Monday, March 2, 2009

E-Pay's Sticking a PIN in Paper

E-Pay’s Sticking a PIN in Paper
Bank Technology News | March 2009 - By John Adams

It’s too early to dig a grave for paper money, but new research from BAI and Hitachi Consulting suggest cash is increasingly loosing out to automated payment modes like PIN and SIG debit.


The joint “2008 Study of Consumer Payment Preferences” shows PIN and SIG debit account for 37 percent of consumer payments, with cash coming in at 29 percent.

And
PIN debit wins out over SIG debit by a 45 percent to 35 percent count.

Continue Reading at BTN

For more information on the "2008 Study of Consumer Payment Preference and how not only debit, but specifically PIN Debit rules the land, read the PIN Payments Blog coverage at:

Debit is King...Replaces Cash on Throne


Reblog this post [with Zemanta]

PIN the Blame on the Dynamic Duo(poly)


Consumers, merchants take aim at high rates and fees - Steve Arnold - The Hamilton Spectator

Canadians have always had a love-hate relationship with their credit cards, but in recent months there has been a lot more hate than love as consumers and businesses bristle at the way they feel abused by credit card issuers.

At the top of that list are sudden and drastic increases in interest rates and service charges, especially "hidden fees" paid by merchants who accept cards -- fees that end up being figured into the cost of a restaurant meal, CD or new suit.  Reaction to those moves has sparked an Internet campaign led by the Retail Council of Canada called StopStickingItToUs.com .

Consumer anger about high interest rates -- up to 28.8 per cent in some cases -- and fees for everything from cash advances to foreign currency transactions has been well publicized. Less known are the "back office" fees that drain billions from hard-pressed merchants.

Peter Woolford, vice-president for policy development and research at the Retail Council, says that's allowed to go on because two massive companies dominate the market and use that bulk to gouge their customers.

"Credit cards remain an effective and efficient way of paying for goods, but there are problems," he said. "In Canada we have a duopoly in place that's taking advantage of its dominance to gouge us.

"We've been hit with a whole series of measures that have quite substantially increased the fees merchants have to pay," he added. "They very clearly are not listening to us."

The credit card market in Canada is utterly dominated by Visa and MasterCard
. Between them they control 80 per cent of the business -- 68.2 million credit cards used to purchase $267 billion of goods and services in 2008. In 2007 there were 64.1 million cards in use.

It's a profitable business. Very profitable. For 2008, Visa International reported global earnings of $1.7 billion US from processing payments of $2.7 trillion. In its earnings news release, the company stated its profit growth was "driven by strong contributions from service fees, data processing fees, and international transaction fees."  In the fourth quarter alone those fees amounted to $788 million, up 8 per cent over the prior year. Data processing fees rose 18 per cent, to $548 million, and international transaction fees were up 45 per cent.  For 2008, MasterCard International reported a net profit of almost $1.1 billion on revenue of $4.06 billion.

Those fees are the focus of the Retail Council's campaign demonizing "big credit card companies" that bled $4.5 billion from consumers in 2007 to cover "lavish incentive programs and corporate credit card benefits, even if you don't have one."

In industry jargon it's called the interchange fee, a levy of up to 3 per cent of the sale that's supposed to cover the cost of processing the transaction. Trouble is, according to the StopStickingItToUs campaign, only 13 per cent of what's collected actually goes to cover processing costs. More than 40 per cent goes to the cost of credit card reward programs such as Air Miles.

Restaurateurs Ron and Leanne Ciancone, of the Ancaster Old Mill and Spencer's in Burlington, figure 90 per cent of the business in their dining rooms is paid with credit cards. The fees for these transactions take as much as $170,000 a year off their profit statements.

"The credit card companies can do that to you. It's all about how much power they have," he said. "Nobody seems too interested in doing anything about it."  "In some of these cases the credit card company is making more on a purchase than the merchant, and for no added value other than a way to pay," she said.

Editor's Note: HATM can help online retailers cut their Interchange Fees by up to 100 basis points while providing an exponentially more secure payment environment for your online shoppers.  Contact us to find out how to bring online debit to online shopping.

Related Stories from the PIN Payments Blog
PIN Debit Payments Blog: Use PIN to "Start Sticking It To Them"  Sep 12, 2008
If retailers, specifically Internet Retailers, truly want V/MC to "stop sticking it to them," they should be organizing a push for PIN debit and the lower fees and higher security it brings to the table. ...

Editor's Note: This is the third time I've posted about Retail Council of Canada's "Stop Sticking itTo Us" campaign. They certainly are an incessant group getting a lot ofpublicity for their cause. Here's the latest attack on V/MC as ...

Credit-card companies 'sticking itto' Canadians with high fees, retailers say; EU to Allow DebitInterchange For Now - ETA; Canada Keeps Fighting to Change Interchange;Use a PIN to "Stop Sticking It To Us"... Update on HR 5546 ...

In it, I mentioned that if all these organizations made the same effort to have their customers use PIN Debit, they would stop sticking it to themselves. Maybe HomeATM can start a coalition with Internet Retailers and their associations ...
Reblog this post [with Zemanta]

Who Needs an Ounce of Prevention...We Have 10 pounds of Cure!

Barclays bank has rolled out a contactless Visa debit card - ZDNet.com.uk

From Monday, Barclays customers will receive new or replacement cards containing RFID technology that will allow contactless transactions of up to ten pounds, without entering a PIN. (Editor's Note:  Limiting transactions to 10 pounds ($14.10 US) is not a testament to the security of the methodology is it?)

Cards will continue to be used for chip and PIN transactions and bank machine withdrawals.  (Editor's Note:  HomeATM uses the same bank rails used for bank machine withdrawals)

The protocol behind the contactless technology has not been made available to academic security researchers, according Cambridge University researcher Steven Murdoch, who expressed concerns that any security holes in the technology won't be found until after it has been rolled out.

"The problem with the UK contactless system is that it's secret, which means we have to reverse engineer it to point out vulnerabilities," Murdoch told ZDNet UK on Monday. "Contactless payment has been rolled out, but any security vulnerabilities will be pointed out after the banks can do anything about it."

Murdoch said that while security researchers were restricted from viewing the protocol, people with malicious intent would be able to view it.  "I'm sure crooks will have a copy of the spec," said Murdoch. "People can get hold of a copy if they sign a contract saying they will not make any reports [about the protocol]. Any criminals could get hold of a copy of the specification, but academics are at a disadvantage."

A Barclays spokesperson told ZDNet UK on Monday that there had been extensive third party testing of the contactless system, and said that security risks around contactless payments had been mitigated.

Editor's Note:  Yeah, by limiting transactions to 10 pounds.  The money that hackers could steal is only 1% of what they could get by hacking into a system where they could steal 1000 pounds.  So I suppose, in a bend it like Beckham way...that statement could be "bent" into somehow being being defended as true.

"Contactless is designed for small transactions, while users will periodically be asked for a PIN," said the spokesperson. "The card uses dynamic data authentication, in which a unique secret code is generated to authenticate each transaction, while the chip contains different information than the magnetic strip, to prevent cloning."

The Barclays spokesperson added that testers had concluded that it would not be economically viable for criminals to subvert the system.  "The cost of intercepting the information doesn't justify how much could be made out of the information," said the spokesperson.

(Translation:  Sure...we know it's not secure, but we limit the purchases that can be made with this insecure non-solution to 10 pounds, so that shouldn't interest the hackers.  They can  make more by concentrated on bigger payouts.  Who needs prevention"...we've got 10 pounds of cure!)

Cambridge University researchers have said they have serious security concerns about chip and pin payments systems. Researchers Saar Drimer, Ross Anderson, and Murdoch published a paper on Thursday detailing security flaws in the Chip Authentication Programme (CAP) used for UK payments cards. The main problem for the researchers was that the some UK online cards payments systems using readers had been optimized for usability, to the extent of sacrificing security
Editor's Note:  You simply cannot sacrifice "convenience" for security.  No way, no how.  Security needs to be first and foremost on the minds of payment industry professionals.   HomeATM understands that, which is why we implore online shoppers to "swipe" their own card information in our tamper-proof, PCI 2.0* PED providing a "dually authenticated," "3DES end-to-end encrypted" online debit solution. (with DUKPT)   Don't call us alternative...the "alternative" is entering your card information "manually"...and having it get intercepted and "swiped" by the bad guys. Swipe...don't Type. 

*HomeATM's personal SwipePIN device has been rigorously tested by Witham Laborities (1 of 8 certification outfits in the world) and found to meet or exceed PCI 2.0 requirements.  Our device and the Witham Lab's report has been forwarded through the proper channels for PCI. 2.0 certification. 

Reblog this post [with Zemanta]

CBN Orders Banks to Stop Issuing Magstripe Payment Cards

The Central Bank of Nigeria (CBN) has ordered banks to Stop issuing magnetic stripe payment cards by April 1st 2009.A magnetic stripe payment card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The magnetic stripe, sometimes called a magstripe, is read by physical contact and swiping past a reading head.

On the other hand is the Smart (or chip) card which is the latest in payment card technology. This is a plastic card containing a computer chip and enabling the holder to purchase goods and services, enter restricted areas, access medical, financial, or other records, or performs other operations requiring data stored on the chip.

It has a built-in microprocessor and memory used for identification or financial transactions. When inserted into a reader, it transfers data to and from a central computer. It is more secure than a magnetic stripe card and can be programmed to self-destruct if the wrong password is entered too many times. As a financial transaction card, it can be loaded with digital money and used like a travelers check, except that variable amounts of money can be spent until the balance is zero.

In a circular to all banks titled, “Extension of Timeline for Migration from Magnetic stripe to Chip plus PIN/EMV, signed by the Acting director, banking supervision department, Mr. James Olekah, the CBN stated that, “Recall that section l,4.2c of the e-banking guidelines issued in 2003 by the CBN stipulates that “in view of the demonstrated weaknesses in the magnetic strip technology banks should adopt the chip( smart card) as the standard, within five years”. The implication of this is that the timeline given to card issuers in the guidelines had expired as at the end of August, 2008. However, after due considerations of the concerns from the market and other stakeholders,

The National Payments System Committee agree to extend the deadline for the migration to Chip+PIN technology to April 1, 2009. You are by this circular required to cease the issuance of new magnetic strip cards with effect from April 1, 2009. However, previously issued magnetic should be withdrawn on expiration of the cards and not as at April 1, 2009. Please note that no new extension of the time would be granted, while failure to comply with this directive will attract severe sanctions which would include imposition of financial penalty and withdrawal of approvals.”

It would be recalled that recently, in anticipation of the directive of the CBN on Chip Cards, InterSwitch,Nigeria’s premier payment transactions switching company, introduced Verve card, a pan-African innovative chip and PIN (Personal Identification Number), EMV compliant payment card.

According to Mr. Mitchell Elegbe, Managing Director/CEO of InterSwitch, who spoke to journalists at the media launch of Verve card, the expected change from magnetic strip cards to chip & PIN platform, is what necessitated the release of Verve card into the financial market.

Elegbe said CBN’s directive was made in the best interest of banks, merchants and cardholders because existing magnetic stripe cards have minimal storage space, cannot store applications, offer little flexibility for new product development, are easy to duplicate and offer minimal security features.
With the release of Verve card, which can be used on mobile,

ATMs, PoS, Web and the Internet, Nigerian banks are expected to begin the conversion of 28 million cards in circulation to the chip & PIN platform since major payment card schemes in Europe, Middle East, South America and Africa have converted their cards to the secured smartcard platform.

However, Verve card on other hand is secured with integrated circuit chip (ICC) and can carry enhanced data. The ‘chip’ part refers to the
smart card-a plastic payment card with an embedded microp pocessor, which contains the same information as a magnetic stripe but it has additional processing capabilities and a secure memory. In developing the Verve card, Mastercard MChip 4 technology was adopted. The card has bigger storage capacity, offline PIN verification and can perform cryptographic calculations.

”The microprocessor can hold multiple applications where an application may be a specific brand of credit card, loyalty card, gift card, staff discount card, etc; so a cardholder could have credit and debit applications, loyalty applications and electronic ticketing on a single physical card”, Elegbe explained.

Specifically, Elegbe informed that Verve cards can hold information securely and is difficult to copy or alter. The security and EMV features in Verve card guarantees a higher level of security for payment transactions than magnetic stripe cards. Interswitch has also initiated eight other security initiatives; MoneyGuard (which allows cardholders send an sms from their phones to block their cards should they suspect any unusual activities), Fraud Watch (a portal and email for fraud reporting and information management, Fraud Guard ( a fraud management and transaction security system), Fraud Insure (card fraud Insurance), Fraud Team (Risk Management team), Identity Guard (Token based strong authentication), Fraud Aware (Cardholder Awareness Campaign) and Data Guard (EMV Mchip 4).



Reblog this post [with Zemanta]

TrialPay Review


Review: TrialPay can help you get freebies online
By RACHEL METZ  AP

NEW YORK (AP) — With the economy in the dumps, you might hesitate before buying discretionary goodies like video games or pizza. But what if you could get those things for free by doing something you might already be inclined to do — like signing up for a trial of Netflix or buying coffee from Starbucks.com?

Mountain View, Calif.-based TrialPay offers just that kind of a deal, which it bills as a win-win-win for consumers, merchants and advertisers. It probably won't change your buying habits dramatically, but it could help you get a (sort of) free lunch.

Here's how it works: Let's say you're perusing a movie ticket Web site. If that site is working with TrialPay, you might be presented with the option to get tickets not by paying for them directly, but simply by completing a purchase or trial offer with another company. If you're game, you can click to see a list of participating companies, such as Starbucks or Netflix. And if you agree you'll receive e-mailed instructions on how to get your free movie tickets.

As TrialPay's 27-year-old co-founder, Alex Rampell, describes it, the service is "kind of like PayPal for people who don't pay."

Rampell began building his own business in high school and college by selling shareware — software that you can generally download and try for free but are later prompted to pay for. He came up with the idea for TrialPay in 2004 as a way to get more consumers to "pay" for his software, after talking with a marketer friend who helped him realize how much companies are willing to shell out to acquire customers.

People might not be willing to pay for software, but they might be willing to pay for cat food, he mused. And if a cat food seller is willing to pay the software seller for sending it a customer, then the software seller could ostensibly give its product to the customer for free.

Most of the free items you can get through TrialPay retail for about $30 or less. And except for some deals, like one with pizza-delivery chain Papa John's, most are not physical goods.

Still, the model appears to be working. Since the company started in the summer of 2006, it has grown to include more than 7,500 merchants and about 2,000 advertisers. TrialPay makes its money by taking a cut of what the advertiser pays the merchant.

Continue Reading


Reblog this post [with Zemanta]

iPhone = Two-Thirds of All Mobile Web Traffic

Apple's iPhone now represents 66.61 percent of all mobile web traffic according to a new study issued by web solutions provider NetApplications.

Click Chart to Enlarge


The Java ME platform follows a distant second at 9.06 percent, trailed by Windows Mobile at 6.91 percent. NetApplications notes that despite the iPhone's commanding lead in mobile browsing share, both Android (6.15 percent, tied with Symbian) and BlackBerry (2.24 percent) are rapidly gaining market share--however, the report notes increases by Apple's rivals does not mean that iPhone web browsing is shrinking, as the overall market continues to grow rapidly. In all, mobile web browsing as a percentage of all web browsing is on the upswing and currently stands at 0.72 percent, up from 0.69 percent in January 2009.

Source: Fierce Telecom





Reblog this post [with Zemanta]

ID Theft Top Consumer Complaint - FTC


FTC Releases List of Top Consumer Complaints in 2008

The Federal Trade Commission on Friday released the list of top consumer complaints received by the agency in 2008. The list, contained in the publication “Consumer Sentinel Network Data Book for January-December 2008,” showed that...
  • for the ninth year in a row, identity theft was the number one consumer complaint category.
  • Of 1,223,370 complaints received in 2008, 313,982 – or 26 percent – were related to identity theft.
In December, the FTC called on the US Government to "extend two-factor authentication" (such as the application provided by HomeATM) standards deployed by banks to all private sector organizations that maintain consumer accounts, in a bid to combat rising levels of ID fraud.  (See: Dual Authentication for ALL Consumer Accounts - FTC

This report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the report sets forth the 50 metropolitan areas reporting the highest incidence of identity theft.

The report states that credit card fraud was the most common form of reported identity theft at 20 percent, followed by government documents/benefits fraud at 15 percent, employment fraud at 15 percent, phone or utilities fraud at 13 percent, bank fraud at 11 percent and loan fraud at four percent.

Reblog this post [with Zemanta]

Disqus for ePayment News