Thursday, June 4, 2009

HomeATM FinovateStartup09 Demo (Video)


Here is HomeATM's 7 Minute Demo Conducted at FinovateStartup09





Reblog this post [with Zemanta]

You Get What You Pay For...But It Can Cost You!

In a post we did last May 1st we talked about the lawsuit brought by Alain Job against Halifax over Chip and PIN Security.  His attorney, Stephen Mason took on the case and represented Job "pro bono", hence the title of the blog post.  Well, they said a decision was expected in about a month, and it's in.  Finextra reports, but first a quick review of the case from the PIN Payments Blog:

FreeMason Job: Chip-and-PIN On Trial


'Phantom' withdrawal case concludes in U.K. court



A Halifax bank defends chip-and-PIN, while the plaintiff argues his cash card could have been cloned.  A one-day trial that raises questions about the security of cash cards used in the U.K. and Europe concluded Thursday, with a decision expected in about a month.


Alain Job sued U.K. bank Halifax in March 2007 over eight withdrawals made from his account in February 2006. Job maintains he did not withdraw a cumulative £2,100 ($3,100). He also maintains he did not authorize anyone else to withdraw the money .

Job decided to sue after the Financial Ombudsman Service (FOS), which mediates disputes between banks and customers, sided with Halifax.


Finextra: Court sides with Halifax in Chip and PIN clone case

A UK judge has ruled in favour of high street bank Halifax in the country's first ever phantom withdrawal lawsuit.

The case was brought by a customer who claimed that fraudsters cloned his chip-based card and withdrew £2100 from his account at ATMs.  The judge based his ruling on printouts from log files to show that Job's real card had been used for the transactions.

The suit was filed after two critical pieces of evidence once held by Halifax were destroyed, including the original ATM card and the Authorisation Request Cryptogram that could have proven that the card's chip had been read and authenticated by the machine. The plaintiff Alain Job says he is studying the judgment before deciding whether to appeal the ruling.




Reblog this post [with Zemanta]

2009 Bankcard Profitability Study: MasterCard Inc.

2009 Bankcard Profitability Study: MasterCard Inc.
Costly payouts to settle two long-running antitrust cases dampen profits while the economic slowdown begins to affect purchase volume.

MasterCard Worldwide continued to crank out overall debit card payment-volume growth in 2008, but legal issues and the U.S. economic slowdown hurt its overall performance.

In its second full year as an independent company following its initial public offering in 2006, MasterCard finally resolved some long-simmering legal issues.

The company in June reached an agreement to pay American Express Co. up to $1.8 billion to settle an antitrust case dating back to 2004. AmEx's suit, filed in 2004, alleged that MasterCard's and Visa's exclusionary rules prohibiting U.S. financial intuitions from issuing cards on its network hurt its growth opportunities. MasterCard said it would pay the settlement amount in quarterly installments over the next three years.

MasterCard and Visa Inc. reached an agreement to settle Discover Financial Services' similar antitrust suit dating back to 2004 and to share settlement costs. MasterCard's share of the $2.75 billion settlement was $827.5 million, including $35 million Morgan Stanley, Discover's former parent, agreed to pay MasterCard as part of the deal.

Continue Reading at CardForum


, , , , , ,

Merrick Bank vs. Savvis: Analysis from InfoSecSecurity


Editor's Note:  InfoSecCompliance LLC (”ISC”) is a law
firm dedicated to providing solutions for privacy and security legal
compliance and risk management and here's an excerpt from a recent post (yesterday) on
their blog. 

Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint



Posted on June 3rd, 2009 by David Navetta of InfoSecCompliance.com

The Merrick Bank v. Savvis lawsuit has the potential to change the liability
dynamic of the PCI regulatory system.  The Savvis case is one of the
first known instances of a payment card security assessor being sued by
a merchant bank ( the merchant bank is a third party relative to the
Savvis-CardSystems relationship).    The Merrick Bank compliant alleges
that it relied on Savvis’ certification of CardSystems  as Visa CISP
compliant (this matter pre-dated the PCI standard), and that
certification was false.  After CardSystems suffered a breach exposing
up to 40 million payment card records, Merrick allegedly incurred $16
million in payments to the card brands (which was ultimately
transferred to issuing banks who suffered losses arising out of the CardSystem breach).


If Savvis is held liable (or even if this case makes it past motion to dismiss or a motion for summary judgment) it has the potential to significantly modify the relative risk of PCI qualified security assessors, and in turn modify the PCI regulatory scheme.  This post discusses the two theories of liability alleged by Merrick:  (1) negligence; and (2) negligent misrepresentation.

Please note, while I am an attorney this post does not in any way constitute legal advice or a legal opinion, and should not be relied upon to take any action or be the basis for any inaction.  The law related to this case is complex and varies from jurisdiction to jurisdiction, and over time.  If you are interested in a full legal analysis of potential security assessor liability in a particular jurisdiction, please contact me directly at djn@davidnavetta.com




One further note, the basic rules and general information in this document was derived from various legal research sources.  However, one book in particular provided excellent information on the liability of service providers to third parties.  Please check it out, and purchase it: Professional Liability to Third Parties (Jay M. Feinman).

UPDATE:  Other bloggers/mags are putting together some nice analysis of this case as well:  here, here

Continue Reading at InfoSecCompliance.com


FBI Director Anticipates New Crime Wave Of Financial Fraud

By Kate Gibson | Wall Street Journal

The FederalBureau of Investigation is braced for a potential crime wave involvingfraud and corruption related to bank bailout money and the economicstimulus package, FBI director Robert Mueller warned Tuesday.

"These funds are inherently vulnerable to bribery, fraud, conflicts ofinterest and collusion. There is an old adage, that where there ismoney to be made, fraud ...
Reblog this post [with Zemanta]

JCB and China Minsheng Bank to Launch New Card

 
Contact: Deb Montner, 1-203-226-9290, dmontner@montner.com

JCB Cooperates with China Minsheng Bank to Launch
Credit Card with China Eastern Airlines:
Further enhancing JCB co-brand program in China


Tokyo, June 4, 2009
– JCB, the only international payment brand based in Japan, and its international subsidiary JCB International (JCBI) today announced that China Minsheng Banking Corp., Ltd (CMBC) has launched the JCB branded “CMBC - CEA Credit Card” in cooperation with China Eastern Airlines Corporation Limited (China Eastern Airlines).

Since 1982, JCB and JCB International have been expanding JCB card acceptance in China to increase convenience for JCB cardmembers. Currently JCB has alliances with eleven partner banks and financial institutions for merchant acquiring, and approximately 80,000 merchants now accept JCB cards.

JCB card issuing to consumers in China has also been expanding to meet the growing needs of the market for international credit cards. As of June 1, 2009, seven banks (Bank of China, Bank of Shanghai, China Everbright Bank, China Merchants Bank, Shanghai Pudong Development Bank and China Minsheng Banking Corp., Ltd., and Ping An Bank Co. Limited) have already launched JCB brand credit card issuing programs, and the cardmember base is more than two million in the country.

During CMBC’s development of the co-brand credit card with China Eastern Airlines, JCB provided the issuing bank with the expertise it has accumulated in the Japan credit card market, responding to CMBC and China Eastern Airlines’ need to strengthen service to customers through a credit card. JCB and JCBI are expanding partnerships for JCB brand card issuing with Chinese financial institutions by strategically utilizing the knowledge, skills and network built over 40 years in the credit card business, and are committed to developing and providing high-quality service to meet the diverse needs and lifestyles of China’s consumers.

The new CMBC - CEA Credit Card combines CMBC credit card services and the China Eastern Airlines mileage program, and also enables cardmember access to JCB global network and services, for an international card that earns China Eastern Airlines miles when used to purchase air tickets. The CMBC - CEA Credit Card has a lineup of standard, gold, and platinum card types. This is the first JCB branded platinum card to be issued in China.

CMBC - CEA Credit Cards


Platinum ---- Gold ---- Standard

About JCB
JCB is a major global payment brand and leading credit card issuer and acquirer in Japan. JCB launched its card business in Japan in 1961 and began expanding overseas in 1981. Its acceptance network includes 12.76 million merchants and over a million cash advance locations in 190 countries and territories. JCB cards are now issued in 19 countries and territories, with more than
60.2 million cardmembers. As part of its international growth strategy, JCB has formed alliances with more than 350 leading banks and financial institutions globally to increase merchant coverage and cardmember base. As a comprehensive payment solution provider, JCB commits to provide responsive and high-quality service and products to all customers worldwide. For more information, visit: www.jcbcorporate.com/english. Note: JCB statistics included in About JCB are as of the end of September 2008.

Reblog this post [with Zemanta]

JCB & Ping An Bank Sign Issuing Partnership



Contact
: Deb Montner, (203)- 226-9290, dmontner@montner.com (scroll down for card images)

JCB International and Ping An Bank Sign Issuing Partnership:

Seventh bank in China to issue JCB cards, further enhancing JCB brand

Ping An Bank to launch BE@RBRICK design JCB credit cards

Tokyo, June 4, 2009 -- JCB, the only international payment brand based in Japan, and its international subsidiary JCB International (JCBI) today announced that JCBI has signed an agreement with Ping An Bank Co. Limited (Ping An Bank), part of the major financial group Ping An Insurance (Group) Company of China Ltd., for issuing JCB cards in China. Starting June 1, 2009, Ping An Bank began promoting the new "Ping An Bank BE@RBRICK JCB Card" featuring the popular BE@RBRICK bear-shaped block-type figure owned by MEDICOM TOY CORPORATION, a Japanese toy maker.

Since 1982, JCB and JCB International have been expanding JCB card acceptance in China to increase convenience for JCB cardmembers. Currently JCB has alliances with eleven partner banks and financial institutions for merchant acquiring, and approximately 80,000 merchants now accept JCB cards.
JCB card issuing to consumers in China has also been expanding to meet the growing needs of the market for international credit cards. In addition to Ping An Bank Co. Limited, Bank of China, Bank of Shanghai, China Everbright Bank, China Merchants Bank, Shanghai Pudong Development Bank and China Minsheng Banking Corp., Ltd. have already launched JCB brand credit card issuing programs, and the cardmember base is more than two million in the country.

The new partnership with Ping An Bank announced today marks the seventh bank to start JCB card issuance in China. For JCB, the alliance is aimed to accelerate JCB brand growth in China, and for Ping An Bank, which is now aggressively building credit card business, it will expand their product line and further strengthen their customer base. JCB contributed expertise in co-brand program development to Ping An Bank for its launch of the Ping An Bank BE@RBRICK JCB Card.

JCB and JCBI are expanding partnerships for JCB brand card issuing with Chinese financial institutions by strategically utilizing the knowledge, skills and network built over 40 years in the credit card business, and are committed to developing and providing high-quality service to meet the diverse needs and lifestyles of China’s consumers.

Card designs
BE@RBRICK TM & © 2001-2009 MEDICOM TOY CORPORATION. All rights reserved.

About the Ping An Bank BE@RBRICK JCB Card
Overview Select from five card designs featuring BE@RBRICK, a bear-shaped block-type figure, loved by many collectors worldwide as well as in Japan, and now popular among China’s metropolitan youth. This is the first international credit card in the world to feature BE@RBRICK. The card offers attractive functions and services to BE@RBRICK fans, including original BE@RBRICK rewards for points earned with the card. Cardmembers enjoy both Ping An Bank credit card functions and services and JCB international brand functions and services.

Major functions and services
Available to Residents of China
Card types Standard only
Annual fee First year free. Annual fee of RMB100 in following years is waived if the card is used at least six times during the prior year.
Major functions and services Select from five card designs. Dual-currency (USD and RMB). Ping An Bank credit card functions and services. JCB international brand functions and services Points earned with the card can be exchanged for original BE@RBICK goods. Access to exclusive cardmember internet site.
About JCB
JCB is a major global payment brand and leading credit card issuer and acquirer in Japan. JCB launched its card business in Japan in 1961 and began expanding overseas in 1981. Its acceptance network includes 12.76 million merchants and over a million cash advance locations in 190 countries and territories. JCB cards are now issued in 19 countries and territories, with more than
60.2 million cardmembers. As part of its international growth strategy, JCB has formed alliances with more than 350 leading banks and financial institutions globally to increase merchant coverage and cardmember base. As a comprehensive payment solution provider, JCB commits to provide responsive and high-quality service and products to all customers worldwide. For more information, visit: www.jcbcorporate.com/english. Note: JCB statistics included in About JCB are as of the end of September 2008.

Reblog this post [with Zemanta]

It's Good to Be King

Report States That Cash Is Still King, But For How Long?
Jun 4 2009

Editor's Note:  Since HomeATM moves "cash" in "real time" as a PIN (online) Debit transaction, I suppose it really doesn't matter if Cash remains King, or if it's overthrown (overthrone?) by Debit.  Either way works for us...because either way works for you!  It's good to be King, but I'll settle for the title: KingPIN.

The payment industry's latest publication, The Way We Pay 2009: UK Cash & Cash Machines provides the latest data on how UK consumers are obtaining and using cash and how this is forecast to change.

The full Payments Council report issued this month (June 2009) includes data from Link and other industry sources.

2008 cash and cash machine data shows:


Whilst cash spending continues to remain relatively flat, the number of cash machine withdrawals continues to rise and is forecast to peak in 2011. Consumers are increasingly using cash machines for withdrawing cash, where previously they would have withdrawn money in bank branches or at post offices; five years ago only 54% of cash came from cash machines, last year 71% of cash was acquired that way. This shift has been driven by an increase in the availability and numbers of cash machines as well as the migration of payment for state benefits and pensions from cash and girocheque to automated methods.

Continue Reading



Reblog this post [with Zemanta]

Card Issuers Expect Debit Growth in 2009

2009 Debit Issuer Study Says Despite Recession, Debit Growth will Continue

HOUSTON - June 4th: (PIN Payments News Blog) The 2009 Debit Issuer Study, commissioned by PULSE, identified several positive trends for financial institution debit card issuers, including sustained debit transaction growth despite the recession. This edition of the comprehensive debit card industry study also
found that use of PIN debit has increased, while fraud loss rates have declined.

Issuers surveyed experienced debit transaction growth of 8 percent in the second half of 2008, composed of 15 percent growth in PIN debit transactions and 4 percent growth in signature debit. Survey participants predicted 7 percent growth each for PIN and signature debit in 2009.

“Although the economy is a challenge for debit card issuers, as it is for everyone, debit transaction growth remains strong,” said Cindy Ballard, PULSE executive vice president. “Debit card use is expected to continue to grow as the economy bottoms out and begins to recover, because consumers use their debit cards for a large portion of necessary everyday expenses.”

The 2009 Debit Issuer Study revealed that more than a quarter of all debit transactions (27 percent) in 2008 were for less than $10.

“In most cases, these transactions are replacing cash, highlighting a clear consumer preference for electronic payments,” said Ballard.

Debit card penetration – the percentage of eligible account holders who have a debit card – remained flat at 73 percent. Using an expanded definition of “active” debit cards, the number of issued cards used actively in 2008 was 66 percent.1

PIN debit accounted for 35 percent of debit transactions in 2008, up slightly from 34.2 percent in 2007. The average debit transaction value was $42 for PIN debit and $37 for signature. Both figures have declined by roughly $1 compared to the previous study. In addition, active debit cardholders performed 17.3 point-of-sale transactions per month, on average, compared to 16.6 transactions per month in the 2008 survey.

Debit card fraud losses at the point of use declined in all categories. PIN point-of-sale losses, as measured in dollars per card per year, fell to $0.15 from $0.19. Similarly, ATM losses declined to $0.56 per card per year from $0.61, and signature debit loss rates fell to $1.81 from $1.92. Although losses at all three usage points declined year-over-year, the survey did record an increase in share for ATM losses, to 38 percent of total debit fraud losses in 2008 from 25 percent in 2007.

Additional survey findings include:

* Active debit cardholders performed 3 ATM transactions per month, on average, down from 3.4 in the previous survey.
* More than half of issuers surveyed (53 percent) participate in a surcharge-free ATM network, down slightly from 56 percent in 2007. And 43 percent offer ATM surcharge reimbursements to at least some cardholders.
* Bill payments represented 10 percent of signature debit transactions in 2008, compared to 7 percent in 2007.
* The percentage of debit card issuers offering debit rewards programs continues to grow, rising two percentage points to reach 53 percent this year.
* Thirty-seven percent of issuers offer mobile banking, compared to 15 percent in 2008, while 38 percent plan to introduce it soon, up from 28 percent last year.

“The 2009 study uncovered several reasons for optimism among financial institutions that issue debit cards,” noted Tony Hayes, an Oliver Wyman partner, who served as project lead on the study. “Among them, debit card-based bill payments account for a small but rapidly growing share of debit card payments, a market with significant potential for growth in the coming years.”

The 2009 Debit Issuer Study results support PULSE’s view that debit cards still have considerable long-term growth potential.

“Despite the challenge of navigating through an economic downturn, debit card issuers have much to be encouraged about,” said Ballard. “Transaction growth remains robust, and issuers see further improvements in the performance of debit card portfolios as a key opportunity in 2009.”

About the Study

The 2009 Debit Issuer Study is the fourth installment in the study series. The series provides an objective fact base on debit card issuer performance and financial institutions’ outlook for the debit card business. Seventy-three financial institutions – including large banks, credit unions and community banks – participated in the 2009 study, which was conducted by Oliver Wyman. Collectively, the participants issue 94 million debit cards and operate 61,000 ATMs. The sample is representative of the U.S. debit market in terms of institution type, location and debit network participation.

About PULSE

PULSE is one of the nation’s leading ATM/debit networks, currently serving more than 4,500 banks, credit unions and savings institutions across the country. PULSE is owned by Discover Financial Services (NYSE:DFS). The network links cardholders with more than 289,000 ATMs, as well as POS terminals at retail locations nationwide. The company is also a valued resource for industry research related to electronic payments and is committed to providing its participants with education on evolving products, services and trends in the payments industry. For more information, visit www.pulsenetwork.com.

Media may request an executive summary the study by contacting Anne Rhodes.

1 In previous Debit Issuer Studies, the most common definition of “active” cards was those used to make any signature transaction in the last 30 days. By this measure, 56 percent of debit cards were active in 2008, a slight decline from 2007. An equal number of issuers now define active cards as those used to conduct any transaction in the last 30 days, resulting in the higher 66 percent card activation rate.

PULSE
Anne Rhodes, 832-214-0234
arhodes@pulsenetwork.com


Source: Press Release




Reblog this post [with Zemanta]

Cybercrime Doesn't Pay - Microsoft

Report: Cybercime Riches Are Hard To Come By
Researchers from Microsoft say stolen goods offered for sale in IRC channels are tough to monetize, and industry estimates of underground profits are "exaggerated"

By Kelly Jackson Higgins | DarkReading

Turns out the profitability of cybercrime may have been greatly exaggerated. According to a new report by two researchers for Microsoft's research organization, cybercrime doesn't equal easy money after all, despite findings to the contrary.

In their report, titled "Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the
Underground Economy," Microsoft researchers Cormac Herley and Dinei Florencio say it's a smaller population of more sophisticated and organized gangs of cybercriminals who come out ahead. "While there is a great deal of activity in the underground economy marketplace, it does not imply a lot of dollars change hands," they wrote in their paper. Lucrative cybercrime doesn't occur in the open IRC space because "rippers," or those who don't deliver the goods and services they "sell" there, damage the market, they say.

The researchers also took on security-vendor research (as well as that of Gartner) that estimates the value of the underground economy based on the price tags of wares sold via IRC: "We believe that anyone who shows up on an IRC channel hoping to trade profitably with anonymous partners is almost certain to be cheated. Thus, estimating the dollar size of the underground economy based on the asking price of goods and services advertised on IRC networks appears unsound," they say. "We find that the published estimates of the dollar value of underground economy IRC channels are exaggerated. They are derived by simply adding the unverified claims of anonymous channel participants (who include rippers). Those who lie most and exaggerate most affect the average most."  Continue Dark Reading



Much attention has been devoted recently to the underground economy, and in particular to the IRC markets for stolen identities, phishingkits, botnets, and cybercrime related services. It is suggested that
sophisticated underground markets show great specialization and maturity. There are complex divisions of labor and service offerings for every need. Stolen credentials are traded in bulk for pennies on the dollar. It is suggested that large sums move on these markets.

We argue that this makes very little sense. Using basic arguments from economics we show that the IRC
markets studied represent classic examples of lemon markets. The ever-present rippers who cheat other participants ensure that the market cannot operate effectively. Their presence represents a tax on every transaction. Those who form gangs and alliances avoid this tax, enjoy a lower cost basis and higher profit.

This suggests a two tier underground economy where organization is the route to profit. The IRC markets appear to be the lower tier, and are occupied by those without skills or alliances, newcomers, and those who seek to cheat them. The goods offered for sale on these markets are those that are easy to acquire, but hard to monetize. We find that estimates of the size of the IRC markets are enormously exaggerated. Finally, we find that defenders recruit their own opponents by publicizing exaggerated estimates of the rewards of cybercrime. Those so recruited inhabit the lower tier; they produce very little profit, but contribute greatly to the externalities of cybercrime.

Complete Report: PDF File




Reblog this post [with Zemanta]

Malware Allows Complete Control Over ATM

Cash machine virus can steal your PIN | 4 Jun 2009 | ComputerWeekly.com

Ciff Saran Posted: 04 Jun 2009

The Eastern European cash machine network may be prone to a serious hacking attack, banks have been warned.

SpiderLabs, the security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests, has investigated security breaches on automated teller machines (ATMs) running Windows XP over the past few months and found the same malware residing on the breached machines.


"This malware is unlike any we have ever had experience with. It allows the attacker to gain complete control over the ATM to obtain track data, PINs and cash from each infected machine," TrustWave said.

TrustWave found that the malware enables an attacker to steal card data from the ATM's receipt printer or by writing the data to an electronic storage device (possibly using the ATM's card reader). It also discovered code indicating that the malware could eject the cash dispensing cassette.


"We believe the current attack vector is an early version of the malware sample, and future attacks will add functionality such as propagation via the ATM network. If an attacker can gain access to one machine, the malware will evolve and propagate automatically to other systems."

Approximately 20 ATMs have been compromised, primarily located in Eastern Europe. TrustWave expected the attack to spread to the US and other regions of the world.  This is not the first time a flaw has been found in cash machines. In January, Cambridge University published a paper on a flaw in chip and Pin readers.


Below is a Sample Page from a PDF Report from Trustwave.  (click to enlarge)
The Full Report is Available Here










Reblog this post [with Zemanta]

Disqus for ePayment News