Wednesday, April 29, 2009

Gartner Alerts: Subscription Based

HomeATM believes that Gartner is among the top payment/security analysts in the business.  As a new feature to the PIN Payments Blog we will share their latest analysis.  Keep in mind you must subscribe in order to read Gartner's entire alerts, but this should give you an idea as to what they consider important:  Whether you do or not is entirely up to you.  One thing's for sure.  If you enter a PIN on the web, make sure it's hardware based!

Gartner Information Security Summit
21 September 2009 |

The Gartner IT Security Summit will enable you to create a layered approach combining risk management, compliance, secure business enablement and infrastructure protection. Hear the latest analysis revealing market trends, opportunities and threats.

PC Remote Control Security: Risks and Recommendations
29 April 2009 | Cosgrove, Terrence; Girard, John

IT organizations rely on PC remote control to provide support to users on a variety of office and mobile platforms. Gartner provides recommendations and controls to avoid damage to your organization's security perimeter.

Reblog this post [with Zemanta]

Visa Immune to Recession - Profit UP 71%!

It was the FIRST quarter since Visa was founded that debit payment VOLUME exceeded credit payment volume.  Not the number of transactions, but the volume.  The paradigm shift continues...

Here's the press release:

BOSTON — Visa Inc.'s fiscal second-quarter profit rose nearly 71 percent, beating Wall Street expectations, as cost cuts and international gains offset U.S. consumers' growing reluctance to use credit cards during a recession.

The world's largest electronic payment network today also said it expects a slight improvement in its full-year fiscal 2009 profit margin compared with its earlier guidance.

San Francisco-based Visa reported net income for the three months ended March 31 of $536 million, or 71 cents per share. That's up from $314 million, or 39 cents per share, in the year-earlier quarter.

Not counting one-time items including restructuring and amortization expenses, Visa's adjusted profit was $553 million, or 73 cents per share. On that basis, analysts surveyed by Thomson Reuters expected a profit of 64 cents per share, on average.

Revenue rose 13 percent to $1.64 billion, slightly ahead of analysts' forecast of $1.61 billion, and in line with the company's expectations. Visa earns revenue primarily from fees it charges to process payments made with credit and debit cards, which has enabled it to weather the recession better than banks that issue credit cards and make loans.

Despite its growing profit and revenue, Visa's payments volume dipped 1 percent to $675 billion for the period ended Dec. 31 — Visa reports some operational results on a three-month lag. The U.S. payment volume decline was slightly
steeper than the overall decline, but was partly offset by growth in other regions of the world that are increasingly embracing credit and debit payments over cash and checks. Total cards carrying the Visa brands rose 8 percent over a year ago, to more than 1.7 billion.

The shift to electronic payments "continues unabated" despite the recession, Chairman and Chief Executive Joseph Saunders told analysts on a conference call.

While calling Visa "resilient" amid the sour economy, Saunders conceded his company "is not immune."

For example, Visa reported increasing consumer reliance on debit transactions rather than credit, with less spent per transaction, as consumers become more conservative. The quarter that ended Dec. 31 marked the first since Visa was founded in the 1970s that U.S. debit payment volume exceeded credit payment volume.

Continue Reading

Reblog this post [with Zemanta]

Privacy is Dead, Long Live the PIN

In an article written for CNET, John Lowensohn writes about HomeATM at Finovate. Here are some excerpts and I've taken the liberty to clarify a few miscues in the article:

by Josh Lowensohn
What'ssomething we often use for security in the real world but not online?PIN codes. We use them at stores, banks, and ATMs, so why not use themonline? For one, a QWERTYkeyboardlets you create a much stronger, and often easier-to-remember passwordthan you could with numerical digits. 

But PINs are still a password andcan be just as good as a password with the right precautions.  He then goes on to feature HomeATM as one of the companies at FinovateStartup conference doing just that.

The HomeATM plugs into your USB port and lets you make purchases and transfer money instantly--and securely. is ATM hardware for the Web. It's a physical piece of hardware you have to lug around with you.   Editor's Note:  To be sure, I know that "lug" is the NOT the proper term, ( LUG: 1. to pull or carry with force or effort: to lug a suitcase upstairs)  as our device is less than the size of a business card (see picture above left) and weighs less than an ounce.   The HomeATM device more than comfortably sits in your shirt pocket and since it's designed for eCom use and hooks to your laptop it readily fits in any compartment of your laptop case, let alone a purse or briefcase. 

You securely enter your PIN or swipe your debit card to use for P2P money exchanges and purchases on commerce sites. Editor's Note:  It also serves as an "authenticator" and an "enabler."   It is designed as a 2FA (two factor authentication)  module.  Banks issue your card and they issue your PIN.  So why are we entering: Username/Password when we could simply swipe the bank issued card and enter the bank issued PIN for secure authentication to the bank's online banking website?   Once authenticated, it "enables" the consumer to

  • 1. Securely purchase goods online,
  • 2. Securely transfer money in real-time from bank account to bank account or person to person or Business to Business, or yes, Consumer to Business and Business to Consumer...using "ANY US Bankcard" 
  • 3. Securely use the online banking services, i.e. Bill Payments.  It is the razor and the bank's online services are the blades. 
The payoff is that, unlike money-transfer systems that go off the credit and check system (which can take up to three days to clear), the money gets transferred immediately. All the while your data isn't compromised by things like keyloggers or screen-grabbing tools.

Josh continue the article by saying: "The only downside is that you and the person you're sending the money to need to have the hardware."  Editor's Note:  That's not entirely true.  The sender could load the money onto a recipients card or even third party reloadable card and they could immediately have access to the cash.   (Of course the downside would be that both the sender and the recipient "would  need to "lug around" a debit, credit or reloadable card" lol)  

Besides, the price for our "key injected" thus "pre-encrypted" secure hardware swiping device WITH a PIN Pad is less ($12) than the price you would pay for simply injecting the PIN Pad. (usually around $20) and that would be AFTER spending several hundred dollars for a POS device AND another $100 plus for the PIN Pad 

So, I don't know...whaddya think?  Maybe there's some inherent value to "lugging" around our PCI 2.0 Certified PED. 

Oh...and while I'm on the subject, one more thing.  The device that we manufacturer specifically for use with ANY mobile phone "enables" your "smart phone" (i.e. iPhone, Blackberry) to become a secure POS device WITHOUT having to "lug around" our device. 

Just connect it "one-time" to your mobile device via the earjack, swipe your card(s), enter your PIN(s) and "voilla" your 3DES encrypted payment information is securely stored in HomeATM's HSM  (Hardware Security Module) in our PCI certified data NOC.  (network operations center)

The user is now "enabled" to use their mobile phone to securely purchase online, transfer money from account to account, to others, etc. 

When the user is done "enabling" their phone, they can simply pass our device along to the next person, who can then do the same thing...and so on...and so on...

Reblog this post [with Zemanta]

Corporate Security Threatened by Converged Risks

Business ICT Risks - General
Source: Net-Security
Complete item:

As the risks faced by businesses grow ever more complex and threats proliferate, the job of those responsible for managing the security of the organization have got much harder.

The whole concept of security has also expanded way beyond the traditional remit and into areas such as protecting brand and intellectual property, preventing losses, anti-counterfeiting, cyber-terrorism, parallel trading and on-line fraud.

Many security departments are so busy fighting day-to-day fires that they risk missing less obvious but equally important threats as well as failing to "keep an eye" on the wider issue of 'converged' risk. As traditional risks converge with new ones, they can seriously jeopardize the organization's long term profitability, damage its brand or even threaten its very existence.

Reblog this post [with Zemanta]

Card Skimmers Create 149% Increase in ATM Fraud

- Banking/Finance - ATM / POS
Source: european-atm-security
More info:

EAST (the European ATM Security Team) has reported a 149% rise in ATM related fraud attacks during 2008.  This reverses a previous trend and is primarily led by the 129% increase in card skimming incidents, with a total of 10,302 reported.  Despite this significant increase in incidents, fraud related losses increased by just 11% with a total loss of ?485 million reported.  This smaller increase in losses, relative to the significant rise in reported incidents, is indicative that that deployed counter-measures, such as anti-skimming devices, are increasingly effective, as are fraud monitoring and detection capabilities. 

EAST Director and co-ordinator, Lachlan Gunn said, "This increase in reported incidents is of great concern to EAST members.  While the year on year fraud loss figures show an increase, the half year figures show a declining trend for such losses over the past three six month periods, with international losses due to card skimming falling by 18% in the second half of the year.  This indicates that the EMV* rollout in Europe continues to be effective, although international losses are expected to continue while criminals are able to illegally withdraw cash from ATMs abroad that are not EMV compliant".


Disqus for ePayment News