The HomeATM PIN Payments Blog has been honored with a "Best of the Best" classification from Alltop. We humbly accept. (Follow this blog on Twitter).
We've been placed in the "banking section" along notables such as Glenbrooks's Payments News, NetBanker, (the Finovate people) Bank Info Security and the New York Times Banking Section. (see graphic on right)
As long as I've started a post announcing our inclusion in Alltop's Best of the Best, let me clarify something that's been bothering me. We (along with a myriad of others) have been referred to as "an alternative payments company." Quite the opposite is true. HomeATM does not offer an alternative payment platform. We offer a mainstream platform for an alternative space. There are lots of "alternative payment" companies out there. In fact one seems to crop up every week. What makes HomeATM's PIN Payment platform DIFFERENT is this:
A PIN based payment is NOT an alternative payment at all. Debit recently overtook Cash as King, and PIN Debit is the most preferred form of payment by BOTH consumers and merchants alike. Our platform most accurately mimics the consumer experience at a grocery store. Swipe your card (more convenient than having to type a 14-16 digit number), and enter your PIN.
Therefore it is a "Mainstream" payment. The only difference is, with HomeATM's SwipePIN device, you would do it in the safety of your own Homethereby alleviating the risk of someone looking over your shoulder andstealing your PIN. Another big difference is that with your own "personal" swiping device, you know it hasn't been tampered with. In addition, the PIN is end-to-end encrypted.
The only thing alternative to PIN Payments is that there are "two" approaches (alternatives) towards providing a PIN Payment mechanism for the Internet. 1. Hardware 2. Software
When it comes to breaches, software is, well, "soft." 92% of 500+ breaches were software related. 1% was Hardware. (Tampering caused the vast majority of Hardware breaches and ..our's is "tamper-proof."
Recently, Acculynk, who takes a "software" approach has made some strides with a smaller EFT Network. (Accel Exchange) whose General Manager, Mike Kelly, believes that their solution "most accurately mimics the consumer experience at the grocery store."
Based on the logic exemplified from that statement, it's not surprising they've chosen Acculynk. Meanwhile, a much larger (10 times) EFT Network has already written off a software based solution as potentially dangerous to the whole ATM Debit ecosystem.
Speaking of "Confirmation we Kick Ass,"... for hundreds of years people have fought for what they believe to be right. But...we have yet begun to fight. HomeATM believes common sense will prevail. But first, here's a swift kick in the ass to a software based PIN application.
Without obtaining the PIN Offset, or the PIN Verification Value, which both reside on the magnetic stripe, your PIN can (we say...will) be compromised. Swipe...never Type. If your card information is going to be "swiped" anyway, should you be the one doing the "SwipePIN?"
From the Society of Payment Security Professionals:
If the transaction is a ‘card not present’ transaction then where isthe PIN Verification Value / PIN Offset stored? In a traditional PINDebit transaction it is resident on the magnetic stripe of the card. This has several benefits one of which is that it prevents a datathief from obtaining a PIN and only the primary account number andbeing able to conduct PIN based transactions. If the card is notrequired to be presented, it appears that this would allow fraudstersto obtain the PAN or other card data and the PIN and conducttransactions.
So where's the "logic" behind the Accel Exchange's decision to implement a software based solution which DOES NOT protect the PIN? One can only guess they're using the same logic they used when they said that a "floating PIN pad" most accurately mimics the consumer experience at the grocery store. (click picture to enlarge)