more consumers whip out debit cards, issuers are rolling out new rewards programs and enhancing old ones in hopes of boosting card spending.  (Editor's Note:  Of course the banks are going to roll out rewards programs for signature debit.  These banks earn tons of cash ($38 Billion last year alone) on signature debit overdraft charges as well as significantly more on signature debit's Interchange Fee which is much higher than PIN Debit because it's up to 15 times more insecure.  Next time you hear someone say there needs to be a balance between convenience and security, tell them they're nuts...or at least ask them "why do you keep saying that?"  Where's the balance between security and convenience at airport security?  Do we mind?  No.  Why?  Because it keeps us safe.  There's numbers in safety...

Debit card transactions have grown rapidly in recent years, but the recession has accelerated the trend. In the fourth quarter of 2008, U.S. debit spending exceeded credit card spending for the first time, says Visa. That continued in the first quarter of 2009 with $202 billion in debit card purchases and $176 billion on credit cards.

Brian Riley, a research director at TowerGroup, a research firm, believes that debit card use will continue to grow as the economy recovers. Debit cards provide a convenient way for consumers to pay for their purchases, he says. Banks are also making it more rewarding for consumers to use their (signature) debit cards in hopes of boosting profits. When consumers use (signature) debit cards, merchants have to pay banks up to 2.1% to process the transaction, says The Nilson Report.


Reblog this post [with Zemanta]

Online Banking "Dangerous" - Gartner

Gartner States that Online Banking is "Dangerous" in newest analysis:

On 24 August 2009, the Washington Post's Security Fix blog reported that the Financial Services Information Sharing and Analysis Center (FS ISAC) — an industry group created by a U.S. presidential order to share data about critical threats to the financial sector — had issued a confidential alert to its members, which include the Federal Reserve, the New York Stock Exchange, Citigroup, Morgan Stanley and Goldman Sachs. The FS ISAC alert urged business bank customers to "carry out all online banking activity from a stand-alone, hardened, and locked-down computer from which e-mail and Web browsing is not possible."

Editor's Note:  Why dedicate a stand-alone, hardened and locked-down computer from which e-mail and Web browsing is not possible, when it would be safer, more cost-effective and more useful to utilize a PCI 2.x Certified "stand-alone" device which not only provides multi-factor authentication, but also provides "real-time" money transfer, B2B payments and more? 

The FS ISAC issued its alert in response to reports from financial institutions, security companies, the media and law enforcement agencies of "a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses."

Editor's Note:  Again, exploitation is relative to how you conduct funds transfers.  Agreed, you cannot use a PC from which web browsing is possible, but you can utilize a device which doesn't use the web in the first place.

The FS-ISAC warning calls into question the safety of online banking...and confirms that criminals are winning the cyber war against financial institution account holders....

Criminals raid these accounts for millions of dollars (no estimates are available for the total amount of money stolen, (but Gartner believes it could be very large) by planting trojans on user desktops to steal account credentials and transfer money to criminals' accounts. Especially problematic aspects of these incidents include:
  • Lack of disclosure by banks to shareholders and account holders, who must learn about these incidents from media reports

  • Criminals' practice of targeting business accounts, which are typically larger but enjoy less protection under the law than consumer accounts.

  • Lack of protection afforded by current antivirus and anti-malware software running on users' PCs, and users' failure to keep their protection software updated.

  • Criminals' ability to circumvent strong user authentication, which includes using dedicated one-time password tokens issued by the bank to business users.

  • The new level of sophistication in reconnaissance, asset acquisition and exploitation demonstrated by these attacks, raising the possibility that ex-intelligence, paramilitary and military personnel are working with traditional organized crime groups.

These multistage attacks do more harm to customers than large, well-publicized credit card breaches. When cards are stolen, regulations typically require reimbursement of customers for unauthorized charges. In money transfer attacks, business users are unlikely to recover the bulk of their stolen funds.

  • Don't rely solely on the strength of user authentication if the authentication is communicated through a PC browser.

Editor's Note:  Which is why HomeATM doesn't use the web browser for authentication, but instead utilizes the only PCI 2.x Certified PED in the world to instantaneously encrypt the authentication credentials and transmit the encrypted data using the Internet (not the web) as a conduit. Is it safer this way?  You can bank on it!

Reblog this post [with Zemanta]

Boku Press Release

Sep 01, 2009 08:00 ET

BOKU Sets the Standard in Mobile Payments, Announces Arsenal of Online Games, Social Networking and Facebook Application Customers

Publishers Choose BOKU for High Conversion Rates, Sophisticated Technology and Coverage in 55 Countrie
SAN FRANCISCO, CA--(Marketwire - September 1, 2009) - BOKU, Inc., the standard for online mobile payments, today announced an extensive group of merchants and publishers who have selected BOKU for its convenient, bank-grade payment solution. Spanning the social and casual gaming, social networking and application spaces, these companies use the BOKU™ service to sell digital goods and services to their global customers. The service allows over 1.8 billion potential consumers to shop online and purchase virtual goods and digital content easily and securely using their mobile phone.

In addition, BOKU announces it is going live in the next week with its payment service in Indonesia, New Zealand, Slovenia and Taiwan, bringing the company's global reach to 55 countries.

Continuing on its recent success, BOKU has attracted an impressive set of customers, including Aeria Games, Badoo, fatfoogoo, Gambit, Games-Masters (Cabal Online), HitGrab (MouseHunt), Hive7 (Knighthood), Hi5, IceBreaker, IGG, Jambool, K2Networks/GamersFirst, Meez, Offerpal, PageFad (Premier Football), Playfish, Slide, Sometrics, Super Rewards, TheBroth (BarnBuddy), Three Rings, TrialPay and WeeWorld with more going live soon.

These publishers have chosen BOKU as a complete, online payments solution that offers analytics reporting, flexible billing and pricing, fraud and security management and greater revenue opportunities to partners in the USA and worldwide. Additionally, the company's global reach, leading technology platform, seasoned executive team and tier one investors set it apart from all other players. Today, the company has over 1000 customers that use BOKU as their mobile payments provider of choice.

"After switching to BOKU for mobile payments on Meez, we saw a dramatic increase in revenue," said John Cahill, CEO of Meez. "BOKU is leading the charge in alternative payments methods and we're extremely satisfied with their offerings -- not only to Meez as a company, but to our customers, as well."

"We chose to add BOKU for mobile payments for our 6 million gamers to pay for virtual goods," said Vu Hoang, co-founder of Aeria Games. "BOKU is an important and growing part of our business worldwide. They have great conversion rates and customers are quick to choose it as a payment method because of its ease and simplicity."

"Mobile payments for digital goods is one of the fastest growing segments of mobility," said J. Gerry Purdy, Ph.D., VP & Chief Analyst, Mobile & Wireless at Frost & Sullivan. "BOKU is clearly one of the early winners in this fast growing market with impressive customer wins and millions of transactions per month. We see billions of digital assets being purchase via mobile phone in the next few years."

"Since our launch this summer, BOKU has seen a tremendously positive response from the publisher community worldwide," said Ron Hirson, Co-founder and Senior Vice President of Product Marketing for BOKU. "In addition to seeing impressive revenue growth for our customers, BOKU itself has seen strong growth as it continues to set the new standard in mobile payments and further expand its international reach."

Watch a demonstration of how easy and safe it is to pay using BOKU.

About BOKU:

BOKU is creating the standard for online payments using your mobile phone, making it easy to pay for digital goods and social experiences across the web. With a strong focus on reliability and security, BOKU's goal is to bring bank-grade payments technology and mobile users together on the web, creating a trusted, viable and accessible market for consumers, publishers and carriers alike. Based in San Francisco with offices in Europe, Asia and Latin America, BOKU reaches over 1.8 billion consumers worldwide, and is funded by leading Silicon Valley entrepreneurs and venture capitalists Benchmark Capital, Index Ventures and Khosla Ventures. For more information, please visit boku.com.

BOKU and Pay by Mobile are registered trademarks or trademarks of BOKU, Inc., and/or its subsidiaries. All other brand names, product names, or trademarks belong to their respective holders. BOKU reserves the right to alter product offerings and specifications at any time without notice.

In Case You Missed It...Web/Online Banking Not Safe!

In the last two weeks, it should have become clear to everyone that Web Security is shot and online banking authentication, including One-Time Passwords (OTC's) and Transaction Authorization Numbers (TANs) needs to be.

40% more consumers are afraid to enter their personal details into web sites than last year, phishing has graduated to Trojans, no website is safe and we're still typing. Meanwhile, Hackers have created "real-time" Keylogging...meaning that even if we "create temporary numeric passwords that get changed each minute, the probelm is that the hacker/attacker now gets the same password immediately." Nice!

Below are links which review some of the posts that cover recent "uncoverings."
If he you have the time, read them and you'll be as convinced as I am that we need to stop typing and start swiping.

Older to Newer: Recent PIN Payments News posts Regarding Web and Online Banking Insecurity

Web Insecurity Part Deaux (Don't...Trust It)

MasterCard vs. Visa: Dueling Compliance Philosphies

Malware Aimed at Stealing Bank Log-In Credentials Growing

ONO! Huge Security Hole on the Web

Bi-Annual Web Hacking Report Released by Breach.com

Credit Card Scam Raises New Web Security Fears

What Causes Financial Fraud? (It's the Stupid Typing!)

Card Fraud Expected to Increase in US...Yet We're Still Typing and Hackers are Still Swiping!

HomeATM's Weapon of "Phish Destruction"...

Did You See the HomeATM Finovate Startup '09 Live Demo?

Attempted Card Not Present Fraud in China up 60%

Experts: More Heartland Style Breaches Expected: This is Probably Just the Start!

Hacker Costs Keep Growing

Hackers Exploit Evolving Web

The HomeATM Solution

Real Time Keylogging Makes OTP Log-In Obsolete (If you Type it...They will Come!)

Online Banking Fraud Worse Than We Think (and we think it's BAD!)

Browsers are to Hacking what Fuel is to Race Cars

As Predicted, It's Getting Worse...Not Better!

Skimming Prevention: Best Practices for Merchantsl

Top 11 eCommerce Paradigm Shifters Put HomeATM in Gear

IBM: Unprecedented State of Web Insecurity - No Such Thing as Safe Browsing

Online Banking Insecure...Only 1 Bank Rated Excellent

FDIC: Online Banking Flawed

HomeATM Provides the "Inevitable" Solution Now

Not the "Type" of Two Factor Authentication we Need...

Disqus for ePayment News