Wednesday, March 11, 2009

Top 10 Most and Least Admired Companies - Fortune

Rank        Company                      Industry Rank

1 Apple 2
2 Walt Disney 1
3 Google 1
4 Nike 1
5 Medco Health Solutions 1
6 Herman Miller 1
7 2
8 Goldman Sachs Group 1
9 Integrys Energy Group 1
10 Graybar Electric 1

WORST (Least Admired)

1 Dillard's 10
2 Sears Holdings 9
3 Circuit City Stores 11
4 Family Dollar Stores 8
5 PEMEX 14
6 McClatchy 7
7 National City 12
8 Surgutneftegas 14
9 ONEX (Celestica) 10
10 US Airways Group 12

From the March 16, 2009 issue

363 Top Rated Companies

High-Tech Criminals Target ATMs to Steal Vital Personal Financial Information From Customers

ADT Offers New ATM Security Technology to Combat 'Skimming,' Which Results in Millions of Dollars of ATM Fraud Losses

BOCA RATON, Fla., March 11 /PRNewswire/ -- Skimming - a way criminals use high-tech electronic tools to capture personal financial information and steal money from automated teller machine (ATM) customers - is one of the financial industry's fastest-growing crimes, according to the U.S. Secret Service.

Also, the worldwide ATM Industry Association (ATMIA) reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

"But perhaps the most significant skimming cost to financial institutions is the damage to their reputation and the loss of customer confidence that accompanies the theft of personal financial information," said Hank Monaco, vice president for ADT Security Services.

ADT is introducing to North American financial institutions its Anti-Skim(TM) ATM Security Solution that helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

In a matter of seconds, criminals can place a skimming device on an ATM card reader that blends in with the machine's appearance and does not interfere with its operation. A small wireless camera, concealed near the ATM fascia, is also used to capture the user's personal identification number (PIN) as it is entered. Information from the device and camera is sent wirelessly to the criminal's laptop computer. The ATM user typically has no idea that his or her information has been compromised.

Criminals use the stolen data to "cash out" debit card accounts, clone duplicate credit-debit cards or sell personal financial information to worldwide crime syndicates. Several high-volume transaction ATMs in an area can be targeted in just one day.

Boca Raton Police Chief Dan Alexander said identity theft and related offenses such as ATM skimming are a serious concern in the community. Boca Raton Police will begin a campaign through its Viper program to help raise awareness among residents. Tips will include how to protect your identity from criminals.

"The Strike Out Identity Theft campaign is a perfect example of how community partners such as ADT can work in conjunction with law enforcement to help protect the public," Alexander said.

To help reduce ATM skimming, the ADT solution is installed inside an ATM near the card reader, making it invisible from the outside. The technology helps prevent card-skimming attempts by interrupting the operation of the illegal card reader. The solution also detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. For effective, layered ATM security, the ADT solution can trigger a silent alarm for command center response and can coordinate video surveillance of all skimming activities.

The ADT Anti-Skim ATM Security Solution:

* Helps protect the integrity of cardholders' personal financial information during ATM transactions.
* Can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities.
* Requires no software adjustments to the ATM.
* Does not connect to or affect the ATM communications network.
* Has more than 40,000 successful ATM applications worldwide.

ATM operators should take advantage of anti-skimming solutions, according to Lana Harmelink, ATMIA's chief executive officer, the Americas.

"Skimming is a problem that will continue to grow until available technology is employed to bring it under control," she said. "The technology exists today to help defeat the problem."

Monaco said a recent study by Harris Interactive reported that 67 percent of U.S. adults who use financial institutions with ATMs would likely switch after experiencing ATM fraud or a data breach.

"This survey highlights the important role that the ADT Anti-Skim ATM Security Solution can play in helping secure consumer confidence in ATM transactions," he said. "ADT already helps to protect tens of thousands of retail banking facilities, operations centers and ATM operations with a variety of intrusion, access control and video surveillance systems. Our new anti-skim solution adds another layer of protection for financial institutions."

About ADT Security Services

ADT Security Services is a unit of Tyco International and part of ADT Worldwide, the world's largest security provider. In North America, ADT provides electronic security services to nearly five million commercial, government and residential customers. ADT's total security solutions include intrusion, fire protection, video systems, access control, critical condition monitoring, home health services, electronic article surveillance, radio frequency identification (RFID) and integrated systems. ADT's government and commercial customers include a majority of the nation's Fortune 500 companies, all U.S. federal courthouses and over 70 mid to large airports. Headquartered in Boca Raton, Florida, ADT has more than 24,000 employees at approximately 240 locations in the U.S. and Canada. More ADT information is at

SOURCE ADT Security Services

Reblog this post [with Zemanta]

New Wave of Internet Acquisitions May Be Ahead

New Wave of Internet Acquisitions May Be Ahead
Large companies will buy smaller firms for their technologies instead of investing in R&D.   by Alex Goldman:

A new report from J.P. Morgan suggests that the future of Internet business starts with consolidation in 2009, as the biggest companies buy the best of the small.

With the economy approaching zero or even negative growth, Internet companies are still under pressure to grow -- and the only way to do so is through acquisitions, J.P. Morgan Analyst and Managing Director Imran Khan wrote in a report.

Large companies have every reason to put money into mergers, he added.

For one reason, the stock price of smaller companies (those with market capitalizations under $1 billion) is getting cheaper, while the stock of larger companies (those with market caps over $5 billion) is not. While large companies' stock prices remains close in value now to their value at the start of the year, the stock of small companies has fallen in value by 23 percent, on average -- potentially making them a steal.

At the same time, acquisitions would give large companies access to the fruits of smaller companies' research and development, which is becoming increasingly critical as they trim their own research budgets. According to Khan, large companies have decreased the rate of growth of investment in R&D from 25 percent a year ago to a projected 9 percent this year...

Continue Reading at Internet

Reblog this post [with Zemanta]

Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012

Merchant Risk Councils Platinum Day - Afternoon Sessions
by Allen Weinberg - Glenbrook Partners Payments Views

Allen Weinburg, from Glenbrook Partners, who is blogging about the Merchant Risk Council's Las Vegas conference, wrote an article in Payment Views entitled: "Is Now the Time For Online PIN Debit?"

Mike Strada, from Chase Paymentech predicts that PIN Debit on the Internet will be the most widely used payment mechanism on the web by 2012.  I agree

Allen also talks about 4 solutions, and whether 3D Secure might be just as good, if not a better solution. I took a moment out of my morning to leave a comment ascertaining that the answer is probably yes...for all but one.

Allen WeinbergIs Now the Time for Online PIN Debit?

This session was presented by MikeStrada from Chase Paymentech. Mike is a fan of online PIN debit,especially the notion of giving merchants more choices. His discussionfocused on the different options the 12 North American debit networksare exploring.

Several of the debit networks are exploring PIN debit, some aren’t.ACCEL, NYCE, PULSE and STAR are doing PINless debit for utility andother low risk payments. Mike explained that these are the 4 networksthat are exploring PIN debit on the Internet. Three of these four (allexcept STAR) have recently announced PIN debit pilots.

Mike maintains that PIN debit forecommerce transactions could provide some incremental sales lift formerchants, especially since 14% of debit cards are “ATM only” – i.e.,they don’t have a MasterCard or Visa logo on them and thus can’t beused for general ecommerce transactions.
Mike explored the pros and cons of the four alternatives:
  • Acculynk (formerly ATM Direct, previously owned bynow-defunct Pay By Touch). ACCEL, NYCE and PULSE have all signed LOIsto do pilots with Acculynk. Mike thinks two more debit networks willannounce pilots within the next 90 days.
  • Safe-Debit (the same name of the program NYCE wentto market years ago using a CD ROM token). This iteration is usingVerient’s platform to redirect the user to the customer’s home bankingsite for authentication. In this case, the cardholder is sent a onetime PAN for use at the merchant site. Hoping to do a pilot in firsthalf of 2009. This, of course, requires a redirect which scares a lotof merchants due to the increased risk of abandoned shopping carts.
  • Claerity – technology allows consumer to registercell phone number with their DDA FI. The bank, via the network, sendsone time password back to cell phone which the shopper enters onmerchant checkout page. Network compares the onetime password sent tocell phone with the one issued to the consumer. Not clear who will bearthe cost of the SMS message. Hoping for a 2009 pilot, but unclear if ontrack.
  • Home ATM – Canadian firm distributes USB PIN padthat has a mag-stripe card reader and encrypts data. Has a distributionagreement with Microsoft, but no announced pilots.
Mike acknowledged one of the big issues that Glenbrook encounterswith our merchant clients – critical mass and the challenge of gettingonline merchants adopting two or three (forget four or more) differentprocesses. Our clients tell us they’ll consider it when the networksadopting a particular approach/technology bring critical mass ofcardholders in aggregate. My sense is that STAR has critical mass untoitself. The next 3 largest networks (assuming Interlink and Maestrowon’t play) would need to converge on a solution to bring critical massto market. Just my opinion, but Mike doesn’t think standardization willhappen in the foreseeable future, and Paymentech has decided to moveforward anyway.

Mike/Chase Paymentech is predicting that be the end of 2010, most ofthe major networks will implement online debit products (excluding, ofcourse, Interlink and Maestro), with transaction pricing somewhere inbetween physical POS interchange and online Visa/MasterCardinterchange.

Mike also predicted that by 2012, online PIN debit could be the mostwidely used payment mechanism on the Internet.

The operating rules forhandling online PIN debit transactions haven’t been worked out, butthey’re working on it. He acknowledges that the rules really should be,and probably will be standardized across networks.

ChasePaymentech has agreed to do a pilot with Acculynk (and is looking for merchants to participate).

Of course there’s the fraud risk associated with these new products(Mike acknowledged it, but didn’t spend much time on this area).

Mike feels the consumer proposition is one of safety, security, and identity theft protection.

One question I have is whether 3D Secure technology could do just aswell as the above four products/technologies mentioned above. Mikethought that it probably could, but he wasn’t aware that any of thedebit networks had considered that path (could mitigate merchantadoption problem).

The merchants in the audience were somewhat skeptical on a number offronts. For example, how to deal with split shipments that span theauthorization time frames. They worried about consumer valueproposition and recalled all the issues they encountered with 3DSecure, particularly how the banks/issuers didn’t do as good a job asthey needed to educating their cardholders.

{ 1 comment… read it below or add one }

John B. Frank 03.11.09 at 5:50 am

Your comment is awaiting moderation.

You questioned whether 3D Secure Technology could do just as well asthe four products/technologies mentioned above. You pose an interestingquestion, but I want to point out that you cannot lump those fourtogether, as there is one key distinction. 1 uses a hardware device.The other 3 are software-based.

Which leads me to ask a pertinent question… How is it even“possible” to “securely” process a PIN Debit transaction WITHOUTHardware? (a magnetic stripe reader and PED) If a software applicationis utilized, then, by definition, it is a Card Not Present transaction.Thus a software based approach “cannot ” be a pure PIN Debit play…asthe card “must” be present in order to process the track data locatedon the magnetic stripe.

Remember…all PIN-based transactions “require” the submission ofvalid track data in order for the PIN to be properly decrypted. Withouttrack data, PIN submission becomes unnecessary and the transaction isbetter submitted as a manually-entered credit card transaction (withouta PIN), therefore 3D Secure would be just, if not more, effective.

For a true PIN Debit transaction to occur, a developer mustimplement PIN support as part of the submission process. Without trackdata, it becomes impossible to encrypt or decrypt PIN numbers (becausethe magnetic stripe data is used as part of PIN encryption/decryption).If track data is not submitted, a debit card transaction becomesimpossible and the transaction becomes a manually-entered credit cardtransaction.

That said, I would have to agree with Allen when he says there’s afraud risk associated with these new products (the lone exception beingthe one who utilizes a hardware “SwipePIN” device capable of not onlyproviding: E2EE, 3DES DUKPT, but also encrypting the Track 2 data aswell.) Track2 = PAN+Separator+Expiry Date+ServiceCode +Pvk Index+ PVV +CVV

Is it a coincidence that the event is called “The Merchant RiskCouncil” and although Mike Strada “acknowledged the risk of fraud… “hedidn’t spend much time on it?”

PN Debit card transactions require the availability of two (unlessyou combine them into one) hardware device(s): a PIN pad and a magneticstripe reader. Unless both a PIN pad (which is configurable with aworking key) and a magnetic stripe reader are both available andoperational, these debit card transaction examples cannot be applied asa PIN Debit card transaction requires both track data and an encryptedPIN to proceed.

Therefore, the only logical conclusion is that a Hardware device isrequired, not optional. What’s the big deal with a hardware deviceanyway? Did you ever have to charge your cell-phone…sometimes ahardware accessory is necessary to protect the Holy Grail. (PIN’s)

Otherwise the Heartland Breach will pale in comparison to what willhappen if people start putting their PIN’s into a software-basedapplication. The writing has never so clearly been written on any wall.

Where am I wrong here? Where is Avivah Litan wrong? Where are theSociety of Payment Security Professionals wrong? I’m dying to know,because I was a founding shareholder in Pay By Touch and could havebought ATMDirect out of the PBT bankruptcy “cheap.”.

You mean to tellme that PayPal will fork out nearly $1 BILLION for Bill Me Later butsaid “later” when it came to forking out $600K for ATMDirect?  If so,and PIN Debit is the most widely used payment mechanism on the internetby 2012, (as Mike Strada/ChasePaymentech predicts) then not evenbidding on ATMDirect will go down as one of the biggest mistakes inPayPal/Ebay history. (and mine)  But I think we're both fine...

TAGS: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Reblog this post [with Zemanta]

Disqus for ePayment News