Wednesday, December 2, 2009

Gartner's Avivah Litan on the Online Banking Fraud Surge

Avivah Litan

By Marcia Savage, Site Editor |

The recent surge in online banking fraud and unauthorized Automated Clearing House (ACH) transfers has led to an astounding $100 million in attempted losses from small and midsize businesses so far this year, according to the FBI. recently met with Avivah Litan, a vice president and distinguished analyst at Gartner Inc., to get her thoughts on the alarming trend and some insight into how banks can protect their customers' accounts. Litan is an expert in financial fraud, authentication, identity theft, and fraud detection and prevention technology.

What's most alarming about the attacks on online banking and how are banks responding?

Avivah Litan:

First, it's very real. There's not a single bank I've talked to in the last few months that hasn't seen this fraud. You read about it in the news but when hearing about it from the banks, I realize how pervasive it is. The second thing is the banks that don't have solutions in place are really caught off guard. You can't just whip solutions into place. So they're really kind of stuck doing manual reviews on almost all their wire transfers, if they're a small institution. Obviously, large institutions can't review all their wire transfers manually, and they generally have some solutions in place. It's more the small and midsize banks that are caught off guard. Some of the big banks are caught off guard too, but it's easier for them to change the system to automate the fraud detection and whittle down the number of manual reviews they do. It's not like a crisis in terms of those crooks are going to raid bank accounts and the banks can't do anything. Once banks get hit by this, they do take measures -- some are manual, some are automated.

What this [fraud surge] shows is that there is no end to criminal ingenuity. They are definitely beating common security controls, like one-time password tokens. …

Another thing that these attacks have taught us is anything going through the browser is suspect. You can't rely on anything coming through a user's browser, whether it's a login credential, strong authentication, or transaction values -- everything can be altered and intercepted.

Continue Reading

Reblog this post [with Zemanta]

State by State Listing - FDIC Survey of Unbanked and Underbanked Households

Here's a state by state listing of the results from the 2009 FDIC National Survey of Unbanked and Underbanked Households

FDIC National Survey of Unbanked and Underbanked Households

FDIC study: 1 in 4 U.S. households unbanked or underbanked

Washington, D.C., Dec. 2, 2009 -- The Federal Deposit Insurance Corporation (FDIC) today released the findings of its FDIC National Survey of Unbanked and Underbanked Households, breaking new ground in gaining understanding of which Americans remain outside the banking system. The survey, conducted on behalf of the FDIC by the U.S. Bureau of the Census, was a supplement to the Census Bureau's Current Population Survey during January 2009. The study, which is the most comprehensive survey to date of the unbanked and underbanked, reveals that more than one quarter (25.6 percent) of all households in the United States are unbanked or underbanked and that those households are disproportionately low-income and/or minority.

In addition to collecting accurate estimates of the number of unbanked and underbanked households in the U.S., the survey was designed to provide insights into their demographic characteristics and reasons why the households are unbanked and/or underbanked. The survey represents the first time that this data has been collected to produce estimates at the national, regional, state and large metropolitan statistical area (MSA) levels. Results of the study broken down regionally, by state and by MSA are now available online at a new Web site the FDIC has developed,

"Access to an account at a federally insured institution provides households with an important first step toward achieving financial security – the opportunity to conduct basic financial transactions, save for emergency and long-term security needs, and access credit on affordable terms," stated Sheila Bair, Chairman of the FDIC. "By better understanding the households that make up this group – who they are and their reasons for being unbanked or underbanked, we will be better positioned to help them take that first step."

"This survey will provide the information base for future efforts to address the financial services needs of unbanked and underbanked households in the United States," said FDIC Vice Chairman Martin J. Gruenberg. "It breaks new ground in the effort to expand access to basic financial services."

Of the households surveyed, 7.7 percent were unbanked, which translates nationally to 9 million households - approximately 17 million adults. An additional 17.9 percent – or 21 million households nationally (approximately 43 million adults) - were found to be underbanked. Households were identified as unbanked if they answered "no" to the question, "Do you or does anyone in your household currently have a checking or savings account?" Underbanked households were defined as those that have a checking or savings account but rely on alternative financial services. Specifically, underbanked households have used nonbank money orders, nonbank check-cashing services, payday loans, rent-to-own agreements, or pawn shops at least once or twice a year or refund anticipation loans at least once in the past five years.

Key findings of the study include:

# The proportion of U.S. households that are unbanked varies considerably across racial and ethnic groups with certain racial and ethnic groups being more likely to be unbanked than the population as a whole. Minorities more likely to be unbanked include blacks (21.7 percent of black households), Hispanics (19.3 percent), and American Indian/Alaskans (15.6 percent). Racial groups less likely to be unbanked are Asians (3.5 percent) and whites (3.3 percent).
  • Certain racial and ethnic minorities are more likely to be underbanked than the population as a whole. Minorities more likely to be underbanked include blacks (an estimated 31.6 percent), American Indian/Alaskans (28.9 percent), and Hispanics (24.0 percent). Asians and whites are less likely to be underbanked (7.2 percent and 14.9 percent, respectively).

  • Households with income under $30,000 account for at least 71 percent of unbanked households. As income increases, the share of households that are unbanked declines considerably. Nationally, nearly 20 percent of lower-income U.S. households - almost 7 million households earning below $30,000 per year - do not currently have a bank account. In contrast, only 4.2 percent of households with annual income between $30,000 and $50,000 and less than 1 percent of households with yearly income of $75,000 or higher are unbanked.

  • Households with an annual income between $30,000 and $50,000 are almost as likely as lower-income households to be underbanked.

This survey complements an earlier FDIC Survey on Banks' Efforts to Serve the Unbanked and Underbanked, published in February 2009, which found that most banks are aware that there are opportunities to serve unbanked and underbanked individuals in their areas, but that more can be done.For more information, go to .

# # #

Javelin: Breach "Notification" Victims Face Four Times Higher Risk of Fraud

Special 2008 ID Fraud Report Offer

Javelin Report Bundle

Purchase Javelin's 2009 Data Breach Notification Report & 2009 Financial Alerts Forecast for only $2,090

Javelin just recently released 2009 Data Breach Notification Report and 2009 Financial Alerts Forecast and we wanted to extend a special offer to you. Purchase both reports and save over $600. See more about the two reports below and Click Here to purchase or call us direct at (925) 225-9100 Ext. 31 to place your order.

Data Breach Notifications: Victims Face Four Times Higher Risk of Fraud

If a consumer gets a data breach notification letter, they are four times more likely to suffer identity theft within the next year. Data breach notifications were intended to help consumers take protective action when their private data is exposed. But there seems to be a disconnect between data breach notifications and consumer understanding of possible outcomes of data breaches. New data shows that consumers who have received data breach notifications within the past year are at a much greater risk for fraud than the typical consumer. Yet, these same consumers rarely attribute the fraud to their data breach exposure. This report also contains an update of data breaches for 2009, implications of changes to the legislative landscape, and the technical means by which data breaches occur.

Download Sample Brochure

2009 Financial Alerts Forecast: Alerts Remain Highly Valued, but Consumer Adoption Slowed Due to Inadequate, Limited Offerings

Four forces should be fueling increased adoption of financial alerts: Money is tight for Americans; identify fraud is on the rise; consumers crave more control over their finances and value alerts; and regulators soon could make alerts a banking requirement. Yet the number of households receiving e-mail and/or SMS text alerts remained flat. This report explores national survey data that indicates that consumers are growing dissatisfied with alerts that fail to deliver real-time information, are too generic and are too difficult to tailor on the fly. Javelin also forecasts adoption for alerts, profiles why regular recipients of alerts make prized customers, what alerts consumers value most, and advises financial institutions how they can profit from alerts by sharing control with their customers.

Download Sample Brochure

Click Here to Purchase Javelin's Report Bundle

PayPal Sees Surge in Online Shopping on Cyber Monday

eBay Inc.Image via Wikipedia

SAN JOSE, Calif.--(BUSINESS WIRE)--Shoppers seeking great deals on holiday gifts took advantage of yesterday’s Cyber Monday offers and paid safely with PayPal. For the third consecutive year, PayPal saw double digit growth in online sales, or total payment volume (TPV), on Cyber Monday.

PayPal’s Cyber Monday results of approximately 20 percent year-over-year growth were preceded by higher TPV throughout the Thanksgiving weekend. On Thanksgiving Day 2009, TPV increased by 25 percent year-over-year compared to Thanksgiving Day 2008. Black Friday 2009 TPV also increased by approximately 20 percent from the year before. Mobile payments through PayPal also jumped 140 percent on Black Friday and 190 percent on Cyber Monday compared to that of an average Friday and Monday respectively. This supports an ongoing trend in shopping on mobile devices.

“The higher PayPal volumes show that consumers are taking advantage of the convenience of online shopping and the great deals offered on eBay and on the thousands of PayPal merchant sites across the Web,” said Amanda Pires, senior director at PayPal.

Holiday Deals through Bill Me Later

Bill Me Later is hosting an Outstanding Offer program for the holiday shopping season featuring daily exclusive, limited quantity offers available only to Bill Me Later customers. Participating online stores include MacMall, Bluefly and Overstock. Additionally, Bill Me Later is featuring the run up to Toy Tuesday on December 8, with exclusive deals from, Little Tikes, Step 2, and other online merchants. For more information on these deals, please visit

Regift the Fruitcake with PayPal to Benefit Charity

Today PayPal launched its 2009 “Regift the Fruitcake” campaign. To participate, go to, make a virtual fruitcake, and donate to one of 25 charities. Then use Facebook Connect to “regift” the fruitcake to friends around the globe. As a bonus, participants are eligible to win a $5,000 grand prize, as well as weekly prizes. More information is available at

Reblog this post [with Zemanta]

Online Shopper Satisfaction Down on Cyber Monday

ForeSee Results’ Holiday Benchmark Suggests Some E-Retailers Could Have Cause for Concern

ANN ARBOR, Mich.--(BUSINESS WIRE)--Cyber Monday shoppers were less satisfied this year than they were at the same time last year, according to ForeSee Results’ annual benchmark of satisfaction with online holiday shopping. The study collected responses from more than 350,000 people who shopped online at more than 110 retailers from November 24-30, 2009.

ForeSee Results measures online customer satisfaction using the methodology of the American Customer Satisfaction Index (ACSI) which predicts purchase intent (both online and offline) as well as loyalty and recommendations. Because of the ACSI’s scientifically proven predictive abilities, for many online retailers, satisfaction is the best measure of future success and can be a crucial bellwether.

ForeSee Results has been releasing a weekly online satisfaction benchmark for four years in a row, and Cyber Monday 2009 was the lowest level of holiday satisfaction seen thus far. On the ACSI’s 100-point scale, satisfaction on Cyber Monday this year was 73.1, down nearly 4% from satisfaction levels on Cyber Monday of 2008. In addition, satisfaction over the holiday weekend (Black Friday, Saturday, and Sunday) was down nearly 3% year-over-year.


SHOPPER Satisfaction with E-Retail










Thanksgiving Weekend (Friday to Sunday)









Cyber Monday













ForeSee Results measures several key elements of online satisfaction including things like navigation, price, merchandise, product browsing, site performance, etc. Though priorities for improvement will differ greatly from site to site, scores for all of these elements were down this year.

“Perhaps most troubling is what we see when we look at future behaviors,” said Larry Freed, President and CEO of ForeSee Results. “The ACSI methodology is able to quantify how the online shopping experience contributes to likely future purchases, both online and offline. Our data shows that shoppers are less likely to purchase online and offline this year than in any other year we’ve measured, which could indicate that the rosy year-over-year revenue numbers we’ve seen so far may not keep up through the holiday season. While we should see a modest increase in online sales overall this year, it will be the retailers who are satisfying customers online who will reap the true rewards.”


Likelihood to Purchase ONLINE in the Future










Thanksgiving Weekend (Friday to Sunday)









Cyber Monday














Likelihood to Purchase OFFLINE in the Future










Thanksgiving Weekend (Friday to Sunday)









Cyber Monday













However, there was a real bright spot among ForeSee Results’ findings. Although shopper satisfaction overall was down, buyer satisfaction on Cyber Monday was at its highest levels in the four years that ForeSee Results has measured it, meaning that those who actually purchased online on Cyber Monday were happier than they’ve ever been, though still less likely to purchase online than they have been in previous years.


BUYER Satisfaction with E-Retail










Thanksgiving Weekend (Friday to Sunday)









Cyber Monday













“The increasing gap between buyer satisfaction and browser or non-buyer satisfaction is concerning,” said Kevin Ertell, ForeSee Results Vice President of Retail Strategy. “Browsers are a much larger part of the population, and their declining satisfaction could prove to be a major obstacle to the opportunity for growth.”

ForeSee Results’ extensive data analysis shows that on e-retail websites with superior satisfaction scores (over 80 on the study’s 100-point scale), customers are significantly more likely to purchase online and offline than are visitors to sites with subpar customer satisfaction (below 70).

“In a down economy, successful retailers have more to gain,” added Freed. “The e-retailers who are doing well now and satisfying customers will be the best positioned to capture available market share when other retailers fail to meet customers’ increasingly high standards and expectations.”


The Cyber Monday survey, the first in a series of ForeSee Results’ weekly holiday benchmarks, was done using the methodology of the American Satisfaction Index (ACSI), which was developed at the University of Michigan and has been proven to be predictive of future sales (online and offline), word of mouth, and financial performance. Data was collected from more than 350,000 visitors to more than 110 top online retail websites between 350,000 people who shopped online at more than 110 retailer websites from November 24-30, 2009, including Ace Hardware, Belk, Best Buy, Borders, Chef’s Catalog, Chicos, Danskin, Eastern Mountain Sports, Finish Line, Helzberg Diamonds, Godiva, Guess, Kodak Easy Share Gallery, Lego,, NFL, Sephora, StubHub, and UnderArmour to name a few.

For more information on the results of the 2009 Cyber Monday Survey or to get on the mailing list to receive the weekly ForeSee Results benchmark through the holiday, please contact Chaat Butsunturn (415-391-7900, x114; or Courtney Jenkins (202-821-2120;

About ForeSee Results

As the leader in online customer satisfaction measurement, ForeSee Results captures and analyzes online voice of customer data to help organizations increase sales, loyalty, recommendations and website value. Using the methodology of the American Customer Satisfaction Index (ACSI), ForeSee Results identifies the improvements to websites and other online initiatives with the greatest ROI. With over 40 million survey responses collected to date and benchmarks across dozens of industries, ForeSee Results offers unparalleled expertise in customer satisfaction measurement and management. ForeSee Results works with clients across industries, including: retail, financial services, healthcare, hospitality, manufacturing and government.

ForeSee Results, a privately held company, is headquartered in Ann Arbor, Michigan and on the web at

Reblog this post [with Zemanta]

Chairman Frank's Internet Gambling Hearing Paves Way for Vote on Regulatory Bill

Congressional Portrait, Congressman Barney FrankImage via Wikipedia

Experts to Discuss Opportunity to Effectively Regulate Internet Gambling Industry and Collect Up to $42 Billion in New Revenue

WASHINGTON, Dec. 2 /PRNewswire-USNewswire/ -- On Thursday, December 3, the House Financial Services Committee will discuss legislation introduced by Chairman Barney Frank (D-MA) that would regulate Internet gambling in the United States. The hearing, scheduled to begin at 10:00 AM EST in Room 2128 of the Rayburn House Office Building, will feature testimony from leaders in the fields of online security and consumer safety. Top experts are expected to describe how existing systems and technologies have proven successful in blocking minors from gambling online, combating compulsive gambling and protecting consumers against money laundering, fraud and identity theft.

"This hearing will provide further evidence on the ability to effectively regulate Internet gambling and require licensed operators to utilize already-proven technologies to protect consumers," said Michael Waxman, spokesperson of the Safe and Secure Internet Gambling Initiative. "It's expected this hearing will answer any outstanding questions and pave the way for a vote in the committee on Chairman Frank's legislation."

The hearing follows the recent announcement by the Federal Reserve and Department of the Treasury of an extension to the compliance date of the final Unlawful Internet Gambling Enforcement Act (UIGEA) regulations by six months to June 1, 2010. The delay, Chairman Frank stated "...will give us a chance to act in an unhurried manner on my legislation to undo this regulatory excess by the Bush administration and to undo this ill-advised law." Chairman Frank's statement implies he will seek to have his regulatory bill enacted prior to June 1, 2010.

"Coupled with last week's decision by the Treasury Department and Federal Reserve to delay UIGEA implementation, this hearing further builds the case for Congress to rewrite U.S. gambling laws," added Waxman. "It's simply common sense to override UIGEA, a poorly conceived law that is doomed to fail, and replace it with a framework that regulates a thriving underground marketplace to protect consumers and collect billions in otherwise lost revenue."

The Internet Gambling Regulation, Consumer Protection and Enforcement Act of 2009 (H.R. 2267), introduced by Chairman Frank in May 2009, would establish a framework to permit licensed gambling operators to accept wagers from individuals in the U.S. In addition to consumer protections, the legislation reinforces the rights of each state to determine whether to allow Internet gambling activity for people accessing the Internet within the state and to apply other restrictions on the activity as determined necessary.

The Joint Committee on Taxation projects up to $42 billion over 10 years would be generated for the U.S. Treasury in a regulated environment and with the passage of Chairman Frank's bill along with a companion bill introduced by Rep. Jim McDermott (D-WA), the Internet Gambling Regulation and Tax Enforcement Act (H.R. 2268). The primary source of this revenue would come from ensuring that applicable individual and corporate taxes and license fees on regulated Internet gambling activities are collected.

For additional information on the hearing, please visit the House Committee on Financial Services Web site.

About Safe and Secure Internet Gambling Initiative

The Safe and Secure Internet Gambling Initiative promotes the freedom of individuals to gamble online with the proper safeguards to protect consumers and ensure the integrity of financial transactions. For more information on the Initiative, please visit The Web site provides a means by which individuals can register support for regulated Internet gambling with their elected representatives.

SOURCE Safe and Secure Internet Gambling Initiative
Reblog this post [with Zemanta]

Western Union Selects YellowPepper for Digital Vendor Program

http://westernunion.comWestern Union Announces New Participant in Digital Vendor Program

YellowPepper First Vendor in Latin America to be Certified to Deliver Western Union Money Transfer® Service Capability

ENGLEWOOD, Colo.--(BUSINESS WIRE)--The Western Union Company (NYSE: WU), a global leader in money-transfer services, announced today that it has selected YellowPepper, a mobile financial solutions provider in Latin America, to participate in its Digital Vendor program. YellowPepper is the first vendor in Latin America to be selected for the program.

Western Union introduced the Digital Vendor Program earlier this year. The program is intended to extend the reach and accessibility of Western Union Money Transfer® services to mobile finance initiatives across the globe.

YellowPepper provides products and services that enable mobile financial transactions between financial institutions, businesses and consumers in Latin America. The company offers a variety of services, including mobile top-ups, transfers from a bank account via cell phone, and bill payments via mobile. The company currently has operations in seven countries: Bolivia, Colombia, Ecuador, Guatemala, Panamá, Perú and the United States. In addition, YellowPepper has agreements with major mobile operators in the region, including Claro and Movistar.

“YellowPepper is well-known for providing convenient, easy-to-use services throughout Latin America,” said Matt Dill, SVP and Head of Western Union Digital Ventures. “They also have strategic relationships with some of the biggest mobile operators in the region, and we feel that this alliance is a great opportunity to introduce cross-border transactions into their established, trusted system.”

Western Union is certifying mobile platform vendors to reduce integration costs and accelerate go-to-market activities for banks and mobile operators by creating standard technical deployments. Once a bank or mobile operator contracts with Western Union to activate the Western Union® Mobile Money Transfer service, its consumers will be integrated with Western Union’s core transaction processing system. This system supports Western Union’s global network of more than 350,000 Agent locations in over 200 countries and territories.

“Each YellowPepper product addresses essential financial needs,” said YellowPepper Founder and President Serge Elkiner. “Now, more than ever, mobile financial solutions are critical to Latin America’s underserved financial community. We are very excited about working with Western Union, a global leader in payment services and money transfers, to introduce cross- border mobile money transfer services in our region.”

Other vendors in Western Union’s Digital Vendor program include: South Africa-based Fundamo, India-based mChek, U.S.-based Sybase 365 and Singapore-based Utiba Pte.

About the Western Union Digital Vendor Program

The Western Union Digital Vendor Program is open to mobile finance platform vendors who have successfully deployed a mobile money offering. Certified vendors agree to maintain current version control against the Western Union Money Transfer service interface. Certification is a technical designation and is subject to periodic review by Western Union. Mobile operators and banks interested in offering Western Union services should contact A direct contractual relationship with Western Union is required to activate Money Transfer services.

About Western Union

The Western Union Company (NYSE: WU) is a leader in global payment services. Together with its Vigo, Orlandi Valuta and Pago Facil branded payment services, Western Union provides consumers with fast, reliable and convenient ways to send and receive money around the world, as well as send payments and purchase money orders. Western Union, Vigo and Orlandi Valuta operate through a combined network of more than 400,000 Agent locations in 200 countries and territories. In 2008, The Western Union Company completed 188 million consumer-to-consumer transactions worldwide, moving $74 billion of principal between consumers, and 412 million consumer-to-business transactions. For more information, visit

About YellowPepper

YellowPepper Mobile Financial Solutions provides products and services that enable mobile financial transactions between financial institutions (banks), businesses, and consumers in Latin America. With one and a half million users, YellowPepper operates in Ecuador, Colombia, Bolivia, Guatemala, Perú, and Panamá as a service provider for 35 financial and non-financial institutions. For more information, visit

Source: Company Press Releae

Reblog this post [with Zemanta]

FIS Named Most Admired Core Banking Vendor

JACKSONVILLE, Fla.--(BUSINESS WIRE)--FIS™ (NYSE:FIS) today announced that it has been named the core banking vendor most admired by chief information officers of large North American banks (i.e., top 120 by assets) in a recent Aite Group research study. FIS, one of the world’s largest providers of banking and payments technology, is admired as a vendor of core banking solutions by more technology executives of large banks than any other company.

Sixteen core banking vendors were ranked by North American technology executives from large financial institutions. Overall, the study covered eight key technology areas including IT services and core banking, which were evaluated by the large institutions, while both small and large institutions reviewed vendors in other technology sectors, including server hardware, database software, business intelligence, business process management, storage services, and security information and event management.

“While admiration may seem like a “fluff” term, we believe it indicates which vendors will be more likely to win business regardless of market share,” noted Gwenn Bezard, Aite Group co-founder and research director. “We also believe that the large number of vendors mentioned in this survey indicates that vendors face savvy buyers, leaving little room for anything less than outstanding engineering, sales and marketing, and delivery."

“FIS is very pleased to achieve this recognition from the market. We take pride in being the largest provider of financial services worldwide, but it’s more important for us to be recognized as the best in the industry,” stated Anthony Jabbour, executive vice president, FIS Financial Solutions Group. “We view our number one position as a testament to FIS’ customer focus and unmatched ability to develop and deliver market-leading core banking solutions and IT services.”

About FIS

FIS delivers banking and payments technologies to more than 14,000 financial institutions and businesses in over 100 countries worldwide. FIS provides financial institution core processing, and card issuer and transaction processing services, including the NYCE® Network. FIS maintains processing and technology relationships with 40 of the top 50 global banks, including nine of the top 10. FIS is a member of Standard and Poor's (S&P) 500® Index and consistently holds a leading ranking in the annual FinTech 100 rankings. Headquartered in Jacksonville, Fla., FIS employs more than 30,000 on a global basis. FIS is listed on the New York Stock Exchange under the “FIS” ticker symbol. For more information about FIS see

Reblog this post [with Zemanta]

Thales Paves the Way for Authentication on the Move launches SafeSign Mobile Authentication for secure two factor authentication and transaction authorisation over a mobile phone

WESTON, Fla. & LONG CRENDON, England--PIN Payments News Blog--Thales, leader in information systems and communications security, announces SafeSign Mobile Authentication which enables strong authentication using a mobile device. Suitable for many online applications including financial services and government, SafeSign Mobile Authentication provides security against man-in-the-middle attacks, while also giving users the freedom of secure banking anywhere, anytime with the convenience of using their own mobile device. The solution, developed in partnership with Salt Group, global leader in the development of high assurance mobile authentication solutions, offers a choice of mobile authentication solutions for secure log on, transaction signing and payment authorisation. Organisations can choose from SMS or Java-based solutions to ensure that the most appropriate level of security is applied to transactions.

SafeSign Mobile Authentication provides users with a more convenient token-based solution for both secure log-on and the signing, verification and authorisation of transaction details. Standard Chartered Bank in Hong Kong has already adopted the solution for transaction authorisation in its corporate internet banking system, while the State Government of Victoria in Australia has selected SafeSign Mobile Authentication for secure log-on to government services.

Mobile authentication is attractive to customers as it represents a more cost-effective security solution since there are no distribution costs. Furthermore, as the solution relies on a ubiquitous device – the mobile telephone – as the secure channel to generate or exchange security information, it is cheaper and simpler than setting up a public key infrastructure or providing and managing specialised tokens.

Ross Oakley, Managing Director of Salt Group, comments, “Seventy per cent of today’s global population already carries a mobile phone, so extending its use to authentication and transaction authorisation seems a natural development and one that users should readily accept. With a choice of mobile authentication mechanisms, customers can choose the most appropriate level of security for their business. However, regardless of the token chosen, mobile authentication offers significant operational, cost and deployment benefits while also maintaining the high assurance characteristics associated with more traditional devices.”

Franck Greverie, Vice President, Managing Director for the information systems security activities of Thales, adds, “With the addition of mobile authentication, our SafeSign solution supports an unequalled range of contemporary authentication mechanisms from the world’s leading providers including specialised tokens, EMV CAP, PKI and smart cards. Financial institutions and governments can deploy a single enterprise authentication hub, supporting various authentication mechanisms geared to the needs and preferences of their customers and to the security requirements of their services. This single authentication infrastructure results in lower capital and operating costs, improved governance and shorter time to market.”

Source: Company Press Release

Reblog this post [with Zemanta]

Twitter Founder Releases Square: Gee...That Sounds Familiar

Jack Dorsey, the founder/Chairman of Twitter has unveiled Square, his new start-up. The idea: anyone with a mobile phone can accept credit card payments. (Gee...that sounds familiar...who else came up with that idea many many moons ago?)

Square makes a small "square" device that plugs into any gadget with an audio input jack, (Gee...that sounds familiar, our device plugs into any device with an audio input jack) including an iPhone or iPod Touch, and turns the device into a credit card machine. (Gee...that sounds familiar...except that ours does PIN based transactions for debit and prepaid as well thus providing two factor authentication)

What's unfamiliar, (because it's not talked about in any of the articles I've read) is the security of the device. How does the "Square" handle the cardholder information.

I'm checking on that now and will do a follow-up piece after learning more. 

What I do know, thus far...Buzz is obviously much more important that an actual product, otherwise HomeATM would have seen this type of buzz over it's product in 2008 and all during 2009.  The good news,is that the people who scoffed at the idea of attaching a hardware device to phone are now sucking up to this buzz.

Seriously, if it wasn't the Twitter founder doing this, the coverage would not be anywhere near what it is. 

But, it is what it is.  Which brings up the question... exactly what is that? 

  • It cannot do PIN based transactions,whereas the HomeATM device can

  • It's not PCI certified whereas the HomeATM device is

  • Because of the size, I would venture a guess that there will be a ton of misreads because of the short throw.  (the length of the device as compared to the length of the magnetic stripe) My understanding is that Magento has already discontinued one of their mag-stripe readers because of that exact problem.

  • Tons of security questions should be posed.  What type of encryption does it use?

  • How sturdy is it?  Doesn't look very strong.  (see below)

  • How long does a transaction take?  We use patent pending ultra-fast data packets.

  • It needs software, ours doesn't.  (software bad...hardware good)

More on this later.  Just wanted to get something up on the blog acknowledging the new Twitter Founders' startup.  My question is when the realization sets in that it may need some security improvements...will the Square 2 be a result of going back to Square One? 

Here's a quick interview done by TechCrunch showing Jack Dorsey's Square in Action. 

Reblog this post [with Zemanta]

Annual Phishing Losses up to $9.40 for Each Online Banking Customer

Trusteer Reports that Half of Online Banking Users Who Click on Phishing E-mails Lose their Login Credentials

Annual Phishing Related Losses Estimated to be as High as $9.4M per Million Customers

NEW YORK--(BUSINESS WIRE)--Trusteer, the customer protection company for online businesses, reported today that while only a small number online banking customers visit phishing sites each year (1.04 percent), about half of those victims (0.47 percent) divulge their login credentials to these fraudulent websites impersonating the bank. Based on the sheer volume of these attacks, losses attributed to phishing could cost banks as much as $9.4M annually per 1 million users if criminals abuse all of the stolen accounts. These findings are based on a sample of more than 3 million users of the Rapport browser security service, who are customers of 10 large US and European banks.

Although there are a multitude of research findings and statistics on phishing attacks, information on how successful they are, how many users actually respond to them, and how many submit their login credentials or other personal information to criminal websites has been elusive. The reason is simple – this information is extremely hard to collect. The Trusteer platform provides a unique view into the success and failure rates of phishing attacks via its Rapport plug-in, which is installed on approximately three million computers across North America and Europe. Rapport constantly monitors phishing attacks against the computers it protects, and can identify/prevent users from trying to submit login information to phishing websites.

Trusteer based its research on data collected over a three month period during which phishing events from 10 large banks across the US and Europe were analyzed. The report’s key findings include:
  • Each phishing attack compromises a very small number of customer accounts (0.000564%), but due to the large number of attacks, the aggregated number is significant.

  • 1.04% of bank customers click on malicious links and are redirected to a phishing website.

  • 0.47% of a bank’s customers divulge their login credentials and other personal information on phishing websites. If abused, the losses associated with these hijacked credentials would range between $2.4M and $9.4M annually (per one million online banking clients).

The full report is available at

“Since the vast majority of phishing attacks are blocked by server-based anti-spam and e-mail/browser phishing filters, we decided to focus our research only on malicious messages that were delivered and were acted upon by the victims,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “While the fact that nearly half of the victims were tricked into giving up their online banking credentials was surprising, the aggregate value of the financial losses created by only half of one percent of a bank’s customers is staggering.”

About Rapport

Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.

About Trusteer

Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit


Marc Gendron PR

Marc Gendron, 781-237-0341


Reblog this post [with Zemanta]

Disqus for ePayment News