Wednesday, December 24, 2008

PC's Are Insecure...So Are You?

PC's are insecure and hackers constantly exploit flaws in their security.  This article provides some insight as to why software based solutions designed to run on a PC are sitting ducks for potential hackers... which, once again, is why HomeATM has taken a personal swiping device approach to bringing PIN debit to the web.  It's how they've done it in the stores, and it's how it should be done online.  Keep in mind that the Internet was not designed for eCommerce, it was originally designed as the "information highway." 

With our approach, the transaction is done "outside" the browser space, therefore "man-in-the-browser" attacks are nullified, as are keylogging, screen capturing and a symposium of  other hacking methods designed to drain  data from your PC.

Someone's eventually going to be swipin' your credit/debit card data...shouldn't you be the one doing the SwipePIN?  Any doubts?  See how easy it is..."to hack a PC"  

This, from the Wired Blog Network:

SecuniaImage via WikipediaHardly anyone runs a PC without known holes that hackers can exploit, a Danish security company reports. Of those who run the company's free security-scanning tool, nearly half have more than 11 out-of-date programs.

Secunia Software's Personal Software Inspector checks programs installed on a user's computer to see if the latest, patched version is installed. More than 98 percent of users had at least one program that wasn't the latest version, the company found in a study of 20,000 users of its software.

The sobering statistics are not surprising, but they come as malware makers turn from simply exploiting easy holes in Windows.

In addition, hackers have been finding vulnerabilities in browsers, media players and file-reading software as a way into other people's computers.

While it may not seem likely that a hacker would rig a website to exploit a patched hole in a lesser-known media player like VLC, hacking tools make it increasingly easy for an infected webpage to check for many vulnerabilities in a person's computer.

Number of insecure programs per PC/user:
0 insecure programs: 1.91% of PCs
1-5 insecure programs: 30.27% of PCs
6-10 insecure programs: 25.07% of PCs
11+ insecure programs: 45.76% of PCs

Secunia's Mikkel Winther says the study shows that its just as important to keep programs up to date, as it is to have a good firewall and anti-virus programs. He also says the real numbers in the general populace are likely worse, because their sample is of people who have looked for security software.

"The results are shocking and prove as well as emphasize the need for a patching solution for private users," Winther said. Keeping up with software updates can be quite tedious and annoying, even as software makers like Microsoft and Mozilla have built better update tools. Those who don't care to download Secunia's software can try it's online scanner, though it only checks version numbers on a hundred or so programs.

Secunia does not sell security software to individuals, but does market a networked version of this scanner to companies.

Reblog this post [with Zemanta]

B2C E-Commerce in Canada - 2007-2012

In the previous post I featured eMarketer's report on e-Commerce projections in the UK through's their projections for Canadian eCommerce...

Canadians Are Warming Up to Online Shopping

In 2007, Canadian retailers sold C$13.8 billion ($12.9 billion) of consumer products and travel bookings online. But by 2012 eMarketer projects that Canadian business-to-consumer (B2C) e-commerce sales will reach C$22.8 billion ($22.2 billion).

That means that between 2007 and 2012, Canadian B2C e-commerce sales will show a compound annual growth rate (CAGR) of 10.6%. Not bad numbers in a tough economy.

But the numbers could be better.

“Until Canadian consumers show a larger appetite for buying big-ticket physical goods online, such as home furnishings and consumer electronics, the Canadian e-commerce market will remain small compared with other G-7 countries,” says Jeffrey Grau, eMarketer senior analyst and author of the new report, Canada B2C E-Commerce.

Consumers in Canada are avid online product researchers, on par with their US counterparts. But they are much more likely to make a subsequent purchase in-store rather than on a Website.

“The fact that Canadian Web retailers are required to charge sales tax is certainly a disincentive to online buying,” says Mr. Grau.

Because of the tax structure, Canadian shoppers have never seen much of a price advantage to buying online. This is one reason why Canadian e-commerce has grown at a more gradual pace compared with the explosive growth that occurred in the US.

“The upside of this is that the Canadian market is enjoying a longer period of solid growth,” says Mr. Grau, “albeit on a much smaller scale.”

Another factor that has depressed the growth of B2C e-commerce in Canada is the lack of product selection online. In fact, many prominent Canadian retailers have not found the ROI compelling enough to run an online sales channel.

“While Canada has about one-tenth the population of the US, the cost of running a transactional Website is about the same,” says Mr. Grau. “This creates a challenge for small to medium-sized retailers with fewer financial resources.”

Nevertheless, Canadian retailers are in a better position than foreign merchants to understand the needs and interests of local consumers. And like consumers across the world, those in Canada prefer to shop with indigenous retailers.

Reblog this post [with Zemanta]

B2C E-Commerce in UK, 2007-2012

According to eMarketer, Business 2 Consumer E-Commerce in the UK will continue it's strong growth pattern.  The tough economic climate will not affect e-commerce as much as it will bricks and mortar retail.  Here's their analysis:

UK e-commerce revenues will remain strong in 2009, as Internet stores continue to weather the recessionary storm better than their brick-and-mortar counterparts. In September 2008, eMarketer forecast that UK business-to-consumer (B2C) online sales in 2009 would be worth £68.4 billion ($127.9 billion), and we have seen no reason to alter that forecast.

B2C E-Commerce: UK, 2007-2012

Major online retailers that upgrade to offer true multichannel shopping and delivery/return options, as well as value for money, will gain market share while a number of second-rank e-shops stagnate or go out of business. But market leaders will spend more than in 2008 to ensure they attract and keep consumers’ attention.

Most online retailers will continue to court shoppers with money-off promotions and discounted delivery charges, and at least one supermarket chain will experiment with large-scale e-mail distribution of promotional coupons for grocery products bought in-store.

Mobile marketing will take significant steps next year—albeit from a small base—as more UK advertisers, heartened by the growing number of high-specification (3G) mobile users, move to exploit this always-on medium. Data from the Office for National Statistics suggested that 19% of adults ages 16 and older accessed the Web via their mobile phone in the three months prior to polling in early 2008—and this was before the highly successful UK launch of the 3G iPhone in July.

The 2009 mobile growth spurt will take two main forms: increasingly sophisticated usage of SMS, short codes and bar codes in direct-response campaigns, and microsites designed for mobile users. November 2008 research by mobile marketing agency Sponge found that 40% of UK e-retailers polled already had a transactional Website that was mobile-friendly. Another 50% said they planned to create such a site in the next 12 months. Moreover, one in five online retailers reported having used mobile microsites to drive promotions during 2008.

Reblog this post [with Zemanta]

Mother of All Hacks Coming?

There is a disturbing development brewing in the payments world.   It's bad enough when a retailer's computer  security is breached but now we've got us a completely different ballgame.  When hackers penetrate the computer systems of major acquirers and processors, well to use a famous quote, "We've got a problem Houston." 

This could turn out to be a "Royal pain in the ***" for Visa and Mastercard themselves because acquirers like Royal Bank of Scotland link directly into their networks. 

On the surface, this appears to be "one small step for hackers but it's "one giant step" for hack-kind."  
According to reports I've read this morning,  according to Gartner Research analyst Avivah Litan, this could be the beginnings of the mother of all hack attacks...

“It’s very bad news,” says distinguished analyst Avivah Litan. Unlike retailers’ computer systems, processors’ systems connect directly to the networks of Visa Inc. and MasterCard Inc. “An attacker that breaks into a processor conceivably can get into the heart of the system,” and attacks on acquirers and processors are increasing."

Here's the press release:

RBS WorldPay Announces Compromise of Data Security and Outlines Steps to Mitigate Risk

ATLANTA, Ga. – December 23, 2008 – RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer system had been improperly accessed by an unauthorized party.  RBS WorldPay has urgently taken a number of important steps to mitigate risk in response to this situation.

The issue, which affected pre-paid cardholders and other individuals, was identified on November 10 and law enforcement agencies and federal regulators were notified by RBS WorldPay shortly thereafter. RBS WorldPay’s internal security professionals and outside experts are working with federal and state law enforcement authorities in an investigation of this event.  The affected pre-paid cards include payroll cards and open-loop gift cards. Personal information associated with certain payroll cards may have been improperly accessed. PINs for all PIN-enabled cards have been or are being reset.

Affected individuals are being notified and information has been posted on the RBS WorldPay Web site,
The fraud that has been identified to-date is associated with RBS WorldPay’s computer system supporting its U.S. pre-paid and open-loop gift card issuing business. Actual fraud has been committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed.

RBS WorldPay is offering impacted individuals whose Social Security numbers may have been affected a complimentary one-year membership in a national subscription credit monitoring service that provides access to individuals’ consumer credit reports and daily monitoring of their credit files from all three national consumer reporting agencies.

Gift cards that have already been purchased retain their value and can be used wherever they are accepted by merchants. Those gift cards that had not been purchased have been deactivated and are being removed for destruction from stores as an additional precaution.

Ben Barone, president and CEO of RBS WorldPay, said, “Privacy is important to RBS WorldPay and we regret any inconvenience this may cause affected individuals. We have taken important, immediate steps to mitigate risk and none of the affected cardholders will be responsible for unauthorized activity on their account resulting from this situation. We are working closely with leading computer security firms to further safeguard our system, and with law enforcement agencies, which we hope will result in the criminals being brought to justice.”

Reblog this post [with Zemanta]

Kohl's Leads Online Sales in Unique Way

According to Internet Retailer Kohl's enjoyed  the sharpest rise in holiday traffic this season...

Among 10 top retail sites, Kohl's has the sharpest rise in holiday traffic

Providing more evidence of the increasing importance of the online channel to retail chains, the e-commerce site of nationwide chain Kohl's Department Stores showed the sharpest year-over-year growth in the number of unique visitors, at 53.1%, in a recent survey of 10 sites. posted the second-large increase, up 48.5%, while Macy's was up 36.1%.

The survey, conducted by Compete Inc., was based on unique visitor totals from Nov. 1 through Dec. 13, 2008, the latest day for which data was available, compared to the same period of 2007. Overall, the number of unique visitors at the 10 surveyed sites rose 25.6% to 765.99 million visitors.

The year-over-year changes were affected, however, by the later start of the 2008 peak holiday shopping season. Thanksgiving, typically the official kickoff of peak holiday shopping, fell on Nov. 27 this year, compared to Nov. 22 in 2007.

Following are the 10 sites surveyed by Compete with their year-over-year rise in unique visitors and their total number of visitors (in millions) for the period Nov. 1 through Dec. 13, 2008:
  1. Kohl's, 53.1%, 38.55
  2., 48.5%, 382.02
  3., 36.1%, 35.69
  4. Sears, 25.1%, 58.62
  5., 22.8%, 181.62
  6., 21.7%, 60.04
  7., 20.3%, 137.23
  8., 18.2%, 60.04
  9., 12.3%, 77.51
  10., -9.8%, 42.01

Reblog this post [with Zemanta]

Disqus for ePayment News