Thursday, February 11, 2010

Voltage Security Completes Independent Security Review

Conforms To Visa Best Practices for Data Field Encryption; Format-Preserving Encryption Meets Recommendations for End-to-End Encryption



PALO ALTO, Calif. - PIN Payments News Blog -  February 11, 2010 - Voltage Security™, the global leader in end-to-end data protection, today announced that Cryptographic Assurance Services, LLC (CAS), a leader in cryptographic compliance consulting, has completed an independent security review of Voltage's innovative Format-Preserving Encryption used in numerous end-to-end encryption implementations around the world. Voltage End-to-End Encryption, part of the Voltage SecureData(tm) product line, conforms to the complete list of Visa’s global industry best practices for data field encryption, published on October 5th, 2009. The Visa best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption, also known as end-to-end encryption, protects card information from the swipe to the acquirer processor so that the merchant is no longer processing or transmitting card data in the "clear."



CAS was asked to evaluate Format-Preserving Encryption (FPE) as a mode of the Advanced Encryption Standard (AES). CAS evaluated the mathematical model on which it was based and the associated proofs of security. CAS also reviewed a source-code instantiation of FPE provided by Voltage Security. CAS identified applicable compliance regimes and assessed FPE against them.



In its finding, CAS noted the large body of cryptographic research on which FPE is based, accumulated over decades, and the strength of the mathematical proofs and cryptanalysis. CAS concluded that FPE as implemented in the form of the AES mode FFX3 meets the compliance criteria for PCI DSS v1.2 encryption requirements and for Visa’s Data Field Encryption requirements, making Voltage Security’s Format-Preserving Encryption solutions suitable for use by organizations needing to comply. AES mode FFSEM is a sub mode of AES mode FFX and included in this assessment.



The complete report is available at www.voltage.com/security-review, registration required.



About Cryptography Assurance Services



CAS is a team of security professionals with over 50 years of combined experience. The CAS experience covers a wide range of technologies addressing confidentiality, integrity, authentication and non-repudiation with emphasis on cryptography and key management. CAS has been, and is still today, involved in developing X9, ISO and other industry security standards and providing assurance services to gain compliance to such standards.



About Voltage Security



Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in end-to-end data protection. Voltage solutions, based on next generation cryptography, provide end-to-end encryption, tokenization, masking and stateless key management for protecting valuable, regulated and sensitive information based on policy. Voltage products enable reduction in PCI audit scope with rapid implementation and the lowest total cost of ownership in the industry through the use of award-winning cryptographic solutions, including Voltage Identity-Based Encryption™ (IBE) and a new breakthrough innovation: Format-Preserving Encryption™ (FPE). Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and the Voltage Security Network™ (VSN), an on-demand managed service for the extended business network.



As a service to the industry and general public, the company maintains the Voltage Data Breach Index and Map which is continuously updated with global data breach information: www.voltage.com/data-breach. The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government. To learn more about Voltage customers and sign up for the customer news letter please visit www.voltage.com/customers.







###





32% of Computers with AV Protection are Infected

Help Net Security published a story on a recent SurfRight report that anti-virus solutions don't stop infection from malware...
A SurfRight report shows statistics that give credibility to the lately popular opinion that one anti-virus solution is no longer enough to be sure your computer isn't infected. The effectiveness of most anti-virus solutions relies still on the quality of the virus signatures, and sometimes on the heuristics capabilities of the programs. Aided by its partners, SurfRight had the idea of bundling up 7 anti-virus engines that have at their disposal an equal amount of anti-virus databases. They called it Hitman Pro 3....



Continue Reading






Todos Addresses Cambridge University Research Concerned with eCommerce Security

University of CambridgeImage via Wikipedia

Todos addresses Cambridge University research concerned with ecommerce security

A study by the University of Cambridge shows that 3D Secure (3DS) technology may boast more than the security it actually provides. According to the report’s authors, Steven Murdoch and Ross Anderson, concern has been expressed with the current approach to e-commerce security, saying that there have been many serious problems in the 3DS environment.





The study revealed that the main problems come from the reliance on static passwords and the need to authenticate users at the point when they first enter their password.


Todos technology has addressed this works within the 3DS environment to offer merchants and card issuer two-factor authentication solutions. This would replace the static password and be available to use on a Todos device or mobile application and a private PIN.



With the two-factor authentications, users can securely validate online transactions without disclosing any sensitive personal information.






Customer Sues Bank After Phishing Attack, MI-Based Business Lost $550,000 in Breach

Another lawsuit has been filed against a bank for not keeping their customers secure.  This particular one claims that the bank's authentication system was susceptible to phishing.  Comerica Bank and others can "ELIMINATE" the threat of phishing by switching from a "typing your banking credentials" environment to a "swiping your banking credentials" one.  They say practice makes perfect, but the practice of "typing" username/passwords is far from perfect. 



Customer Sues Bank After Phishing Attack

MI-Based Business Lost $550,000 in Breach
Bank Info Security's Managing Editor, Linda McGlasson, is reporting that:



A Michigan-based metal supply company is suing Comerica Bank, claiming that the bank exposed its customers to phishing attacks.



A lawsuit filed by Experi-Metal Inc. (EMI) in Sterling Heights, MI alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures.



EMI contends that Comerica's actions opened its online bank account to a successful phishing attack where more than $550,000 was stolen from the company's bank accounts and sent overseas.



Continue Reading at Bank Info Security











Chip and PIN is Broken: Cambridge's Ross Anderson Comments

Chip and PINImage via Wikipedia

Chip and PIN is Broken

February 11th, 2010 at 18:09 UTC by Ross Anderson







There should be a 9-minute film on Newsnight tonight showing some research by Steven Murdoch, Saar Drimer, Mike Bond and me. We demonstrate a middleperson attack on EMV which lets criminals use stolen chip and pin cards without knowing the pin.









Our technical paper Chip and PIN is Broken explains how. It has been causing quite a stir as it has circulated the banking industry privately for over 2 months, and it has been accepted for the IEEE Symposium on Security and Privacy, the top conference in computer security. (See also our FAQ and the press release.)





The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a pin, using a signature or not at all.



This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-pin.  The upshot is that you can buy stuff using a stolen card and a pin of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.


It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank) — in fact Steven blogged about it here last August.



But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification. The reason why it works can be quite subtle and convoluted: bank authorisation systems are complex beasts, including cryptographic checks, account checks, database checks, and interfaces with fraud detection systems which might apply a points-scoring system to the output of all the above. In theory all the data you need to spot the wedge attack will be present, but in practice? And most of all, how can you spot it if you’re not even looking? The banks didn’t even realise they needed to check.



This attack is both academically and practically significant. We get reports weekly from different victims of phantom withdrawals, and these include large numbers of stolen cards used to make purchases in the window between theft and the cancellation of the card. Currently these victims are denied refunds by their banks, but this attack could explain some of the frauds we are seeing. The fact the receipt says “PIN Verified” when actually it wasn’t raises a whole load of legal and evidential questions which call into question the banking industry’s claim that their systems work (and log) properly. Merchants will be none too pleased either; the system no longer protects their interests but only those of the issuing bank.



There’s been some confusion, possibly even misinformation, about our attack and its effects. Carte Bancaire in France were so concerned that they briefed the press way in advance of our plans for publication. We can set the record straight on a few things:



  • the attack applies to cards used online (where the merchant POS contacts the bank) as well as offline;

  • the attack works regardless of the amount of money spent (not just for small value amounts that are below floor limit);

  • the attack doesn’t work once a card has been cancelled by the bank — just like stolen cards in the past can only be used for a certain window of time once the cardholder discovers the loss;

  • the attack doesn’t work at ATMs (cash machines);

  • the failure applies to bank card schemes based on EMV – the most widely deployed standard for smartcard payments. Older national smartcard schemes may or may not be vulnerable; we don’t know.



So what went wrong? In essence, there is a gaping hole in the specifications which together create the “Chip and PIN” system. These specs consist of the EMV protocol framework, the card scheme individual rules (Visa, Mastercard standards), the national payment association rules (UK Payments Association aka APACS in the UK), and documents produced by each individual issuer describing their own customisations of the scheme. Each spec defines security criteria, tweaks options and sets rules – but none take responsibility for listing what back end checks are needed. As a result, hundreds of issuers independently get it wrong, and gain false assurance that all bases are covered from the common specifications. The EMV specification stack is broken, and needs fixing.



We’re really worried that if something isn’t done to fix this problem, and the many others we’ve found in EMV, that other regions adopting it (like the USA) are going to make the same mistakes again and again – and that means customers stay vulnerable.



That’s why again we’re arguing that Chip and PIN is broken. We don’t want people keeping their money in shoe boxes – we want the problems fixed. That means getting decent governance for the system that involves all the stakeholders – banks, regulators, merchants and customers.





Flaw Calls Entire Architecture of Chip and PIN Into Question - Video Report

Flaw 'calls entire architecture' of chip and pin into question

The BBC's Newsnight reveals a serious flaw in the chip and pin system uncovered by Cambridge University researchers which could allow criminals to make bank card payments without knowing the correct pin number.

Watch Susan Watts' full report on Newsnight on Thursday at 10.30pm on BBC Two, then afterwards on the BBC iPlayer and Newsnight website.

Get a Free Olympic Team USA Fleece

Support TeamTeam USA sent me a request to post this on the PIN Debit Blog and I am glad to oblige...



Hi John



Tomorrow, February 12, the world will gather to watch top athletes from around the globe compete in the Winter Olympic Games in Vancouver. Athletes from Team USA, who have been training their entire lives will take the stage to represent our country. I'm writing with the hope that you could share the news about Team USA with the readers of PIN Debit News Blog.



Anyone who registers on Teamusa.org will have access to the latest info and will receive exclusive updates throughout the games. I've put all that information including some very cool Team USA widgets and banners into this social media news release here:


Social Media News Release



Sign up to experience the insider’s view of the 2010 Olympic Winter Games in Vancouver!



TeamUSA

Be part of Team USA for 18 incredible days of competition!

  • Receive exclusive updates during the Winter Games


  • Get the inside scoop, event by event


  • Hear directly from our Olympic athletes as they chase their dream


  • Photo and video highlights, right to your desktop



  • Victory in Vancouver is a state-by-state, hometown-by-hometown effort to help the U.S. athletes who are our fellow Americans and neighbors achieve their dreams of winning top honors at the 2010 Olympic Winter Games in Vancouver, Canada!

  • It's been almost 80 years since Team USA won the most gold medals at the Olympic Winter Games, and they're ready to do it again. Your gift today can bring the United States to Victory in Vancouver!

  • Be a part of this historic bid for Olympic glory with your gift to the U.S. Olympic Committee.




  • Receive this Team USA fleece jacket FREE with a donation of $20 or more.

  • Proudly display your support for Team USA with this U.S. Olympic fleece jacket!


fleece offer
  • Warm, soft and rugged

  • Dark warm grey

  • Heavy-duty full length zipper with Team USA pull

  • Made of breathable and fast drying fleece

  • Roomy hand warmer pockets

  • Double-stitched hems

  • Beautifully embroidered with the U.S. Olympic 5-ring logo in full color



Shipping and handling included!




Available in four sizes: Medium, Large, X-Large and XX-Large - but supplies are limited, so act today!

Sixth Ring Membership

  • The Sixth Ring is an elite group of individuals who spearhead the efforts of the U.S. Olympic Committee to send the best, most talented athletes to the Olympic Games.

  • Become a member of the Sixth Ring today and lead the team to victory!







Credit Card Fraud Now Comprises 75% of ID Crime Cases

Until we stop "typing" and start "swiping" we will continue to see this trend continue.  This, from a story published at eCreditDaily.com,






Credit Card Fraud Surging in I.D. Theft Cases, Study Says

Credit card fraud surged in 2009 as the No. 1 form of rising identity theft, and it now comprises 75 percent of I.D. crime cases, according to a survey of 5,000 adults by Javelin Strategy & Research, the California-based research firm.



The credit card portion of I.D. fraud is up from 63 percent in 2008, Javelin’s study found.



Editor's Note:  The Consumer Version of Javelins Report is free and can be obtained by clicking the link at the bottom of this post. 



The overall number of identity theft victims in the United States rose 12 percent to 11.1 million last year, the firm’s findings show.  Total losses from identity fraud climbed 12 percent to $54 billion, up from $48 billion in 2008. The mean theft amount – per victim – slightly decreased to $4,841, but out-of-pocket consumer losses were $373, down from $498 in 2008, Javelin said.



“The average consumer cost is actually dropping because businesses are shouldering more of that actual fraud amount in order to protect individuals,” said James Van Dyke, Javelin president and founder. This is Javelin’s seventh annual identity fraud report.   Survey respondents reported more credit card fraud, followed by debit card fraud — 33 percent, down from 35 percent. The survey also showed an increase in stolen checking account numbers and health insurance documents.
96 pages; 67 charts/graphs

21 pages; 8 charts/graphs







iCharge: Europe's Version of iPhone Card Reader

TechCrunch Europe writes about iCharge, a European version of Square.  Doesn't do Chip and PIN.  Like Square, it uses SSL encryption instead of encrypting the data at the maghead to ensure security. 



iCharge – Jack Dorsey gets some Euro heat
by Steve O'Hear on February 11, 2010


Steve O'Hear writes:



It’s practically an identical pitch to Square, although iCharge looks to be slightly further behind. The self-funded company, founded by “experienced serial entrepreneurs and experts from the credit card industry” sometime in 2009, will run a limited trial with select retailers this summer. A wider launch isn’t scheduled until the third quarter of 2010. Square on the other hand is currently in private beta and plans to launch in early 2010.



The begin using iCharge, merchants will need to purchase the smartphone-compatible card reader and register with the iCharge service. Credit cards can then be swiped and the card info is sent to the connected iPhone/Android application.





A big part of iCharge’s pitch inevitably centers around security. All data transfers utilize SSL encryption,and credit card numbers are checked against a database of known stolen credit cards. And in the future, iCharge says it will integrate further safety features, such as “buyer name and image verification via social networks, as well as storing the GPS location where the transaction took place”, thus providing more protection for the retailer.



But who’s going to protect buyers?



All of this democratising credit card processing technology may seem great but consider this:



"Put a fake Square or iCharge device in the hands of a rogue trader, and a card reader attached to a phone running the ‘open’ Android OS seems like a fool-proof way to clone somebody’s credit card.




Just a thought.


PULSE and Woodforest Financial Group Sign Exclusive, Long-Term Agreement for PIN Point-of-Sale Debit Services

Cardholder Access to National ATM Network Also Included in Agreement


HOUSTON & THE WOODLANDS, Texas--(BUSINESS WIRE)--PULSE, one of the nation’s leading PIN debit/ATM networks, has extended and expanded its long-term relationship with Woodforest Financial Group for PIN point-of-sale (POS) debit and ATM services.



Under terms of the agreement, PULSE will be the exclusive network provider of PIN POS debit services to Woodforest Financial Group and its bank affiliates – Woodforest National Bank and Woodforest Bank. In addition, PULSE will provide the banks’ cardholders with access to PULSE’s nationwide network of ATMs.



“PULSE has provided ATM and PIN debit services to Woodforest for more than 25 years, and we are very pleased to extend and further develop our relationship,” said Dave Schneider, President of PULSE. “Being chosen to provide PIN debit network services by an innovative institution like Woodforest demonstrates our ability to deliver the acceptance, transaction processing services and customer support necessary to meet the institution’s PIN debit needs.”
Woodforest Financial Group is a privately owned community bank holding company headquartered in The Woodlands, Texas. Through its bank affiliates, Woodforest Financial Group services over 850,000 accounts from more than 725 branches located throughout 17 states.



“We have long relied on PULSE as a trusted debit network to serve our cardholders, and we are looking forward to continuing our relationship,” said Robert E. Marling, Jr., Chairman and Chief Executive Officer of Woodforest Financial Group. “With debit playing an increasingly important role in how consumers spend and manage their money, working with a network that possesses the expertise in PIN debit that PULSE does is critical.



“PULSE’s ability to deliver reliable electronic payment services to our cardholders, along with the responsiveness and outstanding customer service we expect, were deciding factors in continuing our mutually successful relationship,” added Marling.



About PULSE



PULSE, a Discover Financial Services company, is a leading debit/ATM network, serving more than 4,400 banks, credit unions and savings institutions across the United States. The network links cardholders with ATMs and POS terminals at retail locations nationwide. Through its global ATM network, PULSE provides worldwide cash access for Diners Club and Discover cardholders through hundreds of thousands of ATM locations. The company is also a source of electronic payments research and is committed to providing its participants with education on emerging products, services and trends in the payments industry. For more information, visit www.pulsenetwork.com.



About Woodforest Financial Group, Inc. and Its Family of Companies




Celebrating 30 years of banking success, Woodforest Financial Group, Inc. is a privately owned community bank holding company that includes Woodforest National Bank and Woodforest Bank in its family of companies. Together, they currently service over 850,000 accounts from more than 725 branches located throughout Texas, North Carolina, Ohio, Maryland, Pennsylvania, Virginia, West Virginia, Illinois, Indiana, South Carolina, Kentucky, Alabama, Louisiana, Mississippi, New York, Georgia and Florida. For more information, visit www.woodforest.com.





TSYS Introduces the Hybrid Card

 TSYSA Checking and Credit Payment in One Card


COLUMBUS, Ga.--(BUSINESS WIRE)--TSYS today introduced an innovative payment card that allows consumers to choose how they want to pay. The patent-pending TSYS HybridSM product combines credit and checking payment functionality on a single card, creating an easy-to-manage payment solution that gives consumers greater financial control. TSYS is first to bring to market a solution that is well suited for the current economic environment.



The consumer can pre-determine payment preferences by dollar amount, type of transaction or both, or allow the card issuer to create unique spending preferences.

“This all-in-one solution gives cardholders the ability to pay from multiple accounts that are all linked to a single card. In this economic environment, consumers want more control and convenience at a time when they are making conscious decisions about what to ‘pay now’ versus ‘pay later,’” said M. Troy Woods, president and chief operating officer of TSYS.
Tech-savvy and traditional customers alike can set preferences for posting transactions to their various accounts using their Web browser. Transactions are conducted to allow consumers to carry credit balances or ’pay now’ from their deposit or other accounts depending on what works best for them. Credit, checking and other deposit accounts may be used for payments, creating a consumer-directed way to manage household finances.



The TSYS Hybrid offering is available to the market today.



About TSYS TSYS (NYSE: TSS) is one of the world’s largest companies for outsourced payment services, offering a broad range of issuer- and acquirer-processing technologies that support consumer-finance, credit, debit, healthcare, loyalty and prepaid services for financial institutions and retail companies in the Americas, EMEA and Asia-Pacific regions. For more information contact news@tsys.com or log on to www.tsys.com.



New Report Says 45% of Large Merchants Plan to Add Device Fingerprinting Technology Solutions in Next 12 Months

Image representing ThreatMetrix as depicted in...
ThreatMetrix to demonstrate Leading Fraud Prevention Solutions for Etailers at Merchant Risk Council Conference


LOS ALTOS, CA--(Marketwire - February 11, 2010) - ThreatMetrix™, the fastest growing provider of device identification solutions for preventing online fraud, today announced it will demonstrate new fraud prevention solutions for etailers at the Merchant Risk Council e-Commerce Payments and Risk Conference, March 16 - 18, in Las Vegas. On display in Booth 604 will be fraud prevention solutions that extend ThreatMetrix' leadership position in device identification, a technology that leverages the "fingerprint of a computer" to determine if an online transaction is legitimate or fraudulent.



Etailers hit hard by the economy are also struggling to prevent online fraud. According to CyberSource, a leading provider of electronic payment and risk management solutions, merchants in the U.S. and Canada are estimated to have lost $3.3 billion in 2009 due to online fraud. Etailers are responding by aggressively adopting new technology, but most solutions authenticate transactions based on customers' personal information, which thieves are well-adept at stealing. Only device identification technology, which ThreatMetrix has been developing for five years, protects consumers' privacy while enabling hassle-free transactions.



Device identification (otherwise known as device fingerprinting) is ideal for the world's largest etailers, and many are evaluating these solutions already. In the 2010 CyberSource 11th Annual Online Fraud Report, almost half (45%) of the large merchants surveyed said they are planning to add a device fingerprinting solution in the next 12 months. Per the report, device fingerprinting "can aid in flagging fraud attacks where a variety of fraudulent orders are launched from a common device or set of devices." These attacks frequently are perpetrated by international fraud syndicates using stolen customer information and credit card data.



"The huge interest we experienced at last year's annual MRC conference sparked a great 2009 for ThreatMetrix," said Tom Grubb, vice president of marketing, ThreatMetrix. "With even more etailers putting device identification at the top of their priority list for 2010 we expect to see even greater interest in ThreatMetrix this year."



ThreatMetrix has become the fastest growing provider of device identification solutions for preventing online fraud through a combination of rapid technology innovation, strategic partnerships and customer satisfaction. In 2009, more than 100 companies including many prominent etailers joined the ranks of ThreatMetrix customers.



About ThreatMetrix ThreatMetrix (www.threatmetrix.com) helps companies control online fraud and abuse in real time so they can significantly reduce on-line fraud, acquire more customers faster, reduce costs, and increase customer satisfaction. ThreatMetrix profiles the device used in an online transaction so companies can determine whether the users are fraudsters or customers. ThreatMetrix' simple and cost-effective SaaS approach to implementation enables companies to get results in hours or days, rather than weeks or months. ThreatMetrix serves a rapidly growing customer base in the U.S. and around the world across a variety of industries including online retail, financial, social networks, and alternative payments. For more information, visit www.threatmetrix.com







Gemalto Introduces Globally Accepted Payment Card for U.S. Travelers

EMV based World Traveler card solves challenge of incompatible magnetic stripe cards when traveling abroad



AUSTIN, TX, Feb 11, 2010 - PIN Payments News Blog -  Gemalto, the world leader in digital security, today introduced the World Traveler program, which includes a globally accepted dual interface EMV payment microprocessor card and complete issuance service for U.S. banks and card issuers. With most countries around the world moving to EMV based payment for greater security, U.S. travelers are increasingly having trouble using magnetic stripe bankcards abroad, especially in offline applications like unattended ticketing/payment kiosks. Gemalto’s new World Traveler program allows any U.S. issuer to provide cards to their customers in under two months ensuring secure and hassle-free payments while traveling internationally and at home.



Gemalto’s World Traveler card program provides U.S. banks and card issuers with a complete end-to-end portfolio of service offerings including return on investment (ROI) and technical consulting to ensure a quick and easy introduction of this product to their top tier customers. The portfolio leverages Gemalto’s global footprint and expertise in payment products to provide full card design and production, personalization data preparation and personalization of EMV dynamic data authorization (DDA) contact and contactless dual interface cards ensuring global acceptance and forward compatibility for both online and offline payment transactions. To provide an optimal experience for cardholders, Gemalto also provides additional services in this offering like SMS based PIN reminder service and global emergency card replacement as part of the complete World Traveler program.



“Cardholders expect to be able to use their payment card anywhere in the world,” said Jack Jania, vice president and general manager Secure Transactions North America. “Gemalto’s World Travel card product and service portfolio allows U.S. card issuers to fulfill this expectation with globally accepted smart payment cards ensuring the ability to make secure payments anywhere their customers travel.”



EMV is a global standard for chip card payment managed by Visa, MasterCard, American Express and JCB. The Gemalto EMV based World Traveler card contains a microprocessor which provides global acceptance and a more secure payment technology in the same convenient form factor as other payment cards. Gemalto will provide banking cards containing its secure digital technology for EMV payments, as well as a magnetic stripe for paying in the United States. By providing encryption for the payment transaction, the World Traveler card ensures global acceptance for both online and offline transactions while significantly reducing the risk of payment card fraud and identity theft for cardholders.



For more information on payment challenges abroad:



* “For Americans, Plastic Buys Less Abroad,” http://www.nytimes.com/2009/10/04/travel/04pracchip.html?_r=3&hpw



** The Broken Promise of Pay Anywhere, Anytime: The Experience of the U.S. Cardholder

Abroad - September 2009 Aite Group online survey of 1,019 U.S. resident cardholders that traveled to countries outside of Canada, the Caribbean and Mexico between 2006 and 2009. The report can be found at http://www.aitegroup.com/reports/200910261.php.




For more info: http://www.gemalto.com/emv/index.html



About Gemalto



Gemalto (Euronext NL 0000400653 GTO) is the world leader in digital security with 2008 annual revenues of €1.68 billion, and 10,000 employees operating out of 75 offices, research and service centers in 40 countries.



Gemalto is at the heart of our evolving digital society. The freedom to communicate, travel, shop, bank, entertain, and work—anytime, anywhere—has become an integral part of what people want and expect, in ways that are convenient, enjoyable and secure.



Gemalto delivers on the growing demands of billions of people worldwide for mobile connectivity, identity and data protection, credit card safety, health and transportation services, e-government and national security. We do this by supplying to governments, wireless operators, banks and enterprises a wide range of secure personal devices, such as subscriber identification modules (SIM), Universal Integrated Circuit Card (UICC) in mobile phones, smart banking cards, smart card access badges, electronic passports, and USB tokens for online identity protection. To complete the solution we also provide software, systems and services to help our customers achieve their goals.



As the use of Gemalto's software and secure devices increases with the number of people interacting in the digital and wireless world, the company is poised to thrive over the coming years.



For more information please visit www.gemalto.com.



Invenstar's TouchSuite® POS Family Supports Visa's 'No Signature Required' Program

Easy, Complete TouchScreen POS/Management System With 2-Second Credit Card Ring-Ups



BOCA RATON, FL--(Marketwire - February 10, 2010) - Invenstar, LLC today introduced TouchSuite QuickRingup™ with support for Visa's 'No Signature Required' in its all-in-one touch screen retail computer POS systems. TouchSuite Salon is built for salons and TouchSuite Pro is for other small businesses. TouchSuite systems provide complete hardware and software with completely integrated credit card payment.



"This is great news for shop owners and consumers. TouchSuite QuickRingup makes ring-ups lightening fast and easier than ever," said Invenstar's Senior Marketing Specialist Damon Young.



Young continued, "Visa is expanding its QSR program (no signature required on domestic transactions of $25 and less) to most US industry categories this year, which is a boon to merchants at a critical time. TouchSuite has embraced the Visa program and its chargeback protection. We've reduced credit card ring-ups to just 2 seconds."



Kathy Waer, manager of Ink To Your Door, boasts, "I just love TouchSuite QuickRingup (no signature required). It's amazing how fast ring-ups are; our customers' time in line is much shorter. QuickRingup is built into TouchSuite, so there's nothing extra to do. It's a real convenience."



TouchSuite comes complete with hardware and TouchSuite point-of-sale software already installed and ready to use. TouchSuite features a simple touch screen, simple cash register, product scanning, gift cards, client/vendor management, comprehensive reporting, superior inventory tracking and receiving, and barcode labeling technology all built in. It also handles debit pinpad, advanced marketing via texts, email, promos, and much more -- all with A-rated customer support. For more information, visit TouchSuite.com.



About Invenstar, LLC



Invenstar is a developer of patent-pending small business products. The Company's focus is innovating financial technology solutions that simplify business management for small/medium businesses through easy-to-use features and advanced merchant services. Invenstar offers low-cost, high-value financial solutions to small/medium business retail markets with its TouchSuite® Point of Sale and QuickBancard™ credit card processing solutions. TouchSuite is credit card security validated as per PA-DSS (Payment Application Data Security Standard) for payment applications. For more information, visit www.invenstar.com. TouchSuite® is a registered trademark and QuickRingup™ and QuickBancard™ are trademarks of Invenstar, LLC. Other company, product, and service names mentioned herein may be trademarks or service marks of their respective owners.











Disqus for ePayment News