Thursday, November 5, 2009

This...You Gotta See...

Our PCI 2.x Certified PIN Entry Device Plugs Right In...

Critical Flaw in SSL Found, Software Makers Scrambling for Band-Aid!

As previously reported in this blog, SSL cannot be trusted to secure financial transaction data.  Bottom line?  You need hardware to do that.  Here's a sampling of reports gathered from the various news organizations on the discovery that if you trust SSL (or EV-SSL) to ensure a secure financial are SOL.

SSL Hole Cracks Open Secured Web Traffic
PC World

A critical new flaw in SSL, or the Secure Sockets Layer used to protect Web traffic for online banking, shopping, and any other https connection, allows an attacker to break into any theoretically secured connection and add malicious commands.

Scramble on to fix flaw in SSL security protocol - Computer World

Software makers around the world
are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.

The flaw lies in the Secure Sockets Layer (SSL) protocol, which is best known as the technology used for secure browsing on Web sites whose URLs begin with HTTPS. The bug lets attackers intercept secure SSL communications between computers using what's known as a man-in-the-middle attack. - IDG News Service

Major SSL Flaw Find Prompts Protocol Update - Dark Reading

SSL has been under siege over the past year, with the groundbreaking man-in-the-middle hack by researcher Moxie Marlinspike, which dupes a user into thinking he's in an HTTPS session when in reality he has been taken elsewhere by the attacker, as well as Kaminsky's research exposing critical flaws in X.509 certificate technology used in SSL.

But this latest threat lies within the SSL protocol itself, and will require fixes to Browsers, Web servers, database servers, mail servers, SQL servers, smart cards, and other SSL-based software.

"All the [SSL] attacks I've seen [recently] have been around the client or server software, or the way it handles a certificate," Ray says. "What's different with this [bug] is that both the client and server need to be patched to restore the full security guarantees that are expected with TLS."

Editor's Note:  I know that sometimes I must sound like Chicken Little with all my ranting about how dangerous the web is to conduct financial transactions. 

I don't mean to sound that way.  The sky isn't falling. 

You know what is?  Consumer confidence in online banking and online shopping.  

HomeATM can restore that confidence with the safest and most secure way to authenticate oneself for an online banking session. 

We provide banks with a device that replicates an ATM transaction.  "Swipe your card, Enter your PIN."  Safe enough to dispense cash in the middle of the night?  Safe enough to authenticate the online banking customer.   Works for online shopping too.  Replicates the exact same experience consumers have used at brick and mortar locations for decades.  Swipe their card in a point of sale terminal. (and enter PIN if applicable) 

Meanwhile, the online shopper and the Online Banking customer's data NEVER enters the is encrypted "inside the box" and the encrypted data is sent using the Internet as a conduit. 

Reblog this post [with Zemanta]

Associated Bank's OOBA Provides Greater Protection from Online Threats

Associated is one of the first banks in the country to offer phone-based authentication to its business banking customers

MILWAUKEE--(BUSINESS WIRE)-- Associated Bank has introduced a new service that will provide its business banking customers with additional protection from fraudulent attacks against live online banking sessions. OOBA, which stands for out-of-band authentication, has been touted as a better solution to combat advanced types of fraud.

As the frequency and sophistication of attacks targeting online banking continue to increase, out-of-band authentication is becoming more widely recognized as a best practice for securing online banking sessions. The use of real-time Web services may make it possible for fraudsters to get around some of the roadblocks that companies and their banks have put in their way. Associated Bank's OOBA verifies the identity of the user by calling them on their landline or mobile phone and requiring the user to enter another personal identification number into their phone.

"In today's environment every customer has to be security conscious," said Associated Senior Vice President and Director of Treasury Management Todd Adler. "We are pleased to offer a leading-edge solution that helps protect our business customers and their accounts. This convenient automated solution utilizes technology that our customers have in place and are comfortable using. OOBA means greater protection and quicker detection if someone attempts to compromise our customers' systems."

Associated Bank is part of Associated Banc-Corp (NASDAQ: ASBC), headquartered in Green Bay, Wis., a diversified bank holding company with total assets of $23 billion. Associated has approximately 300 banking offices serving an estimated 160 communities in Wisconsin, Minnesota and Illinois. The company offers a full range of traditional banking services and a variety of other financial products and services. More information about Associated Banc-Corp and OOBA is available at

Deposit products are offered by Associated Bank, N.A., Member FDIC.

Source: Associated Bank

Contact: Associated Bank Janet L. Ford Senior Vice President Public Relations Director 414-278-1890 PHONE 414-704-1211 CELL

Reblog this post [with Zemanta]

Internet World Usage Statistics - September 30th 2009

New 2009 Q3 Internet Statistics released by Internet World Stats

The following table shows the estimated population for each geographic region, the number of Internet users,

and the penetration rate in each region. The expression "penetration rate" refers to the percentage of the

population that uses the Internet.

Internet World Usage Statistics Report

Users by World Regions - September 30, 2009



Internet Users

P. R.

% Table




19.4 %

42.8 %




52.0 %

24.2 %

North America



74.2 %

14.7 %

Latam / Caribbean



30.5 %

10.4 %




6.8 %

3.9 %

Middle East



23.8 %

2.8 %

Oceania, Australia



60.4 %

1.2 %

Total World



25.5 %

100.0 %

Source: Internet World Stats, estimates for September 30, 2009. Notes: a) Population data comes from the US Census Bureau; b) Internet estimates come from ITU, Nielsen Online, GfK, Official telecommunications regulating agencies and other trustworthy sources; c) According to the United Nations country grouping, Mexico is included in Central America, and Turkey is included in Europe; d) "P.R." means the Penetration Rate.,

Chart from Miniwatts Marketing Group.

From the table above, the total number of Internet users for September 30, 2009 is estimated at 1,724,793,741. This represents a 25.5% penetration rate.

Corporation Bank launches P2P money transfer service


Corporation Bank launches P2P money transfer service

Mangalore | Thursday, Nov 5 2009 IST

To extend the scope of banking services under the financial inclusion project, the Mangalore based public sector Corporation Bank today launched a unique small value remittance product - Person to Person Money Transfer Service [P2P].

According to a press release here the P2P money transfer service facilitates transfer of money by paying cash at Bank appointed Business  Correspondents by an account holder of the Bank. The money gets credited to the beneficiary's account and he can withdraw through Bank appointed Business Correspondents at the other end. The Bank will use PCO network of Tata Teleservices for the transactions. The process flow for transaction was very simple and user-friendly for the rural masses, the release said.

The release said Corporation Bank has been at the forefront in implementing financial inclusion to reach out to the large segment of ''Financially excluded'' through its unique model of branchless banking, recognized as the best in the industry. The Bank has covered around 600 villages through the Branchless Banking model and has plans to reach 2000 villages by financial year 2009-10.

Extending this facility of P2P remittance is yet another initiative to provide additional banking services rendered through engaging Business Correspondents. This facility meets the much-needed requirement of speedy remittance of funds even to the remote locations through the Bank's Mobile Banking Services, the release said.

Trusteer Wins 2009 Frost & Sullivan Web Fraud Protection Product of the Year Award

Leading Analyst Firm Predicts Trusteer’s Rapport will Become a Primary Mode of Defense against Web Browser Attacks

NEW YORK--(BUSINESS WIRE)--Trusteer, the customer protection company for online businesses, today announced that Frost & Sullivan, a leading global technology research firm, has awarded the company the 2009 European Web Fraud Prevention Product Innovation of the Year Award. Frost & Sullivan recognized Trusteer and its Rapport browser security service for market leading innovation and technological excellence, and predicts that Rapport will emerge as the primary mode of defence against online identify theft and fraud.

In related news, Alliance & Leicester, a leading UK bank, today announced that it is offering Rapport to its Internet banking customers as a free download. See:

“At a time when criminal activity on the web is exploding, the United Kingdom’s Association for Payment Clearing Services reports that losses due to online banking fraud have more than doubled from 2007 to 2008 in the UK alone, Trusteer has developed a powerful yet very transparent solution to protect data in the browser,” said Achyuthanandan Sampath, Research Analyst for Frost & Sullivan. “Trusteer Rapport is capable of defeating browser-based attacks such as phishing, pharming, man-in-the-browser, man-in-the-middle, session hijacking, etc., which protects consumers and their financial service providers from fraud. For this accomplishment, Trusteer has been recognized with the Frost & Sullivan Innovation of the Year Award for 2009.”

The Frost & Sullivan Award for Product Innovation is presented each year to the company that has demonstrated excellence in new products and technologies within its industry. In a companion report to the Award, the firm’s analysts cite Rapport’s unique approach to protecting users against web browser attacks, which have emerged as the preferred vector used by criminals to steal web credentials and account information in order to commit financial fraud. A full copy of the report is available at:

“We are honored to have received the Frost & Sullivan 2009 European Web Fraud Prevention Product Innovation of the Year Award,” said Mickey Boodaei, CEO of Trusteer. “The frequency, sophistication, and ability of web browser attacks to elude traditional security mechanisms are threatening online banking and other sensitive internet applications. By focusing on protecting the data on a user’s PC, Trusteer is helping banks and other organizations secure the web channel for business. This award validates how important a technology like Rapport is to Internet commerce.”

About Rapport

Rapport from Trusteer is a lightweight browser plug-in plus security service that prevents criminals from tampering with a user’s browser and protects against man-in-the-browser, man-in-the-middle, and phishing attacks. When users browse to sensitive websites such as internet banking, Webmail, or online payment pages, the Rapport plug-in immediately locks down the browser and prevents any unauthorized access to web pages and confidential information that flow through the browser. Rapport is available for download here. Trusteer also offers in-the-cloud reporting services. When unauthorized access attempts are detected by Rapport, these are analyzed by fraud experts who provide actionable intelligence to financial institutions.

About Trusteer

Trusteer enables online businesses to secure communications with their customers over the Internet, and protect personally identifiable information (PII) and transactions from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Trusteer’s services are used by more than 30 financial institutions in North America and Europe, and by over 3 million users. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best in class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best practice models to drive the generation, evaluation, and implementation of powerful growth strategies. Frost & Sullivan leverages over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 35 offices on six continents. To join our Growth Partnership, please visit

Western Union Extends Agreement with Postal Savings Bank of China

http://westernunion.comENGLEWOOD, Colo.--(BUSINESS WIRE)--The Western Union Company (NYSE: WU), a leading provider of money-transfer services, today announced the renewal of an agreement with the Postal Savings Bank of China (PSBC) to provide Western Union Money Transfer® services.

PSBC currently has more than 20,000 locations offering Western Union Money Transfer services throughout China. PSBC has been a Western Union Agent since 2001.

As one of China’s leading banks, PSBC’s locations stretch beyond the major cities and into the country’s rural regions, giving consumers even greater accessibility to money-transfer services.

Western Union President and CEO Christina Gold and Hikmet Ersek, Executive Vice President and Managing Director, Europe, Middle East, Africa and Asia Pacific, were in Beijing this week to discuss future plans.

Ersek said, “The renewal of this contract is a strong signal that the combination of PSBC’s extensive network across urban and rural China and Western Union’s global brand delivers results.”

For more than 10 years, Western Union has remained committed to the China market, providing a dependable financial lifeline between consumers and their family members overseas through a fast, reliable and convenient money-transfer service.

About Western Union

The Western Union Company (NYSE: WU) is a leader in global payment services. Together with its Vigo, Orlandi Valuta and Pago Facil branded payment services, Western Union provides consumers with fast, reliable and convenient ways to send and receive money around the world, as well as send payments and purchase money orders. Western Union, Vigo and Orlandi Valuta operate through a combined network of more than 400,000 agent locations in 200 countries and territories. In 2008, The Western Union Company completed 188 million consumer-to-consumer transactions worldwide, moving $74 billion of principal between consumers, and 412 million consumer-to-business transactions. For more information, visit

Reblog this post [with Zemanta]

Prevx SafeOnline Boosts Confidence in Online Banking

Banking, Government, and e-Commerce Websites Offered Free Protection From Online Fraud

DERBY, England, November 4 /PRNewswire/ -- Internet and PC security specialist Prevx today launched a free security program designed to protect websites and internet users from the risks of online fraud without impacting the user experience. Banking, government, and e-commerce sites can now sign up to the Prevx SafeOnline Business Partner Program and receive free protection against malware that compromises their customers' confidential account numbers or passwords. This unique program boosts confidence in online transactions with free customer support, free real-time reports highlighting threats affecting a company's website and free customer use of Prevx's new SafeOnline technology. This powerful technology, successfully tested by Immunity Inc., protects a PC user from threats such as phishing, DNS poisoning, screen grabbing, man-in-the-browser and key stroke logging. Prevx SafeOnline can be downloaded and active in seconds, does not impact the user experience, requires no website changes, complements existing security products and even prevents infected PCs from compromising an online transaction.

"Despite the fact that private and public sector organizations across the world are taking every possible step to protect their customers, online fraud grows unabated. This is because persistent cybercriminals are simply becoming smarter, with the ability to launch attacks the second a person goes online. The technology they use is far more powerful than the vast majority of popular PC antivirus and security products on the market, which is one of the key reasons for the rising tide of crime," said Mel Morris, CEO at Prevx. "Even if other security vendors had products that could address this problem, they would most likely charge business and government customers to deploy it. We feel this creates an unnecessary barrier to addressing what are probably the most common online security threats affecting society today. Prevx SafeOnline is our approach to targeting the multiple faces of e-crime by giving all parties greater confidence in online transactions."

According to a June 2009 survey by Gartner, 41% of U.S. and 38% of U.K. consumers say security is the most important reason for not banking online. Prevx SafeOnline protects information such as passwords, session credentials, addresses, credit card details, or account numbers that are entered into or displayed by an internet browser during an online transaction. This is possible because the product completely locks down the PC operating system and browser to render malware blind to the transaction, enabling secure online transactions even on infected machines. As a result, attacks such as key stroke loggers are prevented from intercepting any information that a person types into a keyboard. Similarly, information on a screen is hidden from the eyes of malware used for screen grabbing. The product also ensures that an individual is connected to the true website of a bank, government department or online shopping portal and is not inadvertently passing their personal information to a phishing site.

According to Avivah Litan, Vice President and Distinguished Analyst at Gartner: "Perpetrators of e-crime can quickly change the behavior of malware and also the types of phishing scams they run, rendering even the most popular consumer security products ineffective. Simply stated, online service providers ranging from banks to government agencies can no longer rely on the integrity of transactions coming from their customers' PC browsers. As a consequence, businesses and governments remain financially and politically exposed to the often inadequate PC protection deployed by their customers and users."

Immunity Inc., the world leaders in security and vulnerability testing, assessed Prevx SafeOnline's ability to combat powerful malware Trojans that are targeted toward banks, the largest victims of e-crime. The test reported that Prevx SafeOnline was 100% effective at protecting web transactions from a selection of prevalent and voracious threats such as the Zeus, MBR, Goldun, and Silent Banker groups of Trojans and credential stealers. Prevx SafeOnline Business Partners are not only able to offer this technology free to their customers, but can do this without having to make any changes to their website or web application. In addition, all customer support is provided directly by Prevx for free, thereby avoiding additional investment in responding to customer enquiries related to Prevx SafeOnline.

Prevx SafeOnline Business Partners' customers also have access to two powerful features that are standard to Prevx's updated flagship anti-malware product, Prevx 3.0.5. Firstly, a fast and powerful scanner can quickly scan a PC for potential threats and alert a person about potential risks. This scanner then works with a malware detection system that tracks more than 15 million known, evolving and emerging malware threats in real time. Prevx is able to collate this data and provide Prevx SafeOnline Business Partners free, real-time reports about the major threats affecting their websites so they can better manage the risk.

Banks, government departments, and business organizations that want to protect their websites and customers' credentials can do so by emailing Prevx at and signing up to the Prevx SafeOnline Business Partner Program. Alternatively, individual users can either purchase the full Prevx 3.0.5 product, which now includes substantial improvements in real-time malware detection, malware removal, and protection, as well as the Prevx SafeOnline technology, or purchase the stand-alone Prevx SafeOnline component to ensure all online transactions including those with organizations that have not yet subscribed to the Prevx SafeOnline Free solution are protected. For more information and pricing, see:

About Prevx

Prevx specializes in internet and PC security leveraging the world's largest cloud-based threat database with knowledge of more than 125 million software applications and 15 million known malicious objects, supported by the most powerful automated malware research operation. We target the multiple faces of e-crime by helping customers boost malware defenses with a layered security solution that is based on a real-time and sustainable anti-malware model for detecting and removing security threats. Based in Derby, UK, the company was founded in 2001 as Immunify and rebranded as Prevx in 2005. For more information, please visit our website:


Visa Sees Strong Growth in Latin America and Caribbean

Visa Total Volume Grew 19% in Latin America and the Caribbean

Visa LAC Continues to Report Sustained, Double-Digit Growth in Latin America and the Caribbean, Reporting US$581 Billion in Total Volume over the Previous Year

MIAMI--(BUSINESS WIRE)--Visa Inc. total volume on all Visa-branded products in Latin America and the Caribbean Region (LAC) grew 19 percent over the previous year to US$581 billion1 for the year ending on June 30, 2009. Likewise, the number of payment transactions for the same period surpassed the 5 billion mark, reflecting a constant trend in the migration from cash to electronic payments for day- to-day transactions.

“Visa LAC continued to record solid regional performance this period, driven by an impressive usage of our payment solutions at the point of sale,” said Eduardo EraƱa, president of Visa Latin America and the Caribbean region. “Visa is leading a regional shift from cash to electronic payments through product innovation, reliability and efficiency.”

For the quarter ending on June 30, 2009, Visa LAC reported a 15 percent growth in total volume versus the same quarter last year, for a total of US$150 billion. Recent Visa announcements in the region include the introduction of Near Field Communications (NFC) payment technology in Brazil, and the launch of Financial Football in Brazil and Mexico, an innovative corporate social responsibility program that leverages the use of video games for educational purposes.

About Visa

Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 170 countries. For more information, visit

1 All growth rates in constant USD.

Heartland Expects its Merchants to Contact VeriFone for Direct Support

November 05, 2009 10:12 AM Eastern Time

Heartland Expects its Merchants to Contact VeriFone for Direct Support

SAN JOSE, Calif.--(BUSINESS WIRE)--Heartland Payment Systems (NYSE: HPY) has filed a court briefing in the Superior Court of New Jersey saying it now expects its merchants using VeriFone systems to contact VeriFone directly for support.

Specifically, Heartland wrote:

"VeriFone is critical in serving existing customers and troubleshooting for problems with the POS terminals and credit card processing. Heartland provides troubleshooting and systems integration support for its merchants, which requires assistance from VeriFone. If Heartland were to be cut from any support, its customers would be forced to reach out directly to VeriFone, which would result in a reduction of service to the customers and an erosion of Heartland’s relationships with those customers."

Heartland merchants from coast to coast are contacting VeriFone for free continuous support. VeriFone has informed Heartland that it will cease support of VeriFone systems connected to the Heartland network at end of day, December 31, 2009.

Douglas G. Bergeron, CEO of VeriFone, said:

"We encourage ISO agents everywhere to reach out to merchants on the Heartland network and assist them in registering with VeriFone for free support. Merchants need to rely on VeriFone for continuous support of their operating system, runtime libraries, and in most cases their payment application."

VeriFone estimates that approximately 75% of Heartland merchants depend on VeriFone for their payment processing technology.

To register online, go to

To register by phone, call 1-888-887-8199.

About VeriFone Holdings, Inc. (

VeriFone Holdings, Inc. (“VeriFone”) (NYSE: PAY) is the global leader in secure electronic payment solutions. VeriFone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. VeriFone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.

Heartland Issues Statement: VeriFone Attempts to Tamper with Heartland Payment Systems Customers

http://www.HeartlandPaymentSystems.comNews Release Issued This Morning Includes False Claims About Heartland Service –

as Well as VeriFone’s Own Support

PRINCETON, N.J.--(BUSINESS WIRE)--Tuesday morning – moments before Heartland Payment Systems’® scheduled 3Q09 earnings call – VeriFone Holdings, Inc. issued a news release containing false claims about the payments processor. In a disingenuous attack, VeriFone contends Heartland is not able to support its customers that use VeriFone terminals. At the same time, the news release falsely contends VeriFone can. Heartland has pending litigation against VeriFone, in which Heartland claims that VeriFone is attempting to line its own pockets by charging merchants unnecessary recurring expenses.

“Heartland is fully capable – and will continue to be fully capable – of servicing all of its customers,” commented Bob Carr, Heartland’s chairman and chief executive officer. “In fact, VeriFone is not able to support our customers. They can’t because our customers operate on our proprietary payments processing platforms. Heartland is the only entity that can provide full service – including ongoing service of VeriFone terminals – to them. This means our servicing of VeriFone-related issues is not – and will not be – impacted by VeriFone’s false claims and unethical attempts to scare our customers.

“VeriFone is attempting to tamper with our customers in an irresponsible way,” Carr continued. “With these fraudulent claims, VeriFone is pursuing its own agenda of creating recurring revenue at the expense of merchants and consumers.

Heartland customers should not be fooled by VeriFone’s offer to register for “uninterrupted continuation of support” as noted in the VeriFone news release. Heartland advises its customers not to register for VeriFone support, visit the website or call the number noted in the release. Any customers using VeriFone terminals who are concerned about VeriFone support should contact the Heartland Service Center. They may qualify for a terminal upgrade.

About Heartland Payment Systems

Heartland Payment Systems, Inc. (NYSE:HPY), the 5th largest payments processor in the United States, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. For more information, please visit,, and



Disqus for ePayment News