Tuesday, August 4, 2009

The Internet Can be Utilized to Transmit Encrypted Data

But the Web is NOT a Safe Place with which to Conduct Transactions...
Many people use the terms Internet and World Wide Web (aka. the Web) interchangeably, but in fact the two terms are not synonymous. The Internet and the Web are two separate but related things.


How are they Different ?

The term Internet evolved from Inter-Networking.It is a massive super-network of millions of networks built all acrossthe globe. It actually represents the overall network infrastructurecomprising of Fibre optic cables, routers, switches, gateways,computers among other network constituents. Every node(computer) oninternet is accessible by every other node connected to the Internetand that’s how Internet is primarily used for communication andInformation sharing.

There are some well defined Internet protocols for performingseveral purposes such as data transfer, remote access, informationsharing using Internet. ‘World Wide Web’ employs Hyper Text Transfer Protocol(HTTP)to facilitate Information sharing on Internet. In other words, ‘Web’ issimply an Information sharing model, built on top of the internet.

In simpler words
World Wide Web’ (WWW) or simply ‘Web’ is basically a subset of Internet. It represents the largest sub-network on Internet, which employs HTTP protocol and lets us  (and hackers) access information published  (or typed) on a Webpage via a software called a Web browser.

That said, it's just a matter of time before EVERYONE realizes the web is not a safe place to conduct financial transactions.. The same is true for online banking authentication.   When you "type" primary card numbers or passwords, what you type can be accessed by the bad guys...

For those who missed it, I am republishing a post regarding the danger online banks face when it comes to losing customers due to inadequacies of their authentication and the web itself.

It's just a "matter of time" before EVERYONE realizes that the Web was not built for eCommerce and that if they stay on course, there will be a train wreck the magnitude of which has not been seen.

The banks have another choice...get on board the "gravy train" HomeATM can provide and open up a whole new world (wide web) of security for their customers and enchance their image, their bottom line and their branding strategy all at once.

You don't have to be a "seer" (or read "between the lines") anymore, to realize that the web is broken. You can simply read the headlines. Websense, in their new research report, pulls no punches when they state:

"The conjunction of technologies and the monetizing of hacking have resulted in a web environment where no websites, legitimate or not can be trusted."

Half of Banking Customers Hit by Card Fraud Change Banks



One in Five Hit by Card Fraud in Past Five Years:
ACI Worldwide Survey

HALF (49%) Would Consider Changing Banks Following Card Fraud...22% "Would" Change Banks!

Editors Note: Wow, if I was a financial institution offering "online banking"that headline would haunt me 24 hours a day until I figured out a wayto either change it or use it to create an opportunity for my onlinebank to flourish.

My first thought would be: "If 50% would consider "changing banks AFTER" they get hit by card fraud/onlinebanking/phishing fraud, how many would consider "changing banks" to"AVOID" getting hit?

And to which competitor would they go?

I'd conclude that if they "left because of insecurity" they would probably "come on board BECAUSE of security."

Soif I wanted to open a portal for dissatisfied online banking customers,I would use a uniquely positioned product to ensure my customerssecurity. I'm thinking Swipe vs. Type here. Then I would think...howmany potential customers could my bank procure by "guaranteeing" onlinesecurity? Research would determine if it was millions or only"Hundreds of Thousands." I think I made my point. If not, thenthere's always this:




"Fraud reduction isone area where financial institutions are able to take decisive andpositive action to reduce losses and enable them to protect their image and retain the trustof their customers."

  • Protect Your Customer...in fact "Enable Them"
  • Protect Your Image...in fact "Enhance It"

Considering the drastic rise in cybercriminal activity, especially activity aimed at financial institutions, I would think that thekey to any online banking branding strategy would be about protectingthe customer from phishing and malware and protecting, better yet,enhancing the financial institutions image. Those two principalsshould drive any strategy.

Sincebanks cannot control whether their customers visit a malware infestedwebsite, they have to find another way to protect both themselves andtheir customers from malware. The "other way" is to require theircustomers to Swipe vs. Type. As I've said in the past, two of thethree steps are already done by the bank. They issue the card, theyissue the PIN, the last remaing issue is a device that reads the cardand the PIN. The best choice is a PCI 2.x certified PIN Entry Devicedesigned for eCommerce use.

It'sthe fastest and familiar way to securely authenticate their user and byeliminating "typing" you eliminate the threats from malware andphishing. These days, it's all about security. The web is NOTsecure. Therefore financial transactions need to be conducted"outside" the browser space.

However,for the sake of argument, let's assume those principals are not adheredto. Assume that banks are willing to take the risk that theirclients' online banking information will get phished, that it's "just acost of doing business." The game has changed. When 50% of consumerssay they might change banks if they (or somebody they know) experiencedcard fraud it's not just about phishing anymore. It becomes a muchmore serious problem.

Iwould think that banks might be less willing to take on the risk thathalf of their customers will jump ship. That very real threat is onethat HomeATM can eliminate as well. We don't operate within thebrowser, we operate without. We simply utilize the Internet as the"conduit" whereby the encrypted cardholder information is channeled. It cannot be unencrypted until it reaches an HSM.

Phisherscan't phish if consumers don't type. If online banking consumers aregoing to switch banks anyway, why not have a strategy to "swipe them"off their feet?

Ihave to seriously ask...when will a bank "connect the dots" and offertheir customers the only PCI 2.x and TG-3 certified personal e-bankinglog-in device in two hemispheres. It is a no brainer. Guarantee theirsecurity.

What is the guarantee? That your customers data is safe and therefore your customer is safe.

Ourdevice would render phishing useless by requiring secure 2FA login(swipe card/enter PIN) With our device it doesn't matter what malwareis on the computer, it wouldn't be able to steal username/password databecause that data is NOT typed in anymore. It might very well still beon the PC, but it's no longer used for logging in. Typing has beeneliminated and without typing, the bad guys can't steal your customer'scard numbers. Eliminate typing and you also eliminate the threat of keyloggers, cloned bank websites, counterfeit cards AND losing yourvaluable customer to a competitor.

Twofactor 3DES DUKPT End to End Encrypted PCI 2.x and TG-3 CertifiedMilitary Grade security... used for securing online banking log-in,money transfers, conducting more secure online transactions and thusenhancing your bank's image...all for $12 a pop? Yeah...So get aheadof your competition by simply connecting the dots! Your almostthere...2 outta 3 ain't bad, but 3 outta 3 is better.

NEW YORK, July 28, 2009 (GLOBE NEWSWIRE) -- ACI Worldwide, Inc.(Nasdaq:ACIW), a leading international provider of electronic paymentssoftware and solutions, today announced that its global card fraudsurvey revealed that 18 percent of consumers questioned have beenvictims of credit or debit card fraud in the past five years.

Theresearch, of more than 2,400 consumers across eight countries, alsofound that if an individual or someone they knew was hit by card fraud,22 percent would change financial institutions, and a further 27percent would consider changing financial institutions.

In the light of these findings, and the continued commitment byfinancial institutions around the world to protect their customers fromcard fraud, ACI Worldwide has launched its Guide to "Stopping CardFraud in its Tracks," with contributions from Nationwide BuildingSociety, to provide advice to fraud managers in banks to help combatcard fraud and protect their customers.



Editor's Note: In the US andUK 27% or 1 in 4 people have been toasted by card fraud. Replace thetoaster with a PCI 2.x certified PED. And give them away! Cause youcare! The money will come! In fact, last time I checked (in April)the American Bankers Association said:


Banksthat demonstrate a keen understanding of customer needs and put forthcapabilities that align with them can differentiate themselves fromcompetitors, command higher pricing, and become the provider of choice for deposit-rich market segments. Successful banks will develop programs that demonstrate industryunderstanding, critical product capability, and communicate commitment.”


The survey highlights some wide variations in fraud trends aroundthe world. In the US and UK, 27 percent of respondents have been hit bycard fraud in the past five years, compared to only seven percent inDubai, eight percent in Germany and 15 percent in Australia, China andSingapore.

When it comes to customer attitudes to card fraud, a fifthof the respondents said they are not confident their financialinstitution can protect them, with this number rising to over a thirdin China.

What's more, almost half of respondents said that they would changebanks, or at least consider it, if they or someone they knew was hit bycard fraud.


Editor's Note: Okay, nowif I'm in the banking industry and I read this, I wouldn't be hauntedanymore. I would be excited. Because I would see a HUGE opportunityto capitalize on these consumer behavioral attitudes. If Half wouldchange banks (even if it was just someone they knew who was hit by cardfraud) that means I have the opportunity to "lure" them to my financialinstitution.

Did I just say lure? I did. You can "Phish" for online banking customers by eliminating...phishing.

HomeATM'sOnline Banking program would would keep banking customers safe andsecure and attract dissatisfied customers who leave their banks. It'ssimply a branding strategy. You brand your bank as the most secureonline banking system available. And you secure it with a PCI 2.x andTG-3 certified system. And you "give them away" with a smile on yourface. Because it empowers you, protects your customers, enhances yourimage and will make you money!

Pete Corrie, head of financial crime at Nationwide Building Society,comments: "The number of card payments globally has increaseddrastically over the past few years and, consequently, the wholeindustry has seen associated fraud levels go up.

David Nussenbaum, vice president and product line manager at ACIWorldwide, adds: "The international research we have conducted showsthat although card fraud trends vary around the world, it is still apersistent problem for banks. In order to protect themselves and theircustomers against potential fraudulent attacks, financial institutionsare looking for ways to implement effective anti-fraud strategies,while maintaining efficiency and keeping costs to a minimum. We believethat our Guide will provide some useful and practical advice."

The ACI Worldwide research on card fraud was conducted during July2009 in Australia, Brazil, China, Dubai, Germany, Singapore, the UK andthe USA surveying a total of 2,408 respondents. To download the ACIWorldwide Guide to 'Stopping card fraud in its tracks', go to www.aciworldwide.com/stopcardfraud.









Reblog this post [with Zemanta]
Posted by at

Disqus for ePayment News