Sunday, June 14, 2009

Recent Posts from "ePayments News" Wikizine

Here's a review of the week as covered by the ePayments News wikizine from Zimbio

Using HomeATM's PCI 2.0 Certified Terminal with a Built-In PIN EntryDevice means that your card data is "Instantaneously Encrypted Inside"It also means your data is never in the clear. If your data is neverin the clear, then fraudsters can't steal the information located onthe magnetic...
From (June 12, 2009)
More perspectives...
I found this story interesting because HomeATM offers paymentprocessing, real-time money transfers, TRUE PIN Debit for the Web, TwoFactor Authentication for online banking and thus bill payment. EulaAdams, former COO of Pay By Touch used to be the CEO of Western Union. Wonder if he's...
From (June 12, 2009)
More perspectives...
If online banks switched from username password (typing) to swipingthey would eliminate phishing entirely. If you required your onlinebank enrollees to swipe their card, they prevent would be hackers fromswiping their card information. Instead, it's your customers who wouldbe doing the...
From (June 12, 2009)
More perspectives...
Amazon & iTunes Targeted in £470,000 Credit Card Fraud Amazon & iTunes Targeted in £470,000 Credit CardFraud A gang of nine have been arrested after they were accused ofdownloading their own tracks off Amazon and iTunes using stolen creditcard details AND then claiming...
From (June 11, 2009)
More perspectives...
June 12 - HomeATM PIN Payments Blog: According to reports tricklingfrom the news wires, Global Payments Inc has agreed to buy theremaining (49%) stake in its British joint venture with HSBC Bank Plcfor $307.7 million in cash.. Global Payments, which processes onlinecredit card...
From (June 12, 2009)
Related news:
More perspectives...
One Billion Mobile Apps: What’s Next?JUNE 9, 2009(Editor's Note: Hopefully some Mobile Payments Security?)eMarketer reports that Mobile Phone/Internet (especially smartphone)usage will surge, resulting in a ton of mobile applications. HomeATMhas designed a...
From (June 9, 2009)
More perspectives...
DEBIT CARD ISSUERS EXPECT TRANSACTION VOLUMES TO GROW Despite anunsteady economy, debit card issuers predict 7% transaction growth bothfor PIN- and signature-debit this year, according to the Pulseelectronic funds transfer network's 2009 Debit Issuer study. "Debitcard use is expected to...
From (June 11, 2009)
More perspectives...
The National Retail Federation welcomed the introduction of Senatelegislation requiring credit card companies to negotiate over hiddencredit card processing fees on Tuesday. Internet Retailers pay evenmore than their brick and mortar counterparts. Unless you swipe thecard, Visa and...
From (June 10, 2009)
More perspectives...
SOURCE: HubSpot, Inc.World's Largest Twitter Study by HubSpot Reports Over Half of Accounts Don't TweetDespite Buzz and Growth, HubSpot's State of Twittersphere Finds Twitter Users' Participation and Activity LagsHighlighted LinksJune 09 State of TwittersphereHubSpot...
From (June 10, 2009)
More perspectives...
Written by Evan Schuman June 10th, 2009 Excerpts "As retail IT execs start to experiment with—andactually deploy—mobile-commerce applications more, the realization thatthey have to rely on their new telecom partners to safeguard theirexperimental data is...
From (June 10, 2009)
More perspectives...

Reblog this post [with Zemanta]

PIN Number = Redundant Acronym Syndrome

It was pointed out, that for being the PIN Payments Blog, we have never provided a post explaining the background and history of the PIN. So, here it is...per Wikipedia:

From Wikipedia, the free encyclopedia

A personal identification number (PIN; pronounced "pin") is a secret numeric password shared between a user and a system that can be used to authenticate thevuser to the system. typically, the user is required to provide a non confidential user identifier or token and a confidential PIN to gain access to the system. Upon receiving the User ID and PIN, the system looks up the PIN based upon the User ID and compares the looked-up PIN with the received PIN.

The user is granted access only when the number entered matches with the number stored in the system. PINs are most often used for ATMs but are increasingly used at the Point of sale, for debit cards and credit cards.

Throughout Europe the traditional in-store credit card signing process is being replaced with a system where the customer is asked to enter their PIN instead of signing. In the UK and Ireland this goes under the term 'Chip and PIN', since PINs were introduced at the same time as EMV chips on the cards. In other parts of the world, PINs have been used before the introduction of EMV. Apart from financial uses, GSM mobile phones usually allow the user to enter PIN between 4 and 8 digits length. The PIN is recorded in the SIM card. In 2006, James Goodfellow, the inventor of the personal identification number, was awarded an OBE in the Queen's Birthday Honours List.[1]

PIN Length

The concept of a PIN originates with the inventor of the ATM, John Shepherd-Barron. One day in 1967, while thinking about more efficient ways banks could disburse cash to their customers, it occurred to him that the vending machine model was a proven fit. For authentication Shepherd-Barron at first envisioned a six-digit numeric code, given
what he could reliably remember. His wife however preferred four digits, which became the most commonly used length.[2] ISO 9564-1 allows for PINs from 4 up to 12 digits, but also notes that "For usability reasons, an assigned numeric PIN should not exceed six digits in length".[3]

PIN Security

Financial PINs are often 4-digit numbers in the range 0000-9999, resulting in 10,000 possible numbers. However, some banks do not give out numbers where all digits are identical (such as 1111, 2222, ...) or consecutive (1234, 2345, ...) or numbers that start with one or more zeroes. Many PIN verification systems allow three attempts, thereby giving a card thief a 0.06% chance to guess the correct PIN before the card is blocked. This holds only if all PINs are equally likely and the attacker has no further information available, which has not been the case with some of the many PIN generation and verification algorithms that banks and ATM manufacturers have used in the past.[4]

In 2002 two PhD students at Cambridge University, Piotr Zieliński and Mike Bond, discovered a security flaw in the PIN generation system of the IBM 3624, which was duplicated in most later hardware. Known as the decimalization table attack, the flaw would allow someone who has access to a bank's computer system to determine the PIN for an ATM card in an average of 15 guesses.[5][6]

If a mobile phone PIN is entered incorrectly three times, the SIM card is blocked until a Personal Unblocking Code
(PUC), provided by the service operator, is entered. If the PUC is entered incorrectly ten times, the SIM card is permanently blocked, requiring a new SIM card.

English language usage

The term "PIN number" (hence "personal identification number number") is commonly used, which is an example of RAS syndrome (Redundant Acronym Syndrome) - as, is, coincidentally "ATM machine" ("automatic teller machine machine") and RAS syndrome itself ("Redundant Acronym Syndrome Syndrome").

Reverse PIN hoax

Rumours have been in e-mail circulation claiming that in the event of entering a PIN into an ATM backwards, police will be instantly alerted as well as money being ordinarily issued as if the PIN had been entered correctly.[8] The intention of this scheme would be to protect victims of muggings; however, despite the system being proposed for use in some American states, there are no ATMs currently in existence that employ the software.

See also


  1. ^ "Royal honour for inventor of Pin". BBC. 2006. Retrieved on 2007-11-05. 
  2. ^ "The Man Who Invented The CASH Machine". BBC. 2007. Retrieved on 2007-03-02. 
  3. ^ ISO
    9564-1:2002 Banking -- Personal Identification Number (PIN) management
    and security -- Part 1: Basic principles and requirements for online
    PIN handling in ATM and POS systems
  4. ^ Kuhn, Markus (July 1997) (PDF). Probability theory for pickpockets — ec-PIN guessing. Retrieved on 2006-11-24. 
  5. ^ Zieliński, P & Bond, M (February 2003) (PDF). Decimalisation table attacks for PIN cracking. University of Cambridge Computer Laboratory. Retrieved on 2006-11-24. 
  6. ^ "Media coverage". University of Cambridge Computer Laboratory. Retrieved on 2006-11-24. 
  7. ^ MySecureCyberSpace
  8. ^ "Reverse PIN Panic Code". Retrieved on 2007-03-02.

How Online Gambling Sites Work Together to Combat Online Fraud

sponsored by iovation, Inc.
Premiered:  Available On Demand
Format:  HTML
Type:  Webcast
Language:  English
To access webcasts you must:
Have RealPlayer or Windows Media Player installed
Disable pop-up blockers
Disable firewalls that restrict streaming media/audio transport
Enable Javascript and cookies (required in some cases to complete registration)
For further assistance, please contact
Because fraudsters are able to obtain stolen identity information withrelative ease, today's security systems require multiple fraudmanagement techniques that work together to identify and stopincreasingly sophisticated fraud schemes.For operators of online casinos, unfortunately the fraud doesn'tstop at the use of stolen credit cards. The spectrum of abuses facingonline gaming sites are varied and don't lend themselves to standardfraud management techniques. These abuses may include promotion abuse,in-game spam, cheating and collusion, chip dumping and accounttakeovers.

By focusing on device reputation and sharing evidence offraudulent devices with other online gambling sites and beyond,iovation helps online businesses proactively expose fraudsters andabusers in real-time. As a result, online gambling sites can stoprepeat offenders. We associate problems to the specific computers usedto perpetrate abuse so that fraudsters can't simply hide behind newaccounts or identities.

Join this informative webinar to learn:
  • How online fraud impacts your site's reputation, customer trust, and business profits
  • How device reputation augments existing fraud management processes
  • How to combat player cheating, chip dumping, promotion abuse and more.
  • How top online gambling sites are sharing experiences to catch more fraud and abuse

Reblog this post [with Zemanta]

Disqus for ePayment News