Monday, June 22, 2009

PIN Payments Blog Surpasses 250k Unique Viewer Plateau

The HomeATM blog, which launched in obscurity in March of 2008, garnered a whopping 139 hits in it's first three weeks... which calculates to something along the lines of 7 hits per day.

But, in the interest of providing a resource for information regarding/relevant to eCommerce security, (with a few plugs about HomeATM along the way) I am pleased to announce that the PIN Payments HomeATM blog has reached a relatively notable milestone, as we surpassed the 250,000 unique viewer plateau over the weekend.

The PIN Payments HomeATM blog has focused on web based payments security and has suggested on more than one occasion that a hardware based solution vs. a software solution is not only more secure, but in my mind, more convenient as well. (I'd rather swipe my card "one-time" than enter 14-16 numbers, the expiration date and the CVV code)

In addition to PIN based payments, the blog has continued to strive to include the widest variety of information regarding ongoing and emerging threats to online commerce, including but not limited to; hacking, malware, man-in-the-middle attacks, breaches, phishing, war driving, card cloning and more.

The latest focus of the HomeATM blog has been online banking and the flaws created by using "username/password" credentials for log-in. Phishing is one obvious threat, but as you can see in one of today's postings, all it takes is a clever hacker to "impersonate, imitate, or clone" a bank's website and the problem becomes greatly exacerbated. In fact, one story regarding that subject (Anti-Phishing With Two-Factor Authentication) was included in the UK's FinanSer's "recommended reading" alongside stories from the New York Times, the BBC, The Register, The Guardian and more.
Those who have reached the blog looking for solutions to or stories about ecommerce fraud often times find a bit of sarcasm mixed into the stories, sarcasm which originates from the deeply held belief that it seems so obvious, especially in light of the stories covered by the blog, that the way it's being done (focusing on convenience over security) isn't working.

Thus I tend to include pictures/images which are intended to amuse, if not bemuse, the reader. I assure you it's all done in fun, sometimes to entertain myself if not you. So if you see the picture on the right in an article about Vaporware, it's all in are the tongue-in-cheek, (sometimes not so cheeky) sarcdonic overtones I apply to my opinon when it comes to players in the industry making moves which are in direct contradiction of (for example) their own published white-papers.

Speaking about "sardonic undertones" HomeATM CEO Ken Magessays that Frank (me) has been more than a bit controversial...which has oftencaused him to explain John's unique sense of dry humor but Magesiterates that, "I wouldn't trade John for anybody blogging or using Web2.0 marketing on the Internet today." (Wow!...those are extremely kindwords coming from our it's nice to know that I have a no-tradeclause! :-)

Getting back to some of the circumstances behind my sarcasm, when an alternative payment emerges, which I feel is riddled with security flaws, and it gains momentum, or garners praise from the media and/or supposed "analysts" I feel I have a responsibility to point out the flaws. So that's what I do. I ask the questions they don't.

While I'm on the subject of "alternative payments" I would remind you that the fact of the matter is that HomeATM is NOT an alternative payment at all. PIN Debit is a "mainstream" fact it is the preferred payment method by consumers and merchants alike. Since we 100% replicate the brick and mortar PIN Debit transaction, except that we do it, (in most cases by encrypting the Track 2 data) more securely, I would suggest that HomeATM's PIN Debit platform for the Internet has the potential to become the most preferred payment method on the web. After all, it is the ONLY true PIN Debit application and we manufacture the first and only PCI 2.0 Certified PIN Entry Device. The trick is to get our PED into the hands of consumers. The treat is that we've got the cost down to (in quantity) $12.00.

Ken Mages suggested I include the following line in this post: "John B. Frank the HomeATM blogger and marketing guru says the best part of his day is "XXXXXXXXXXX"

I had to think about this for a while. I suppose there are "several best parts" of my day. Every time I come across, and thus can share, a story which reiterates what we've been saying on this blog for the last 15 months, it makes my day. But at the end of the day, the best part about editing the HomeATM blog is that I sincerely believe that it won't be long before "everybody" "sees and agrees" with the fact that "in order to secure financial transactions done via the Internet, it MUST be done "outside the browser space."
So "thanks" to each and every 250,000+ of you who have visited the blog and always remember: "Don't TYPE...Swipe!"

Reblog this post [with Zemanta]

Want ATM Debit Card Details? Insert Trigger Card Here

ATMs reprogrammed to print out ATM, debit details on receipts

New Scientist: A devious piece of criminal coding that has been quietly at work in a clutch of ATMs at banks in Russia and Ukraine has recently been discovered. It allows a gang member to walk up to an ATM, insert a "trigger" card, and use the machine's receipt printer to produce a list of all the debit card numbers used that day, including the cards' start and expiration dates, as well as the PINs associated with those cards. Everything needed to clone the cards and access consumer bank accounts is included on the receipt. The software is the latest move in a security arms race, after banks and consumers got wise to the fitting of fake fascias on ATMs. Across Europe, losses due to such ATM skimming fraud grew 11 percent to €484 million in 2008, according to the European ATM Security Team, which is funded by the European Union and based in Edinburgh, Scotland.

Continue Reading

Reblog this post [with Zemanta]

Congress Interchanging the Way Visa Does Business?

Editor's Simple Question:  Why don't retailers fight the good fight and switch over to PIN Debit?  It would save them millions on Interchange Fees, AND millions on Lawyers Fees.  Come to think of it, they would also save millions on fraud reduction and chargebacks.  In addition, PIN Debit is the  fasting growing and most preferred form of payment by consumers (and merchants) alike.  So it begs the question:

Why not just say, we don't take signature debit, we only accept PIN Debit?  Debit surpassed credit and PIN debit is growing at 4 times the pace of signature debit.  So why not align yourself with the Stars?

The irony is that one of the creators of the original Signature Debit platform, Mr. Thomas E. Honey, now sits on the advisory board of HomeATM.  He had no idea when he created it, that it would evolve into what it is today.  PIN Debit much more closely aligns with the original intent of the original check card. 

Today, signature debit not only costs more for the merchants to accept, it costs MUCH more for consumers to use.  As but one example, when you use your signature debit to make a $25.00 gas purchase,  your account can have a hold put on it for as much as $150...for as long as 3 days.  Meanwhile, even though you "think" you've got an "extra" $150.00 in your checking account, you don't.  It's frozen.  So when you use your signature debit card to 1. buy milk and eggs, then 2. A $5 Footlong and 3. a 6 pack of beer, you are hit with 1.2.3. "overdraft" charges to the tune of $35 a pop. 

With PIN Debit the money is paid in real-time so there are no holds placed on your accont and, in the scenario above.  you would've save $105 in overdraft charges.  So why fight the fight, just provide consumers with good reasons why they shouldn't be using their signature debit card.   Wouldn't it make more sense to switch to PIN Debit rather than fight with the providers of the less secure and less liked signature debit product?

Anyway, here's a quick blurb on that fight against high interchange. 

Interchange in federal sights - again

Retailers may have lost the battle over interchange when they failed to convince the U.S. Congress to add strong language about interchange to the Credit Card Accountability, Responsibility and Disclosure Act of 2009 (Credit CARD act), which was signed into law in May. But they haven't given up the fight.

The Credit Card Fair Trade Act, HR 2695, was introduced June 4, 2009, by Rep. John Conyers, D-Mich., who is Chairman of the House Judiciary Committee.

The proposed bill would create a special exemption from federal anti-trust law so retailers could negotiate "access" to electronic payment systems en masse.  (Editor's Note: Why not negotiate the payment instrument with the consumer?)

The bargaining table
  • HR 2695, which closely mirrors legislation approved by the House Judiciary Committee in 2008 but didn't progress further, would allow for a limited number of parties around the negotiating table, as follows:
  • A representative of one of the 10 largest issuers, in terms of number of cards issued
  • Someone representing one of the 10 largest acquirers, in terms of number of merchants served
  • An executive from one of the 10 largest merchants, based on the total value of card payments accepted the previous year
  • Someone from the U.S. Department of Justice
Acquirers, issuers and merchants would each have to provide itemized lists of costs incurred in providing or using card acceptance services the previous year.

A lose-lose proposition

Mallory Duncan, Senior Vice President and General Counsel at the National Retail Federation, said that in the wake of the Credit CARD act, the Conyers bill creates "the perfect storm" for congressional action on interchange. And he raised the specter of the economy, arguing "consumers can't continue to pay artificially inflated prices just so the credit card industry can skim profits off the top."

Edward Yingling, President and Chief Executive Officer of the American Bankers Association disagreed. Interchange serves an important purpose, and retailers just want to get out of paying their fair share, he said. "The bill introduced today represents an effort by the merchant community to have the government interfere with the payment system so that they can reduce their cost of doing business," Yingling said in a June 4 statement. "It's clear that giant retailers want to pocket interchange revenue and continue to receive the added convenience and protection payment cards provide."

HR 2695 has not yet been scheduled for public hearings. Some Washington insiders suggest it is mostly symbolic because both retailers and banks are key constituencies that lawmakers aren't eager to alienate, especially in the current economy. And any way you cut it, one of those constituencies loses with interchange legislation

Reblog this post [with Zemanta]

NYCE and CEFCU Renew Relationship

CEFCU still has a NYCE relationship

Secaucus, N.J., June 22, 2009 -- NYCE today announced that Citizens Equity First Credit Union (CEFCU) of Peoria, Ill., has renewed its NYCE Network participation. NYCE is the credit union’s exclusive provider of domestic ATM and point-of-sale access. NYCE Payments Network, LLC, is a leading U.S. electronic payments network and a Metavante (NYSE:MV) company. Metavante is a leading provider of banking and payments technology.

With assets of more than $4 billion, CEFCU is one of the United States’ largest community-based credit unions. It serves more than 262,000 members in 50 states and several foreign countries, and it contributes nearly 370,000 cards and 109 ATMs to the NYCE Network.

“Our mission at CEFCU is about putting member/owners first,” said Todd Haller, vice president, EFT, CEFCU. “Our vendor relationships must support the financial needs and goals of the people we serve, and they must be cost-effective to maximize the value of membership with CEFCU. Our exclusive relationship with NYCE has consistently performed for us, giving CEFCU members the convenient account access and payment options they need no matter where they live, work, and travel.”

“To achieve the kind of growth and longevity that CEFCU has achieved, you have to be able to maintain long-term relationships with your members,” said Steve Rathgaber, NYCE president. “By renewing their relationship with NYCE, CEFCU signals confidence in our ability to continue delivering tangible value that aligns with and supports that mission.”


With assets totaling over $4 billion, CEFCU serves 262,000 members through 19 Central Illinois Member Centers; Valley Credit Union, a division of CEFCU; the CEFCU Financial Center; the Money Center 24 ATM Network; CEFCU’s Web site, ; and .

About NYCE

NYCE Payments Network, LLC, a Metavante company, helps its clients grow with innovative new products and strategic alliances that enable them to capitalize on the efficiency, consumer convenience and security of electronic real-time payments. The NYCE Network provides consumers with secure, real-time access to their money, offering hundreds of thousands of ATM locations and millions of point-of-sale locations nationwide. The NYCE Direct Bill Payment service offers cardholders a convenient way to pay bills online in real-time via their bank accounts. NYCE Balance Transfer services drive asset growth for consumer credit issuers through automated balance transfer/consolidation payment services. Headquartered in Secaucus, N.J., NYCE Payments Network, LLC, ( ) is a wholly owned subsidiary of Metavante (NYSE:MV).

Source: Company press release.

Reblog this post [with Zemanta]

Global EMV Migration Report from Mercator Available

Mercator studies worldwide EMV migration

Boston, June 21, 2009 -- EMV continues to make inroads around the world especially in Europe, Latin America and Canada. However, growth has slowed down partially due to the impacts of the global economic downturn with banks forced to slow down or postpone their migration plans. In some cases these plans are put on hold indefinitely. The outlook beyond 2010 is less than clear as the European market gets saturated and growth pools in other regions dry up.

At the same time, as more and more countries adopted EMV, some of the inherent limitations of EMV became exposed. Though EMV has been quite effective in reducing mail-non-receipt and lost-and-stolen card frauds, it has minimal effect in handling other types of frauds especially Card-Not-Present (CNP) and counterfeit/overseas frauds. Actually, EMV's effectiveness in reducing certain types of card fraud appears to have driven card criminals toward other types of card fraud.

But the U.S., still on the sideline though neighbor pressure from Canada and Mexico, could start to break the ice.

The latest report from Mercator Advisory Group, Global EMV Migration and the European Market: 2009 provides timely updates on overall EMV migration worldwide. Progress and trends in EMV card issuance and acceptance are also discussed. Regional EMV migration overviews are provided for Europe, Asia-Pac, North America, Latin America, and Africa. EMV's effects on card fraud profiles and levels are discussed and the industry's efforts in addressing some remaining and new issues. Factors affecting future EMV migration plans around the world are also discussed. Finally, the report looks at the European market in depth and provides a country-by-country update on the EMV migration progress.

"Demand for EMV products and services will continue to be driven by the SEPA initiative in Western Europe, though emerging markets in Latin America and Central and Eastern Europe have good potentials as well. China is finally moving as China UnionPay starts to replace its POS terminals," says Terry Xie, Director of Mercator Advisory Group's International Payments Advisory Service and principal analyst on the report. "But the U.S., still on the sideline though neighbor pressure from Canada and Mexico, could start to break the ice."

Highlights of the report include:

  • EMV penetration among card issuance and acceptance continues to rise. However, the growth rate has slowed down significantly from previous years.
  • Most of the growth in the EMV market over the next two years will be in Europe and Canada which is moving forward with its own migration. China and Latin America represent future growth opportunities, but will take time to develop.
  • EMV has been quite successful in reducing lost-and-stolen and mail-not-receipt card frauds. But the industry still has its work cut out to deal with increasing CNP and counterfeit card frauds in the international and e-Commerce markets.
  • Liability shift and neighbor pressures, among other factors, will likely be an increasing factor in driving EMV migration and penetration forward in the global markets.
  • The European market, which faces a Dec. 2010 migration deadline, will remain strong over the next two years, even though the global economic downturn might slow down the process in 2009, but this is expected to be compensated by growth in 2010.
This report contains 35 pages and 5 exhibits.

Companies mentioned in this report include: American Express, Barclays, China UnionPay, EMVco, First Data, Garanti Bank, Gemalto, Inside Contactless, MasterCard, Nationwide, Poste Italiane, Royal Bank of Scotland, S1 Postilion, Sagem Orga, TSYS Card Tech, Visa, Xiring, among others.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at .

For more information and media inquiries, please call Mercator Advisory Group's main line: (78... or send E-mail to info @

Source: Company Press Release

Reblog this post [with Zemanta]

Downloads: iTunes, .99 cents, Kazaa: $80,000

When it comes to downloading music over the web, it seems that iTunes has a big pricing advantage over Kazaa.  You can buy a song from iTunes for .69 cents, .99 cents or their most expensive one, $1.29.

Or you could go download songs at Kazaa to the tune of $80,000 each, (Do you need to buy 24 to get that price?)  That's right.  24 songs for the bargain basement price of $1.92 million dollars.  Maybe it costs less if you don't live in Minnesota.  Oh...and Stay tuned!

E-Commerce News: Law: The Music Industry's $2 Million Can of Worms
By Chris Williams|AP

The jury's determination that defendant Jammie Thomas-Rasset must pay $1.92 million to the RIAA for making 24 songs available on the P2P network Kazaa seems at first glance to be a big victory for the music industry. However, the size of the penalty itself may provide grounds for appeal. It bolsters the argument that the copyright system is broken, suggests EFF attorney Fred von Lohmann.

Continue Reading

, , , , , ,

Hackers Imitate Websites of Russian Banks

Editor's Note:  As I've mentioned in past posts, the threat of "cloned bank websites" looms large and HomeATM can eliminate this threat by allowing banks to enable their customers to "log-in" to their website with our  PCI 2.0 Certified PIN Entry Device.  If it is a cloned site, they won't have the key to dekrypt the encrypted data and therefore log-in will fail.  On the flip-side, if they continue with "Username/Password" log-in, these cloned websites will successfully fool bank customers into providing their log-in credentials, which helps no one but the hackers.

Hackers imitate websites of Russian banks /
Hackers imitate websites of Russian banks

The Central Bank of Russia has issued a warning that websites have appeared on the Internet that imitate those of several Russian credit organizations, reports. The sites use addresses similar to those of the organizations they imitate but provide false information about them.

The national bank warns that entering (translation: "typing") personal information on those sites could lead to negative consequences for the client and the bank.

To combat the false websites, the Central Bank has posted a list of correct Internet addresses for Russian banks on its website. 

Editor's Note: And I'm sure that ALL their customers will pour over that list with great attention prior to logging-on to their online banking accounts, thereby ensuring that these "cloned bank websites" are not successful...

The website of the Central Bank of Russia now contains 1040 Internet addresses of 880 Russian banks. There are over 1000 banks operating in Russia at present.

, , , , ,

Western Union Introduces Digital Vendors for Mobile Banking Platforms

The Western Union Company (NYSE: WU), a global leader in money-transfer services, announced today the launch of its Digital Vendor Program intended to extend the reach and accessibility of Western Union Money Transfer(r) services to mobile finance initiatives in Latin America, Africa, the Middle East and Asia.
“Establishing a strong mobile vendor program is a critical step in the delivery of our ‘Western Union Anywhere’ service proposition,” said Matt Dill, SVP and Head of Western Union Digital Ventures. “By collaborating on a global level with proven mobile platform providers, we believe we can simplify deployments for our mobile partners and introduce a more consistent Western Union experience for consumers.”

Western Union entered the mobile finance space in the second quarter of 2008, with an endorsement for a global pilot program by the GSM Association, a global trade association representing more than 750 mobile operators worldwide.

The first providers to join the certification program are four mobile finance platform providers with both active and planned service implementations: South Africa-based Fundamo, India-based mChek, U.S.-based Sybase 365 and Singapore-based Utiba Pte.

Successful mobile money service offerings are typically deployed on a single-country basis and include three service providers working together in a single “mobile finance ecosystem.” Participants include mobile network operators, with well-known consumer brands and large mobile subscriber bases; financial institutions, with the legal and regulatory authority to store and hold money; and mobile platform providers (often called m-wallet or m-banking platforms) capable of managing account interaction between the consumer handset, the wireless network and the financial institution. Western Union connects into this ecosystem, providing money transfer capability under a global brand with proven speed and reliability.

“There are a lot of pieces that have to fall into place to deliver on the promise of mobile financial services,” said Red Gillen, Senior Analyst Alternative Payments for Celent. “Western Union is taking steps to remove technology barriers and make it easier for its partners to launch a global money transfer service, and that can only be a net positive.”

Western Union is certifying mobile platform vendors to reduce integration costs and accelerate go-to-market activities for banks and mobile operators by creating standard technical deployments.

Once a bank or mobile operator contracts with Western Union to activate the Western Union(r) Mobile Money Transfer service, its consumers will be able to send and/or receive money through Western Union’s global money transfer system, connected to more than 334,000 Agent locations in 200 countries and territories. (ANI)

, ,

Prepaid Cards = Electric Money & Not Protected by FSCS

Warning on prepay card protection as millions of pounds of holidaymakers' money may be at risk

By Jo Thornhill

Holidaymakers, students and others who use popular prepay cards are being warned that they are not covered by the depositor protection scheme and are at risk if the issuing company goes bust.

Consumers are expected to load £50 million on to cards this summer. This would be twice the sum spent last year and indicates the dramatic increase in the use of the cards.

They typically allow a maximum of £3,500 to be loaded, although some, including IDT Prime and Cashplus MasterCard Gold, accept far more. The Payzone Worldwide Money Master-Card allows cardholders to load up to £10,000.

Once loaded, the chip-and-pin cards --usually Visa, MasterCard or Maestro --are used to buy goods and services or withdraw cash. They are especially popular with holidaymakers as cash can be loaded in foreign currency.  Parents also use them to give children pocket money or emergency cash and the cards are widely promoted by the Post Office, among others.But prepay cards are not covered by the Financial Services Compensation Scheme so the money stored on them is potentially at risk.

The FSCS views the card as electronic money, not as deposits, and therefore outside its remit.

Continue Reading

Forbes: Twitter Considering eCommerce as Revenue Stream

Twitter Considers E-Commerce As A Possible Revenue Stream -
Each month, a few additional details about Twitter’s plans to make money trickle out, although so far nothing has come from any of them.

The latest possibility: Twitter board member Todd Chaffee tells the NYT that the company could make money from e-commerce.

He notes that many people are already using Twitter to get product recommendations and companies are using the service to promote their products so it would follow that people might want to buy items straight from the site.

The connection makes lots of sense, considering that businesses have proven that it is possible to sell products via their Twitter accounts. For instance, Dell ( DELL - news - people ) announced last week that $3 million of its product sales could be directly attributed to its Twitter account.

But Chaffee’s comments show that the company is not really getting any closer to figuring out how to make money.

Over the last year, representatives have thrown out various possibilities but they then seem to either not bring them up again or contradict them. At our own EconSM conference a month ago, for instance, Twitter director of business development Kevin Thau said that the company was looking at a three-pronged revenue stream.

Continue Reading at Forbes

, , , ,

Debit On, Debit Off

Veritec Introduces Its Mobile Toggle (Debit) Card Solution Debit card sponsors and issuers of Veritec's card solution empower their cardholders with
the ability to combat unpermitted and fraudulent use of their debit cards by turning their cards "on" and "off" with their mobile phones

GOLDEN VALLEY, Minn., Jun 22, 2009 (BUSINESS WIRE) -- Veritec, Inc. (Pink Sheets: VRTC), a pioneer and developer of proprietary two-dimensional matrix technology and developer of mobile banking debit card solutions, today announced the release of its MTC(TM) Mobile Toggle Card Program on the company's mobile banking software platform.

Veritec's mobile banking software platform is a debit, pre-paid and gift card solution that is licensed by Veritec's wholly owned subsidiary, Veritec Financial Systems, Inc. ("VTFS"), to debit card issuers and sponsoring organizations. Under the MTC(TM) Program, card issuers and sponsors may provide
Veritec's MTC(TM) branded debit or gift cards to individuals with and without demand deposit accounts (e.g., the latter the "under-banked"). With an MTC(TM) card the cardholders are empowered to combat unpermitted and fraudulent use of
their debit cards by "toggling" their cards "on" and "off" with their mobile phones. In addition to this toggling feature, cardholders may apply for their cards online, arrange for direct deposits to be made to their cards, and transfer money to their card from another account. Cardholders may also elect to receive various alerts on their mobile phones about activity on their card.

In addition to the MTC(TM) branded program, VTFS also enables card issuers and sponsors to issue debit, pre-paid and gift cards under their own branded programs through licensed use of the mobile banking platform and VTFS' provision
of related professional services.
Veritec's mobile banking solution also enables debit card programs to be processed in either an open or closed loop processing environment. In addition to its front-end licensing and professional services, VTFS also provides back-end card processing services to the card issuing institutions for all cardholder transactions on the licensed platform.

"Veritec's mobile banking platform and its MTC(TM) Program is a significant advance forward in mobile banking technology and it brings an amazing amount of value to card issuing and sponsoring organizations, whether they be commercial or government," said Jeff Hattara, President and CEO of Veritec, Inc. "For cardholders, the Program is a wonderful tool that helps enable cardholders to manage their money more securely. It is also a powerful tool that helps
cardholders combat unpermitted and fraudulent use of their debit cards by turning their cards "on" and "off" with their mobile phones. People no longer have to completely rely on their card issuers to monitor possible fraudulent
activity on their accounts. Cardholders can now de-activate their cards themselves, in real time, any time they choose to do so."

MTC(TM) Program debit and gift cards on Veritec's mobile banking platform will begin being issued by Security First Bank of Fresno, California as early as July, 2009.

About Veritec, Inc. and VTFS

Veritec, Inc. is a pioneer and developer of proprietary two-dimensional matrix technology. The company's portfolio of products includes its proprietary VeriCode(R) and VSCode(R) 2D matrix symbology solutions, BioID - VSCode(R)
multi-purpose card solutions, and suite of products known as PhoneCodes(TM) for delivering electronic tickets, coupons and gift cards to mobile devices ( Veritec Financial Systems, Inc. is a wholly owned subsidiary of Veritec, Inc. VTFS develops and licenses mobile banking debit, gift and prepaid card solutions and serves as a third party processor to banks for debit card transactions on the company's mobile banking platform (

About Security First Bank

Security First Bank is a California commercial bank authorized to engage in the commercial banking business. The Bank operates from its main office in Fresno, California. The Bank offers a wide variety of deposit, loan and other financial
products and services.

Source: Veritec Company Press Release

The Golden Cash Botnet

Editors Note:  This is the "type" of stuff that people will become more aware of as time goes by.  It is not, and will not, EVER be safe to "TYPE" your credit card information into your Personal Computer.  Period.  End of Story.  It MUST be done "outside the browser space."  Our message is simple, consistent...and right on.  As time goes by, you will realize this to be fact and when you go "buy" (online) it will be done outside the browser space, preferably with a PCI 2.0 PED.  Here's a story from Internet News that should give you a better perspective of the realities and dangers  involved with using your PC to make online purchases...etc.

A new report from Finjan says that the latest criminal markets are more sophisticated than ever before.
By Alex Goldman | Source: Finjan

It's easier than ever to get access to an unsuspecting PC user's system -- all it takes is money.

According to a new report from security firm
Finjan, says theere are sophisticated trading platforms designed to facilitate the sale of access to hacked PCs for the purpose of stealing user data, sending spam, and other malicious tasks.

"Criminals have built the equvalent of eBay, a source which provides everything a hacker may need," Finjan CTO Yuval Ben-Itzhak told "
People are not even aware their computer is controlled and is an asset that one person is buying and another is selling."

Finjan examined in detail a platform called the Golden Cash network and botnet, where criminals sell infected PCs that include government and corporate computers, not just home users' PCs, according to Ben-Itzhak.

He said that one criminal might install scareware on a PC, steal a user's credit card information, and sell the PC to someone else who would install malware that would lurk and steal e-mail accounts, or who would wait until the user logged in to their bank account and steal that, as well.  Then that criminal could sell the PC to a third person, who would use it to send spam.

As a result, users should not assume they're safe even while behind the corporate firewall.

"It's a big mistake," Ben-Itzhak said. "Earlier this year ... we reported a botnet of 2 million PCs [and] there were many government-owned PCs and many PCs of public companies on the list.

Continue Reading at Internet News

, ,

Gartner: Worldwide Security Software Revenue up 18.6% in 2008

Worldwide security software market revenue totalled $13.5 billion in 2008, an increase of 18.6 per cent from 2007 revenue of $11.3 billion, according to Gartner. Analysts said there was an increasing demand for appliance-based products, particularly within certain segments such as, e-mail security and secure web gateway markets.
“In 2008, the security market did not show any noticeable impact from the economic downturn,” said Ruggero Contu, principal research analyst at Gartner. “A double-digit growth in a challenging economic climate shows that security remains a key priority for CIOs and IT security leaders.”

Globally, data security and privacy, along with the need to protect IT infrastructure from the ever increasing sophisticated and targeted attacks, are among the key drivers fuelling the growth of IT security software spending. For organizations operating in North America and Western Europe, compliance was among the major drivers.

The combined top five vendors’ market share is gradually falling in favour of smaller players, a sign that security remains a dynamic market where smaller players, new entrants and specialist vendors provide an effective challenge to the established leaders.

Symantec continued to be the market leader, as it accounted for 22 per cent of worldwide security software in 2008. However, the company’s market share was down from 2007 when it accounted for 24.4 per cent of the market. McAfee experienced the strongest growth rate among the top five vendors, as its revenue increased 20.5 per cent in 2008.

Continue Reading

, , , , ,

Disqus for ePayment News