Wednesday, February 18, 2009


So you say that you can't wait for mobile payments eh? 

Well, in an article published by Kelly Jackson Higgins of, (Smartphone Risks Intensifying)  quoting research from  McAfee, you might want to wait until they figure out how to make those Smartphone's more secure. 

I say we tackle the Internet payment problems first, then  move  on to mobile.

M-Payment supporters cite convenience as the thrust behind the interest in mobile payment. 

Convenience may be nice but it's way overrated.  Anyone who argues that convenience is the number one driving force behind the popularity of a payment methodolgy simply doesn't get it.   Security is the key and convenience arrives at the expense of security.  (How convenient is airport check-in and boarding post 911?  Yeah, quite the "departure" from convenience, is it not?)  Allow me to provide another analogy.

Would it not be of the "utmost" convenience for you and your family to get in and out of your house, (along with your relatives and/or neighbors who want to come and pay you a visit) if you always left the front and back doors of your house unlocked?  Sure it would. 

Then why don't we do it?

It's because that very same convenience comes at the expense of security which in turn, would also be likely to attract malicious characters.

On the flipside, if you always locked your door, you may occasionally be  "inconvenienced" by having to fumble around in your coat-pocket or purse, looking for (those damn) keys. 110% inconvenienced if you've ever lived in the US/Midwest in January, I might add. 

But we go through these same insanely inconvenient motions everyday anyway. Why?  Because it's worth it to us have the peace of mind in knowing that it's safe.   Why should it be any different with securing payments?  Don't the bad guys want to get into our house to steal our money?  Don't we use money to make payments?   

(BTW, I know we used to leave our doors unlocked back in the "Leave it to Beaver" days, but sadly, even prior to "Beavis & Butthead" becoming the number 1 movie in America {which marked the day I started locking my doors, heh heh heh...}, it became a much different world out there.  

We threw convenience out the window and not only started locking our doors, but also the very window we threw convenience out of...along with locking our garages, our bicycles, blah blah blah...etc. etc. etc.) 

So, convenience is not really the core issue.  Risk and security are.

So the question begs to be asked: When will retailers understand that because fraud is rising exponentially (a trillion last year) and because it's them who are always the one's getting stuck with the bill, maybe it's time to stop complaining about Interchange and time to "implement change."   I would argue that it's time to "take charge" and stand up and fight.  Instead of being responsible for chargebacks and fraud, take responsibility and implement and push a more secure (thus lower interchange) payment method.  (such as the one afforded by HomeATM?  You betcha!) 

Face it, consumer's only want convenience in the face of zero liability.

V/MC knows that, which is why they have implemented their so-called "zero liability" make consumers feel like they have no risk of exposure.

Heck, if my auto insurance had a zero liability program, I'd never take my keys out of and never lock the door to my car.  Wouldn't it be nice if you never had to look for your car keys or worry about losing or leaving them somewhere?  They'd always right where you left them, right where they need to the ignition.  If that isn't convenient, I don't know what is.  So why don't we do it if it's "all about convenience?"  Because it's not.  It's all about safety, security and protection.

The bottom line, is if you ask anyone who has had their purse,wallet or ID stolen, it's a very time consuming, aggravating and frustrating effort to deal with all the financial institutions, credit bureaus' etc. to right the ship.  Not one would say they found the process to be anything but "inconvenient." So one could argue that there are some "untruths that lie" beneath the zero-liability programs pushed by V/MC. Imagine that. 

Even worse, on the flip-side, (of zero liability), it's the merchants whom are almost certainly always at risk. We'll call that program the "100% Full Liability Merchant Left Holding the Bag Program."  They're the one's liable for fraud, chargebacks, thefts, etc.  It's no secret that V/MC has them by the bollocks because they can't afford to NOT take credit cards.  Or can they?

With the decline in credit card usage and the rise in debit card usage, now may be the perfect time to make a move and switch over to a more secure payment mechanism.  What is a more secure payment mechanism? 

For one, Card Present is more secure than Card Not Present.  That's the singular purpose of HomeATM's personal swiping facilitate card present transactions.  Wait, there's a dual purpose to our "slider" as we take it a step further in order to provide "dual authentication" Therefore, we have incorporated a PIN Entry Device into our "slider."  Why?  To make it more convenient for people who want a secure transaction.

According to this months issue of Card and Payments,

"PIN Debit transactions have lower fraud rates because of the required PIN, while signatures are relatively easy to forge.  Betwen 2005 and 2007, the average fraud cost on PIN Debit transactions was 1.09 cents per $100 of card spend compared with 5.4 cents per $100 of card spend on signature debit transactions."       

Through HomeATM, online retailers now have a choice.   A choice whereby they can increase security, reduce risk, hence interchange fees, virtually eliminate chargebacks and increase their bottom line...all in one fell swoop. 

In these times of both fraud and economic frugality, you'd think, now more than ever, retailers would demand security over convenience.  Transactions don't have to be "inconvenient," they just should NEVER be insecure.

Let's use HomeATM as an example...just how "inconvenient" is it to swipe a card into our Slider versus type in a 14 or 16 digit number, an expiration date and a CVV?  Most would agree that it's actually "more convenient" to "swipe vs. type."  One thing is certain...with HomeATM's E2EE, it's about a million times more secure.

Anywho, I almost's the article questioning the security behind smartphones...and always remember...hackers are smart too.  They figured out the insecurity behind web browsers, amounting, by at least one account, to $1,000,000,000,000 (one-trillion) dollars in losses due to cybercriminal activity.  That was in 1 (one) year. 

Maybe we should secure the Internet with PIN before we start worrying about transacting with mobile phones. HomeATM feels it has already accomplished that task, having engineered a patented process that utilizes existing bank rails and provides end to end encrypted (E2EE) internet transactions. 

But did you know that HomeATM has also engineered and is testing a secure SmartPhone PIN based (click pic to enlarge) E2EE mobile transaction platform?  More on that later. 

Let's get this Internet payments mess fixed first...

     Smartphone Threats Intensify - DarkReading

Enterprise data at risk, according to new McAfee report, which shows mobile device manufacturers seeing more malware attacks than ever before.  IEditor's Note:  Oh yeah?  Wait til Next Year!)

By Kelly Jackson Higgins - DarkReading

Security threats were bound to catch up with the proliferation of smartphones across the enterprise. More than half of mobile device-makers said their products experienced malware, voice-, or text spam attacks last year, according to a newly published report from McAfee.

Experts have long warned that smartphones, such as Windows Mobile and iPhone handsets, could become the new weakest link in the enterprise, with more users relying on them for accessing corporate email, surfing the Web, and other applications. "[Users] want to do everything on them," says Stewart Allen, a Toronto-based independent consultant. "But they are [typically] completely bypassing the IT infrastructure." They are also bypassing security, he says, putting sensitive data at risk.

McAfee's report, which is based on a survey of 30-plus mobile device manufacturers from around the world, found these vendors are getting hit with more malware attacks than ever before. As a result, they are spending more money on recovering from them.

Nearly 55 percent said network or service-capacity problems have ensued due to mobile security incidents -- up from 25 percent in 2007. Around half said third-party application/content problems had plagued their devices last year, up from around 25 percent in 2007.
Around 48 percent said their devices accounted for data loss problems, up from around 27 percent in 2007.

Continue "DarkReading"

 , , ,

Reblog this post [with Zemanta]

1 in 8 UK firms lose 5% of Revenue to Fraud

Computer Business Review

Business left to fight online fraud
By Kevin White

Lacks government coordination: security vendors

Businesses are largely being left on their own to counter financial fraud, security companies have agreed.

In a newly issued study CyberSource has said its findings highlighted online retailers’ frustration at the lack of coordination and government support in the fight against fraud.

It concluded that merchants continue to bear the increasing burden of fraud.

In the absence of any recommendation in the report for the creation of a centralised anti-fraud body to coordinate efforts across the financial and enforcement industries, Yuval Ben-Itzhak CTO at secure web gateway supplier Finjan Inc said is clear that companies are on their own.

Although technology can significantly mitigate the risk of a company’s systems being breached,
it appears that as many as one in eight online UK firms are losing more than 5% of their revenues to fraud...this illustrates the phenomenal cost that card fraud is costing UK organizations...

Continue Reading at CBR

Reblog this post [with Zemanta]

V/MC to Slash Expenses, Increase Prices

Standard  and Poor - "The companies have not been run very tightly"

Reuters is reporting that Visa and MasterCard are slashing expenses and increasing prices.  I
NEW YORK (Reuters) - As cash-strapped U.S. consumers think twice before buying a coffee or a newspaper, and banks fight for survival, Visa Inc and MasterCard Inc are cutting costs to sustain earnings.

In their latest quarterly results, the world's largest payment networks beat expectations by slashing expenses and increasing prices.

That contrasts with previous periods when the companies could rely more for growth on people switching to electronic payments from cash for an increasing number of transactions.

That trend had Mastercard and Visa in the sweet spot of the credit and debt card industry -- getting paid each time a transaction took place on their branded cards while not having to deal with the risks of consumers defaulting that are faced by the credit card issuers.

Rising defaults have led to mounting charges for the issuers, such as Citigroup Inc or Bank of America Corp, which are major clients of Visa and Mastercard. American Express is both an issuer and a payments company.

Governments around the world have bailed out many of the battered banks, making it more difficult for the credit card-payment networks to raise the prices they charge them for transactions.

"Most likely, the bottom line will benefit from cost cuts (rather) than growth in volumes," said Michael Kon, an analyst at Morningstar

"The companies have not been run very tightly and there is room to cut," said Standard & Poor's analyst Stuart Plesser.

The article goes on to say that Visa, which slashed expenses as part of a restructuring plan to integrate the former U.S., Canada and international operations into one company, has accelerated the pace and expects to finish that plan -- which will save $300 million in 2009 -- a year earlier than expected.

Editor's Note:  I didn't see where they stated they'll increase prices, however, that usually happens in April anyway when new Interchange Rates come out.   It'll be interesting to see what happens this year when the new rates are released.  Regardless, if you'd like to save up to 100 basis points off of Interchange, you can make the switch to HomeATM's E2EE Internet PIN Debit platform.  

, , , ,

Prepaid Not Good Solution to Combat Fraud

Yesterday I touched upon an article in the about whether or not Prepaid Cards could keep fraudsters at bay. She wondered if prepaid cards were the solution to rampant fraud.  In that post, which I entitled "Can Prepaid Cards Be Loaded by Hackers?" I stated that I didn't think so, because it is much easier to produce a $50.00 counterfeit prepaid card than to produce a counterfeit $50 bill.  Therefore I imagined that hackers have probably got close eye on the prepaid industry. 

As it turns out, only one day later, there's a report that prepaid Visa gift cards are being targeted by the bad guys.  Here's that video report from KTEN.

Visa Gift Cards Turned into Phony Credit Cards

Reblog this post [with Zemanta]

Tales from Encrypt

Prediction: "Encryption" is going to wind up being one of the biggest buzz words of 2009.  End to End Encryption (E2EE) more specifically.   There are some seriously nasty hackers with some seriously nasty approaches and companies that don't secure their data are, simply put, the walking dead.  

Last week I posted about a company named  Voltage Security who announced that their SecureData program now provides end-to-end-encryption or E2EE.  (I also made mention of the fact HomeATM has provided E2EE since January of '07, so it's been a buzz word for us at HATM for quite a while now) 

Yesterday Voltage Security announced that Wells Fargo has agreed to implement
Voltage SecureMail™, their Identity Based Encryption email solution.  That's not only a "good get" for Voltage, but it probably paves the way to "securing" other Financial Institution's as clients.    Watch out for Zombies! 


Voltage Security Protects Email at Wells Fargo
Palo Alto, CA --  Voltage Security, the global leader in information encryption, today announced that Wells Fargo & Company, (NYSE: WFC), has selected and deployed Voltage SecureMail™ to secure email communications between Wells Fargo team members, customers, vendors and extended business partners.

Voltage SecureMail was selected and deployed by Wells Fargo because of the following:

1. Ease of adoption by team members, and customers.
2. Lowest total cost of ownership; there are no directories, certificates, or duplicate systems to manage.
3. Ease of Integration with the pre-existing messaging environment.

“We see secure communications as a mission critical part of our overall business strategy and a valued service to enable our customers to interact with the bank,” said Steve Ellis, executive vice president of Wells Fargo’s Wholesale Services Group. “With Voltage, our team members, customers, and business partners can interact online in a secure simple manner,” said Ellis.

“Wells Fargo’s deployment of
Voltage SecureMail has quickly grown to be one of the largest use cases of secure email in the world,” said Sathvik Krishnamurthy, president and CEO of Voltage Security, Inc. “Voltage SecureMail, powered by Identity-Based Encryption (IBE), is the only solution that scales to this level across very large, complex extended business networks,” continued Krishnamurthy.

In the past, secure email systems at the financial services company went largely unused because inherent complexities in the user experience. Voltage provided a solution that is essentially invisible to internal team members and extremely easy to use for external recipients.

About Voltage Security
Voltage Security, Inc., an enterprise security company, is the global leader in information encryption. Voltage solutions, based on next generation cryptography, provide encryption that just works for protecting valuable, regulated and sensitive information persistently and based on policy. Voltage delivers power, simplicity and the lowest total cost of ownership in the industry through the use of award-winning Voltage Identity-Based Encryption™ (IBE) and a new breakthrough innovation: Format-Preserving Encryption (FPE). Voltage Security offerings include Voltage SecureMail™, Voltage SecureData™ and the Voltage Security Network™ (VSN), an on-demand managed service for the extended business network.

Voltage Security is the number one OEM provider of email encryption technology in the world with OEMs that include Microsoft, Proofpoint, Secure Computing, Sendmail, Canon, Code Green Networks and NTT Communications. The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government, such as American Board of Family Medicine, Diebold, Integro Insurance Brokers, NTT Communications, SafeAuto Insurance, Winterthur Life UK Ltd. and XL Global Services. For more information please visit


Source: Press Release

Reblog this post [with Zemanta]

Disqus for ePayment News