Wednesday, August 26, 2009

Top 11 eCommerce Paradigm Shifters Put HomeATM in Gear





I read an article at Internet Retailer.com and it got me
going as to why I believe it's a great time to be the only company in the world
with a PCI 2.x certified PIN Entry Device! 
Here's an excerpt,  followed by my Top 11 List...













The web accounts
for a bigger slice of the sales pie at Gap


The web outgrew total
revenue and store sales for Gap Inc. in the second quarter. But the most
telling statistic in Q2 about the overall importance of e-commerce to Gap is the
fact that the Internet now accounts for a significantly larger share of total
sales than it did just one year ago.


In the quarter ended Aug. 1,



Gap, No. 25 in the Internet Retailer Top 500 Guide,
reported:







  • Web sales are up
    17.3%
    from $224
    million
    to $191 million in the second quarter of 2008.



  • Comparable-store sales decreased 8%.



  • The web’s percentage of total
    sales for Gap is 25% larger than one year ago



  • Net income declined 0.4% to $228 million from $229 million.



    “Building upon two years of work
    improving our economic model, we’re now putting further emphasis on changing the
    trajectory of our top line performance,” says Gap CEO Glenn Murphy.


    For the first half
    of the year:





    • E-commerce revenue increased
      15%
      to $491 million from $427 million.

    • Total sales declined 7.4% to $6.37
      billion from $6.88 billion.

    • The web’s percentage of total
      sales for Gap is 24% larger than one year ago
      .


    • Net income declined 7.3% to $443 million from $478 million. 


    Okay...that is what instigated this post.  There have
    certainly been some interesting developments over the course of the last two
    years.  Let's take a look at my "Top 11 List" as it relates to an eCommerce
    payments platform:






    1. Debit
      has surpassed credit in both the number of transactions and volume.


    2. PIN Debit is the preferred of the two debits, online
      and offline.  (PIN and Signature)


    3. The "GAP" between eCommerce and Bricks and Mortar is
      lessening. 


    4. Consumers have the fear of god, (I guess I shouldn't
      give hackers that much credit) instilled in them to the degree that over half
      have serious reservations and one-third won't even risk shopping online. 


    5. Brick and Mortar merchants are clamoring for lower Interchange Fees,

    6. PCI "certification" and "compliance" are at top of
      the news forefront,


    7. End-to-End Encryption, a term not heard prior to the
      Heartland Breach, is fast becoming a buzzword...


    8. Phishing, Keylogging and Malware are at an all-time high

    9. "Card NOT Present" Fraud is at an all-time high ...AND GROWING

    10. Recent reports state that no website is
      safe
      ...and, number 11:


    11. Banks are "worried" for the first
      time
      . (The Password is "2FA E2EE Security")


      So when you add it all up what does this all mean?
        It means that the Paradigm Shift...feel free to call it the "perfect
      storm"...has begun to brew and gain momentum.


    Why not make "everybody" happy and solve all 11 problems at once.  The main culprit of CNP Fraud is the Web Browser.   So why not eliminate the CNP environment by eliminating typing and mandating swiping just as they do in the brick and mortar world? 

    Therefore, now is a really
    good time to offer the world the "only" PCI 2.x end-to-end 3DES DUKPT encrypted Pin
    Entry Device in two hemispheres.  By the way, our device, it could be argued,
    removes Internet Retailers from the scope of PCI
    Compliance because the data is neither stored nor handled when the card is
    swiped.








    It's also beneficial for
    HomeATM to own a globally patented PIN Debit platform which not only lowers risk
    and virtually eliminates chargebacks but is preferred by both merchants and
    consumers alike. 

    Imagine the demand if that very same platform were to significantly 
    lower Internet Retailers Interchange Fees...especially if
    the cost of the device was so inconsequential that it provided a return on
    investment as quickly as the first transaction.

    I would be great if that
    same platform eliminated the threat of phishing, cloned cards, cloned bank
    websites, DNS Hijacking and to a large extent malware.  (what would the malware
    steal if there wasn't any card holder/financial information data?)


    Having removed those threats, I guess the only "threat" to HomeATM's
    solution is...the dreaded Software PIN debit :-)  I still don't quite
    understand, especially in light of the recent exposes' on  inherent weaknesses within the browser space, how software PIN debit has
    gained the momentum it has, but I will say that Acculynk has done a wonderful
    job marketing their solution.  (In fairness to HomeATM, they have a lot less
    pushback as they don't have to move molecules. (hardware)  Then again, I don't
    consider that to be an encumbrance...I consider hardware to be an advantage. 


    For the sake of argument, let's give the software approach the benefit
    of the doubt.  Let's assume that hackers are too dumbfounded by mouse clicking
    technology to figure out how to crack a floating PIN Pad, they aren't handicapped when it comes to stealing credit and debit card numbers...





    In my humble opinion, the problem (SNAFU) with software
    PIN Debit is that in order for
    it to work, consumers must still "type" their Primary Account Number (PAN) into
    a box on a merchant checkout
    and...I think that
    hackers
    have already
    proved beyond a shadow of a doubt that they can easily hack the PAN.



    The only way to prevent
    that from happening is for people stop typing.  So the obvious question is: If
    typing is eliminated...thus the required first step for a software PIN debit
    application is eliminated as well... what initiates the popup...oops,
    floating...PIN Pad at the checkout on a merchants website?  Hmmmm.....


    Let us assume the elimination of typing "isn't in the
    stars
    " (contrary to the picture I have envisioned in my mind and pictured
    on the right) for another couple years.  That would mean that Internet Retailers
    would have to choose between a software and a hardware approach to Internet PIN
    Debit.

    Aside from the aforementioned fact that hackers have proven they
    can steal credit and debit card numbers at their whim,
    why do I believe that
    HomeATM has the advantage? 


    One "very big" reason is that we provide the PCI
    compliance by removing the merchant from the scope of said compliance.  That
    fact alone would save Internet Retailers not only a pocketbook of cash, but
    eliminate more headaches than 10 cases of Excedrin. 

    More importantly,
    the fact that Internet Merchants would be PCI compliant would potentially save
    their business from an involuntary insolvency caused by exorbitant fines levied
    by MasterCard or Visa in the event of a non-compliance breach. 


    Considering that 85% of businesses suffered a breach in the last 12
    months (see 2009 Ponemon Report) that
    possibility poses a real threat.

    Another HomeATM advantage is there is
    no arguing the fact that our transaction methodology is immensely more secure. 
    In fact "security" is why we have the only PCI 2.x Certified PED specifically
    designed for eCommerce. (in the world)







    But, maybe our biggest
    advantage is that when you "swipe" the magnetic stripe, the Track2 data is
    captured...which is a requisite for a Card Present environment. 

    HomeATM
    takes it one-step further and immediately encrypts the Track2 data providing
    another layer of security.  (the fact that our PED does that is now referred to
    as an "encryption enabled" Point of Sale Device) 


    HomeATM Worst Case Scenario - "Card Present" Internet PIN
    Debit


    In my humble opinion, the
    "worst" case scenario, is that we
    create  a Card Present "Internet" PIN
    Debit" environment.  (although I would argue that we 100% replicate a brick and
    mortar PIN Debit transaction...for instance, one conducted at the Gas Pump, or
    at a Kiosk.)  But we would encourage MasterCard or Visa
    to create a Win (V/MC) Win (Internet Retailers) Win (consumers) "Card Present Internet PIN Debit"
    classification for Interchange.  Card Not Present Fraud has reached epic levels and shows no signs of letting up.

    Software's Best
    Case Scenario: "Card NOT Present" Internet PIN Debit


    On the other hand, Internet Retailers who
    decide to risk offering a  "type and click" format, which does not capture
    the Track2 data could only hope for a "best case scenario" classification of  "Card
    Not Present" Internet PIN Debit.   By definition, (Visa and MasterCard's) if the
    magnetic stripe data is never captured, then it creates a "Card Not Present"
    environment, thus transaction. 

    The fact that "CNP Fraud is at it's
    all-time high and is expected to continue to grow" bodes well for a Card Present
    Solution.  But, nevermind that...Simply ask "anyone" in the brick and
    mortar space if they prefer "card present" Interchange over "card not present"
    Interchange and you'll learn why HomeATM has a distinct advantage over a
    software, CNP solution.  We replicate a brick and mortar PIN
    Debit transaction whereas "software PIN debit" does not exist. (anywhere in the
    payments ecosystem
    ).  We are simply taking a "conventional approach" to
    securing card holder data for web transactions.  Software PIN debit is just
    another "alternative payment" system.

    Oh...last point.  HomeATM is EMV
    (Smart Card/Chip and PIN) ready.  There's no such thing as a software Chip and
    PIN.  Then again, I guess I could argue that there's no such thing as a software
    PIN Debit solution either as both require swiping vs.  typing.   Add to that fact that our device would also provide secure 2FA 3DES DUKPT E2EE secure online banking log-in and there's a value-added component to the mass distribution of our devices.  Especially considering the inherent flaws in online banking authentication.  (see related story below)




























    Reblog this post [with Zemanta]

    Disqus for ePayment News