Wednesday, April 1, 2009

Cybercrime Jumps by (33%) a Third Last Year

Web crime jumps by a third last year

By Carol Cratty
CNN Senior Producer

WASHINGTON (CNN) -- Internet-based rip-offs jumped 33 percent last year over the previous year, according to a report from a complaint center set up to monitor such crimes.
The report said that about 77.4 percent of perpetrators of Internet fraud were men.

The report said that about 77.4 percent of perpetrators of Internet fraud were men.

The total dollar loss from those crimes was $265 million. That's $26 million more than the price tag in 2007, the National Internet Crime Center said. For individual victims, the average amount lost was $931.

"This report illustrates that sophisticated computer fraud schemes continue to flourish as financial data migrates to the Internet," said Shawn Henry, the FBI's assistant director of the Cyber Division.

Americans filed 275,284 reports claiming to be ripped off on the Internet, the highest number reported since the center began keeping statistics in 2000.

The dollar loss has been on a steady increase since 2004, while the number of cases referred to law enforcement has decreased steadily since that same year.

Continue Reading at CNN
 More in Related Articles Below:

Reblog this post [with Zemanta]

Credit Card Data Inadequately Protected - Retailers

Retailers: Credit card data inadequately protected

by Stephanie Condon

WASHINGTON--The self-regulatory system credit card companies havecreated to protect consumer data sacrifices some consumer protectionsfor the sake of conveniencing the credit card companies and theirfinancial institution partners, retail representatives told CongressTuesday.

In light of recent data breaches that have compromised consumer information, such as the potentially massive 2008 Heartland Payment Systems breach,some congressmen are questioning whether the Payment Card Industry DataSecurity Standards, created and regulated by credit card companies, aresufficiently protecting information.

The credit card industry maintained at a congressional hearing Tuesdaythat self-regulation is effective, pointing out that since the PCIstandards were published, security breaches have occurred only when anentity is not fully in compliance with the standards.

"I have no doubt that compliance to PCI standards are the bestline of defense," said Robert Russo, director of the PCI Data SecurityStandards Council. "We have never found a breached entity to be in fullcompliance at the time of breach."

Yet representatives of the retail industry told a panel of theHouse Homeland Security Committee that when the credit card industryestablished the PCI standards in 2004, it did so mainly to reallocateits own fraud costs.

"In our view, if you peel off all the layers around PCI datasecurity standards, you will see it for what it is," said Dave Hogan,senior vice president and chief information officer for the NationalRetail Foundation. "In significant part, (it is) a tool to shift riskoff the banks' and credit card companies' balance sheets and place iton others."

Continue Reading at CNet News

Reblog this post [with Zemanta]

PayPal Says Online Fraud Rising - WSJ Blog

Web 2.0 Expo: PayPal Says Online Fraud Rising in Recession - Digits - WSJ
By Geoffrey A. Fowler

EBay’s PayPal kicked off the Web 2.0 Expo in San Francisco Wednesday with a frightening presentation on the “arms race” between online fraudsters and online retailers and shoppers.

Online fraud is becoming so lucrative, said Katherine Hutchison, PayPal’s senior director of global risk management, that it has developed into an industry with specialized players that hire each others in areas such as harvesting credit card numbers and freight forwarding. “A single professional thief doesn’t have to have all of the skills needed to commit fraud,” she said.

Here’s one trick: fraudsters use telephone services designed for the deaf to get an operator with a friendly (and middle-American) sounding voice to make calls on their behalf to a call center. “The telephone operator could realize this is very likely to be fraud, but they are legally blocked from saying anything other than what the person placing the call tells them to say,” said Hutchison.

Old techniques to track down fraudsters are becoming less helpful, she added. For example, e-commerce sites regularly check the location of an IP address making a purchase to see if they’re coming from a known high-risk place or see if they’re trying to buy something far away from where they’re asking for it to be delivered. But increasingly fraudsters hide their location by using satellite-based Internet service providers, or use “zombie” computers to reroute their traffic so it looks like it is coming from someplace harmless.

Worse, the recession seems to be contributing to the problem. Hutchison said that consolidation of the banking industry has confused consumers and made many them susceptible to attacks from fraudsters who got them to hand over account information by pretending to be from a new bank that needed to confirm their address and other account details.

Layoffs of technically minded people around the world are also contributing to a spike in sophisticated online fraud, she said. “You always see white collar crime go up when we have a recession,” said Hutchison.

PayPal makes money by selling a transaction service to e-commerce sites and consumers that make them feel more secure with online sales, so the company has a stake in all this. But Hutchison admits that efforts to stop fraud can cause problems for businesses if they go too far, by annoying or turning away legitimate customers, especially outside of the U.S.

“There are some legitimate Nigerian shoppers, but it is very difficult to shop on the Internet if you live in Nigeria,” said Hutchison.

Reblog this post [with Zemanta]

On Terrorism and Credit Card Fraud

Counterterrorism Blog: My Written Statement for Congress on Credit Card Use by Terrorists

By Andrew Cochran

Yesterday, the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the U.S. House Committee on Homeland Security held a hearing titled, "Do the Payment Card Industry Data Standards Reduce Cybercrime?" The subject of the hearing was to examine whether data security requirements for businesses that store, process, or transmit personal information during Internet payments provide sufficient protection against data breaches, fraud, and terrorism. The subcommittee invited me to submit a written statement on the use of credit cards by terrorists. My statement quoted from and summarized posts by Contributing Experts Dennis Lormel, Matthew Levitt, and Michael Jacobson, and included information from our panel on February 29, 2008, “Meta-Terror: Terrorism and the Virtual World,” with Contributing Experts Evan Kohlmann and Roderick Jones and the Senior Vice President and Chief Technology Officer of VeriSign. You can download my three-page statement, and here is an excerpt:

Credit cards are extremely vulnerable to fraud and are used extensively by terrorists. The internet not only serves as a learning tool for terrorists but also functions as a mechanism to steal credit card information through hacking, phishing and other means. In many instances, when terrorist operatives are apprehended, they have multiple identifications and credit cards in a variety of names in their possession. The terrorists who executed the devastating 2004 Madrid train bombings, which killed almost 200 people, and who carried out the deadly July 7, 2005, attacks on the transportation system in London were self-financed, in part through credit card fraud.

Younes Tsouli, aka “Terrorist 007,” and his two associates, Waseem Mughal and Tariq al-Daour, used computer viruses and stolen credit card accounts to set up a network of communication forums and web sites that hosted everything from tutorials on computer hacking and bomb making to videos of beheadings and suicide bombing attacks in Iraq. They raised funds through credit card information theft and fraud, which were used to support the communications, propaganda and recruitment for terrorists worldwide, as well as to purchase equipment for Jihadists in the field. One expert described their activities as “operating an online dating service for al-Qaeda.” The three men pled guilty to inciting terrorist murder via the internet.

• Stolen credit card numbers and identities were used to buy web hosting services. At least 72 stolen credit card accounts were used to register more than 180 web site domains at 95 different web hosting companies in the U.S. and Europe.
• On one computer seized from al-Daour’s apartment, some 37,000 stolen credit card numbers were found. Alongside each credit card record was other information on the identity theft victims, such as the account holder’s address, date of birth, credit balances and limits.

You can download the testimony by the witnesses from the hearing website. I appreciate this opportunity and thank the subcommittee chairwoman, Rep. Yvette Clarke, for the invitation.
April 1, 2009 06:20 AM Print

Reblog this post [with Zemanta]

40% of S/M Banks Unhappy with ACH System in North America

Finextra: 40% of small to mid-size North American banks not happy with ACH system - survey

01 April 2009

40% of small to mid-size North American banks not happy with ACH system - survey

Almost 40% of small and mid-sized banks in North America are not happy with their current ACH system, according to a survey for Fundtech.

The independently conducted survey of 70 payments professionals shows 60% of banks have seen an increase in revenue from ACH transactions over the last year and 48% recognise the potential of their systems as a source of revenue and competitive advantage.

However, the need for more sophisticated reporting and functionality in order to meet market, regulatory and economic demands, is putting pressure on banks' existing ACH systems, claims the vendor.

Half of respondents say inadequate reporting is an area of concern in relation to their ACH systems, whilst 27% cite insufficient automation.

Continue Reading at Finextra

Mazooma and DataCash Partner

DataCash, the U.K.'s market-leading payments service provider, announced a partnership with Mazooma, the first real-time online debit payment solution for U.S. consumers.

DataCash will offer Mazooma as a payment option for its global merchants. With Mazooma merchants of DataCash can offer their U.S. customers secure option to pay with cash online.

Mazooma enables customers to make online purchases without credit card by using their Internet bank account. The system does not require pre-registration which means that customers can use it immediately. Merchants in turn get instant authorization that allows them to ship the order at once. At present time Mazooma supports over 70% of all consumer bank accounts in the U.S. and has no jurisdictional limitations.

DataCash works with about 1,000 merchants across the globe and provides them with a single interface to process payments both on and offline. Its portfolio includes worldwide merchants from the retail, travel and telecommunications sectors.

Reblog this post [with Zemanta]

PCI DSS Gets Flayed at House Hearing

Jaikumar Vijayan, Computerworld

The PCI standard, long touted as one of the private sector's best attempts to regulate itself on data security, is increasingly showing signs of coming apart at the seams.

At a hearing in the U.S. House of Representatives Wednesday, federal lawmakers and representatives of the retail industry challenged the effectiveness of the PCI rules, which are formally known as the Payment Card Industry Data Security Standard (PCI DSS). They claimed that the standard, which was created by the major credit card companies for use by all organizations that accept credit and debit card transactions, is overly complex and has done little thus far to stop payment-card data thefts and fraud.

The hearing, held by a subcommittee of the House Committee on Homeland Security, also highlighted the longstanding bitter divide between retailers on one side and banks and credit card companies on the other over the role that the latter organizations should play in protecting card data.

In one of the bluntest denouncements of PCI DSS to date, Rep. Yvette Clarke (D-N.Y.), chairwoman of the subcommittee that held the hearing, said the standard by itself is simply not enough to protect cardholder data. The PCI rules aren't "worthless," Clarke said. But, she added, "I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure. It is not, and the credit card companies acknowledge that."
Much of PCI's limitations have to do with the static nature of the standard's requirements, according to Clarke, who said the rules are ineffective at dealing with the highly dynamic security threats that retailers and other merchants now face.

For instance, she pointed to the data breach disclosed early last year by Hannaford Bros. Co., which said that attackers had stolen card numbers and expiration dates by installing malware on servers at each of the Scarborough, Maine-based grocery chain's stores and capturing the data as cards were swiped at cash registers.

Hannaford was certified as PCI-compliant by a third-party assessor in February 2008, just one day after the company was informed of the system intrusions, which had begun two months earlier. That means the grocer received its PCI certification "while an illegal intrusion into its network was in progress," Clarke said.

Similarly, RBS WorldPay Inc. and Heartland Payment Systems Inc. were both certified as PCI-compliant prior to breaches that the two payment processors disclosed in December and January, respectively. Visa Inc. dropped Heartland and RBS WorldPay from its list of PCI-compliant service providers last month and is requiring them to be recertified, although it has said that merchants can continue to do business with the two companies in the meantime.

Clarke also blasted the credit card companies and card-issuing banks for continuing to use what she described as "1950s-era" payment systems. She called on them to make the investments that are needed to move away from magnetic stripe and signature transactions to the kind of approaches used in Europe and Asia, such as so-called chip-and-PIN techniques.

"The bottom line," Clarke said, "is that if we care about keeping money out of the hands of terrorists and organized criminals, we have to do more, and we have to do it now."

An independent governing body called PCI Security Standards Council LLC, with representatives from the credit card companies, banks and merchants, was set up to administer PCI DSS in 2006.

But Michael Jones, CIO at arts and crafts retailer Michaels Stores Inc. and one of the people who testified at Tuesday's hearing, said that the PCI rules appear to have been developed more "from the perspective of the card companies, rather than from that of those who are expected to follow them." As a result, he contended, the requirements aren't always about better securing...

Continue Reading at The Industry Standard

Reblog this post [with Zemanta]

Ingenico Warns About Contactless Technology

Press Release:

Ingenico warns contactless technology will divide the market

• 01 Apr 2009

LONDON — Ingenico, a provider of payment solutions, says contactless technology will split the retail market this year, improving sales figures for early adopters and costing those who shun the additional investment in this burgeoning technology.

According to a news release, in the last quarter Barclays issued its millionth Barclaycard, a contactless credit card, and announced the launch of contactless debit cards. Consumers are now driving the uptake of the card, unlike with chip and PIN in 2006.

But Ingenico warns that retailers must consider their customers’ payment expectations when investing in POS terminals this year. Those retailers who adopt contactless technology can expect swifter transactions, increased footfall and smaller queues.

“Consumers are demanding and have high expectations," said Gregor Rankin, Ingenico's marketing manager for northern Europe. "If they receive a new contactless card from their acquirer, they expect to be able to use it. It is not the case that every retailer in the U.K. has to invest in this technology today. However, for retailers that value customer service and demand the highest level of customer experience, it absolutely is something for which they should already have a strategy in place."

Rankin says in 2009, it will be important for retailers to differentiate themselves to drive customer loyalty.

"Obviously retailers planning to refresh their POS systems would be sensible to incorporate a contactless strategy into their deployment plan," he said. "Contactless terminals cost little more per unit than non-contactless versions. When you consider that it allows six times more transactions an hour than standard solutions, there is a strong case for investment. Retailers should consider what the right option for them is and make sure they aren’t missing a trick.”

Reblog this post [with Zemanta]

Great Article on Potential PIN Debit Hack

Banks face a bigger risk than robbery in high-tech heists

by Claude Solnik - Long Island Business News
Published: April 1, 2009

Bank customers know that if their ATM card is stolen, thieves could sneak money out of their accounts. But millions of dollars? In at least one case, bank robbers committed a massive global bank robbery with counterfeit ATM cards.

Last December RBS WorldPay, a payment processor, announced that as many as 1.5 million accounts had been compromised by thieves. But the robbers didn’t wreak havoc with everyone. They didn’t need to.

Hackers who hit RBS’s database, exposing a vast number of accounts to potential havoc, only copied about 100 cards. But it was enough to do a lot of damage.

They raised withdrawal limits
and otherwise altered codes so they could make $500 withdrawals in cities ranging from New York to Moscow and Hong Kong. By the time they were done, they had siphoned off $9 million in one day.

Long arm of the unlawful

RBS is the most recent case of bank robbery with a twist, but only one example of how banks’ reliance on technology in an interconnected world can put them at risk around the globe.

Tom Field, editorial director of Information Security Media Group, which operates and said robberies affecting U.S. banking customers now goes far beyond U.S. borders.

“This is an international issue,” Field said, citing ability to access networks worldwide. “For hackers are everywhere, they’re insiders, customers themselves.”

Field cited data vulnerability as a key concern, but the biggest threat to bank data today may not be within banks themselves. Field said it may be exposure to hackers breaching credit and debit card processors.

Continue reading at LIBN

Reblog this post [with Zemanta]

E.U. Drops Antitrust Case Against MasterCard

Published: April 1, 2009

BRUSSELS — The credit card company MasterCard has settled an antitrust case by agreeing to reduce fees that raise costs for retailers, European Union regulators said Wednesday. But MasterCard said that its measures were provisional, and that it would continue a broader battle over the level of the fees in court.

Competition Commissioner Neelie Kroes of the E.U. said the move by MasterCard could save money for retailers and consumers, particularly those shopping across European borders, and she underlined that the settlement was an element in a broad effort to encourage spending and give the economy a boost.

The agreement would “provide a fair share of the benefits to consumers and retailers,” she said. Ms. Kroes also warned Visa, another card company, it remained under investigation, and she said she would monitor the business practices of other payment card operators to ensure they also benefited retailers and consumers.

The European Commission ruled in December 2007 that MasterCard’s cross-border transaction fees broke European Union antitrust rules. That ruling could have led to steep fines on the company.

MasterCard appealed that decision to the European Court of First Instance, which still must make a determination on how it sets its so-called multilateral interchange fees.

The fees are paid between banks, but lobby groups for retailers have argued the levies inflate prices for shoppers.

Ms. Kroes said MasterCard had agreed cut its transaction fees to 0.3 percent for credit cards and 0.2 percent for debit cards. The company’s cross-border fees were significantly higher in 2007.

“We do not believe this level of interchange is adequate to sustain strong competition in the European payments industry,” Reuters reported MasterCard as saying Wednesday.

Reblog this post [with Zemanta]

Fallout from Heartland Breach Continues

Seamus McAfee, of has posted a great article on the Heartland Breach.  To read

Heartland data breach damages still mounting

in it's entirety, click here. 

What follows is an excerpt:

The breach

Visa's move is one in a long string of events since Jan. 20, 2009,when, after being alerted by Visa and MasterCard of suspicious activitysurrounding processed card transactions, Heartland announced thatmalicious software had compromised its data in 2008. The datapotentially exposed through this breach includes card numbers,expiration dates and other data from the card's magnetic stripe, and insome cases, the names of customers who used debit or credit cards atHeartland's network of 250,000 businesses.

Heartland has not disclosed the extent of the breach, but industryofficials have described it as one of the largest in history. Banksacross the country moved quickly and began sending out replacementcards, and advised consumers to watch their account statements moreclosely than ever.
The residual fallout continues:
  • Heartland faces dozens of lawsuitsin federal and district courts, including one from an investor whofiled a claim in the U.S. District Court of New Jersey, on behalf ofall Heartland investors who lost money in Heartland from August 2008 toFebruary 2009.
  • United Bank also responded to the breach by re-issuing several of their debit and credit cards to a list of consumers supplied by Visa. MasterCard has not re-issued any of its cards.
  • Visaand Heartland released statements assuring their customers thatalthough Visa was suspending Heartland, the processor was still validin the Visa system. According to both companies, it was in response torivals' attempts to capture customers with false claims that usingHeartland could result in fines or certification problems.
  • Heartlandannounced it has fallen subject to formal inquiries by the Securitiesand Exchange Commission, the Federal Trade Commission, the U.S.Department of the Treasury's Office of the Comptroller of the Currency,as well as an investigation by the U.S. Department of Justice.
  • Heartland's stock valuehas plunged since the announcement of the breach, hitting a 52-week lowof $3.57 on March 12, since hovering close to $20 a share in earlyJanuary.
  • Credit unions have been hit hard by the breach, most notably the Healthfirst Credit Union,which has incurred losses on 800 cards, or 57 percent of their totalissued cards, and fraud exceeding $70,000 as a result of Heartlandbeing compromised
  • As of Feb. 12, more than 600 U.S. institutions have been impacted by the Heartland data breach, according to a list kept by Bank Info Security.
According to American Banker,many banks and credit unions are pursuing lawsuits to compensate forthe cost to notify customers of the breach, re-issuing cards andrepairing accounts for those affected by fraudulent activity. Lawsuitsagainst breached companies have seen little success in recent years. In2007, TJX Companies agreed to pay $40.9 million in settlements to Visaissuers after announcing a breach with the agreement the banks wouldnot sue the retailer, but the case was never granted class-actionstatus...

Continue Reading at

Reblog this post [with Zemanta]

JCB International Appoints New President and COO

Tokyo, Apr 01, 2009 (JCN Newswire via COMTEX) ----JCB International Co., Ltd. (JCBI: undefined, undefined, undefined%), the wholly owned subsidiary of JCB Co. Ltd. (JCB: undefined, undefined, undefined%), announced the appointment of Mr. Koremitsu Sannomiya as President and Chief Operating Officer at its annual shareholders' meeting in Tokyo held today with immediate effect. Mr. Sannomiya succeeds Mr. Kenji Seto, who has served in the position since June 2007. Mr. Sannomiya will report to Mr. Tamio Takakura, Chairman and Chief Executive Officer.

Since Mr. Sannomiya joined JCB in 1985, he has greatly contributed toward the company's growth as a comprehensive payment solution provider, engaging in a wide array of JCB business encompassing international sales and marketing, corporate strategy planning, and strategic market development. During his 24-year career at JCB, Mr. Sannomiya had held a number of key positions, including Executive Vice President since 2000, providing visionary leadership in key areas and vital issues: corporate planning, supervising JCB's Next Generation System migration project, and developing emerging markets such as small value and utility payment. Prior to his appointment as President and Chief Operating Officer at JCBI, he served as Board Member, Executive Officer, and Head of Strategic Market Development Headquarters Division at JCB, where he helped to substantially expand the horizon of the credit card payment market in Japan by marketing new solutions and services, including widening the small value market with the QUICPay(TM: 67, 3.56, 5.61%) contactless smart card payment solution, and undertaking Eco-Action-Point program platform operations on behalf of Japan's Ministry of the Environment. Also, in the early years when JCB first took the path to go international as an independent brand and Japan's only international card brand, Mr. Sannomiya dedicated seven years to the company's International Department, and was involved in establishing the first JCB Plaza, the exclusive cardmember lounge now located in multiple major cities around the world, embodying the JCB brand service philosophy.

"It is an honor for me to be appointed to serve in this position. I feel deep respect and appreciation for our predecessors who have built up the JCB brand into a major international credit card brand, ever since their decision to go global as an independent brand in 1981. Moreover, I would like to express my gratitude and confidence in our partners, as today's JCB brand would be nothing without their understanding and cooperation", said Mr. Sannomiya.

"In recent years, we have experienced changes in the card industry in many countries and regions around the world, and consumer needs have become highly varied. JCB has a diverse and unique business as Japan's only international credit card brand. Taking advantage of our strength and experience, we would like to share with our partners worldwide new technologies, expertise in issuing and developing value added co-branding programs, and multiple business relationships with Japanese corporations. As JCB is a brand born in Asia, first we would like to enhance its footprint in this region through strengthening our issuing partnerships. In the Americas and EMEA, we will continue to increase the convenience of the JCB card by improving the acceptance network in response to customer needs."

JCB International Co., Ltd. (JCBI: undefined, undefined, undefined%), headquartered in Tokyo, Japan, is a wholly owned subsidiary of JCB Co., Ltd. (JCB: undefined, undefined, undefined%), also headquartered in Tokyo, Japan, the country's only international credit card brand. Aiming to maintain and expand the distribution of the JCB card, and to increase JCB brand value, JCB established JCBI to carry out operations related to the JCB brand, JCB cards, and JCB merchants outside Japan. JCB is also a major issuer of JCB cards and acquirer of JCB merchants as well as the JCB brand-holder. Under the leadership of Mr. Tamio Takakura, President and Chief Executive Officer, JCB is further strengthening its solution business going beyond the credit card business.

About JCB

JCB is a major global payment brand and leading credit card issuer and acquirer in Japan. JCB launched its card business in Japan in 1961 and began expanding overseas in 1981. Its acceptance network includes 12.76 million merchants and over a million cash advance locations in 190 countries and territories. JCB cards are now issued in 19 countries and territories, with more than 60.2 million cardmembers. As part of its international growth strategy, JCB has formed alliances with more than 350 leading banks and financial institutions globally to increase merchant coverage and cardmember base. As a comprehensive payment solution provider, JCB commits to provide responsive and high-quality service and products to all customers worldwide. For more information, visit: JCB statistics included in About JCB are as of the end of September 2008.


Kazumi Kinoshita
Corporate Planning
JCB International Co., Ltd.

Copyright (C: 2.7099, 0.1899, 7.54%) Japan Corporate News NetWork

Reblog this post [with Zemanta]

Gemalto Provides National e-ID Cards in Saudia Arabia

Gemalto provides national e-ID cards in Saudi Arabia - Security : News

By Datamonitor staff writer

A wallet-sized card embeds a microprocessor containing the cardholder's digital information

Gemalto, a provider of digital security services, has said that it is delivering electronic ID cards to the National Information Center, the IT entity of Saudi Arabia's Ministry of Interior.

Gemalto has said that the identification card phase two program extends the country's initial electronic ID initiative launched in December 2007. As part of the new contract, Gemalto will provide National Information Center (NIC) with electronic ID (e-ID) cards for the next three years, as well as support and maintenance for the centralized personalization center in Riyadh. The national ID card is mandatory for all citizens above 15 and valid for 10 years.

The company has also said that the Saudi Arabia national ID card is a wallet-sized card that embeds a microprocessor containing the cardholder's digital information such as demographics, facial image and fingerprints. It also features a bar code and an optical stripe to ensure enhanced security to citizens.

The national ID card can be used as a travel document to travel within all GCC countries. The e-ID card also offers authentication to enable citizens to prove their identity. Digital signature is also available through a Public Key Infrastructure application, said Gemalto.

NYCE! Metavante Acquired by Fidelity National!

Metavante purchased by Fidelity National for $2.94B (WTN News)

MILWAUKEE: Fidelity National Information Services and Metavante Technologies, today announced that the boards of directors of both companies have approved a definitive agreement under which FIS will acquire Metavante. Under the terms of the agreement, Metavante shareholders will receive a fixed exchange ratio of 1.35 shares of FIS common stock for each share of Metavante common stock they own. The pro forma enterprise value of the combined company is approximately $10 billion.

Editor's Note:  Fidelity National also owns eFunds, which is HomeATM's processing partner.  

Metavante owns the
NYCE Network, the fastest growing  ATM/PIN debit network.  (see chart, right)

NYCE "had" agreed to partake in an Acculynk PIN Debit Pilot. 

So what happens now?  Will PULSE stay in if NYCE pulls out, leaving only the Accel/Exchange, Network...which is the the  slowest growing EFT network to do the pilot? (again, see chart on right)

If you're going to the ETA Convention,
April 21-23, 2009, at the Mandalay Bay Resort & Casino in Las Vegas,
stop by to learn more about HomeATM's plans.  We'll be at the eFunds booth.

On a side note, and it's interesting to look back after today's announcement, the owner of the slowest growing EFT Network, Fiserve, and Fidelity National, both tried to buy eFunds last year and Fiserv lost.  Now Fidelity National owns THE FASTEST GROWING EFT NETWORK.  This could be a potentially fun year.  Don't forget to stop by the eFunds booth and say hello to HomeATM's CEO, Ken Mages and our COO, Mitch Cobrin. 

Back to the Metavante acquistion article:

The combination creates an opportunity for the company with enhanced growth prospects. FIS is a provider of core and transaction processing services, card issuer solutions and outsourcing services to more than 14,000 financial institutions worldwide. Metavante is a leading provider of banking and payments technologies to approximately 8,000 financial services firms and businesses. Together, the combined company will provide one of the most comprehensive ranges of integrated products and services, across more markets and more geographies worldwide than any other provider in the industry.

FIS and Metavante serve complementary customer bases and have highly diversified and recurring revenue streams. In 2008, the companies generated pro forma combined revenue of $5.2 billion, adjusted EBITDA of $1.3 billion and free cash flow of more than $500 million. As a result of the combination, FIS anticipates it will achieve cost synergies of approximately $260 million. The increased global scale and expected cost savings are expected to generate significant margin expansion. The transaction is expected to be accretive to adjusted earnings per share in 2010.

In prepared statements the companies said, "The combined scale, complementary product capabilities and market breadth of these two great companies will drive significant competitive advantages in the increasingly dynamic marketplace," stated William P. Foley, II, chairman of FIS. "This transaction will further strengthen FIS's competitive position as a leading global provider of technology solutions and enable us to generate increased value for shareholders and customers," added Lee A. Kennedy, FIS president and chief executive officer.

"By bringing these two companies together, we expect to accelerate revenue growth, drive higher profitability, and create greater financial flexibility for growth investments and acquisitions," said Frank R. Martire, Metavante's current chairman and chief executive officer. "In addition, the size, scope and geographic reach of the combined company will offer even greater opportunities to our employees, world-wide."

The leadership team will be comprised of executives from both companies with broad industry experience and strong management depth. Mr. Foley will serve as chairman of the board of FIS. Mr. Kennedy will serve as executive vice chairman of the board with responsibility for integrating the two companies, and Mr. Martire will be named president and chief executive officer of FIS. Reporting to Mr. Martire will be Gary A. Norcross as chief operating officer (current COO of FIS) and Michael D. Hayford as chief financial officer (current president and COO of Metavante). George P. Scanlon (current chief financial officer of FIS) will serve as executive vice president of finance. Following the completion of the transaction, the board of directors will consist of six FIS board members and three Metavante directors. FIS's headquarters will remain in Jacksonville, Florida.

The transaction will be structured as a tax-free reorganization whereby Metavante will be merged with and into a newly formed subsidiary of FIS. Based on the 1.35 fixed exchange ratio, FIS would issue approximately 162 million basic shares to Metavante shareholders. In addition, a simultaneous equity investment by affiliates of Thomas H. Lee Partners, L.P. and Fidelity National Financial, Inc. in FIS common stock will result in approximately 16 million additional newly issued shares. At closing, the combined company would have approximately 374 million fully diluted shares outstanding. The requisite Metavante lenders have agreed to waive their change of control provisions and permit the merger to proceed. After giving effect to the transaction, the combined company is projected to have approximately $3.8 billion of debt outstanding at closing, including $1.45 billion of debt to be incurred and assumed in connection with the acquisition and will have improved financial leverage and credit statistics.

The transaction is subject to approval by FIS and Metavante shareholders, receipt of regulatory approvals and the satisfaction of customary closing conditions. Metavante said that its largest shareholder, an entity affiliated with Warburg Pincus that currently owns 25% of the outstanding common stock of Metavante, has entered into a Support Agreement with FIS pursuant to which it has agreed, subject to the terms and conditions of the Support Agreement, to vote in favor of the transaction. Upon completion of the deal, Warburg Pincus will be the largest single shareholder of the new company with approximately 11% ownership and will have board representation. FIS and Metavante expect to complete the transaction in the third quarter of 2009.

Banc of America Securities LLC and Goldman, Sachs & Co. acted as financial advisors to FIS and Wachtell, Lipton, Rosen & Katz provided legal counsel. Barclays Capital acted as financial advisor to Metavante, while Kirkland & Ellis LLP and Quarles & Brady LLP provided legal counsel.

Fidelity National Information Services is a Fortune 500 company. They are a provider of core processing for financial institutions; card issuer and transaction processing services; and outsourcing services to financial institutions and retailers. FIS has processing and technology relationships with 40 of the top 50 global banks, including nine of the top 10. FIS is a member of the S&P 500 Index and has been ranked the number one banking technology provider in the world by American Banker and the research firm Financial Insights in the annual FinTech 100 rankings. Headquartered in Jacksonville, Fla., FIS maintains a strong global presence, serving more than 14,000 financial institutions in more than 90 countries worldwide. For more information on FIS, please visit

Metavante Technologies is the parent company of Metavante Corporation. Metavante Corporation delivers banking and payments technologies to approximately 8,000 financial services firms and businesses worldwide. Metavante products and services drive account processing for deposit, loan and trust systems, image-based and conventional check processing, electronic funds transfer, consumer healthcare payments, electronic presentment and payment, outsourcing, and payment network solutions including the NYCE Network, a leading ATM/PIN debit network. Metavante ( is headquartered in Milwaukee. Metavante and NYCE are registered trademarks of Metavante Corporation, which is the principal subsidiary of Metavante Technologies, Inc.

Reblog this post [with Zemanta]

It Might Be...It Could Be...IT IS! A Figment of the PIN-agination


An Internet PIN Debit Application Based on Software?

Without the Swipe, I've got a Gripe

Over the past couple of weeks there's been a lot of press regarding Acculynk's Internet PIN Debit solution. 

Curiously, not ONE journalist has shown the gumption to ask the most obvious that simply begs to be asked.  So, being a 3rd-rate blogger,  what the hell...I'll  ask it!  Here goes!

"Why do you call it an "Internet PIN Debit" solution when the card isn't  swiped?  Without the mechanism (hardware) to swipe the card, it's not PIN's a "Card Not Present" transaction.  And since there's no such thing as a Card Not Present PIN Debit transaction, I have two more questions!  1. What's the scoop?" 2. What are you trying to pull here?  (hint...has to do with wool over eyes)
Let me point out something I find profoundly amusing.  Digital Transactions, along with a host of others in the media, have apparently fallen hook, line and sinker for Acculynk's "software PIN Debit" propaganda.  The amusing part is this: Digital Transactions News reports on the payments industry, so they are a source of knowledge...and it's "that very knowledge" which simply cannot subconsciously allow them to "buy into" said propaganda.  They know the emperor is naked...yet they ooooh and aaaah about his "new close" 

Allow me to demonstrate how the subconscious exposes the truth.  (I'll use a picture because it's worth a thousand words!)

Take a look at the cover page to a Digital Transactions (on right) story on "PIN Debit Meets the Web" from last May.

What do you see? More specifically...

I ask you... "What's that device to the right of the LCD screen?

At first glance I thought it might be one of those "floating" PIN pads...and yes..I'm being sarcastic, maybe even sardonic.

But upon further examination (and sarcasm) ..well, allow me to quote the legendary Chicago baseball announcer Harry Caray...

It might be!
could be!
IT IS!...

A "Hardware" device!

Why?  Because PIN Debit transactions (and the Interchange Fees) are only available if the card is "SWIPED."  So what's all this stuff about a "software" based Internet PIN Debit offering?  It's a house of cards...not present!  (and no, I'm not being sarcastic...I B. Frank this time.

Here's an article on Merchant Account Fees.  Notice what it says about PIN Debit Transactions!...  Merchant Account Fees | Kelsey Publishing Knowledge Base  Merchant Account Fees - by Bobbie McKee

Whenever a merchant or a business owner is choosing a merchant account provider, looking at and trying to understand the numerous fees is always confusing. Let us try to look and try differentiate these dizzying fees.  The Discount rate makes up the majority of the costs when getting and paying for merchant account service. This is a fixed percentage amount that is deducted from the purchase cost or charged on every transaction. It usually range from 1.49 to 4 percent for every transaction...depending on the type of transaction.  Credit, Signature Debit, PIN Debit, Card Not Present etc. 

Transaction fees are charged by the processor to process each transaction. It is charged on every transaction, regardless of whether or not the transaction is approved or declined. It’s amount ranges from 20 to 30 cents.

"PIN Debit transaction fees are only applicable if cards will be swiped and only appy to debit cards. This is a fixed transaction fee and is usually around 70 cents."
Editor's Note:  Translation: In a transaction, whereby the card is "NOT SWIPED" is NOT a PIN Debit Transaction.  Plain and simple deductive reasoning. 

Thus...a software based Internet PIN Debit transaction, (whereby the card is not swiped) by definition, CANNOT POSSIBLY EXIST

Take the PIN Payments Blog's "Cannot Exist Challenge."  Go to Visa or MasterCard's Interchange Rate pages and try and locate that mysterious "Card Not Present - PIN Debit Interchange Fee".  If you have any trouble finding it, don't think it's because it's "elusive".   It's because a CNPIN Interchange Rate, just plain ole' doesn't exist bro!

Therefore, now that we all agree that there's no such thing as a software based PIN Debit solution, we have all just technically eliminated the power of the Software PIN Debit propaganda machine.  It never really existed in the first was simply a figment of the PIN-agination!...
Ironically, while the "house of cards" IS present..."the card itself"...ISN'T...therefore, neither is a software-based PIN Debit application.  Call it what you will, an alternative payment, a CNPIN (pronounced "SinPIN?"), propaganda, emperor's new clothes, etc...but what you CANNOT call it is a genuine PIN Debit transaction.  If a true Internet PIN Debit Solution is what you desire, only HomeATM can provide that with our PCI 2.0 certified PIN Entry Device. Period. 

What's that famous line from "Honest Abe?"  Oh, I remember...

"You can fool some of the people some of the time but you can't fool ALL of the people ALL of the time!" - HA!

Back to the article:  But first, let me tell you what's really going on here.  It took a Wal*Mart Antitrust Lawsuit against Visa and MasterCard to bring the lower PIN Debit Interchange rates to the bricks and mortar world.  Banks and V/MC don't like PIN Debit because the lower risk also brings with it, a lower interchange rate.  As it sits,  V/MC and the banks are making a KILLING on eCommerce transaction fees as CNP provides one of the highest Interchange Fees. 

Acculynk doesn't have PIN Debit rates because it's CNP.  Therefore the rates will be considerably higher.  They say it will approximate "signature debit" fees but look for the fees to be higher than that when they are eventually announced.  Still, the rates will be lower than the CNP rates currently being charged Internet Retailers.

Because the fees will be higher than "true" PIN Debit fees, it leaves more margin to share with the EFT networks and the financial institutions.  So, let's make the math simple.  If the rate is lower than current rates for the web, but higher than PIN Debit rates, then the difference can be shared with the EFT Networks and the Financial Institutions.  A third each.  Nice strategy, but it's an alternative payments strategy, NOT a PIN Debit strategy.  Let's call a spade a spade, shall we? 

Ex: Let's use a $200.00 sale on the web.  At afixed rate (quoting the article above, our fee would be .70 cents.  A2% rate would be $4.00 plus a minimum of a .20 cent transaction fee. (Call it $4.20 vs. .70 cents)  Wow...does that mean that a HomeATM transaction costs SIXTIMES less!  YES it does!

Now we can return our attention back to the article, which, "truth be told" isn't what this post is really about anyway.

Address Verification Service

Transaction Fee (AVS) applies only to merchants who are not swiping cards. AVS provides address and zip code lookup on the cardholder and reduces the possibility of fraud.

Daily Batch Fee is charged by some processors when merchants settle daily batch and transfer the settled fund into the merchant’s account. No transactions, no charged.

Monthly statement fee is charged at the end of each month. It is a fixed fee, regardless of the number of transactions made in a particular month.

The Internet Gateway Fee
only applies if you are using an Internet Payment Gateway. The gateway fee is a monthly fee assessed by the gateway provider and is usually billed directly by the provider.

Voice authorization fee
is only charged when you call in your transaction an 800 number. It is used if the terminal or software the merchant using is not working and the merchant need to perform an authorization.

Monthly Minimum Fee
is based on the merchant transaction and discount rate fees from the card sales every month. This is not an extra fee but a minimum amount that the processor or merchant account provider needs to have in fees.

Surcharge fee
can be under a different name like partially-qualified fees or non-qualified fees. These fees are additional discount rates that some cards are charged and may apply only on certain card types.

Application or set up fee
is only charged one-time. This is only charged when the account is setup. There are some merchant service providers who do not charge this fee anymore.

Programming/Reprogramming fees apply to retail merchants who have changed from one provider to another. For reprogramming, it is applied whenever there is a need to reprogram a piece of existing equipment software.

Annual fee
are sometimes charged by the providers.

Chargebacks and retrieval fees
are related to customer or issuing bank disputing a transaction that was processed. A large number of chargebacks can cause your merchant account to be dropped totally and leave you in a bind when trying to get another merchant account for your business. As a merchant, it is important that a merchant take the necessary steps to reduce and potentially eliminate the instances of chargebacks.

Cancellation fee
is significant cost in setting up and maintaining a merchant account for a business and this fee helps recoup some of those losses should a merchant cancel, especially in the beginning.

There are hidden or junk fees
that merchants are not aware of. Some of the hidden fee is for a merchant account provider to offer a teaser rate that is extremely low, but the teaser rate is just temporary and goes up after a few moths while the application is still in process.

Knowing and understanding the merchant account rates and fees will enable the merchant to identify the best service or account provider. It is also important to know the different fees, so that you know where you’re hard earned money go to.

Reblog this post [with Zemanta]

Disqus for ePayment News