Thursday, April 16, 2009

Painting (a picture) By Numbers

What are the Odds?

I was reading a Page 1 article about HomeATM in "ISO and Agent" published by SourceMedia and saw the tell-tale quote on the left from Avivah Litan.  I'm wondering why "everyone" isn't  listening to her?

After a post I did yesterday, (If Cybercriminals are Focusing on PIN's, Shouldn't  Someone Be Focusing on Security?) some numbers kept sticking in my head. 

Now I'm no statistician, but I was playing with those numbers in my head and came up with an interesting thought...which led to a question which I pose below...

First the numbers:

1. 93% of breaches were targeted at the financial sector: (Last year Verizon investigated 90 breaches with 285 million records stolen, of which 93% were accounted for by the financial sector...)

2. 92% of breaches are software related... - TowerGroup

3. 90% of breaches were committed by organized crime syndicates - Verizon

4. PIN's are the new focus of cybercriminals - "Organized crime was responsible for (90%) nine in 10 breaches, with an explosion of attacks targeting PIN data" - Verizon's my question...first, I asked myself, if PIN's are the new focus of cybercriminals... if 93% of breaches occur at Financial Institutions and 92% are software related (with "organized crime" being responsible for 90% of the attacks) then...

What are the chances that a Software Based PIN Debit "Application" Will be Attacked, Cracked and Hacked by an
"Organized Crime Syndicate?"

Anybody Want to Take an Educated Guess?

Finally I'll make this last promise or take a lunch bet with anyone...that once software PIN goes live,
within a month an FTP site will arise with user's PAN and PIN numbers.

I One-Hundred-Percent (100%) guarantee it.


HomeATM ePayment Solutions

Report: 2008 Saw More Records Breached Than The Previous Four Years Combined

By Tim Wilson DarkReading

More electronic records were breached in 2008 than the previous fouryears combined, according to a report published today by VerizonBusiness Systems.

This second annual study -- based on data analyzed from VerizonBusiness' actual caseload comprising 285 million compromised recordsfrom 90 confirmed breaches -- revealed that corporations fell victim tosome of the largest cybercrimes ever during 2008, the company said.

The financial sector accounted for 93 percent of all suchrecords compromised last year, and a staggering 90 percent of theserecords involved groups identified bylaw enforcement as engaged in organized crime.

Verizon Business investigative experts found, as they did inthe company's first report covering 230 million compromised recordsfrom 2004 to 2007, that nearly nine out of 10 breaches were consideredavoidable if security basics had been followed. Most of the breachesinvestigated did not require difficult or expensive preventivecontrols.

Similar to the first study's findings, the latest study found thathighly sophisticated attacks account for only 17 percent of breaches.However, these relatively few cases accounted for 95 percent of thetotal records breached -- proving that motivated hackers know where andwhat to target, the company says.

(Click any graphic to enlarge)

"The compromise of sensitive information increased dramaticallyin 2008, and it's past time to be vigilant about enterprise security,"said Dr. Peter Tippett, vice president of research and intelligence forVerizon Business Security Solutions. "This report should serve asanother wake-up call that good security and a proactive approach areparamount to running a business in this day and age -- particularlysince the economic crisis is likely to trigger a further increase incriminal activity."

Reblog this post [with Zemanta]

Way Systems and TNS Add PIN Debit to Synapse Customers

WAY Systems and TNS Add PIN Debit Capabilities for Synapse Customers

TNS 16.69, +0.25, +1.5%) has teamed up with WAY Systems to offer PIN Debit capabilities to mobile merchant customers via Synapse sm, TNS' wireless payment gateway.

Based in Boston, MA, and founded in 2004, WAY Systems is a privately held organization that provides mobile Point of Sale (POS) terminal devices to mobile merchants throughout the US. WAY Systems currently offers the smallest, most compact terminal models available.

Since 2005, WAY Systems has utilized the Synapse solution by TNS to process credit card transactions over TNS' secure global network. Once implementation is complete, Synapse customers utilizing WAY terminal devices will be able to process both debit and credit transactions over the TNS payment gateway.

Harry Hargens, Vice President of Product Management at WAY Systems said: "Synapse customers using WAY terminals will now enjoy the benefits of utilizing a single solution for both credit and PIN Debit. TNS and WAY Systems are able to offer the complete package of reliable service and quick and easy processing from anywhere through one secure wireless connection.

"We have a long standing relationship with TNS and the service they have delivered has proven to be extremely reliable, so it just made sense for us to build on that trusted relationship.

"Merchants already using our terminals and the Synapse payment gateway for credit transactions will be able to instantly use the same devices for debit processing once the solution is available. By working with TNS, we are able to offer the combination of a secure mobile merchant solution along with the reliable service TNS brings to the table."

The Synapse solution offered by TNS provides a one-stop-shop for ISOs, acquirers, and processors to manage wireless terminal portfolios.

By taking advantage of Synapse, merchants are able to rely on the security and performance of TNS' PCI DSS certified Synapse processing environment and 24x7x365 helpdesk services with live real-time support.

Alan Schwartz, Executive Vice President, North America Sales at TNS, added: "We are thrilled to be expanding our processing capabilities with WAY Systems. Having the ability to process debit transactions rounds out our feature-set, and will allow customers to take a deeper look at the high quality of customer service and gateway reliability that sets us apart from our competitors."

Synapse is a wireless gateway and management solution providing services for ISOs, acquirers, and processors to manage their wireless terminal portfolios. Using a PCI DSS certified processing environment, it offers a broad range of end-to-end services. The solution includes wireless network access, account activation, fast, reliable, and secure transaction delivery to most major processors, web-based merchant and terminal management, customizable online reporting, and live 24x7 customer service.

To find out more about TNS, please visit

About Transaction Network Services
Transaction Network Services (TNS) is an international data communications company that enables payments, money and voices, to move around the world.
TNS' mission is to enable the world to transact. It does this through a broad range of networking, communications and value added services, which it provides to many of the world's leading retailers, banks/processors, telecommunications companies and financial markets.
Since its inception in 1990, TNS has designed and implemented multiple data networks, each designed specifically for the transport of transaction-oriented data. TNS' networks support a variety of widely accepted communications protocols and are designed to be scalable and accessible by multiple methods. Today, TNS has offices throughout the world serving customers in 28 countries with the ability to provide services in other countries.

For further information about TNS, visit

Statements and information contained in our press releases and newsletters that are not descriptions of historical fact may contain forward-looking statements. Forward-looking statements involve a number of risks, uncertainties or other factors beyond our control, which could cause actual results to differ materially from historical results or performance and from any opinions or statements expressed with respect to future periods.

SOURCE: Transaction Network Services

Clare Cockroft
PR Manager, +44 (0)114 292 6416
Stephen Aryan, +44 (0)114 292 6410
PR Assistant

Reblog this post [with Zemanta]


Banking / Finance News -
Source: ComputerWeekly

Banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks, according to research firm Gartner.

A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.

The average loss was $350 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved.

"The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner.

Reblog this post [with Zemanta]

Celent Report on AltPays

Signature Debit in a Chip and PIN World

Ed Perkins writes for SmarterTravel about how Chip and PIN may affect credit and debit card transactions for American's who are traveling abroad...

Why Your Credit Card Might Not Work Overseas -
Ed Perkins on Travel
by Ed Perkins - April 16, 2009

The next time you go overseas—especially to Europe—don't be surprised if you have occasional trouble using your credit card. Many big European banks have switched to chip-enabled cards that require use of an identification number (PIN) to complete the transaction, and only a very few cards issued in the United States comply with the new European standard. International card networks (American Express, MasterCard, and Visa) require all participating merchants to accept U.S. cards, and many do.  But you may still face situations where your card won't work.

This column was suggested by reports of difficulties experienced by American travelers in Europe. Several reported having their cards refused by a local hotel, restaurant, or merchant unless the travelers provided a PIN. After the usual argument, some accepted the American card; others didn't. The worst case came from an American traveling in Scandinavia, who tried to buy a rail ticket with his Visa card from a vending machine in a small-town station that did not have an attendant. He was flat unable to buy a ticket and had to prevail on some helpful local to buy it for him.

After checking with the card networks and a few banks, I've concluded that the U.S. card establishment really doesn't have a foolproof solution to the problem. Here's what they say:

* The party line is that there's no problem: Your U.S.-issued card is good everywhere with a signature and without a PIN. Even though some parts of the world have adopted chip-enabled systems—requiring a PIN—as a means of authentication, magnetic-stripe cards issued in the United States continue to be accepted everywhere the card is accepted, including countries that have adopted chip-and-PIN technology. Most terminals in those countries can recognize a non-chip-enabled card and will indicate when a signature, rather than PIN, is necessary.

Continue Reading Ed's column at SmarterTravel

Disqus for ePayment News