Wednesday, November 19, 2008

65% of Irish Websites Put Cardholder Data at Risk

65pc of Irish websites put consumers at risk

According to an analysis from Enterprise Risk Services at Deloitte, some 65pc of Irish websites put consumers at risk of fraud.

Consumers have been warned about identity theft and fraud today in the run-up to Christmas after a study found that online payment security is not fully enforced on 65 per cent of Irish websites.
According to a study done by Deloitte Enterprise Risk Services, which analysed over 100 Irish based e-commerce websites, "a significant proportion of websites" are not compliant with the payment card industry security standards.

Deloitte examined over 100 Irish e-commerce sites and checked for the kind of security measures in place to ensure safe online transactions for the shopper and found that "a significant proportion of websites" are not compliant with payment card industry security standards.

The good news, Deloitte said, is that the situation with regard to compliance with the Payment Card Industry Data Security Standards (PCI DSS) has improved since its last analysis.

A breakdown of figures showed that 100-plus companies had weak encryption for online transactions, meaning that customers entrusting their MasterCard or Visa across these sites were putting their card and personal data at risk of fraud or identity theft.

Moreover, 53 per cent of companies supported weak or legacy encryption, with 2 per cent of sites not encrypting cardholder data entry sessions at all. This means that the information that visitors to the site submit such as name, address and credit card details can potentially be compromised and accessed by fraudsters.

There were no details from the report with a breakdown of how the payments were managed, ie whether the online merchant was privy to those details, or whether they were passed on to a trusted third-party payments processor such as Realex or PayPal, both of which would automatically have extremely secure methods of encryption and data protection.

Most sites will ask you to verify your credit-card details with the three-digit CVV2 code on the back of your credit card, which is another protection against fraud, but the Deloitte analysis found that 7pc of Irish e-commerce sites did have this.

A further 3 percent had expired SSL certificates, which are certificates displayed to ensure that the site you are dealing with is actually that site – another method of protection against phishing attempts whereby a fraudster could put a false web front in place in order to steal your details.

“The results of the survey show that many websites do not have adequate levels of security for processing online transactions, which many consumers carry out on a very regular basis,” said Colm McDonnell, partner, Enterprise Risk Services, Deloitte.

“Identity theft and credit-card fraud is a growing problem here in Ireland, and inadequate levels of security must be addressed by merchants as a matter of priority.”

By Marie Boran

Reblog this post [with Zemanta]

When Gift Cards Short Circuit - Part Two

Last week I talked about the Circuit City Bankruptcy and how it may affect the redemption of their gift cards. "Short Circuit in Gift Cards"? 

Here's some very good information from on how gift cards from retailers who file for bankruptcy protection are affected...
"Gift cards can become worthless when their issuers fail. Yet many people don't realize that gift card funds aren't guaranteed. A recent survey from Archstone Consulting found that 70 percent of respondents did not recognize that bankrupt retailers not honoring gift cards is a problem.

When made aware of the issue, "they still weren't that concerned," says Mike Unger, principal at Archstone Consulting.

The finding, he says, upsets him. "Frankly, given what's going on right now in this environment and with retailers struggling, I personally would not buy a gift card from a company that I thought might see bankruptcy days ahead of it because you don't need a bankruptcy judge telling you they're not going to honor your gift card," he says.

Here's what can happen if your gift card issuer goes under.

Retailer-issued cards

When a retailer files for bankruptcy -- either Chapter 11 for reorganization or Chapter 7 for liquidation -- its gift cards may or may not prove worthless.

First of all, it's not a given that the card will become unredeemable (sic)  when the merchant files for Chapter 11. "It's up to the retailer. They ask permission to the court whether or not they may continue to accept the gift cards," says Michelle Jun, staff attorney for Consumers Union, the publisher of Consumer Reports.

For example, when Sharper Image filed for Chapter 11 bankruptcy protection in February 2008, it first told the court it would no longer honor its own gift cards. Later on, the company asked if it could accept them in cases where cardholders spent at least twice the value of the card in one transaction.  "The problem is that consumers are unaware of the status of whether or not their gift cards will continue to be accepted," says Jun.

If the retailer cannot accept gift cards or files for Chapter 7, your only hope of getting any money out of the card is to file as an unsecured creditor in the bankruptcy proceeding. Contact the retailers customer service department for instructions on how to file.

Gift cardholders don't get paid first when assets are distributed in bankruptcy. Secured creditors collect first, administrative costs come out and then "whatever's left is left for this pro-rata distribution to the holders of unsecured claims," says Sarah Jane Hughes, a university scholar and fellow in commercial law at the Indiana University School of Law.

A "pro-rata" distribution is a percentage arrived at by dividing the assets available for distribution to unsecured creditors by the amount owed to them. The unsecured creditor would get that fraction times the amount of his or her claim. "So that if you had a $1,000 gift card and the pro-rata percentage was 5 percent, at the end when they distributed assets, you'd get $50."

Bank-issued cards

The rules are different for bank-issued prepaid debit cards, or "open-loop" cards with an American Express, Discover, MasterCard or Visa logo. When the issuing bank fails, whether or not the gift card is covered by deposit insurance makes all the difference.

Bank-issued gift cards can have third-party distributors -- retail stores that have gift card kiosks, such as drugstores -- which makes deposit insurance coverage less than straightforward. "Depending on how the account is structured, we might recognize the retail store as the insured depositor or we might recognize the various cardholders as the depositors," says Christopher Hencke, staff attorney at the Federal Deposit Insurance Corp.

The store would only receive coverage for up to $250,000, but if the cardholders were insured, they would each be covered for up to $250,000, in combination with any other accounts they had at that financial institution.

Check the gift card agreement to see if it states whether the card has deposit insurance. Hencke says if it offers no explanation, "and you haven't been asked to send a form to a bank explaining who you are and your identity, you can pretty much assume you're not going to be insured by the FDIC -- you personally." The FDIC must have records of who the cardholders are and how much they are owed."

Reblog this post [with Zemanta]

Mobile Handsets NFC Enabled by 2010?

GSMA calls for NFC as standard feature on mobile handsets

The GSMA - an international trade group of mobile operators - is calling for full near field communication (NFC) functionality to be built into handsets from mid-2009, in a bid to drive the uptake of contactless payments.

To drive development, the Association says it is backing the European Telecommunications Standards Institute's 'Single Wire Protocol' to standardize the interface between SIM cards and embedded NFC chips within handsets.

Rob Conway, CEO, GSMA, says: "We are committed to ensuring that mobile payment services are delivered as efficiently and cost effectively as possible. But this will require device manufacturers to make sure that the vast majority of commercially available handsets incorporate the Single Wire Protocol and Near Field Communications features as standard."

The GSMA's Pay-Buy-Mobile initiative has already seen trials get underway across eight countries - including Australia, Korea and the US - involving nine mobile operators, with further pilots planned in another 14 countries by 15 operators.

The Association says the positive results of several recent mobile payments trials demonstrate growing consumer demand.

An m-payments pilot launched by a consortium of French banks, telcos and technology vendors last year recently reported customer satisfaction rates of above 90%.

In London a similar trial that allowed people to use their mobile phones to pay for tube journeys and make small value purchases was also hailed as a success, with nine out of ten participants happy using NFC technology on a handset and 78% interested in using contactless services if available.

Mung-Ki Woo, VP, payment and contactless, Orange, says the operator has now run successful trials in France, Spain and the UK.  "For Orange, mass deployment is now mainly dependent on handset manufacturers providing a large range of adequate handsets," says Woo.

Reblog this post [with Zemanta]

Pulse Site Redesigned and Debit Re-Defined

PULSE, a Discover Financial Services company and operator of the PULSE(R) ATM/debit network, has launched a redesigned Web site at a new Web address,

Upon entering the site, users will encounter a fresh new look. The sleek design includes enhanced graphics, reduced click-throughs and interactive tools. The PULSE home page features Spotlight and PULSE News sections for dynamic content, as well as Quick Links, which makes frequently viewed items readily available with one click. These new elements streamline access to areas of significant interest.

Along with the new Web address, PULSE e-mail addresses are changing to reflect the new domain name. For more information, visit

In other news from Pulse, they also announced their Debit ReDefined 2009 Conference, to be held May 6th, 7th and 8th in Austin. 

This, from their new website:

"Debit is the most frequently used and fastest growing form of electronic payment among consumers, and its impact on the financial services industry has never been greater. Given debit's importance, the industry must continually redefine debit to keep it at the forefront of payments.

The 2009 PULSE Conference will help recharge your debit card program by focusing on trends, technologies and best-in-class issuing strategies shaping the future of debit. And, that is just the beginning. DebitRedefined will also feature sessions on emerging debit products, enhancing customer relationships, preventing fraud and marketing to Generation Y. Don't miss this unique opportunity to redefine y our debit future. Additional information about speakers and activities coming soon."

When: May 6-8, 2009
Where:Hilton Austin Hotel
PULSE is one of the nation's leading ATM/debit networks, currently serving more than 4,500 banks, credit unions and savings institutions across the country. PULSE is owned by Discover Financial Services. The network links cardholders with more than 265,000 ATMs, as well as POS terminals at retail locations nationwide. The company is also a valued resource for industry research related to electronic payments and is committed to providing its participants with education on evolving products, services and trends in the payments industry. For more information, visit

Reblog this post [with Zemanta]

Disqus for ePayment News