Thursday, March 5, 2009
Nostra(para)digmus
I've posted quite a few times that we're in the midst of a major Paradigm Shift. (use the HomeATM search bar on the right and "enter paradigm shift" to read) I took a moment to outline (see graphic on left) some of the finer points which provide e-vidence of this impending shift.
I am positive that convenience will be forced to take a backseat to security which is clearly going to be in the drivers seat.
Likewise, I am more confident that in order to secure a transaction it has to be done by Hardware. No predictions there...just fact. To the engineers at HomeATM...it's a foregone conclusion. It doesn't matter what anyone says today... tomorrow always shows us the truth.
Truth is, hardware is not a "better" option, it's the only option. Software is breached 92% of the time vs. only 1% for hardware.
One doesn't need to be Einstein to figure out that if something is breached 92 times more than something else, then the "something else" MUST be more secure.
Question: If something is breached 1% of the time vs. 92%, then wouldn't it be at least 92 times easier to to "fix" what causes 1% of breaches? In the case of hardware being breached, tampering was virtually to blame everytime. So we made our SwipePIN device tamper proof. We're done.
When you consider new cracks in Secure Socket Layer(SSL) websites , DNS hijacking, Man-in-the Middle Attacks (MITM) Malware, bots, and combine that with the fact that there's been3 Major Processor Hacks in 3 Months, these are indeed dangerous times. This doesn't even take into account the YTBD hacks which will occur in the near future.
We're all at risk for loss if we believe that a PIN Based solution can be peripheraless. Once again, Hardware is not an option. IBM came to the same conclusion whilst looking at how to best secure online banking. See: IBM Agrees with HomeATM....Hardware Required.
Information security will become the number one priority for EVERYONE, and the ONLY way to securely transact an e-commerce transaction is via hardware. There is NO other way. Besides...what's the anti-convenience rhetoric about Hardware anyway? Doesn't it make it more convenient when you don't have to type in a bunch of digits, expiration dates or CVV's.
Besides...we're used to hardware...don't you have to plug a cigarette adapter into your iPhone or Blackberry to charge it? How hard is that? Well, in addition to processing PIN Debit, you can plug in the HomeATM SwipePIN device and "charge it." What's the difference? Plug in cell-phone to charge it...Plug in SwipePIN device to charge it. (Don't forget about our PIN my Card application which allows you to securely assign a PIN number to your credit card, providing a more secure dually-authenticated transaction)
The Internet is demonstrating significant power to provide "Net"profit", Cash has been replaced as King, having being "overthrone" by King Debit, and information security is more important than ever. It doesn't take Nostradamus to write a quatrain predicting that EFT Networks will want their piece of the PIN Debit/Credit Internet Pie. And rightly so! Why should they be "shut out" from Internet transactions?
PIN Debit leads Signature Debit 45%-35% in the physical world, but doesn't yet exist in the virtual one. Can you possibly disagree that the paradigm shift will contribute towards bringing PIN Debit to the web? Problem is...in the past retailers were the focal point of hackers. Got the Personal Account Numbers but never the PIN. Now it's processors. 100 Million Personal Account Numbers...Zero PIN's.
PIN's are the Holy Grail to Hackers. Doesn't ANYONE SEE (beside's Avivah Litan, HomeATM and IBM) what's going to happen if we attempt to secure them in a software environment?
Nostra(para)digmus predicts that no matter what we see today, tomorrow will show us the truth.