Thursday, November 20, 2008

Bank Temporarily Bans Signature Debit, Mandates PIN to Reduce Threat!

It's true!  Without even realizing what they're saying, a financial institution in Illinois, has "eliminated" pay at the pump privileges for their cardholders and has temporarily barred it's card holders from using signature debit, requiring them to use the safer and more secure PIN based technology

What the bank has essentially done is openly admitted that  even though they "push" signature debit, when "push" comes to "shove", even they PREFER PIN debit.  (only in protect themselves against further losses incurred by having their cardholders continue to use signature debit)

Interesting, to say the least, and maybe even part of the paradigm shift!  Wonder if the card users will continue to "earn rewards" since the bank is "forcing" them to use their PIN?


Financial institutions already suffering from our weak economy have another worry on their plates: fraud. A scam targeting banks and credit unions could drain our accounts in days, if we're not vigilant.

"To combat the problem, Illinois Community Credit Union eliminated pay at-the-pump privileges for card holders and temporarily barred signature debit card transactions. Customers have to use a PIN instead."

Editor's Note:  Consider that all debit transactions done on the Internet are classified as  Signature Debit "without the signature", so feel free to draw your own conclusions as to the risk factors involved.  If combating the problem includes banks temporarily "barring signature debit" transactions, (and "signature debit" is far less risky than the "card not present" debit model used for online shopping),  what conclusions can you make about  how the "bank feels" regarding inherent risks of accepting this payment methodology?  

The fact that the bank/credit union puts forth the mandate:  "Customers have to use a PIN instead" is a blatant admission by this particular financial institution that PIN Debit is more secure...which is a fact that we at HomeATM have been stating all along. 

The story continues...

A little lighter in the wallet," says Daniel Matuszewski. He had an unwelcome surprise while checking his account balance at Illinois Community Credit Union in Sycamore. He noticed a series of unfamiliar charges that added up quickly.

"It was quite a schock because I mean 900 dollars is quite a bit of money just to be missing," says Matuszewski.  He fell victim to a fraud scheme catching on across the Stateline and the country.

"They're moving from state to state and they're going to different financial institutions and if you're not doing your homework then you have the potential of really getting stung bad on this one," says Bob Schroeder, President of Illinois Community Credit Union.

Law enforcement agencies are working with Visa International to trace the fraud. They believe the suspects are mass-producing credit and debit cards, then testing them at pay-at-the-pump gas stations, until they find one that matches an existing account.

But Schroeder says the most important tool is to constantly monitor transactions to check for suspicious activity. Illinois Community caught the trend early enough that just 30 of 5,000 card holders were impacted.  The credit union is repaying customers for all fraudulent charges, adding up to a $30,000 loss for the company.  Schroeder feels lucky it wasn't worse:

"With earnings of financial institutions down it's gonna cause some problems." Investigators also believe the individuals committing the fraud may be people laid off from the financial sector, who know how the system works and no longer have a paycheck.

He adds Illinois Community Credit Union is working with law enforcement to find the people behind the scheme. He says security cameras recently caught some suspects on tape in a Chicago suburb and he hopes for resolution soon.

Reblog this post [with Zemanta]

Sexiest or Best Looking..What's More Attractive?

Editor's Note:  This article from CPIFinancial, provides some good insight as to why a software based solution for online payments is not a good idea. 

It repeatedly hits the nail on the head enough times to drive home the importance of consumers "taking matters into their own hands" when it comes to protecting their card data, especially debit. 
Of course, one way is to swipe their own card in the privacy of their own home... instead of having it swiped by would be cyber-criminals.

I have emboldened parts of the article in an effort to embolden you with the knowledge that, plain and simple, HomeATM's personal swiping device (albeit, maybe not the sexiest) is the best looking approach when it comes to protecting consumers and their card data.

A "peripheraless" approach may be more attractive to retailers or EFT networks, but, unfortunately, it also is more attractive to fraudsters... (in fact,  it will attract them like flies.

As the article states, the biggest weakness is the PC, and if that is compromised, it doesn't matter what ANYBODY does...end of story.  Actually here's the beginning...

By: Mike Gallagher

Martin Dolan is CR2’s Chief Executive Officer. Dolan has over 20 years of experience in the banking software industry. During his three years as Director of Global Services at Kindle, he significantly expanded the Professional Services organization. In 1995, he became Director of Corporate Accounts where he was responsible fordeveloping business with existing large corporate clients.

There was a big scandal recently when it turned out that a lot of ATM cards and machines had their security compromised. Given that we are in an emerging market; it wasn’t entirely unexpected, was it?

Card fraud is highly lucrative, but what everybody forgets is that banks focus on fraud part time, but criminals focus on fraud full time. Criminals go after cards because it gives instant access to cash.

So where is the weakness in the banks?

The weakness is not in the banks. If you look at the internet banking side of it, the biggest weakness is your PC. If the PC is compromised, it doesn’t matter what the banks do to a large extent.

(Editor's Note:  Which is why I have, since day one, stated that a software based solution to PIN debit is NO SOLUTION, it is a marketing ploy, plain and simple.  It's giving people what they want, not what they need to solve the fact that online transactions are not secure and fraud will continue to grow.  Fraudsters ability to be constantly "swiping" consumers card data is solved by consumers "Swiping their own card" into their own personal secure SwipePIN device.

When we come to cards it is a different issue. If you look at the statistics you will learn a lot. The fraud rate on cards is around less than one per cent. It is 4.7 cents per $100. The macro economics for banks is that fraud doesn’t matter because they are hit by less than one per cent and their transaction fee and share of their revenue is phenomenal. Debit card revenue is worth around $9 billion a year. Fraud is a much smaller fraction of that.

Why is that important?

It is important because you can get some sense of it when you look at the economics. There are two types of debit cards. One is where you put in a card and add your PIN and the PIN is verified; and the other is where you simply sign a receipt. The key factor when you sign is that they normally don’t check online to make sure that you have the money in your account.

Fraud on a signature-based card is thought to be two-and-a-half-times that of PIN-based debit cards.

Yet, if you look at the revenue side for the bank, the profits that you get for a signature-based transaction for a bank is much higher than the revenue it gets from a PIN-based one. If you look at the reward schemes and incentives for the banks, then the banks are actually being given an incentive to get you to use signature-based cards over PIN-based cards because they make more money.

But the fraud is higher.

Exactly, there is an imbalance in the system. What the banks don’t seem to realize
(Editor's Note: oh they realize it)  is that while they are exposed to less than one per cent of fraud, the customer is exposed to 100 per cent.

If I have a fraudulent transaction on my debit card as opposed to my credit card, it is interesting to look at the difference. They clean out my debit card account - 100 per cent of my wealth could be taken through a debt card fraud. In this part of the world that is grievous. If I wrote a check for my rent and it bounced, I could end up in prison. The banks will inevitably take so long trying to sort it out and figure out whose fault it was, that you can imagine the rest.

It is different on a credit card because the credit card company pays up the money. They will send me the bill and I will look at it and say “I didn’t do those transactions” and I will send the bill back to them.

"So credit card fraud is much less important to customers than debit card fraud. Debit card fraud is crucial to customers." Editor's Note:  (and why they should be swiping their card data themselves instead of providing their personal account numbers to anyone lurking around waiting to "swipe" them.)

Most people eventually have their problems settled, although it could take anywhere between six weeks to six months. Try to think of all the stress and strain that you will go through over that period.

So there is a liability shift?

Absolutely. The bank reckoned that the liability shift, the cost of fraud by not checking the PIN, was a good equation for themThe whole issue is that fraud is based on economics and some of the economics are skewed.

Banks are being given an incentive by the fee system to get customers to use a less secure mechanism on cards.

The fee structure on a PIN-based card is less advantageous to the bank. There is another side to signature-based cards, and if you look at the US it is called NSF revenues. That means Non Sufficient Funds from revenues. If you swipe your card, you pay. The bank gets the transaction fee and when it comes in, your account goes into overdraft and they absolutely fleece you for fees, so they get more revenue.  That means the signature-based method can have even more financially edged advantages than just the interchange-based method.

So what happens to all this money? Where does it go?

There is thought to be something like $6 billion in fraud annually through cards and it ends up funding fraudsters and terrorists. No one is looking at the equation...

(continue reading, will open in a new window

Reblog this post [with Zemanta]

Online Sales Grow 5.7% Reports Commerce Department

To further the notion that we are in the midst of a paradigm shift when it comes to consumer's shopping habits, web sales gained even more ground on slumping bricks and mortar sales. 

Q3 online sales grow at 5.7%, reports the Commerce Department

Online retail sales in the third quarter grew 5.7% on an adjusted basis over the third quarter of 2007, reaching $34.4 billion, the Census Bureau of the U.S. Department of Commerce announced today.

By contrast, total retail sales in the third quarter increased 0.3% to $102 billion. The total retail sales numbers, however, are skewed by the high cost of gasoline and food.

Sales in those categories were up 17.8% and 5.1%, respectively, in the quarter over the year-earlier quarter.

Gasoline and food and beverage sales represent about 30% of retail sales, (so
if you throw out the two entities that are not normally purchased online, and adjust $102b by 30% the figure becomes $71.4 billion for bricks vs. eCommerce numbers of $34.4 billion ).

The Commerce Department’s report of e-commerce sales growth is supported by Internet usage measurement company comScore Inc., which reported last week that Q3 sales were up 6%.

For additional information about Census Bureau e-business measurement programs and plans visit  Here's a snippet... 
The Census Bureau of the Department of Commerce announced today that the estimate of U.S. retail e-commerce sales for the third quarter of 2008, adjusted for seasonal variation, but not for price changes, was $34.4 billion, an increase of 0.3 percent (±1.3%)* from the second quarter of 2008. Total retail sales for the third quarter of 2008 were estimated at $1,018.8 billion, a decrease of 1.4 percent (±0.2%) from the second quarter of 2008. The third quarter 2008 e-commerce estimate increased 5.7 percent (±1.5%) from the third quarter of 2007 while total retail sales increased 0.3 percent (±0.5%) in the same period. E-commerce sales in the third quarter of 2008 accounted for 3.4 percent of total sales. 

On a not adjusted basis, the estimate of U.S. retail e-commerce sales for the third quarter of 2008 totaled $31.6 billion, a decrease of 2.8 percent (±1.3%) from the second quarter of 2008. The third quarter 2008 e-commerce estimate increased 4.6 percent (±1.5%) from the third quarter of 2007 while total retail sales increased 0.9 (±0.5%) in the same period. E-commerce sales in the third quarter of 2008 accounted for 3.1 percent of total sales.

FYI: The Quarterly Retail E-Commerce sales estimate for the fourth quarter of 2008 is scheduled for release on February 17, 2009 at 10:00 A.M. EST.

In related news, the web gave Nordstrom Inc. it's only good news in an otherwise bleak third quarter.

For third quarter ended Nov. 1, Nordstrom GREW web sales by 8.5% to $163.8 million from $151 million in the prior year. Comparable store sales declined 11.1%.

Overall total sales
dropped by 8.4% as Nordstrom, posted net earnings of $71 million on sales of $1.80 billion, compared with net earnings of $166 million on total revenue of $1.97 billion in Q3 of 2007. For the first three quarters of the year, Nordstrom grew web sales by about 10.1%


Reblog this post [with Zemanta]

Disqus for ePayment News