As the name implies, "Browsers" are for "browsing" when you're done, and it comes time to make that online purchase, it should be done "outside the browser."
There are reports of a serious vulnerability with all browsers which makes e-commerce unsafe. This is a sobering moment in e-commerce history... but it's nothing that we at HomeATM didn't see coming...(see the post:
It' Safe to Say It's Not Safe..)Browsers are e Commerce handicapped.HomeATM has long taken the position that a software only approach to providing PIN based transactions to the web is ripe with insecurity. There are too many holes within the
browser space to guarantee a secure transaction. Typing your credit or debit card information in a browser is simply put, "not a wise thing to do" as there's "no such thing" as a "secure site" as the story at the end of this post demonstrates.
So, now there's further
proof HATM is right. There's no such thing as a secure website...thus there's no such thing as a secure e-commerce transaction. If you've any doubts simply google:
web browser flaw (I've provided a link to make it easy) and you get 17,000+ hits..."Pardon my sarcasm, but "Enter your PAN" (personal account number) into the browser space, and you'll get hits from hackers.This time around, it may have taken 200 Playstation 3 consoles but what about this year...or the year after that?
E-Commerce is NOT safe in a browser space.
This is why the engineers at HomeATM decided to take the "hard"ware approach and manufacture, then distribute a "personal point of sale device.
Sure, by all accounts, it would have been much easier to roll out an Internet PIN debit platform with a software only approach. But that would be taking the "easy way" out. "Soft"ware is, by it's own descriptive, "soft." When you take a software only approach..., and this is a big caveat, we believe it 's only a matter of time before a major breach occurs. It's not so much the software, as it is the consumers PC.
Therefore, in the interest of protecting the consumer AND the merchant, we know that we had no choice but to do it the "hard" way and create a small, easy to use, secure point of sale device . It's the way it's been done since the beginning of electronic payments and...
According to a Trustwave review of 400+ breaches, 67% were from POS Software, 25% from an Online Shopping Cart, 7% from Back-end Systems and only 1% from a Hardware Terminal. (
click here to see the graph)
By utilizing (pictured on left) our personal swiping device, (which plugs into a PC's
USB port in seconds), the transaction is safely done "outside the browser space" utilizing existing secure bank rails, which have yet to be compromised in 40 plus years. The connection bypasses the user's PC, which could be infected with viruses and other malware that make sending financial information over the Internet unsafe. Here's the latest about browser insecurity...
There's a "proof of concept" that a "key piece of of Internet technology that banks, e-commerce sites, and financial institutions rely on to keep transactions safe suffers from a serious security vulnerability."At this point, an "I told you so" doesn't do anybody any good, so we'll continue to focus on what we do best...providing a secure environment for PIN based transactions. But rest assured, if a software only approach to PIN debit is released, when it's breached, expect a resounding "I told you so" from the folks at HATM.
With that said, it's relatively baffling to us that an EFT switch
Firserv's Accel/Exchange...click to read story (PDF) is willing to "toss the dice" and pilot a browser enabled approach to securing PIN based e-transactions.
Mr. Kelly, currently the GM of Accel/Exchange and pictured on the right, is adamant in his belief that it's safe. We respectfully disagree, and time will tell, we just hope it's won't be at the expense of an entire sector (PIN Debit for the web) being tarnished because of a massive breach. They point out that it would cost millions to distribute a personal POS device like the one produced by HomeATM, but we've got the costs down to the point where, in quantities above 100,000 we could provide them for free, if the consumer/etailer covered the $4.95 cost of shipping and handling. What would cost millions, maybe even billions, would be a breach resulting in the exposure of consumers PAN and PIN.
Of course, we're not alone with our analysis...ask Gartner's distinguished analyst, Avivah Litan how much she would trust a software only approach to bringing PIN based transactions to the web.
You've most likely heard the term "
Caveat Emptor"? HomeATM wishes to protect both the buyer and the e-tailer with our approach. At the same time, we also wish to avoid providing fraudsters with the means to carry out "
Account Emptor" which is exactly what would happen once they got a hold of your PAN and your PIN.
Anyway, moving on to the story behind all this. A group of researchers have demonstrated a "
proof of concept" of an exploit that bypasses
Secure Sockets Layer (SSL) security safeguards. Another words, "every web browser (Explorer, Firefox etc.) that implements SSL can be spoofed into displaying the padlock". Translation: Invert the p in "https" and you'll get the picture..."htt
bs".
This is certainly not good news, but as I've mentioned a couple of times already, for the engineers at HomeATM, it's old news. So, don't be surprised by any more "surprise announcements" about how insecure e-commerce is. As I've vehemently stated, many times over in this blog, the web was originally designed to be an information highway and "Highway robbery "is not a new concept.
Once again, and I want to state this for the record...unequivocally... In order to secure a PIN based transaction, it needs to be done "outside" the browser space. Period. End of story.
Which brings me to the beginning of the story that instigated this post, (from CNET, written by Jonathon Stray).
Web browser flaw could put e-commerce security at risk | Security - CNET News
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vgquLLvOCuFqxrOsxlWTgYah-AZUzVLuaGIpVS1GRcNHQmJOcr-L0xPAiipvEzLgFXnSXrnn9S1Iwb4UuGfAN0KXZNXrEhwXHz_v8mnJH3mWurdP-CWxBM7XTFTvPCs-UrV23tIzMPAx6mbZ46QxII=s0-d)
Therefore, in the interest of protecting the consumer AND the merchant, we know that we had no choice but to do it the "hard" way and create a small, easy to use, secure point of sale device . It's the way it's been done since the beginning of electronic payments and...
The problem is unlikely to affect most Internet users in the near future because taking advantage of the vulnerability requires discovering some techniques that are not expected to be made public (Editor's Note: too late, cat's outta the bag..now that they know it can be done, it'll be done again) as well as overcoming engineering hurdles: performing the initial digital forgery consumed approximately two weeks of computing time
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t9k1QVBx8ClvYJvLSu09A44y3TotxRkDW_HrA-9b6sJ8vbBY4SunOf04g8ArxDIj60Bdl8-o3VHu2JVarbPAcFZLyb4PvmMFF28s6pjERxXNIithPk2narPNQKvIf7TZhQrNjQZ-nDn6rKF2O0uYnm=s0-d)
Global Payments wins top internet card processing award - Taiwan News Online![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tA8wz9HVZFmvLzd_spMtPnj84BASO-Z7hgdfkOzMHPlmIRN_FSaUISSK2Yq1otBX0GzyvEyxiKeVtbJUw09acSGhcNhJBAm7Wt0id3K6Eb35iUlPnBWrfbVQwlxkRGXWM2d1b2ejHy7KrIdAGqdJqH=s0-d)
