Wednesday, March 18, 2009

HomeATM "Officially" PCI PED 2.0 Certified

Here I sit at the 2009 Data Security Summit and Bob Russo, General Manager for the Payments Card Industry Security Standards Council is speaking.  While he's speaking, I get notified that HomeATM's SafeTPIN Personal Swiping Device has been officially PCI PED 2.0 Certified.  Coincidence?  I think not.  Try many, many man hours of hard work by the engineering department at HomeATM.  But, still...it's kind of cool that as I listen to him speak about the imporatance of PCI, we get our certification.  We agree Bob!

HomeATM is proud and honored to forever own the distinction as beingthe very first Online PIN Debit Solution to be PCI 2.0 certified.    More on this later...want to get back to Bob Russo's presentation. 

Irony abounds...at the 2009 Security Summit as we certified as reaching the summit of security. 


Click the picture on the left to enlarge or visit the PCI Security Standards Website at:


https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html?mn=&dv=&pv=3https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html?mn=&dv=&pv=3














Reblog this post [with Zemanta]

Dutch Biometric Initiative Cracked

Dutch payment by fingerprint initiative stopped

Dutch supermarket chain Albert Heijn has decided not to follow up on a trial with payment via fingerprint. The trial was conducted in an Albert Heijn branch in the town of Breukelen, near Amsterdam, where 580 participants were able to pay for their daily groceries using their finger print instead of cash or debit cards.

The trial, which lasted 6 months, was the first of its kind in the Netherlands, where more than half of all supermarket transactions are completed using a debit card. During the first weeks of the trial, experts already pointed out a number of security issues arising from the use of the fingerprint payment method. A security expert managed to pay using someone else’s finger print.

Albert Heijn has currently decided not to follow up on the trial, citing ‘security issues and vulnerability to fraud’. The participants however were enthusiastic about the payment method and applauded the fact that they could complete their purchases without needing their debit cards, cash or loyalty cards.


Researcher cracks fingerprint payment system

Security expert beats supermarket chain's payment system with fingerprint made out of rubber
Within weeks after its introduction , a security researcher has cracked the Tip2Pay fingerprint payment system for Dutch supermarket chain Albert Heijn. The researcher succeeded at paying for groceries by using a copied fingerprint.

The Tip2Pay system allows consumers to pay for their groceries through a fingerprint reader. Albert Heijn is the largest chain of grocery stores in the Netherlands and the namesake of Ahold, a global supermarket group with stores in Europe and the US that had annual sales of US$70.4 billion in fiscal 2006.
Security researcher Ton van der Putte, a retired employee for ATOS Origin who specializes in biometric security, successfully crafted a copy of a fingerprint out of rubber that was accepted by the Tip2Pay system. Staff members for the grocery store failed to detect the fraud. The method is easy to copy: typically a fingerprint left on a glass suffices to create a usable copy.

The hack hardly comes as a surprise. Security experts at the time of launch cautioned that the technology used by the store was insecure.  Albert Heijn, however, didn't seem too worried. The store in public comments has brushed away any security concerns.

Van der Putte has a long track record in biometric security. Since 1990 he has undertaken several experiments demonstrating that secure authentication through fingerprints requires additional security measures.

The Chaos Computer Club in 2004 also demonstrated that a stand-alone fingerprint can be easily copied. The club wrote a how-to guide with instructions on how to create a copy. Also, a system similar to the technology deployed by Albert Heijn was hacked last year in Germany.

BioXS, a firm specializing in biometric security, cautions that Albert Heijn's system was poorly designed.


The company worries that the failed experiment will wrongfully damage public trust in biometrics.
A spokesperson for Albert Heijn argues that the hack doesn't demonstrate a genuine security threat, because a registered user of the payment system voluntarily provided his fingerprint to the hacker. The company argues that therefore the hack compares to cloning an ATM (automated teller machine) card.

A company spokesperson told Webwereld, an IDG affiliate, that customers at no time will be at risk. The system has a daily spending limit and will compensate consumers if fraud is detected. Tip2Pay for now is run as a test. Albert Heijn expects to deploy additional security measures in case of a large-scale roll-out.






Reblog this post [with Zemanta]

Over 3 Billion P2P Transactions Occurred in 2008 - TowerGroup



TowerGroup: Noncash Person-to-Person Market Reaches $1.1 Trillion in 2008, Driven by Check Payments

Analyst Urges Financial Institutions to Leverage Existing Tools to Convert Declining Check Volume to Electronic Payments

Highlights from Report:

  • TowerGroup estimates the gross dollar volume (GDV) of the US noncash
    person-to-person (P2P) market in 2008 was $1.1 trillion, composed of
    over 3 billion transactions.

  • In 2008, checks represented over $1.013 trillion of the noncash P2P
    payments in the United States and cost financial institutions what
    TowerGroup estimates to be $255 million to process.

  • TowerGroup classifies P2P payments into five categories: repayment,
    account-to-account (A2A), family support, informal purchases, and
    informal services.

  • Spurred by the continued consolidation of financial service
    institutions (FSIs) and the establishment of new bank holding
    companies, A2A transfer volume will reach a projected $127 billion in
    2012, TowerGroup believes.

  • The P2P solutions available to financial institutions range from
    cobranding partnerships to private-labeled third-party solutions across
    multiple delivery channels and payment networks.

  • Financial institutions have the tools available to successfully target
    the P2P market and convert existing check volume to electronic
    alternatives.

    Editor's Note:  HomeATM is the "only" company in the world that can facilitate 3DES DUKPT Secure P2P payments in "real-time" at a fraction of the cost of methodologies currently being utilized.

NEEDHAM, Mass.--(BUSINESS WIRE)--New research from TowerGroup finds that the gross dollar volume (GDV) of the U.S. noncash person-to-person (P2P) market in 2008 was $1.1 trillion. Checks are in decline, but they remain the most significant payment method, amounting to over $1 trillion of the noncash P2P payments volume.

Defined by TowerGroup as a consumer-initiated transfer of funds to another consumer using multiple channels and payment methods, P2P payment methods1 have evolved over the past few years with the advent of the Internet and mobile devices. These payment channels are continuing to grow, as financial institutions look to offer alternative new methods to transfer payments using online fund-transfer modules and mobile platforms. P2P is becoming an essential ingredient for financial institutions as they look to attract a new audience that is interested in on-the-go solutions that are lower in processing cost and greater in functionality.

Despite the availability of these new payment methods, consumers continue to use checks, which represent a net loss to banks on an item basis. TowerGroup estimates that P2P check volume is declining at 10 percent year to year. More important, it is costing an estimated $255 million to process these transactions.

“Banks are losing money hand over fist as they absorb the processing costs associated with every check transaction,” said Jennifer Roth, research director in the Global Payments service at TowerGroup. “The advent of the Internet and mobile devices are driving financial institutions to innovate and adopt new, more cost-effective and convenient means for their customers to transfer and process payments. However, in order to garner additional P2P market share and convert checks to electronic alternatives, financial institutions must create simple, low-cost, and convenient alternatives with flexible funds accessibility.”

TowerGroup expects 2009 to be a crucial year for financial institutions to incorporate P2P solutions so as to retain customers and acquire new ones. To keep a competitive edge, institutions must expand the reach of their business beyond a branch footprint using solutions and options available today. These options range from cobranding partnerships with alternative payment delivery providers such as PayPal and Obopay to private-labeled third-party solutions across multiple delivery channels and payment networks.

Additional highlights of the research include:


  • Over 3 billion P2P transactions occurred in 2008.
  • In 2008, checks represented over $1.013 trillion of the noncash P2P payments in the United States and cost financial institutions what TowerGroup estimates as $255 million to process.
  • Spurred by the continued consolidation of financial service institutions (FSIs) and the establishment of new bank holding companies, TowerGroup believes, account-to-account (A2A) transfer volume will reach a projected $127 billion in 2012.

The TowerGroup Research Note titled “Noncash P2P Payments: Checks in Decline Still Rule the Roost,” is available to qualified members of the press for review. To request a copy of or to arrange an interview with Ms. Roth, please contact Erica Chase at 212-704-44693 or erica.chase@edelman.com.

About TowerGroup: TowerGroup is the leading research and advisory services firm focused exclusively on the financial services industry. A respected source for trusted information and advice, TowerGroup brings many of the world’s leading financial institutions, technology companies, and professional services firms a deeper understanding of the business and technology issues impacting their organizations. Headquartered near Boston in Needham, Massachusetts, and with offices in North America and Europe, TowerGroup serves a global client base. Visit www.towergroup.com for more information.

1 TowerGroup classifies P2P payments into five categories: repayment, account-to-account (A2A), family support, informal purchases, and informal services.

Contacts

Edelman for TowerGroup
Erica Chase, 212-704-4469
erica.chase@edelman.com
Permalink: http://www.businesswire.com/news/google/20090318005266/en



Reblog this post [with Zemanta]

Disqus for ePayment News