Monday, April 13, 2009

HomeATM at Booth 347 at ETA with FIS!

Preschedule an Appointment

For security purposes, please use a business e-mail and phone number.

Email Address:*
First Name:
Last Name:
Financial Institution:
Street Address:
What is a convenient time for our meeting?
What day are you available to meet?

Before the show
Tuesday, April 21
Wednesday, April 22
Thursday, April 23
After the show

Visit us at ETA Meeting & Expo April 21-23 at the Mandalay Bay Resort & Casino

Whenis the last time you went exploring for better processing opportunitiesand sponsorship options for your organization? You could just uncover products and services at lower rates than ever before.

Fidelity National Information Services® (FIS™), a proven leader increative merchant solutions, is offering insight into ways to expandyour company’s payment methods at lower interchange rates.

Stop by booth #347
during the ETA Meeting & Expo April 21-23 at the Mandalay BayResort & Casino and visit with one of our merchant experts. Whileyou are there, register for a chance to win a new iPod Touch.

Also be sure to check out FIS’:
  • Creative solutions to accepting PIN Debit for payment at Web-based merchant sites

  • Expanding payment options

  • Reduced interchange costs
Contact us today.

Give us a call at 877.482.8786 or send an e-mail to to schedule an appointment with one of our merchant professionals and we’ll give you a gourmet coffee card.

Reblog this post [with Zemanta]

Is that an ATM in Your Pocket?

An ATM in Your Pocket Can Be NYCE - 04..2009 - Bank Technology News Article
Editor's Note:  And a "REAL" ATM in your pocket can be NYCER yet!  (real-time balance inquiries, real time money transfers, real time payments, and a real time saver when it comes to swiping vs. typing!  That said, this is a great service from NYCE...

From BTN's John Adams:

Customer knowledge is a cornerstone of relationship building, and NYCE plans to extend balance information to consumers before they go to an ATM via mobile devices—a simple nugget of information the network hopes will attract banks eager to sell convenience to consumers.

NYCE will offer balance inquiries by text message to its financial institution participants as a standard feature of full participation in the NYCE Network. 

The text message transactions will be an expansion upon balance inquiries that are available at NYCE Network ATMs, with no additional fees for mobilization. The new Monitise Americas-powered service will allow consumers to use text messaging to request and receive real-time balance information on their primary accounts. The balance inquiries will work for almost all mobile phone users regardless of their mobile carrier or the type of handset they use.

“It’s simple to execute and has no big download,” says Steven Rathgaber, president and COO of NYCE. “The right way to think about it is as an ATM in your pocket, at least from a balance inquiry perspective.” 

The prevailing wisdom in mobile banking is balance inquiries are a primary point of entry, and Rathgaber says NYCE is trying to “decommoditize” the function by linking to the NYCE network, which provides consumers with secure, real-time access to their money, offering hundreds of thousands of ATM locations and millions of point-of-sale locations nationwide. Rathgaber would not say how many institutions have taken up the service, which is only a few days old.

A recent survey of North American consumers, commissioned by Monitise Americas and conducted by MaCorr Research1 found that more than 75 percent of consumers say having real-time information regarding their accounts was important. And of those who said they would like to use mobile phones for financial services, more than 90 percent said they are interested in basic information such as account balances.

Security or Convenience? How About Both?

American's "DEFINITELY" want security.

In fact American's worry more about credit and debit card fraud than they do about a terrorist attack...according to a new report from Unisys.

So one has to ask...why are there applications that push convenience OVER security?

Because people "used" to like convenience. But one could easily argue that those days are over. "Sure it would be convenient to whisk through airport security without having to take off your shoes or take out your laptop, or get the frisk wand, but, like I said those days are over.

So I have another question...

If we accept security over convenience in the name of national security, AND we're MORE WORRIED about Credit and Debit card fraud than we are about National Security (see graph on left)... then doesn't it make sense that "security" is the most important variable when it comes to credit and debit card transacting?

Of course it does...right?

HomeATM has taken security to a new level for eCommerce. We can eradicate the worries associated with ALL credit and debit card fraud, at least when it comes to eCommerce.. Using military grade encryption, we 3DES the card information (including ALL the Track 2 data) AND utilize DUKPT key management, which further reduces the risk of a breach to (worst case scenario) ONE card.

Oh, getting back to convenience...let's pretend we're ignorant...and argue that security is unimportant, that "convenience" is the "key" to a sucessful payment application. Ready? Okay.

Agree or Disagree with this statement.

"It's more CONVENIENT" to "TYPE" in my 14-16 digit credit card number...then have to type in my expiration date, then have to turn my card over and type in my CVV code ...

"It's MUCH more convenient to simply "SWIPE" my card."

What's your answer?

If you said, it's obviously more convenient to have to type in the 14-16 digits consisting of my Primary Account Number, then type in my expiration date data and follow that up with having to type in my CVV code, then you took my request to "pretend we're ignorant" too seriously...

If you said, "It's obviously faster and more convenient to simply "swipe my card" and have a "secure transaction", than to "type" in ALL my card data...AND be subjected to fraud"...then you've "secured" the correct answer!

Convenience AND Security...that's the HomeATM difference!

Reblog this post [with Zemanta]

May Day for Red Flag Day

ID Theft Red Flags Rule: Are You Ready for May 1? (Bank Info Security Article)

May 1 is nearly here. Are non-banking creditors and state-chartered credit unions ready?

This is the date when the Federal Trade Commission will finally start to enforce the Identity Theft Red Flags Rule, for which federally-regulated banks and credit unions have been tested for compliance since last Nov. 1.

Originally, all affected entities were to show compliance with the Red Flags Rule by Nov. 1, but in late October the FTC extended the deadline by six months for the roughly 11 million entities it oversees. This move was to give non-banking creditors and state-chartered credit unions additional time to develop and implement written identity theft prevention programs.

Since last fall, the FTC has promoted an extensive outreach effort to explain the rule in greater detail, speaking at many business conferences, hosting seminars and the FTC's dedicated website on ID Theft Red Flags compliance. According to Betsy Broder, Assistant Director, Division of Privacy and Identity Protection at the Federal Trade Commission, many companies that didn't think of themselves as creditors now realize they are a covered entity under this rule.

So, with the new deadline just weeks away, are these entities ready to demonstrate compliance?

Continue Reading at Bank Info Security

Under the ID Theft Red Flags Rule a creditor is:
  • Any entity that regularly extends, renews or continues credit;
  • Any entity that regularly arranges for the extension, renewal or continuation of credit;
  • Any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

Reblog this post [with Zemanta]

"Perth Snatchers" - Skimming Device Outbreak in Perth


More skimming devices found

Narelle Towie
April 13, 2009 11:17am

UPDATE THESE are the ATM skimming devices causing problems for banks, customers and the Fraud Squad.

The elaborate devices - shown here by a Fraud Squad detective - are being attached to ATMs across the country by brazen thieves.

Two new skimming devices have been found on ATMs across Perth, sparking further police warnings for customers to check machines before withdrawing money.

The first device was found at 6pm on Sunday on an ANZ machine in Beaufort Street, Mt Lawley.  Police spokesman Sergeant Graeme Clifford said a 32-year-old man had the device fall into his hands after he pulled on suspicious looking tape covering the card slot.  Further investigations by police revealed a camera attached to the machine.

A second device was reported by ANZ security personnel at a machine in Hillarys in front of Bar 120. The fraud squad today showed the device, pictured. 

Over the past two months two other skimming devices had been used on teller machines in Perth, the West Australian Major Fraud Squad said.  About 120 cards were skimmed in Scarborough costing customers more than $145,000 at the start of the month.  Sgt Clifford said people should be aware of the dangers of tampered machines and try to use ones that they are familiar with instead.  "You are also better off using machines that are inside buildings as they have security surveillance and are less likely to be tampered with," he said.  The fraud squad are fingerprinting the new devices and reviewing security footage from affected banks.

, , ,

Reblog this post [with Zemanta]

Twit's Get Tweated Cause Someone Cheated - Twitter Worm

From F-Secure's Website:  Twitter worm outbreak over Easter due to Stalk Daily Publicity Stunt?
A cross-site scripting worm was spreading in Twitter profiles for several hours last night.

People started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this:


Later on the messages morphed several times:


Many people followed the links to, as they believe the messages to be genuine Tweets from their friends. A cross-site script on the site then caused new users to start to Tweet the same messages.

More info on the technical internals of the attack are available at

As expected, the whole worm was a publicity stunt by

You can see the latest official status of Twitter from their status page at


We detect the script file as Worm:JS/Twettir.A.

Updated to add: This is not over. There's going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don't view profiles, don't follow links. It's beautiful outside, maybe go for a walk instead?

Here's one current variant:


All these attacks are Javascript-based. Turn Javascript off if you're worried. More info
  Editor's Note: If you turn off JavaScript, you won't get a popup floating PIN Pad!

Reblog this post [with Zemanta]

Fake Anti-Virus Software Steals Credit Card Info

Fake anti-virus software on the rise - 09 Apr 2009 - Computeractive

Security companies warn people to be vigilant

Written by Andrea-Marie Petrou, Computeractive

Rogue security software attacks, which lure people into buying fake anti-virus protection, are on the rise, according to Microsoft.

The company’s findings have been supported by software security companies who say this problem has "grown enormously" over the past year.

In its Sixth Security Intelligence report, Microsoft said hackers are playing on people’s fears of viruses to sell them fake anti-virus software. However, these offer no protection at all.

Vinny Gullotto, general manager of the Microsoft Malware Protection Center, said: "As Microsoft and the industry continue to improve the security of our products and people become more concerned about their online safety and privacy, we see cybercriminals increasingly going after vulnerabilities in human nature rather than software."

The report, which is released twice a year, uses data gathered from millions of computers globally to provide a list of new and emerging computer threats. It found 1.5 million computer users had fallen victim to such a scam.

In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million computers.

Mikko Hypponen, chief research officer at F-Secure said: "With recent publicity for threats such as the Conficker virus there has been an enormous rise in rogue security programs marketed using pop-ups."

He said these pop-ups were found on genuine websites, which had been hacked into, or through an infected PC. Once a user clicks on this they will be taken to a website and asked for their card details. He said the average charge for this was around £50.

According to Graham Cluley, senior technology consultant for Sophos, hackers also use spam masquerading as emails from Microsoft that ask people to click on a link to update their software.

"A genuine anti-virus company would never market its products using pop-ups or email. People must be vigilant against these scams as not only could they lose their money but also have their credit card details stolen," he said.

Both companies advised people to be "cynical" when they see adverts for this software. They said people who were unsure of a company should google it to find out more.

"If you are worried that you’re PC is infected then visit a legitimate anti-virus software provider where you will be able to find PC clean-up software free," Mr Cluely adde

Reblog this post [with Zemanta]

Manually Installed Virus Steals PIN Codes from ATMs

MINA Breaking News - Trojan virus steals PIN codes from ATMs

The Russian Dr. Web IT company warns of new computer virus stealing PIN codes from ATMs. The virus collects information on credit cards, and releases it to a fraud on demand, the company’s press service informs.

The Trojan.Skimer virus accumulates credit cards data, including PIN codes. A fraud gains an offing to approach an ATM and get a listing of credit card numbers and PIN codes used. It's the first known malware that affects ATMs and can produce damage directly to banks' customers.  According to Dr. Web, spreading of the virus became possible only with a help of banks' or ATMs' software developers' staff.

ATMs are NOT connected to the Internet therefore they demand manual installation of malware.

Editor's Note:  So I guess that means you should NOT connect an ATM application (PIN #'s) to the internet.  Otherwise Malware could infect the application.  Hmmmm.....

Sounds like a familiar argument. 

Here's more information:
Trojan.Skimer is a trojan created for ATM machines. Trojan.Skimercan open a backdoor ports and steal confidential information such astransaction logs and PIN of users.Systems Affected: Windows - All

Reblog this post [with Zemanta]

Disqus for ePayment News