Thursday, October 8, 2009

Capping Interchange Could Hurt Consumers - The Economist

Editor's Note: Earlier today I linked to the hearings on Interchange. The media has blasted the public with 7-Eleven's one-sided petition drive.

I covered the questionable tactics used by 7-Eleven to entice customers to sign a petition that might wind up costing money to the very consumers who signed it.  Currently the merchants are complaining because they are what JCR of Toulouse describes as "caught" but soon, based on what happened in Australia, it could very well be the consumers...who are the ones caught paying higher prices...

As a rule, the side that bears more of the cost of bringing both sides together is the one that is least reluctant to paythe side that Jean-Charles Rochet of Toulouse University, an expert in two-sided markets, describes as “caught”.

For the Record...there are always...

Two sides to every story
  - The Economist

Capping credit-card levies on retailers and other merchants could hurt consumers

WHEN finance is not being blamed for wrecking the economy, it is being attacked for profiteering. Earlier this month the 7-Eleven chain of convenience stores in America presented a petition with more than 1.6m signatures to Congress, calling for a reduction of the fees levied by payment-card firms and their member banks each time a purchase is made using plastic. The House of Representatives is mulling a bill that would cap these “swipe fees”, known in the industry as merchant-interchange fees. In America these are 1.5-2% of the price of an average purchase, which is high by rich-world standards. Retailers grumble that the charges inflate their costs, which they are forced to pass on to consumers—even those who choose to pay by cash.

The case for tight regulation seems strong, at first glance. In rich countries, where paying by plastic is now commonplace, the firms that run card-payment systems look like other utilities, which have long been subject to price caps. Visa and MasterCard are associations run on behalf of their member banks. Competition officials are usually wary of such shared ventures but accept that it is more efficient for rival banks to band together in one network in order to process payments and settle accounts. A common fee structure stops members from abusing the rule that retailers must take all cards issued with the association’s brand. It also obviates the need for countless bilateral deals between thousands of banks. Even so, regulators still fret that banks might use their combined heft to overcharge.

They, (regulators) need to tread carefully.

Editor's Note:  Otherwise they'll wind up going nowhere..."fast?"

Judging how much credit-card firms ought to charge for their services is trickier even than setting the right price for water or energy supplies.

That is because the payment-card system is a “two-sided” market.

What sets this type of enterprise apart is that it caters to two distinct groups of customers. Consumers will sign up for a credit-card brand if it is widely accepted as a means of payment. Merchants will more willingly accept a card if lots of consumers use it.

Building up a two-sided market, and balancing the needs of each side, require pricing strategies that would make little sense in more traditional, one-sided industries.

Charges may have little relation to costs and often lean to one side of the market. For instance, outfits that act as matchmakers for lonely hearts (dating clubs, singles bars, and so on) often levy higher charges on men than on women. They judge that single men will be keener to join clubs that are visited by lots of women. Computer operating systems make more money from users than from software developers. Most media outfits rely on a mix of charges to both sides of the market that is tilted towards advertisers. Broadcast networks and some local newspapers provide their wares free and charge advertisers for access to consumers. Others are now opting for a one-sided business model, without advertisers, where consumers pay directly for news and programmes.

Skewed pricing is one solution to the central challenge of two-sided industries: how to lure one set of clients with the promise of custom from the other. In its early days, the Diners Club card took a hefty 7% cut of the tab from restaurants that accepted it. They did so because the eateries were given privileged access to the wealthy New Yorkers who had been given the card free. With one side on board, Diners Club found it easier to charge the other. As a rule, the side that bears more of the cost of bringing both sides together is the one that is least reluctant to pay—the side that Jean-Charles Rochet of Toulouse University, an expert in two-sided markets, describes as “caught”.

But because finding the right mix of charges is so crucial to a successful two-sided business, regulating prices could upset a delicate balance. It is hard for firms to know what the “right” prices are in two-sided markets. Cut charges on one side and it will raise them on the other, chasing customers away and making the business shrink.

Not going Dutch

Trustbusters are nevertheless suspicious of a credit-card business model, where one side covers all of the running costs. That looks sinister on two counts. First, in mature markets merchants may have little choice but to take the main credit cards. If so, it may allow the big brands to overcharge, pushing merchants’ profits down and consumer prices up. Second, to the extent that card issuers use some of their excess profits from interchange fees to compete for cardholders—through lower fees, loyalty schemes and other benefits—a hefty swipe fee could distort the payments markets by favouring credit cards over other forms of settlement, such as debit cards, cheques or cash.

Even so, that does not add up to a compelling case for regulation, since it is hard to see how consumers could be made better off. The tentative evidence from Australia is that caps on interchange fees for retailers have not been offset by any gain in the form of lower consumer prices.

If interchange fees merely shift economic rents from merchants to card firms, then that is not a concern for competition policy (especially if some of the rents end up washing back to cardholders). It is true that interchange fees facilitate credit-card usage, which can encourage indebtedness with all its attendant problems. That makes them a tempting target for crisis-burned regulators. But if consumer debt is the problem, tinkering with swipe fees is the wrong way to tackle it.

Reblog this post [with Zemanta]

Verifone and Heartland Engage in E3 Dueling Lawsuits

Encryption debate heads to court

The Green Sheet: The race for card data security superiority has taken an unusual turn with two of the most vocal corporate advocates taking each other to court. Terminal manufacturer VeriFone Holdings Inc. was the first to get its points on the record by filing a patent infringement complaint against Heartland Payment Systems Inc.

At issue in the case is a patent acquired by VeriFone when it purchased Lipman Electronic Engineering Ltd. and renamed it VeriFone Israel Ltd. The patent (US 6,853,093 B2), issued in 2005, covers what is described as "anti-tampering enclosure for electronic circuitry." In its complaint, which was filed Sept. 9, 2009, with the Federal District Court for the Northern District of California, VeriFone Israel asserted that a new card terminal Heartland wants to import and distribute in the United States, under the Heartland NP3000 moniker, infringes on that 2005 patent.

Dueling lawsuits

A week later, Heartland's attorneys were at Mercer County (New Jersey) Superior Court accusing VeriFone of trying to sabotage Heartland's efforts to develop and bring to market POS terminals that support end-to-end encryption of card and transaction data.

Heartland, one of the top bankcard acquirers in the United States, is headquartered in Princeton, N.J. The company became a vocal champion of end-to-end encryption after it was discovered in early 2009 that it had suffered a major data security breach despite having been deemed in compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS details the industry's baseline requirements for securing credit and debit card data.

Heartland's end-to-end encryption efforts, known collectively as the E3 Project, reportedly employ the highest level of encryption security available today. Heartland expects it will eventually replace the Data Encryption Standard (DES) and Triple DES methods for securing payment card data.

Heartland's complaint

In its complaint, Heartland said it has spent "significant time, money and effort" working with a Taiwanese manufacturing firm, Unelectra International Corp., to develop E3 terminals. A successful test of one such terminal was completed in June 2009, the complaint said, and Heartland planned to introduce it to the U.S. market as the Heartland NP3000 during the third quarter of 2009.

VeriFone insists the Heartland NP3000 infringes on its 2005 patent, and that Heartland was aware of this fact but chose to ignore it. Asked about this claim, a Heartland spokeswoman told The Green Sheet, "Heartland respects the patent rights of others and has strong defenses to the allegations in VeriFone's complaint."

The lawsuit filed by Heartland, meanwhile, alleges that VeriFone and its CEO Douglas Bergeron have "engaged in an unlawful and tortuous campaign to punish Heartland and injure competition," and it accuses VeriFone of a "xenophobic determination to prevent Heartland from obtaining the next generation of secure POS terminals from manufacturers in Taiwan and China."

Among its specific allegations, Heartland charges that VeriFone has refused to do business with Heartland and will neither sell terminals to nor support existing VeriFone products used by Heartland and its clients until it abandons plans to import the UIC terminals. Heartland also alleges in its complaint that VeriFone has put the squeeze on companies working on Heartland's E3 Project, even threatening to put some out of business if they do not cease working on that project.

Cases pending

Reached for comment, a spokesman for VeriFone described the litigation against Heartland as "a simple case about IP [intellectual property] infringement" and added that "VeriFone has already announced that is committed to licensing the VeriShield Protect end-to-end encryption solution to the payments industry."

VeriFone's spokesman also mentioned the company's Sept. 30 announcement that it had become the lead investor in Semtek Corp. by doubling its investment in the technology developer and acquiring an option to purchase Semtek's remaining shares in the future. He also noted that the companies had entered into an expanded, worldwide agreement calling for "open licensing of the Semtek encryption technology to all other point of sale hardware vendors."A spokeswoman for Heartland, meanwhile, insisted the New Jersey firm is "taking appropriate legal measures to protect our merchants from unfair and exploitative business practices" and "making E3 quickly and widely available to merchants."

First Data And PayPal Team Up To Offer New Online Payment Services For Star® Network Cardholders

ATLANTA and SAN JOSE, Calif. - Oct. 08, 2009 - Global electronic commerce and payments processing leader First Data today announced an agreement with PayPal that allows debit cardholders in First Data's STAR® Network to quickly link their STAR debit card to a PayPal account online. First Data's STAR Network is the first electronic funds transfer network to offer this innovative service to its member financial institutions.

With the STAR Online Partner service, consumers can enroll for a PayPal account through their financial institution's Internet banking site, and, once registered, immediately use their debit card to fund their PayPal account to make online purchases without having to enter debit card account information or expose their debit card number to merchants for each purchase. Member financial institutions provide authentication for the cardholder, adding an extra layer of security to the account.

According to the 2008 Study of Consumer Payment Preferences conducted by Hitachi Consulting and the Bank Administration Institute (BAI), consumers are not as comfortable using a debit card for online shopping versus other payment methods such as credit cards and prepaid cards. The study, of which First Data was a sponsor, also showed that while credit cards have the highest penetration of all payment methods on the Internet, both debit cards and Internet payment services such as PayPal, have the second highest penetration levels among online shoppers.

JM Associates Federal Credit Union, a member of the STAR Network, participated in a pilot program earlier this year. President and CEO Jim Ryan said, "We want to be able to offer our members security and peace of mind when making online purchases. The STAR Online Partner program allows us to provide that service, while at the same time building member relationships through promotion of our brand with every transaction."

"This innovative new service helps address consumers' fears of using a debit card online because it allows STAR members' customers to securely use their STAR-branded debit card to fund their PayPal accounts," said Julie Saville, vice president, STAR Network. "As more and more consumers move to online shopping and banking and we continue to see an increase in e-commerce, this new service gives our issuing financial institutions one more way to grow relationships with their customers, reduce their costs and increase revenues."

"First Data's STAR Network is the first company to use the PayPal Debit Access service which we are introducing to financial institution networks globally," said Jack Stephenson, senior vice president, PayPal. "This new relationship is a great example of how financial services leaders such as First Data and PayPal can come together to offer new, innovative services to consumers who want to shop online."

About First Data

First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit

About PayPal

PayPal is the faster, safer way to pay and get paid online. The service allows members to send money without sharing financial information, with the flexibility to pay using their account balances, bank accounts, credit cards or personal financing. With more than 75 million active accounts in 190 markets and 19 currencies around the world, PayPal enables global ecommerce. PayPal is an eBay company and is made up of three leading online payment services: the PayPal global payments platform, the Payflow Gateway, and Bill Me Later. More information about the company can be found at

Media Contacts:

First Data

Nancy Etheredge



Jamie Patricio


Cardlytics names SVP of Bank Sales

Atlanta, Oct. 8, 2009 -- Cardlytics, a provider of targeted, card-based, merchant-funded rewards technology, has added former CheckFree vice president, David Torgerson, as senior vice president of Bank Sales.

Torgerson is a proven industry innovator and patent holder for payments technology with 18 years of sales experience. Prior to Cardlytics, he served as vice president of Electronic Billing Solutions for CheckFree. In that role, Torgerson led the sales strategy for the company’s payment, electronic billing, and remittance processing products to top banks and merchants. He also led the launch of eBill Direct, a system that enabled Web site billing and payment capabilities.

“David Torgerson is much more than a seasoned sales executive,” said Scott Grimes, CEO and founder of Cardlytics. “He is a proven innovator in every sense and his close working relationship with major clients led to the development of many new successful product lines at CheckFree. David is a significant asset to the Cardlytics team.”

“Cardlytics has created an approach to debit rewards that has been proven to deliver rewards that people want and that banks can easily deliver,” said Torgerson. “It is exciting not only to work with such an amazing technology, but also with a team that has a reputation for innovation in the payments industry.”

Torgerson also served as vice president of Strategic Sales for Denver-based First Data. He has a bachelor’s degree from Otterbein College in Westerville, Ohio.

About Cardlytics

Through a highly-relevant, "market-of-one" approach, Cardlytics provides banks with a new way to provide rich rewards to customers by providing targeted, appropriate merchant-funded offers based on their individual purchase behavior, helping consumers realize savings of hundreds of dollars per year on the products they purchase every day. Cardlytics is redefining card rewards programs through its multi-channel platform that can extend offers to bank customers through the breadth of the bank’s electronic channels including online banking, SMS, e-mail, mobile, online-mall and social networks. For more information about Cardlytics, visit .

Source: Company press release.

Fortinet Joins PCI Security Standards Council

SUNNYVALE, CA -- (MARKET WIRE) -- 10/06/09 -- Fortinet® -- a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions -- today announced that it has joined the PCI Security Standards Council as a participating member. The PCI Security Standards Council (PCI SSC) is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS).

The mission of the PCI Security Standards Council is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc.

As part of the PCI Security Standards Council, Fortinet will have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and join a growing community that now includes more than 500 organizations. Fortinet now has the option to incorporate the latest PCI standards in its line of network security hardware appliances including its flagship FortiGate product line. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an organization's best protection against data criminals.

"The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data," said Bob Russo, General Manager of the PCI Security Standards Council. "By participating in the standards setting process, Fortinet demonstrates they are playing an active part in this important end goal." "PCI compliance is no longer a nice to have -- it's a must have for companies to securely do business online. Working closely with the PCI Security Standards Council is allowing Fortinet to be at the forefront of PCI-based decisions that will directly affect our customers," said Anthony James, vice president of product marketing for Fortinet.

About the PCI Security Standards Council ( The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Applications Data Security Standard (PA-DSS).

Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.

About Fortinet ( Fortinet is a leading provider of network security appliances and the market leader in Unified Threat Management or UTM. Fortinet solutions were built from the ground up to integrate multiple levels of security protection -- including firewall, VPN, antivirus, intrusion prevention, Web filtering, spyware prevention and antispam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in five programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, Network IPS and Antispam. Fortinet is based in Sunnyvale, California.

Copyright © 2009 Fortinet, Inc. All rights reserved. The symbols ® and (TM) denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiDB and FortiWeb. Other trademarks belong to their respective owners.

Fortinet has not independently verified statements or certifications herein attributed to third parties.

Media Contact: Maeve Naughton Fortinet, Inc.

(408) 486-7819

Reblog this post [with Zemanta]

RSA and VeriSign Team Up On Cloud-Based, Two-Factor Authentication Offering

Technical and Sales Partnership of Two "Best-in-Class" Authentication Providers Broadens Options for Customers by Enabling the VeriSign(R) Identity Protection Authentication Service to Support RSA SecurID(R) OTP Credentials

BEDFORD, Mass. and MOUNTAIN VIEW, Calif., Oct. 8 /PRNewswire/ -- RSA, The Security Division of EMC (NYSE: EMC) and VeriSign, Inc. (Nasdaq: VRSN), the trusted provider of Internet infrastructure services for the networked world, are working together to provide organizations with the mutual benefit of an expanded VeriSign® Identity Protection (VIP) Authentication Service through the availability of RSA SecurID® two-factor authentication technology for more choice in one-time password (OTP) authentication. VIP is a managed, shared authentication solution that provides its users with a single one-time password (OTP) authentication device to securely access multiple Web sites.

Organizations in search of strong authentication solutions will benefit from being able to use VIP in combination with RSA SecurID hardware tokens. RSA and VeriSign, both of whom were recently rated Best-in-Class for Multi-Channel Authentication Technology by Javelin Strategy & Research(1), are teaming up to address the market segment for managed, shared authentication services, offering organizations the convenience of a single platform.

The technical and sales partnership signals a new chapter in the longstanding relationship between RSA and VeriSign. Twenty-five years ago, RSA pioneered two-factor authentication and encryption and in 1995, VeriSign was founded as a separate entity leveraging RSA technology to develop and provide digital identities through a managed services model.

"RSA and VeriSign have a long history of complementary and innovative security solutions and standards, such as SSL, that enabled internet usage and growth," said Jim Bidzos, VeriSign executive chairman and founder. "We have again joined forces to benefit users by providing managed, shared authentication services on a single platform. No one is better equipped to deliver comprehensive, best-in-class authentication solutions than RSA and VeriSign."

"Inventive collaboration between key industry leaders is critical to delivering higher value to customers and responding to the ever-changing threat environment," said Art Coviello, executive vice president of EMC Corp. and president of RSA. "Together with VeriSign, we've worked hard over the decades to help ensure online transactions are safe, secure and trustworthy. With more than 40 million users of RSA SecurID worldwide, we're thrilled at the opportunity to serve customers through the VIP Network."

VeriSign plans to complete the integration of the RSA SecurID Authentication Engine into the VIP Authentication Service by the end of December 2009, which will enable VIP customers to use RSA SecurID hardware authenticators. At that time, VeriSign will also resell RSA SecurID hardware tokens to VIP prospects and customers, and RSA will likewise resell the VIP Authentication Service to its prospects and customers.

"Institutions worldwide face growing risks to their assets, legal liability and reputations as they seek to securely and conveniently authenticate their customers across multiple channels," said Robert Vamosi, Security, Risk & Fraud Analyst for Javelin Strategy & Research. "RSA and VeriSign, both of whom were selected as Best-In-Class for authentication technology, are offering an enhanced, scalable, cloud-based global authentication network that is greater than the sum of its parts. This partnership will be a significant force in the adoption of two-factor authentication worldwide."

Mary T. Monahan, managing partner and research director at Javelin Strategy & Research, added, "The alliance of two powerhouses with the integration of RSA SecurID technology into VIP will strengthen their combined market leadership and work to increase the collective clout of both VeriSign and RSA."

As part of the agreement, the companies will work to transfer all existing RSA GoID customers to the VIP Authentication Service by the end of Q2 2010. RSA will work closely with all existing RSA GoID customers for a smooth, uninterrupted transition to the VIP Authentication Service. VeriSign is committed to delivering the highest standards of customer care and technical innovation that RSA GoID customers expect today.

The VIP Authentication Service implements two-factor authentication through VeriSign's cloud-based Security as a Service (SaaS) model, which enables organizations to accelerate authentication system deployments while driving down per user costs. Currently with more than 100 members on the network worldwide, the VIP Authentication Service enables strong authentication for tens of millions of mobile users. The VIP Authentication Service is part of a portfolio of authentication products that include PKI and SSL certificates, which in total, account for more than a billion authentication look-ups each day. The RSA GoID managed, shared consumer authentication service is designed to identify users before they interact with a Web site or online application.

The RSA SecurID two-factor authentication system is used by more than 40 million people across more than 30,000 organizations worldwide to help prevent unauthorized access to corporate applications and resources. The system is comprised of a broad range of hardware and software authenticators that provide end users with a one-time password, along with its software engine -- RSA® Authentication Manager. The RSA SecurID solution is part of RSA's complete portfolio of cloud-based and on-premise authentication technologies that when combined, protect more than 300 million online identities worldwide.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle -- no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention & encryption, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

About VeriSign

VeriSign, Inc. (Nasdaq: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at

Reblog this post [with Zemanta]

Electronic Payment Exchange Welcomes New Visa Best Practices for Data Field Encryption

EPX LogoElectronic Payment Exchange (EPX), a leading merchant acquirer and payment processor, said today that the recent Visa release of data field encryption best practices provides welcome leadership to merchants, technology professionals, and vendors looking for practical ways to reduce the risk of data breach. EPX is the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle, and believes the Visa best practices validate their approach.

Wilmington, DE (Vocus/PRWEB ) October 8, 2009 -- Electronic Payment Exchange (EPX), a leading merchant acquirer and payment processor, said today that the recent Visa release of data field encryption best practices provides welcome leadership to merchants, technology professionals, and vendors looking for practical ways to reduce the risk of data breach. EPX is the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle, and believes the Visa best practices validate their approach.

The best practices for data field encryption (also known as end-to-end encryption or point-to-point encryption) announced by Visa on October 5, 2009 work toward developing a standard approach while offering guidance to payment solution providers. Visa establishes five key implementation objectives for payment providers who deploy end-to-end encryption: limiting the availability of cleartext cardholder and authentication data; using robust key management solutions that are consistent with international standards; using key lengths and cryptographic algorithms that are consistent with international standards; protecting cryptographic devices from physical/logical compromises; and using alternate identifiers for business processes that require the account number after authorization.

“The technologies built into EPX BuyerWall goes hand-in-hand with the data field encryption objectives established in the Visa best practices document,” says EPX Chief Security Officer Matt Ornce. “Using encrypted card readers with our EPX BuyerWall solution satisfies the Visa’s objectives and provides strong protection for merchants against potential data breaches.”

According to the Visa data field encryption best practices document, “no single technology can completely solve for fraud.”

Ornce wholeheartedly agrees. “EPX’s solution uses both end-to-end encryption to encrypt card data from the point of sale, and tokenization on the back end of the transaction,” he says. “Encryption at the card reader protects merchants against potential breaches before card numbers even leave the swipe for authorization. EPX BuyerWall tokenization replaces account numbers with values that are meaningless to would-be thieves and cannot be reverse-engineered to reveal the card numbers. Combined, they provide unparalleled fraud protection for a merchant’s customers.”

About Electronic Payment Exchange

Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.

EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.

For more information about EPX, visit or contact EPX at 302-246-3110.


Steven M. Kendus, Marketing Director

Electronic Payment Exchange


# # #

Reblog this post [with Zemanta]

Typing Mostly Misunderstood

Over the course of the last couple of months I have blogged on the weaknesses of SSL.  In fact, the new improved EV (Extended Validation) SSL can be manipulated by the bad guys because of inherent weaknesses in browsers...

Here's more on Secure Sockets Layer web sessions from Dark Reading

At the end of the day, the cause of all these problems is that we continue to  "type" (some call it "entering") credit/debit card numbers and passwords into a box in the browser.  Typing is still mostly Misunderstood...

SSL Still Mostly Misunderstood 

By Kelly Jackson Higgins DarkReading

Most users ensure their Web sessions are using Secure Sockets Layer (SSL) before entering their credit card information, but less than half do so when typing their passwords onto a Web page, according to a new survey.

Just what SSL does and doesn't do isn't clear to many users, and the way Websites implement it doesn't help: "The biggest issue is the general population doesn't know what SSL is, why they're using it, and it's ingrained in them that it always makes them secure, which is not always the case," says Tyler Reguly, senior security engineer for nCircle, who surveyed a cross-section of users -- technical and nontechnical -- and shared the results of his findings today during a panel presentation about SSL at the SecTor Conference in Toronto.

Reguly's survey found that while 83 percent of users check they're using an SSL-secured session before entering their credit card information on a Website, only 41 percent do so when typing in their passwords. "It's scary that people care so little about their passwords than they do about their credit card numbers," he says. "You see surveys saying that anywhere from 30 to 60 percent of users are using the same password everywhere, so they're probably using it for online banking, too."

It has been a rough year for SSL, with the groundbreaking man-in-the-middle hack by researcher Moxie Marlinspike, which dupes a user into thinking he's in an HTTPS session when in reality he has been taken elsewhere by the attacker, as well as a demonstration by researcher Mike Zusman showing how several certificate authorities (CAs) themselves are vulnerable to attacks when issuing SSL certificates. And Dan Kaminsky at Black Hat USA exposed critical flaws in X.509 certificate technology used in SSL.

Continue Dark Reading

Reblog this post [with Zemanta]

Compuware to Acquire Gomez for $295 Million

Lexington, Massachusetts, October 7, 2009

Compuware Corporation (NASDAQ:CPWR) and Gomez yesterday announced the signing of a definitive agreement for Compuware to acquire privately-held Gomez, Inc. Compuware is the world's leading application performance management software company, and Gomez is the leader in Web application experience management. The $295 million cash acquisition is expected to close in November of 2009.

“Together, Compuware and Gomez provide the industry’s only unified Application Performance Management solution, spanning the Enterprise and Internet,” said Compuware President and Chief Operating Officer Bob Paul. “For business and IT executives who are moving more business-critical applications onto the Internet, Compuware can now offer unified visibility, isolation and resolution of application performance problems from the data center to the customer. Competitive offerings only cover isolated portions of the Enterprise-Internet application delivery chain.”

Headquartered in Lexington, Massachusetts, Gomez employs 272 people around the world. Substantially all of these employees, including the leadership team, are expected to remain with Compuware after the close of the transaction.

“This agreement marks a fundamental breakthrough in how IT and business leaders can manage the performance of all the applications that drive their businesses,” said Jaime Ellertson, Chief Executive Officer and President, Gomez. “The complementary nature of our products and our already-existing product integration will allow Compuware and Gomez to rapidly deliver dramatically extended value to our mutual customers.”

“Compuware’s financial strength, its R&D horsepower, and its geographic reach will benefit both our employees and our customers,” said Richard Brekka, Chairman of the Board, Gomez.

With the addition of Gomez—which delivers its offering through a Software as a Service (SaaS) model—to Compuware’s SaaS revenues, Compuware becomes the world’s leading SaaS infrastructure management provider. SaaS continues to become a more desirable way to acquire software due to a lower cost of ownership and faster, easier adoption and maintenance.

For complete details on how this agreement sets the new standard for managing the performance of business applications, visit

The completion of the transaction is subject to customary government approvals and the satisfaction of other customary conditions.

Compuware Corporation

Founded in 1973, Compuware provides software, experts and best practices to ensure applications work well and deliver business value. Compuware helps CIOs optimize end-to-end application performance for leading businesses around the world, including 46 of the top 50 Fortune 500 companies. Learn more at:

Conference Call Information

Compuware will host a conference call to discuss this agreement at 8:30 a.m. Eastern time (12:30 GMT) today. To join the conference call, interested parties from the United States should call 800-230-1092. For international access, the conference call number is +1-612-326-1027. No password is required. To download the presentation that will be used during the conference call, visit

A conference call replay will also be available. The United States replay number will be 800-475-6701, and the international replay number will be +1-320-365-3844. The replay passcode will be 118303. Additionally, investors can listen to the conference call via webcast by visiting the Compuware Corporation Investor Relations web site at

About Gomez

Gomez, Inc. is the leader in Web application experience management, providing an on-demand platform that organizations use to optimize the performance, availability, and quality of their Web and mobile applications. The Gomez platform identifies business-impacting issues by testing and measuring Web applications from the "outside-in" — across all users, browsers, devices, and geographies — using a global network of over 100,000 locations. The self-service Gomez platform integrates Web load testing, Web performance management, cross-browser testing, and Web performance business analysis. Over 2,500 customers worldwide, ranging from small companies to large enterprises — including 12 of the top 20 most visited US Web sites — use Gomez to increase revenue, build brand loyalty, and decrease costs. Gomez is a registered service mark of Gomez, Inc. All other trademarks and service marks are the property of their respective owners.

Follow Gomez on Twitter: @Gomez_Inc

Connect with Gomez on Facebook:

Join the Gomez User Group on LinkedIn

Media Contacts

Samantha McGarry

Gomez, Inc.

(781) 778-2783

Kristina Leblanc

(508) 930-5636
Reblog this post [with Zemanta]

Interchange Fee Hearing Today....Click to Watch Webcast

H.R. 2382 (Interchange Fees) Hearing Scheduled for Today October 8th...

Interchange Bill Scheduled for House Committee Hearing

Thursday, October 8, 2009, 10:00 a.m., 2128 Rayburn House Office Building. The Full Committee will hold a hearing on: “H.R. 2382, the Credit Card Interchange Fees Act of 2009 and H.R. 3639, the Expedited CARD Reform for Consumers Act of 2009

H.R. 2382, the Credit Card Interchange Fees Act of 2009 and H.R. 3639, the Expedited CARD Reform for Consumers Act of 2009

10 a.m., Thursday, October 8, 2009, 2128 Rayburn House Office Building

Full Committee 

Reblog this post [with Zemanta]

Canadian Debit Shakeup

Green Sheet - In the fall of 2008, Visa Inc. and MasterCard Worldwide revealed plans to introduce their branded PIN-debit cards into Canada. MasterCard launched several pilot programs for its Maestro Debit Card in early 2009. As a condition to entering the market, the company agreed to set transaction fees to mirror those of Interac, Canada's not-for-profit debit network collectively owned by Canadian banks.

However, a year later Visa has yet to enter the Canadian debit market: Company officials said they have no intention of setting a flat debit transaction fee or introducing any debit programs without interchange.

MasterCard said Canadian merchants are not charged interchange for Maestro debit card transactions; instead, a flat fee of 5 cents in Canada (about 4 cents in the United States) is charged per transaction. In contrast, Interac's median fees reportedly average 12 cents, with most small ticket items costing approximately 7 cents per transaction.

Points of contention

"The banks are somewhat ambiguous because ironically they stand to gain the most, but I think the main reason that Visa and MasterCard want to implement the discount rate for debit cards is to be able to offer the points or rewards programs that tie the consumer to their card brand," said Joseph Iuso, Chief Executive Officer of UseMyBank Services Inc., a Toronto-based firm that facilitates real-time debit transactions through online bank accounts.

Iuso noted that both Visa and MasterCard are trying to develop a system in which, regardless of whether consumers make credit or debit card transactions, the brands can leverage air miles and loyalty programs to attract consumers.

"For MasterCard to get its Maestro debit card here, they actually had to agree to the same rates as Interac," Iuso said. "However, you would think they'd want to keep the discount rate or at least get it implemented eventually. Otherwise, how are they going to come up with the money to sponsor those things? The long-term play is to come in cheap – though they might be accused of undercutting Interac. Ultimately, to offer those programs, they have to be costed somewhere."

Iuso added that Interac's concern with regard to the introduction of Visa and MasterCard in the Canadian debit market is that banks will be unable to resist the new revenue streams interchange and rewards programs would generate. He estimates that Canadian companies could increase business 30 to 40 percent with the ability to accept Visa and MasterCard debit cards.

Door number one, two or three

No regulatory issues prevent Visa or MasterCard from entering and competing in the Canadian debit market. It simply comes down to whether banks and merchants choose to accept the cards.

"The crux of the problem with the federations and the associations is their contention that if you introduce interchange, the merchants are going to end up eating the costs," Iuso noted. "But on the other side, you're going to increase your ability to take money from consumers. The banks merely have to say they want to partner with the card provider. They're already in bed with the card brands, so why wouldn't they want to do it?"

Reshaping the business model

Iuso said that once Visa and MasterCard debit cards become entrenched in Canada – which he believes is only a matter of time – Interac will suffer because transactions will be settled through banks' networks and not Interac's.

He sees two possible means of resolution: Visa will either acquiesce and match Interac's and MasterCard's transaction rates, or Interac will be forced to join other debit networks around the globe (like NYCE, Star, and Pulse) to generate additional revenue streams. To do this, Interac would have to become a for-profit company.

"Operating as a for-profit organization would probably be their smartest move," Iuso said. "They need to be able to innovate to compete with the other brands, but it's hard to do when you have board members looking at the business model from a cost basis instead of a profit center. "Interac doesn't have to like Visa and MasterCard coming in because they know that once you start to add points to a debit card, why would someone want to use an Interac card? But ironically, this situation gives them the forum to say to the competition committee that we're no longer the only people in Canada doing debit, so let's open up the market to give us a chance to compete."

Reblog this post [with Zemanta]

V/MC Shares Rise on Optimism over Interchange Legislation?

Maybe the Interchange Bill isn't going to affect MasterCard and Visa as much as some analysts originally thought. Yesterday, both saw their stock rise on heavy volume.

Bot V and MC stock had not performed well since the highly touted 7-Eleven petition drive.  The impact and the hoopla surrounding the delivery of the petitions to Congress garnered a lot of media attention.

First Visa shot back that it's own study showed that consumers,
by a 2-1 margin feel that Interchange Fees are a simple cost of doing business.

Then MasterCard released evidence that suggested 7-Eleven's petition drive "conveniently" left out some key facts and was thus deceptive.  Finally, the EPC (Electronic Payments Coality) chimed in with a statement saying  7-Eleven tricked and deceived their customers into signing the petition.  The response by V/MC and EPC might have had some impact on stock traders because today the Wall Street Journal reports that

"Shares of MasterCard Inc. (MA) and Visa Inc. (V) rose on heavy volume Wednesday despite the broader market's decline, a move analysts attributed to several factors, including a bit more optimism about possible interchange-fee legislation.

Late last month, the stocks were hurt after Sen. Chris Dodd, D-Conn., said he was working on a bill to modify interchange fees, which credit-card issuers collect when transactions are completed on the cards they've issued.

As Rep. Barney Frank, D-Mass., and the House Finance Committee get ready for their first hearing on interchange legislation Thursday, Susquehanna analyst James Friedman suggested there may have been some change of stance by a representative or other turmoil among the proponents of the fee change.

Susquehanna or its affiliates beneficially own 1% or more of MasterCard".

Continue Reading at

Reblog this post [with Zemanta]

Visa Inc. to Announce Fiscal Fourth Quarter and Full-Year 2009 Financial Results on October 27, 2009

SAN FRANCISCO, Oct. 7 /PRNewswire-FirstCall/ -- Visa Inc. (NYSE: V) will report its fiscal fourth quarter and full-year 2009 financial results on Tuesday, October 27, 2009. The results will be included in a press release, with accompanying financial information, which will be released before market open and posted on the Visa Investor Relations website.

Visa's executive management team will then host a live audio webcast beginning at 8:00 a.m. Eastern Time (5:00 a.m. Pacific Time) to discuss the financial results and business highlights.

All interested parties are invited to listen to the live webcast at A replay of the webcast will be available on the Visa Investor Relations website for 30 days.

About Visa: Visa operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit

Jack Carsky, Investor Relations
Visa Inc.
Tel: +1 415 932 2213

Will Valentine, Media Relations
Visa Inc.
Tel: +1 415 932 2564

SOURCE Visa Inc.

Reblog this post [with Zemanta]

Online Gambling on The Hill

I suppose the $4.8 Billion dollars per year that online gambling would generate is more than a drop in the bucket..  Here's an excerpt from story published yesterday on "The Hill"

By Michael Waxman, Safe and Secure Internet Gambling Initiative (

Up to $48 billion in new revenue would be generated over the next decade by regulating and taxing Internet gambling, according a PriceWaterhouse-Coopers analysis. Whether you support or oppose the idea of giving Americans the freedom to gamble online, the activity is flourishing in an uncontrolled marketplace, sending billions in revenue out of the U.S. economy, overseas and underground. 

Despite attempts to prohibit the activity, Americans continue to wager online more than $100 billion annually.

It’s time for Congress to end a failed prohibition and replace it with a regulatory environment where consumers are protected and billions in new revenue can finally be dedicated to better serve our country.

Reblog this post [with Zemanta]

Disqus for ePayment News