Friday, October 24, 2008

55% of UK Consumers Have Made an Online Purchase

UK E-Commerce Update - eMarketer
One-half of UK Internet users ages 16 and older surveyed by the Institute of Practitioners in Advertising (IPA) said they went online to buy goods or services in 2007.

By 2008, an even greater proportion (55%) of UK adults had bought something on the Web, said the Office for National Statistics (ONS), and 81% of those had made their purchases during the previous three months. For both men and women, rates of recent purchase had risen since 2006.

Timeframe of Last Online Purchase According to UK Adult* Online Buyers, by Gender, 2008 (% of respondents in each group)

BT and Ipsos MORI, in their “21st Century Life Index Report,” found that the percentage of respondents saying they “regularly” shop online had risen from 2% in 1998 to 41% 10 years later. Over one-half (56%) said they had bought something on the Web in the previous three months, and 26% had bought or sold at an auction site such as eBay during that period.

Although the number of buyers and the range of goods bought online were both up, the ONS found little evidence that the average spend per buyer had leapt ahead. Across the board, respondents seemed to be spending the same amounts online in 2008 as in 2006 and 2007.
Reblog this post [with Zemanta]

Is Verified by Visa also Verified by Hackers?

Editor's Note: The more I learn about securing a transaction on the web, the more I realize how unsafe many transactions actually are. Here's an interesting article in the Register regarding Visa's supposedly more program designed to fool cardholders into thinking their transactions are more secure. They call it "Verified by Visa" but first it has to verified by consumers, which means it can be then verified by Hackers.

"VbyV login credentials
make it easier for crooks to make purchases online while simultaneously making it harder for consumers to deny responsibility for a fraudulent transaction".

Since card information is can be bought online for as low as $2.50, "Stolen Card Info Plunges to $2.50 in Black Market" and obtaining a DOB is so easy a caveman could do it, it's looking like VbV is more of a marketing ploy than of any real value when it comes to protecting the security of an online transaction. What I found even more interesting was Visa's declination to comment about the story which the Register tells us at the end of this article:

VbyV password reset is childishly simple • The Register

Both VbyV and SecureCode are based on 3DSecure, a name that hints at the introduction of some kind of three-factor authentication scheme. But unlike robust authentication techniques, hackers don't have a hardware token generating one-time passwords to worry about - it's just more of the same.

And since card details + CVV number is no longer considered as secure enough then it's hard to see how card details + CVV number + VbyV login is any more robust.

Much was made of how easy it was for a hacker to reset Sarah Palin's webmail account password and gain illicit access to emails, but resetting passwords for Verified by Visa - which supposedly makes online transactions more secure is arguably even easier. To reset Palin's email account a hacker needed to know the Republican VP candidate's birth date, her zip code and the answer to a secret question on where she met her husband. Resetting a Verified by Visa password, by contrast, requires only card details (got $2.50?) and a date of birth.

Register commenter Anthony explains. Barclays Verified by Visa (VbV) allows anyone who has the credit card in their hands to set a new password for VbV with just the card details and the card owner's date of birth. Since the latter is trivial to discover for most people, this adds almost no additional security to the process.

Register reader Jusme reports the same issue. Verified by Visa is one of the reasons I no longer use Barclaycard. Pretty much every time I had to use it the password was not recognised and I had to "reset it", which just meant entering my DOB and a new password, hardly very secure.

Online shoppers who buy goods and service with participating retailers are asked to submit a VbyV or SecureCode password to authorise transactions. These additional checks are typically submitted via a website affiliated to a card-issuing bank but with no obvious connection to a user's bank.

Punters aren't informed up front that a merchant has signed up to Verified by Visa. Sites used to authenticate a VbyV or SecureCode password routinely deliver a dialogue box using a pop-up window or inline frame, making it difficult to detect whether or not a site is genuine.

The appearance of phishing attacks hunting for Verified by Visa passwords are among the reasons some punters are wary of the technology. Once obtained by fraudsters, either by direct phishing attack or through other more subtle forms of social engineering trickery,

An anonymous commenter to our original stories agrees:
Verified by Visa and Mastercard SecureCode are there purely to protect the banks, not the card holder. They offer zero additional protection to the consumer, but allow the bank to claim that transactions using purloined credit card credentials were really made by the card holder. It is as simple as that.
The issue has been noted, and commented on in the blogosphere as far back as June, but has received little attention in the mainstream media, despite the obvious security implications.

Visa and MasterCard ought to be able to defend the password reseting regime they have established, but neither organisation responded to our request for comment at the time of going to press.®

Reblog this post [with Zemanta]

400 Million Mobile Ticketing Users by 2013?

Juniper forecasts over 400 million mobile ticketing users by 2013

Hampshire, UK, Oct. 21, 2008 -- New research has forecast that over 400 million mobile subscribers worldwide will use their mobile phones for ticketing by 2013. However, the study concluded that trials and pilots are not being implemented into full mobile ticketing services as quickly as expected for several reasons including bar code reading issues, lack of reader infrastructure and availability of NFC (Near Field Communications) handsets.

The Juniper Research report found that the leading sector will be transport, followed by entertainment and then sporting events. The Far East and China region is leading the market, driven by adoption in Japan particularly amongst rail travellers. In addition airlines are beginning to offer mobile ticket purchasing. Outside the transport segment, the report identified a number of ground-breaking trials and services, such as by cinema chains in India which buys 37% of all movie tickets sold worldwide. In addition a number of football and baseball teams are beginning to offer mobile options for ticket purchase and delivery; however, many venues still require a printed ticket to gain entry.

Juniper report author Howard Wilcox pointed out: “Mobile ticketing offers exciting new opportunities for ticket issuers to achieve increased sales including targeted last-minute sales campaigns. For example, tickets for the sporting event or movie happening ‘tomorrow’ or ‘tonight’ could be marketed directly to known fans.”

However, Wilcox warned that whilst NFC mobile user trial results such as O2 in London and BART in San Francisco have been encouraging, market traction will be determined by the availability of NFC phones and the speed of installation of NFC readers.

Juniper Research determines the current status and prospects of mobile ticketing with analysis and interviews with some of the leading organisations in the growing mobile ticketing market.

Key findings from the report include:
  • Total gross mobile ticketing transaction value will reach $92 billion by 2013.
  • The Far East & China region, together with Western Europe and North America will represent in excess of 80% of this global gross transaction value by 2013.
  • Mobile ticketing must “make life easier” for users. In this respect, NFC, with its convenience, is a crucial development.
  • NFC will reach its tipping point over the 2011 to 2013 period.

White papers and further details of the study 'Mobile Ticketing: Transport, Sport, Entertainment & Events 2008-2013' can be freely downloaded from http://www.juniperresearch.com/ . Alternatively please contact John Levett at john.levett@juniperresearch.com, telephone +44(0)1256 830002.

Juniper Research provides research and analytical services to the global hi-tech communications sector, providing consultancy, analyst reports and industry commentary.

Source: Company press release.

For more news and information about opportunities in the prepaid sphere, visit www.sellingprepaid.com
Reblog this post [with Zemanta]

Online Banking Holdups

The Holdup at Online Banks - WSJ.com
At a time of uncertainty in nearly every market, I'm a big fan of online savings accounts, many of which are paying 3% to 4% interest right now. But they have a frustrating quirk: Transferring money between a savings account at one bank and a checking account at another easily takes two days -- and sometimes as many as four.

This delay has become more apparent and more irritating during the continuing financial crisis, as consumers seek two basics: safety and yield. (Yields on these savings accounts have tended to be higher than those on money-market accounts.)
[ING Direct] PA Photos/Landov

Online accounts, like all bank accounts, are protected by the Federal Deposit Insurance Corp. up to $250,000 per account holder. Offerings from HSBC Holdings PLC's HSBC Direct, Emigrant Bank's EmigrantDirect and First National of Nebraska Inc.'s FNBO Direct typically have low minimum-balance requirements. They can be good places for holding your cash reserves or earning interest on money set aside for tax payments or tuition, especially since interest-bearing checking accounts and traditional bank savings accounts typically pay well below 1% interest.

But in a remarkably interconnected, instantaneous world, where a debit-card purchase shows up in our bank accounts right away, it's equally remarkable that online transfers can be so slow.

Here's the hitch: Funds transferred between two different banks or a bank and a brokerage firm aren't really sent "online" in the way we have come to expect. Instead, these large transfers move in steps. Banks have slowed down the process further to reduce the chance of fraud, even though such fraud is fairly rare. (Years ago, Congress forced banks to speed up the clearing of checks and the availability of deposits, but it hasn't addressed electronic payments.)

You may have seen this when you tried to move money to or from a brokerage account. I ran into it most recently when I went to my ING Direct savings account first thing on a Monday morning to transfer money for a new car to my Bank of America checking account. While it showed up as "pending" on Wednesday, it wasn't mine to spend until Thursday.

What happens during that time? ING sends transactions in batches during the day to an automated clearinghouse, which sorts them and moves them to the receiving bank in a matter of two to four hours, according to Arkadi Kuhlmann, chief executive officer of ING Direct USA, a unit of ING Groep NV, and Elliott C. McEntee, chief executive of Nacha, the Electronic Payments Association, a not-for-profit group that oversees the automated clearinghouses.

In many cases, the receiving bank gets the transfer the same day. Under rules established by Nacha, money that moves on Monday should be available by the end of Tuesday. If the transfer slips to early Tuesday morning, the money should be available first thing Wednesday morning.
[chart]

But the money isn't always available that quickly. Bank of America Corp. says such transfers typically take two to three days. EmigrantDirect says on its Web site that transfers take two to four days, while HSBC Direct says customers should expect transfers to take up to three days. The industry calls this a "three-day good funds model," says David Goeden, an HSBC executive vice president in personal financial services. That is, the bank wants to make sure our funds are good before it lets us have them.

The slowdown for deposits is even worse. I sign in to ING Direct to transfer funds for free to and from my Bank of America checking account. That's because Bank of America charges me $3 to transfer to another bank, which it says is typical in the industry. Because ING doesn't know if the transfer is good until the money is there, it holds deposits for five business days -- a whole week in civilian time -- before making them available, though they will start to earn interest sooner.

The banks say they want to avoid fraud, such as transfers from bad accounts, or when someone else gets hold of your online sign-on name and password and tries to move your money somewhere else. According to numbers compiled by the American Bankers Association, about $969 million was lost to fraud in 2006, the most recent year available, out of about $41.7 trillion in checking-related transactions, a number kept very low in part because of aggressive risk-management practices. But even when attempted fraud is factored in, more than 99.9% of checking transactions are good.

Here's what you can do if you want to transfer money between institutions:

  • Plan ahead and send transfers early in the day to have a better chance of a faster transaction.
  • Ironically, you can move your money faster with an old-fashioned paper check. See if your money-market account offers check-writing privileges, or open a small checking account at the same bank as your online account. Transfers within the same bank usually happen the same day.
  • If the transactions take longer than two business days, complain to the bank where the transfer originated. Nacha doesn't regulate how long a bank can hold onto a deposit "pulled" from another bank to be sure the funds are there. But it does have rules, and can assess fines, if funds "pushed" from another bank aren't credited quickly.
  • Hang on. Europe already has a much faster system, and systems to speed up the process here are under development, though they won't be ready for at least a couple of years.
Reblog this post [with Zemanta]

Disqus for ePayment News