Wednesday, April 22, 2009

And You Say You Want Software Internet PIN Debit?

Back in 2002, a company called ATMDirect was hyping their software based Internet PIN Debit platform...but nobody listened.  Eventually they went bankrupt and Pay By Touch bought their assets out of bankruptcy.

Pay By Touch pushed ATMDirect but nobody listened. (okay Accel Exchange did do a pilot with JPaul)  Then Pay By Touch went bankrupt...and ATMDirect's assets went up for sale AGAIN!

Not a single payments entity placed a bid.  Not Paypal (who paid almost a billion for eBillMe) not a single EFT Network, no alternative payment company whatsoever even showed a hint of interest.

Finally, it was purchased for a measly $600k, including Dell according to one report./IBM according to another, Blade Servers valued at $1.5 million plus.  Fast forward to 2009.  ATMDirect's software-based platform, under a new name, "Acculynk" is gaining some traction.  With the exponential growth of malicious threats hitting the web, time may have passed this "application" bye.

Ironically, in the short history of the Internet, the year 2002 was probably the optimal time to introduce a software-based PIN Debit application. But 2009? Look at the chart above. A 12 Fold increase in malicious code threats since the beginning of 2007?  That means that there are web-based attacks that exist this morning that didn't exist last week, let alone in 2000.  So what does tomorrow hold? Not a lot of promise for alternative PIN debit.  Especially when you consider that (not surprisingly) the "VAST MAJORITY" of attacks focus on Financial Services.

Take a gander at the article below from The Sydney Morning Herald based on last week's release of  the results of a new study on Intenet security by Symantec...it seems obvious the time for an internet PIN Debit application was years ago, not now.

False sense of security - Banking - Money - Business - Home - smh.com.au John Kavanagh - April 22, 2009

No website is safe from the increasing number of internet criminals who want your money. Internet security threats are increasingly likely to come from popular, trusted sites with a large number of visitors. The growing sophistication of internet fraudsters and the techniques they use are resulting in an increasing number of cases where malicious code is finding its way into the web browsers of visitors to websites of reputable organizations.

This is the main finding of the Internet Security Threat Report, published last week by Symantec. The report is based on feedback from 240,000 sensors monitoring attack activity in 200 countries. The report says the online underground economy is maturing, with a range of "service providers" selling phishing tool kits and blank credit cards, as well as stolen data.

The area where the threat level is highest is financial services. Frauds and malicious attacks involving bank and other finance sector websites make up more than 75 per cent of the total.

The senior director of Symantec Australia and New Zealand, David Dzienciol, says bank account and credit card details are the most popular items being traded by internet criminals.

The report says 76 per cent of phishing attacks target financial-services sites. Keystroke logging, a technique used to steal online banking log-on details, is another common form of attack. Twelve per cent of all data breaches in 2008 involved credit card information.

Credit card details are the most popular items for sale in the "underground economy". The reason for this, the report says, is that "there are numerous ways for that stolen information to be cashed out. The underground economy has a well-established infrastructure for monetising such information."

The report states: "The lengthy and complicated steps being pursued to launch successful web-based attacks demonstrate the increasing sophistication of the methods used by attackers."

Local banks are reporting that fraud levels in some areas, such as check fraud, have gone down but..."The area where there has been a big increase is in card-not-present transactions involving credit and debit cards (card-not-present transactions take place online)

The Australian Payments Clearing Association (APCA) reports that in the 2007-08 financial year, check fraud declined from 1.4 cents to 0.8 of a cent in every $1000 of payments. Debit card fraud (involving Eftpos and ATM transactions) went up from 7.1 cents to 7.4 cents for every $1000 of payments. Credit and charge card fraud jumped from 38.6 cents to 50.2 cents for every $1000.

APCA says card-not-present fraud accounts for 48 per cent of card fraud. (Editor's Note: A software PIN Debit application is a "card-not-present" approach) True PIN Debit is a debit card that is 1. Swiped, in order to capture the PIN Offset, the PIN Verification Value and the Track 2 Data and has True 2FA (two-factor authentication) by entering the PIN after the magnetic stripe data is captured. HomeATM has the ONLY TRUE PIN Debit solution designed for eCommerce.)



symantec, malicious code, Internet PIN Debit, Acculynk, HomeATM



Reblog this post [with Zemanta]

Disqus for ePayment News