Monday, January 25, 2010

UK "Card Not Present" Fraud Responsible for 86.6% of Total



HomeATM Eliminates Card Not Present Fraud



Fresh fraud figures freed



By David Neal

Friday, 22 January 2010, 16:25



ACCORDING TO A REPORT from the National Fraud Office, banking and card-not-present crimes are costing the private sector millions.



Today the NFO warned that online banking, card-not-present, and cheque fraud have lead to increased losses for organisations.



It explained that in 2008 losses in all to three areas totalled £704.33 million, adding that in 2009 card-not-present fraud alone had risen by 14 per cent to £609.99 million.






Editor's Note:  Those numbers translate to the following:  Card Not Present (typing card numbers into a box on a website) Fraud (£609.99 million)  is responsible for 86.6% of the total £704.33 million lost. 



HomeATM transforms the "card not present" environment of the internet into a "card present" environment, thus eliminating "Card Not Present" fraud. 



We also eliminate the threats posed by phishing, which, in 2009, successfully targeted six times more victims than 2007.  By swiping, consumers eliminate the current practice of typing their sensitive data into web browsers.  Consumers  could no longer be duped by phishing attacks asking them to type data into boxes on cloned websites,  because they no longer type their online banking credentials at the genuine site. 






Online banking fraud has risen dramatically since 2007 according to the report, and it expects this trend to continue.



It said, "These losses coincide with a significant increase in the number of phishing sites targeted against UK banks and building societies. Likewise malware, spyware and money mules continue to cause problems for the banking industry and its customers."



Continue Reading













New Phishing Attack Methods Duped Six Times as Many Consumers in 2009 than in 2007

Dark Reading published a story featuring the results of a recent InforServ/RSA study which proclaims that while consumer awareness of phishing attacks has doubled over the past two years, the success of those attacks leaped six-fold.   The survey also found that 9 out of 10 consumers would use a stronger form of security (than username and password) IF it were offered.



Hear that Mr. and Mrs. Banker?



Nine in 10 consumers are willing to use a stronger form of security if offered.





Why not "offer" the same method trusted by banks to disperse cash at an unattended ATM?  Swipe/Insert Card and Enter PIN.  End result?  The complete elimination of the threat posed by phishing.  (Eliminate Typing and you eliminate how the bad guys obtain what they phish phor.) 



So, instead of giving away $35 to try online bill pay or a similar online banking promotion, why not give away a PCI 2.x Certified PIN Entry Device. (PED) 



  • Bank Issued Card,

  • Bank Issued PIN,

  • Bank Issued Card Reader with PED.



Here's selected excerpts from the story: 



Consumers might be more aware of phishing threats, but new attack methods duped six times as many of them in 2009 than in 2007, the study says.






Consumers are becoming increasingly concerned about the safety of their data online, according to a study published last week.  In a study of more than 4,500 consumers conducted by InfoSurv and sponsored by RSA, researchers found that consumer awareness of phishing attacks has doubled between 2007 and 2009. The number of consumers who reported falling prey to this attack increased six times during that same time period.



The sheer volume of phishing attacks launched in recent months is also contributing to these trends, RSA said. The RSA Anti-Fraud Command Center recently reported the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 percent increase in the total number of attacks between 2008 and 2009.



An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 percent of consumers stated they were aware of Trojans and in 2009 that figure climbed to 81 percent.



Consumers agreed that their identities should be better protected than a simple username and password on
social networking (59 percent), healthcare (64 percent), government (70 percent), and online banking (80 percent) Websites.



Read the article in full















CellTrust, Maxim-Pro Bring M-Payments to Nigeria



CellTrust Signs Agreement with Maxim-Pro Ltd. to Provide SecureSMS for the Next Generation Secure Mobile Banking and Payment in Africa -



Scottsdale, Ariz. and Abuja, Nigeria,  -- CellTrust of Africa (www.africa.celltrust.com ), the leading supplier of secure mobile messaging and applications (www.CellTrust.com ), has provided Maxim-Pro Ltd. (www.maxim-pro.com ) with a Secure Enterprise Messaging solution to secure and mobile enable their successful banking platform while meeting the new requirements of the Central Bank of Nigeria.



Maxim-Pro has partnered with CellTrust to extend secure mobile banking and payment services to Nigeria's under and un-banked population through their extensive customer base across the financial services sector. An average of 100,000 subscribers are expected in the first six months of operation for the new Secure SMS/Text Mobile Banking program launched via CellTrust's Global SecureSMS Gateway. Fraud reduction and fewer demands being made on call centers for IVR authentication are also part of the revenue equation at Maxim-Pro.



"CellTrust SecureSMS adds significant value to our banking platform by providing the state-of-the-art mobile security required to launch a mobile banking solution in Nigeria and the entire region," according to Adeyinka Oyewumi, Managing Director, Maxim-Pro. "We are pleased to have been able to find a partner in mobile banking who meets the rigorous mobile security requirements of the Nigerian Central Bank."



The Central Bank of Nigeria has issued new, highly stringent security requirements for mobile financial management and insists both the financial institutions and their distribution networks take a high level of responsibility in protecting the end user. The requirement calls for more security, and in the case of mobile text banking or SMS banking, the Nigerian Central Bank's official directives require Secure SMS with multiple levels of authentication and encryption along with a clear audit trail for compliancy.



"We are pleased to provide Maxim-Pro with the latest secure mobile messaging solution to secure and mobile enable their successful banking platform," commented Samuel Ucheaga, Managing Director, CellTrust Africa.



CellTrust of Africa's customer base is benefitting from CellTrust's award winning SecureSMS™ Appliance and Gateway. SecureSMS provides end-to-end privacy on the mobile device via a highly encrypted, tamper-proof process while enabling message sizes up to 5,000 characters. A remote wipe functionality that ensures users can wipe the handset if it is lost or stolen adds another critical layer of security.



CellTrust SecureSMS™ Appliance was selected winner of 2009 Best Enterprise Enabler Application for the RCR Ecosystem Awards. In 2008 CellTrust Secure SMS won the Communications Solutions Product of the Year Award and was voted Best Messaging Security Solution by the Info Security Products Guide's Tomorrow Technology Today Award. SecureSMS was accredited as a finalist for the Third Annual CTIA Emerging Technology Award, and was named the winner of three Mobile Star Awards, and the prestigious Mobile Marketing Association 2008 Global Relationship Building Award.



About CellTrust Corporation



CellTrust is a leading provider of secure mobile messaging and applications. CellTrust's patent pending SecureSMS Gateway™ featuring the SecureSMS™ Appliance and a suite of mobile applications provide advanced secure mobile messaging and information management across 200+ countries and over 700 carriers. CellTrust ensures the secure and trusted exchange of information on mobile devices to the financial services, healthcare, government, education, energy, information technology, marketing, and travel, among other global industries. For more information about CellTrust's Global, African, North American and Australian operations: www.celltrust.com www.africa.celltrust.com www.celltrust.com.au



About Maxim-Pro



Maxim-Pro is a leading provider of banking software and financial services. Maxim-Pro's banking application suite supports banks, microfinance institutions, OFID (Opec Fund for International Development), insurance companies, hospitals, schools and other organizations with financial service requirements throughout Nigeria and the African region. For more information about Maxim-Pro: www.maxim-pro.com



Source: Company press release.

TransCard Introduces FotoCard: The First Truly Individualized Card for Enterprise Prepaid



Chattanooga, Tenn., Jan. 25, 2010 -Payments Industry News Blog- TransCard (www.transcard.com ) - a leading provider of electronic payment and prepaid debit card solutions branded with MasterCard®, Discover®, STAR and PULSE associations - has developed an application, called FotoCard, which allows cardholders to customize their card designs with their own photos. The solution is offered across TransCard’s universe of clients, including corporate enterprise clients that want to offer more value to their cardholder member base.



“TransCard is now the first enterprise prepaid company to offer cardholders the ability to customize cards,” says Craig Fuller, TransCard’s CEO. “FotoCard gives cardholders the ultimate choice in their card designs - making their experience more individualized and, thus, driving increased cardholder adoption. This solution is two-fold: perpetuating the top-of-wallet usability of prepaid cards by cardholders and increasing the brand visibility of the client.”



FotoCard is an easy-to-use feature that cardholders can access through the TransCard cardholder website. Here, they follow a step-by-step program that walks them through how to upload photos, adjust images and get cards delivered directly to their home address.



“We love this feature internally at TransCard,” says Jerry Uffner, President of TransCard. “All of our employees have had such a great time personalizing cards and sharing them with each other. We have created some funny ones and some endearing ones with children and beloved pets. FotoCard allows you to express who you are - as soon as you hand your card to someone, they can easily tell if you’re a Steelers fan, like Dalmatians or have traveled abroad. These cards are great conversation starters!”



As companies continue to adopt TransCard’s enterprise prepaid solution, feedback from individual cardholders suggests they are interested in making their experience personal. Giving cardholders the ability to customize a unique experience starts with the look of their cards - but that’s just the beginning.



“Over the next few months, TransCard will expand on this effort by rolling out a set of tools and resources that enable a more personalized cardholder experience,” says Mr. Fuller. “We are excited to be on the leading edge of this technology and believe our solution to be the first of its kind in enterprise prepaid.”



About TransCard



TransCard (www.transcard.com ) provides custom, turnkey prepaid programs for corporate, non-profit and government organizations. TransCard is one of a few privately held core processors in the world, providing prepaid debit card solutions branded with MasterCard®, Discover®, STAR and PULSE associations. The company specializes in on-demand prepaid programs using a sophisticated proprietary technology platform that was built in-house to meet the unique needs of clients in various industries. Along with the most robust suite of value-added cardholder benefits - including mobile banking, online bill pay, free credit scores and a Personal Financial Management tool that budgets, tracks spending and has customizable widgets - in prepaid, TransCard offers 24/7/365, live, bilingual customer service and a check-free online account accessed through an easy-to-use website.



TransCard is the technology leader in enterprise prepaid, offering a complete suite of turnkey prepaid solutions. TransCard continues to set itself apart through constant product innovation, including paycard programs, settlement card services, clinical research payments and mobile payment processing. TransCard’s clients include large Fortune 500 companies, government agencies and major medical research institutions.



The company was recently named as a 2009 Paybefore Awards Best-in-Category Winner for the Best Corporate-Funded Prepaid Card and the CEO, Craig Fuller, was recognized as one of the top five Rising Stars of Prepaid by Paybefore magazine - a respected prepaid industry publication.



Source: Company press release.

Fiserv Vice Chairman, Peter Kight, to Resign

The Milwaukee Business Journal is reporting that Fiserv Vice Chairman will resign at the end of this quarter:





Peter Kight, who is the founder and former CEO of CheckFree Corp., will resign as vice chairman of Fiserv Inc. at the end of Fiserv’s first quarter March 31.





Kight, who is 52, has informed Jeff Yabuki, CEO of Brookfield-based Fiserv (NASDAQ: FISV) of his plans “in order to devote more time to interests outside the company,” according to a Fiserv filing with the U.S. Securities and Exchange Commission. Kight will continue to serve as a director of Fiserv.



Fiserv, a financial technology and processing firm, in December 2007 closed on a $4.4 billion acquisition of Atlanta-based CheckFree Corp., which is one of the largest providers of online banking and electronic payment technology. At the time Kight, who was CheckFree’s chairman and CEO, took the role of Fiserv vice chairman and was assigned to lead new product development and strategic integration.



Kight founded CheckFree in 1981 in his grandmother’s basement with a plan to provide electronic funds transfer services to businesses and consumers.




The Billeo Offer Assistant's One-Click Discounts Earn Shoppers Cash Back From Banks, Credit Cards -- And Now Microsoft's Bing

Free Online Tool Also Adds Loyalty Program Selector to Prioritize Savings Offers for Maximum Rewards





SANTA CLARA, Calif., Jan. 25 /PRNewswire/ -- Billeo (www.billeo.com) – a suite of Online Assistants that save people time and money in all types of online transactions, from shopping to bill pay – today expanded its Offer Assistant to include deals from Microsoft's Bing cashback. Discounts and deals from more than 1,200 Bing cashback retailers will help shoppers find the best available offers on the Web, even when searching on Google and Yahoo! The updated Offer Assistant also lets users select the top three debit and credit card loyalty programs they use – so they can track specials from the loyalty programs offered by American Express, Visa, Bank of America and Chase. The end result is some of the country's biggest companies putting dollars back into shoppers' pockets, without requiring any work or change in behavior.



Billeo and Bing are a natural fit. As Bing vies for customers in the Google-dominated world of search, it has created the cashback program to add value to its service. By paying users a percentage of the merchant-funded rewards, it offers great deals on millions of products from over a thousand brand-name stores shoppers know and trust.



For the first time ever, online shoppers can find Bing cashback offers outside the Bing search engine and right within their Google and Yahoo! search results. Billeo adds these high-value offers to those already highlighted in the Offer Assistant, letting shoppers choose from – and in some cases combine – the loyalty rewards from over a thousand of the top online retailers. Such a double dip helps shoppers earn double rewards with their credit cards and Bing cashback for even more savings.



"Generally, coupon and deal sites don't pay users enough back for the work they need to do to find offers. Bing's cashback is an exception, and Billeo's Offer Assistant makes it even easier and more valuable. We're now the only online tool that highlights Bing cashback offers, confirms your account to guarantee savings, and guides you through the entire purchase process," said Murali Subbarao, Founder & CEO of Billeo, Inc. "This addition allows us to deliver more offers from more merchants than ever before. And best of all, consumers can get them all for free."



Add the new Loyalty Program Selector, which lets users pick and prioritize their loyalty programs, and only the most relevant offers appear within their search results. When shoppers search for products, the offers from up to three preferred loyalty programs appear for retailers listed in the search results. Billeo also lets users easily suggest loyalty programs to add to the service – ensuring the Offer Assistant has the most comprehensive discounts available.



"The average U.S. household has signed up with 14 loyalty programs, but is active with only six of them," continued Subbarao. "The addition of the Loyalty Program Selector makes it even easier for consumers to take advantage of the high-quality offers from their financial institutions. They devote significant resources to securing discounts on behalf of their customers – and Billeo captures them all in a single, convenient place with its Offer Assistant."



With the addition of Bing cashback's retailers, Billeo now tracks offers from more than 1,500 merchants, including Wal-Mart, Target and Barnes & Noble. Often, several competitive offers appear for a given product or retailer, letting shoppers choose the best value for them. Billeo has presented millions of offers to online shoppers since launching Offer Assistant in September 2009, saving them an average of 6 to 11 percent on each purchase. Currently more than 330 merchants offer free shipping – helping budget-conscious shoppers save even more.



In addition to the Offer Assistant, Billeo users can take advantage of:

  • The Password Assistant to autofill information at shopping sites

  • The Shopping Assistant to autofill checkout forms with address, billing and payment details

  • A receipt saver that stores every payment confirmation in one place

Billeo's Online Assistants save time and money, helping people reap all the rewards of transacting online. The company is committed to delivering more money-saving features and plans to roll out new capabilities throughout the year.



To discover what kind of savings the Billeo Offer Assistant can give you, please visit www.billeo.com.



About Billeo, Inc.



Billeo provides a suite of Online Assistants that save people time and money in all types of online transactions, from shopping to bill pay. Its latest tool, the Offer Assistant, delivers high-quality discounts and deals from the loyalty programs of major card programs such as American Express, Visa and others – with no work required. Billeo was founded by seasoned executives well-versed in the online shopping and bill payment spaces. Over 40 banks, six of the top 10 card issuers, and more than 1,500 merchants are part of the trusted Billeo network. For more information about Billeo visit www.billeo.com.



SOURCE Billeo, Inc. RELATED LINKS http://www.billeo.com





$2 Million Fine for Illegal Download Redued to $54k



Last June I blogged about the Minnesota woman who was found guilty of illegally downloading 24 songs from Kaaza.   Today, a judge reduced the "monstrous" $2 Million dollar fine to an amount he called significant and harsh...



WASHINGTON (AFP) – Condemning a two-million-dollar fine meted out to a Minnesota woman for illegally downloading music over the Internet as "monstrous and shocking," a judge has slashed the penalty to 54,000 dollars.





US District Court Michael Davis said the fine imposed by a jury on Jammie Thomas-Rasset, a single mother of four from the town of Brainerd, veered into the "realm of gross injustice."



In a high-profile music piracy case, Thomas-Rasset was found liable in June of violating music copyrights for using the Kazaa peer-to-peer file-sharing network to download 24 songs.




A jury ordered her to pay 1.92 million dollars -- or 80,000 dollars per song -- to six record companies: Capitol Records, Sony BMG Music, Arista Records, Interscope Records, Warner Bros. Records and UMG Recordings.




Davis slashed the fine to 54,000 dollars, or 2,250 dollars per recording, and complained in his ruling on Friday, a copy of which was obtained by AFP on Monday, that he was constrained from reducing it even further.





"This reduced award is significant and harsh," Davis said, but it is "no longer monstrous and shocking."



Payoneer Selects Cotendo CDN Suite to Accelerate Access to Its Online Payments Network



Cotendo's CDN and Site Acceleration Suite Speeds Up Web Services to Hundreds of Thousands of Payees Worldwide, Reduces Website Access Times by Up to 75%, and Significantly Lowers Customer Support Costs

SUNNYVALE, CA--(Marketwire - January 25, 2010) - Cotendo, a content delivery network (CDN) and site acceleration services provider, today announced that Payoneer, a leading global payments solution company, has chosen the Cotendo CDN and Site Acceleration Suite to improve the performance of its worldwide payments platform. Performance gains included a 75% decrease in Website access times in some geographical locations resulting in significant increases in worldwide customer satisfaction.



Payoneer operates an online payments platform that provides its partners with an efficient method to pay individuals virtually anywhere in the world. Payoneer's customers include affiliate networks, content providers, direct sellers, market researchers, payroll providers, clinical researchers and others. Payoneer offers reloadable prepaid cards on behalf of its global partners. These companies then use Payoneer's Web interface to load the cards when payments are due. Payees use the Web interface to manage and monitor their card accounts.



Payoneer's Website consistently experiences heavy traffic as evidenced by its recent Alexa ranking of 9,355. The company faced two challenges: high concentrations of traffic from regions with well developed broadband networks like the United States and Europe; and bottlenecks in regions where users do not have the luxury of high-speed Internet connections. One of Payoneer's top priorities was to overcome these challenges, delivering a fast, easy-to-use Web interface to its customers, regardless of location. The Cotendo CDN and Site Acceleration Suite -- with its whole site acceleration of static, dynamic, and secure content -- was ideally suited to meet the global demands of Payoneer's business.



According to Yuval Tal, Payoneer's CEO, the Cotendo Site Acceleration Suite stood out from competing solutions in its ability to accelerate secure content. "As a financial services provider, secure transactions and speed are critical to our business," he said. "Cotendo's SSL acceleration technology really impressed us, and we felt it was clearly the best solution out there."



Tal commented that Cotendo's unified platform provided speedy implementation and simplified ongoing content management. "We didn't need to make any changes to our website to deliver content over Cotendo's CDN. With any other CDN, we would have had to change HTML code and make other modifications. The implementation could not have been more straightforward."



Payoneer is using Cotendo's CDN Balancer to optimize content delivery in different geographic locations. Dynamic Site Acceleration is used for accelerating non-cacheable, dynamic content. The suite also includes a real-time reporting platform for monitoring user activity. "Having real-time data is extremely valuable for us because it enables us to make instant decisions on regional activity." Tal said.



Payoneer achieved immediate and significant performance improvements upon implementation of the Cotendo CDN and Site Acceleration Suite. According to Tal, in some geographical regions, access times have been reduced by as much as 75%. "The improvements in our website performance have had a direct -- very positive -- effect on a massive international customer base." he said.



The Cotendo CDN and Site Acceleration Suite has proven to be a highly economical content delivery solution for Payoneer, from both a price and a cost savings perspective. "Since implementing the CDN, we have significantly reduced our customer service and R&D costs."



"Accelerated content delivery is making a huge difference for users of the Payoneer payments platform," said Ronni Zehavi, Cotendo's CEO. "Together, Payoneer and Cotendo are giving customers around the world unprecedented access to earnings and transaction information. The result is good business for Payoneer's customers and a great experience for their payees."



To learn more about Cotendo's CDN and Site Acceleration Suite please visit http://www.cotendo.com/suite.html.



About Payoneer, Inc.



Founded in 2005, Payoneer Inc. provides fully hosted prepaid MasterCard® card solutions for organizations that need to remit payments to remote, dispersed populations worldwide. Payoneer's turnkey prepaid card platform enables companies of all sizes to optimize their payments delivery by replacing traditional payment methods with prepaid MasterCard cards and recurring electronic transactions. Payoneer is a registered MSP with MasterCard Worldwide and an approved partner of Meta Payment Systems®, a division of MetaBank. Payoneer is headquartered in New York and maintains its R&D center in Tel Aviv, Israel. Payoneer is privately held with venture funding from Carmel Ventures, Greylock Partners and Crossbar Capital. For more information, please visit http://www.payoneer.com.



About MetaBank™



MetaBank is a federally-chartered savings bank regulated by the Office of Thrift Supervision. Meta Financial Group, Inc.® is the holding company for MetaBank, Meta Payment Systems®, and Meta Trust Company®. For more information visit http://www.metacash.com. Prepaid MasterCard cards are issued by MetaBank pursuant to license by MasterCard International Incorporated. MasterCard is a registered trademark of MasterCard International Incorporated.



About Cotendo Cotendo is a CDN and site acceleration services provider and an innovator of software-focused site acceleration technologies. Cotendo's full suite of CDN and site acceleration services is addressing an important unmet need that Internet content and web application providers have for application-level flexibility and sophisticated management of performance and cost. Cotendo is led by experts in intelligent content management and content delivery networks. Founded in 2008, Cotendo is funded by Sequoia Capital and Benchmark Capital. The company is headquartered in Sunnyvale, California with R&D based in Israel. For more information about Cotendo and its Site Acceleration Suite, visit http://www.cotendo.com.



80% Want Better Online Banking Security than a "Username and Password"



Bank Technology News published the results of a recent survey conducted by RSA.   On Friday, I blogged about the same report in a post entitled:  "Security Fears Dog Online Banking." 



"Consumers are very much aware of these threats," Seth Geftic, senior manager of Identity Protection and Verification at RSA told V3.co.uk.  "They are not satisfied with simple password. Consumers really and need this security."  He continued that while some European banks were going down the line of two factor authentication UK and US banks were instead relying on risk-based authentication.




Online Banking Customers Still Insecure


Bank Technology News  |  January, 2010





Consumers have become aware of the threats of online crime, yet are still falling prey to scams at increasing rates, according to RSA’s new global security survey.



  • RSA, a unit of EMC, found that 70 percent of users feel their banks should implement stronger security

  • 80 percent say their IDs should be protected though measures beyond username and password. 

  • In the UK, for example, only 35 percent of consumers feel “very secure” when using online banking.



The firm also says awareness of phishing attacks doubled between 2007 and 2009, yet the number of people who reported being victimized by phishers increased more than 600 percent during the same period.



RSA says that increase is due to advanced communications and sophisticated writing and Web design on the part of the crooks. Phishing itself has also evolved, branching into mobile device attacks such as vishing and smishing.



The survey of more than 4,500 internet users in 22 countries also found that while 65 percent of users who belong to social networking sites are less likely to interact or share information due to security concerns. In a statement, Christopher Young, an svp of RSA, said in order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customer’s information.










Thales and Voltage Security Partner to Deliver E2E Encryption



Thales and Voltage Security Forge Technology Integration and Partnership to Deliver End-to-End Encryption and Key Management to Secure Payments

Partnership Addresses PCI DSS and Other Enterprise Data Protection Initiatives



PALO ALTO, Calif. & CAMBRIDGE, United Kingdom--(BUSINESS WIRE)--Thales, leader in information systems and communications security, and Voltage Security, Inc., the global leader in end-to-end data protection, announce a technology integration and partnership centered around delivering End-to-End Encryption and key management solutions for the payments industry and broader enterprise security applications. Through the partnership, the two companies have worked together to integrate Voltage SecureData technology with Thales hardware security modules (HSMs) for customers, Heartland Payment Systems being an example.



The Thales and Voltage technology integration allows customers to apply hardened data protection measures at virtually any point along the data path to help achieve the goal of end-to-end protection. By helping to reduce the time and complexity of deploying data protection and by significantly limiting the scope of security audits, the burden of demonstrating regulatory and internal compliance is dramatically reduced. The technology integration builds on Voltage SecureData™ to protect data without having to make expensive changes to the point of sales (POS) infrastructure, database and business applications. The encryption and key management process is protected by Thales nShield Connect hardware security modules – part of the nCipher product line - to ensure the security and integrity of the overall solution. Beyond initial deployment, Voltage and Thales encryption and key management solutions further simplify the ongoing management and operation for customers.



End-to-End Encryption is increasingly the leading method of securing data throughout the payment stream and for enterprise security applications. For organizations subject to PCI DSS (Payment Card Industry Data Security Standard), using hardware security modules (HSM) solutions further reduces the scope of PCI audits – reducing the time and money required for compliance.



“With Heartland End-to-End Encryption (E3), Heartland is raising the bar in retail payments security, beyond existing security mandates, by deploying End-to-End Encryption to protect cardholder and sensitive authentication data throughout the payment acquiring network,” says Steve Elefant, chief information officer, at Heartland Payment Systems. “The Voltage solution integrated with Thales HSMs just works and, in a matter of weeks rather than months, delivered the data protection and key management that Heartland needs to move the payments industry forward.”



“The goal of achieving end-to-end protection is a challenging one with so many diverse endpoints in a transaction lifecycle – point of sale (POS), databases, mainframes, and payment networks – all of which need to be protected from compromise,” says Sathvik Krishnamurthy, president and CEO, Voltage Security. “Key management is a critical aspect of all encryption systems and through our partnership with Thales we are able to enhance our End-to-End Encryption solution to protect key management functions and other cryptographic operations in a tamper resistant and security certified environment – an essential requirement in the payments market.”



“Today, Thales helps secure more than 70 percent of the world’s card payment transactions. Thales is delighted to partner with Voltage to deliver to customers such as Heartland an innovative End-to-End Encryption and key management solution that further helps customers in the payments market and beyond to address their expanding data protection needs,” says Franck Greverie, vice president, managing director for the information systems security activities of Thales.





About Voltage Security



Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in end-to-end data protection. Voltage solutions, based on next generation cryptography, provide end-to-end encryption, tokenization, masking and stateless key management for protecting valuable, regulated and sensitive information based on policy. Voltage products enable reduction in audit scope with rapid implementation and the lowest total cost of ownership in the industry through the use of award-winning cryptographic solutions, including Voltage Identity-Based Encryption™ (IBE) and a new breakthrough innovation: Format-Preserving Encryption™ (FPE). Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and the Voltage Security Network™ (VSN), a SaaS service for the extended business network.



As a service to the industry and general public, the company maintains the Voltage Data Breach Index and Map which is continuously updated with global data breach information: www.voltage.com/data-breach. The Company is active in the standards community and is a PCI Security Standards Council Participating Organization and is a member of the Secure POS Vendor Alliance (SPVA). Voltage has also been issued several patents based upon breakthrough research in mathematics and cryptographic systems. Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government. To learn more about Voltage customers and sign up for the customer newsletter, please visit www.voltage.com/customers.



About Thales



Thales is a global technology leader for the Aerospace and Space, Defence, Security and Transportation markets. In 2008, the company generated revenues of 12.7 billion euros with 68,000 employees in 50 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. www.thalesgroup.com



Voltage Identity-Based Encryption, Voltage Format-Preserving Encryption, Voltage SecureMail, Voltage SecureFile, Voltage SecureData and the Voltage Security Network (VSN), are registered trademarks of Voltage Security, Inc. All other trademarks are property of their respective owners.











Discover® Small Business Watch: 43% Must Raise Cash to Stay in Biz



Discover® Small Business WatchSM: Small Business Economic Confidence Jumps in January



More Small Business Owners See Economic Conditions for Their Businesses Improving and Plan to Start Spending on Business Development


  • HEALTH CARE: 58% of Owners Expect Their Health Insurance Situations to be Worse if Congress Passes Reform Legislation




  • FUNDING: 43% Need to Raise Money This Year to Stay in Business



RIVERWOODS, Ill.--(BUSINESS WIRE)--America’s small business owners expressed higher economic hopes in January, largely due to increased expectations that conditions for their own businesses would improve in the next six months, according to the Discover® Small Business WatchSM. The Watch index jumped to 85.5 from 77.0 in December.



More small business owners are planning to increase business development spending over the next six months, with 25 percent noting they will spend more on activities such as advertising, inventories and capital expenditures. This number is up from 18 percent in December. Further, 28 percent plan to make no changes, while 45 percent will decrease spending, down from 51 percent in December.



“We measure small business insights and expectations about the larger economy as well as on the local level, so it’s good to see confidence rise on Main Street,” said Ryan Scully, director of Discover's business credit card. “January showed us the first month-to-month increase since August in the number of small business owners who plan to increase spending on business development. Self-investment is a healthy sign in the small business economy.”



Other January Indicators:


  • 29 percent of small business owners see conditions for their own businesses getting better in the next six months, an improvement from 22 percent in December and 19 percent in November; 43 percent see conditions getting worse, 23 percent expect things to stay the same, and 4 percent aren’t sure.

  • The number of small business owners who think the economy is getting better rose to 31 percent in January, up from 25 percent last month; 46 percent see the economy getting worse, down from 49 percent in December; 18 percent see the economy staying the same and 4 percent are not sure.

  • 8 percent rate the economy as good or excellent, up from 4 percent in December; 34 percent rate the current economy as fair, and 58 percent rate it as poor.

  • 51 percent of owners have experienced cash flow issues in the past 90 days, unchanged from December; 46 percent of owners have not experienced cash flow issues, and 3 percent are not sure.

HEALTH CARE POLL: Majority of Small Business Owners Aren’t Looking Forward to Health Reform



When asked how their health insurance situation would be affected by health care reform, 58 percent of small business owners say it will become worse, 23 percent think their situation will be better, 15 percent see no impact and 4 percent are not sure.



Eighty-one percent of small business owners say they do not offer health insurance to their employees, down from 85 percent in January 2009, but still above the 77 percent in January 2008 and 74 percent in January 2007. Among owners who offer health insurance, 29 percent have considered discontinuing it because of the cost.



“Health care continues to be a concern for most small business owners as they try to balance cost with other business obligations,” Scully said. “In terms of relief from the pending health insurance reform legislation, they aren’t holding their collective breath for anything to change soon.”



Other health care findings:
  • 21 percent of owners are uninsured, down from 25 percent in January 2009. Of those who are insured, 34 percent of owners receive their coverage from another family member’s plan, 32 percent purchase it separately and 12 percent get it through a company plan.

  • When asked if any of their employees go without health insurance, 28 percent of owners say yes, while 53 percent say no, and 19 percent are not sure.

  • 68 percent say that it is “very difficult” or “somewhat difficult” to obtain affordable health insurance.

  • 62 percent of owners say that the cost and concerns over health care will prevent some people from starting a small business.

  • 60 percent say that the cost of health care has an impact on their business, with 34 percent saying that the impact is “major.”

FUNDING POLL: 43% of Small Business Owners Have Funding Needs




Forty-three percent of small business owners say that they will need to raise money this year in order to keep their business going, up from 32 percent in January 2009. Forty percent will not have to raise funds for their business, while 17 percent are not sure.





For those who need to find funding, owners chose the following as their first choice of a source:

  • Personal savings, 25 percent, up from 19 percent in January 2009

  • Bank loan, 20 percent, up from 18 percent in January 2009

  • Friends or family, 13 percent, down from 20 percent in January 2009

  • Home equity loan, 9 percent, up from 1 percent in January 2009

  • Credit cards, 4 percent, down from 9 percent in January 2009

  • Some other way, 19 percent, down from 24 percent in January 2009

  • Not sure, 10 percent

The views and opinions expressed by small business owners and consumers who participate in the Small Business Watch survey are their own and do not necessarily reflect those of Discover Financial Services or its affiliates.





About the Small Business Watch



The Discover Small Business Watch is a monthly index measuring the relative economic confidence of U.S. small business owners who have less than five employees, a segment that consists of 22 million businesses producing more than a trillion dollars in annual receipts. The Watch is based on a national random survey of 750 small business owners. It is commissioned by Discover Business card, which strives to offer the best business credit card for American small businesses, and is conducted by Rasmussen Reports, LLC (www.rasmussenreports.com), an independent survey research firm. The numeric index is calculated by assigning values to responses to a set of six consistent questions. The base value of the Watch was established at 100.0 based on surveys conducted in August 2006. In addition to generating the index, the Small Business Watch surveys small business owners every month on key issues, and polls 3,000 consumers four times per year to gauge purchasing behavior and attitudes towards small businesses. For past results and survey data, visit www.discovercard.com/business/watch. For information on Discover Business card, visit www.discovercard.com/business.



About Discover



Discover Financial Services (NYSE: DFS) is a leading credit card issuer and electronic payment services company with one of the most recognized brands in U.S. financial services. Since its inception in 1986, the company has become one of the largest card issuers in the United States. The company operates the Discover card, America's cash rewards pioneer, and offers student and personal loans, as well as savings products such as certificates of deposit and money market accounts. Its payments businesses consist of Discover Network, with millions of merchant and cash access locations; PULSE, one of the nation's leading ATM/debit networks; and Diners Club International, a global payments network with acceptance in 185 countries and territories. For more information, visit www.discoverfinancial.com.











Johnny Depp Dies so Malware Can Thrive











Johnny Depp is not dead - but you might be infected

Posted on 25.01.2010


The fake news of the death of one of the most popular actors of today has been used by hackers to infect you with Trojans.  According to Sophos' Graham Cluley, the rumor spread like wildfire through the Internet, fueled by a flurry of Twitter messages that made it a trending topic. Using Google to find out more about the issue led to websites spreading the fake news - have a look at the second search result:





Looks like CNN covered it, so it must be true. Or is it? Look again - at the actual URL below.



This is a lesson that we all should learn, and learn fast: check the actual URL. Roll over the link with the mouse and see where it will take you. Of course, fraudsters can and do use shortened URLs to take care of that problem, but that's another story for another time. Where you can, you should check the link before clicking on it.



The link in question leads to a CNN look-alike page that does a good job at tricking people:





Scroll down a little, and the rest of the story has nothing to do with Johnny Depp. There are other tell-tale signs that this, in fact, is not the CNN website, but at first glance it looks legitimate.



Lucky for you, this website doesn't lead to malware. It seems it was made just for creating more buzz around the topic, and get you interested enough to search for things like the a video on the topic:





Clicking on that link will take you to a series of sites. The last one claims to have the video, only you can't watch it because you don't have the needed version of Video ActiveX codec.



You are, of course, offered a link for downloading it. And if you do, and execute the file, I'm afraid you just became an involuntary owner of a Trojan.

.





Discover Announces Alliance with Korea’s BC Card

http://www.discoverfinancial.com
Agreement Will Boost Transaction Volume on Discover’s U.S. and Global Network, Provide Worldwide Acceptance for BC Card Cardholders



RIVERWOODS, Ill.--(BUSINESS WIRE)--Discover Financial Services today announced an agreement with BC Card, the leading Korean payment network, which will allow BC Card cardholders to utilize the Discover, Diners Club International and PULSE networks for international purchases and cash access outside of Korea.


The long-term arrangement will result in increased transaction volume on the Discover, Diners Club and PULSE networks outside of Korea, where Korean cardholders spent $12.6 billion in 2008 on international expenditures, according to the Korea Tourism Organization.



“This agreement marks another expansion of Discover’s growing global network, connecting more merchants and ATMs with more cardholders throughout the world,” said Diane Offereins, executive vice president for payment services at Discover. “Expanded BC Card acceptance will increase transaction volume on all of our networks and provide global access to our new partner, BC Card.”



Founded in 1982, BC Card is the largest domestic payments network in Korea with over 32 percent market share in one of the world’s top credit card markets. BC Card has over 52 million cards in Korea today, issued by 11 financial institutions.



“Our new alliance with Discover opens the door to providing BC Card customers with more opportunities to make purchases and access cash around the world, especially in the U.S.,” said Chang Hyung-duk, president and CEO of BC Card. “These robust network capabilities deliver growth opportunities for our issuers and new value for our cardholders.”



System interoperability is expected to be active by late this year, when BC Card members will start issuing cards under this agreement.



In the past few years, Discover also has entered into strategic alliances with China UnionPay and JCB. These alliances provide valuable access to Discover’s acceptance footprint and deliver value and volume to merchants and partners.



About BC Card



Founded in 1982, BC Card operates the largest domestic payment network in South Korea with 11 member financial institutions and approximately 52 million cards issued on its proprietary platform and through dual-brand agreements. BC card provides payment services for a complete range of institutions, from the financial sector through private enterprise and government agencies, on an end-to-end credit card business processing platform that encompasses card issuance and delivery, authorization and billing, merchant management, and payment and settlement. Its products include credit, check cards, pre-paid cards, international debit cards and post-paid transportation cards. For more information, visit http://www.bccard.com.



About Discover



Discover Financial Services (NYSE: DFS) is a leading credit card issuer and electronic payment services company with one of the most recognized brands in U.S. financial services. Since its inception in 1986, the company has become one of the largest card issuers in the United States. The company operates the Discover card, America's cash rewards pioneer, and offers student and personal loans, as well as savings products such as certificates of deposit and money market accounts. Its payments businesses consist of Discover Network, with millions of merchant and cash access locations; PULSE, one of the nation's leading ATM/debit networks; and Diners Club International, a global payments network with acceptance in more than 185 countries and territories. For more information, visit www.discoverfinancial.com.

Cost of a Data Breach - $204 per record

Ponemon Study Shows the Cost of a Data Breach Continues to Increase



Fifth annual survey shows a significant spike in legal defense spending while breaches involving third-party organizations remained the most costly


Key Facts About the Announcement

  • PGP Corporation, a global leader in enterprise data protection, and the Ponemon Institute, a privacy and information management research firm, today announced results of the fifth annual U.S. Cost of a Data Breach Study.

  • According to the study, data breach incidents cost U.S. companies $204 per compromised customer record in 2009, compared to $202 in 2008.

  • Despite an overall drop in the number of reported breaches (498 in 2009 vs. 657 in 2008 according to the Identity Theft Resource Center), the average total per-incident costs in 2009 were $6.75 million, compared to an average per-incident cost of $6.65 million in 2008.





Key Findings from the Study


  • The cost of a data breach as the result of malicious attacks and botnets were more costly and severe.

  • Negligent insider breaches have decreased in number and cost most likely resulting from training and awareness programs having a positive affect on employees’ sensitivity and awareness about the protection of personal information. Additionally, 58 percent have expanded their use of encryption up from 44 percent last year.

  • Organizations are spending more on legal defense costs which can be attributed to increasing fears of successful class actions resulting from customer, consumer or employee data loss.

  • Average abnormal churn rates across all incidents in the study were slightly higher than last year. The industries with the highest churn rate were pharmaceuticals, communications and healthcare, followed by financial services and services.

  • Third-party organizations accounted for 42 percent of all breach cases, dropping from 44 percent of all cases in 2008. These remain the most costly form of data breaches due to additional investigation and consulting fees.

  • The most expensive data breach event included in this year’s study cost a company nearly $31 million to resolve. The least expensive total cost of data breach for a company included in the study was $750,000.

Quotes for Attribution





Dr. Larry Ponemon“In the five years we have conducted this study, we have continued to see an increase in the cost to businesses for suffering a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach.”


Phillip Dunkelberger“Customers are increasingly aware of and expecting a secure level of protection and privacy for the data they entrust to businesses," said Phillip Dunkelberger, president and CEO of PGP Corporation. “Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected are not only facing expensive direct costs from cleaning up a data breach, but also a loss in customer confidence that has long lasting ramifications.” Dunkelberger went on to point out, “a bright spot in this year’s report illustrated that companies with chief security officer leadership had lower cost of remediation following a breach.”



About the Study

  • The annual U.S. Cost of Data Breach Study, by PGP Corporation and independently conducted by the Ponemon Institute, tracks a wide range of cost factors, including expensive outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.

  • The study was derived from a detailed analysis of 45 data breach cases with a range of 5,000 to 101,000 records that were affected. Companies analyzed were from 15 different industries.

About the Ponemon Institute



The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.



About PGP Corporation



PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.



PGP® solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX Index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies’ brands and reputations. Contact PGP Corporation at www.pgp.com.



PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners.
###


Disqus for ePayment News