Friday, August 28, 2009

Debit Gets a Boost

Financially strapped boost payment alternatives

Debit cards are fast becoming the payment instrument of choice for U.S. consumers. According to Visa Inc., the value of purchases made using Visa-branded debit cards in 2008 surpassed dollars spent using Visa credit cards for the first time. For many consumers who have made the switch, there may be no turning back.

Read entire story

Bank Info Security Reviews Financial Institution Breaches

A Review of the Types and Trends of Data Breaches Involving Financial Institutions

August 28, 2009 - Linda McGlasson, Managing Editor

There have been 356 data breaches so far in 2009, according to the Identity Theft Resource Center (ITRC). And 46 of those breaches have involved financial institutions - up from 34 at this same time last year.

In reviewing these 46 incidents (see interactive timeline w/details of each breach), one finds goods news and bad, according to ITRC executive director Linda Foley.

The good news, Foley says, is that, based on percentages,
financial institutions consistently have lower percentages of data
breaches than other organizations. "This means they're doing a better
job of controlling and protecting their data," she says.

The bad news is when financial institutions - or their
third-party service providers -- are breached ... it's big. Example:
the Heartland Payment Systems
breach, which resulted in the compromise of 130 million credit and
debit cards. Financial data -- bank account numbers, social security
numbers, and other personal identifying information - is invaluable to
hackers, and its loss is costly to consumers.

Continue Reading at Bank Info Security

Moneta Raises $4 Combat PayPal

MonetaAtlanta-based startup Moneta raises $4M, to combat Paypal

ATLANTA - Moneta, a startup that says it will challenge PayPal for online payment services, has closed on $4 million in venture funding.

The Atlanta Business Chronicle reported the funding on Friday. One of Moneta’s partners is Delta Airlines.

In 2007, Moneta purchased the retail payments product from CheckFree. The system transfers money directly from the buyer’s checking account to participating merchants with lower fees than those required by charge cards.

CheckFree had offered the program for more than two years. Financial terms were not disclosed. The deal includes all customer accounts for the service. CheckFree also will provide Moneta with payment processing services.

Reblog this post [with Zemanta]

Voltage Security Bolts to Record Setting First Half

Voltage Security Finishes Record-Setting First Half Highlighted by Diversified End-to-End Data Protection Solutions

Total contract value of deals in the first half grows by over 70%

Palo Alto, California–August 25, 2009–Voltage Security, Inc., (, the global leader in end-to-end data protection, today announced another record finish to the first half of their fiscal year ended July 31, 2009. The period ended with the highest revenue quarter in the company’s history, a 35% growth over the same period last year. In addition, the company was cash flow positive from operations and profitable for the quarter. Total contract value of deals in the first half grew by over 70%.

The company also announced a 34% increase in total customer count over the past 12 months to reach more than 780 enterprise customers and more than 3,000,000 total licensed users. During the period, several seven figure deals were closed including the largest in the company’s history.

Voltage Data Breach Index“Our recent success, especially noteworthy given the tough economic climate, reflects three major benefits of our end-to-end data protection approach: we offer a diverse and complete product set that is well aligned to large enterprise environments, provide products that scale the most cost efficiently, and offer customers the most rapidly deployable solutions in the market,” said Sathvik Krishnamurthy, president and CEO of Voltage Security. “We are finding enterprise customers want a holistic approach for data protection versus a piecemeal or point-to-point approach. Ultimately cost efficiencies are strongest when all of the moving parts are designed to work together.”

Growth Driven by Diversified Product Portfolio

Large enterprise customers are increasingly turning to Voltage to solve their corporate-wide encryption needs which center around securing sensitive and confidential employee and customer data inside applications, databases, emails, files and documents.

Milestones included:

  • One of the world’s largest telecommunications companies,
    a Fortune 50 company, licensed the entire product suite including
    Voltage SecureMail™ and Voltage SecureData™ for enterprise-wide
    deployment, enabling hundreds of thousands of employees and business
    partners to send and receive secure email, and protecting private
    customer data in thousands of applications throughout the organization.

  • Heartland Payment Systems,
    a leading payment processor, selected Voltage Security as a partner to
    develop end-to-end encryption specifically suited to payments
    processing. Heartland also licensed Voltage SecureMail™ and Voltage
    SecureFile™ to protect personal information throughout its corporate
    and extended business network. Click here for more information.

  • Wells Fargo & Company,
    one of the nation’s largest banks, announced it had selected and
    deployed Voltage SecureMail™ to secure email between Wells Fargo team
    members, customers vendors and extended business partners. Click here for more information

Early Vision Being Realized

Adding to the popularity of Voltage end-to-end data protection solutions is the ease provided by the underlying key management architecture.

“We’ve always understood that the way to make encryption work for large-scale deployments is through simplified key management,” continued Krishnamurthy. “Now, we are seeing our vision reach a tipping point where enterprises have an urgent need to comprehensively protect information, and we offer them a complete family of easy to deploy, scalable, cost-efficient and powerful solutions.”

The flagship Voltage SecureMail™, powered by Voltage Identity-Based Encryption™ (IBE), is consistently selected for the largest enterprise-wide implementations in corporate America with typical deployments in the 50,000 to 500,000 employee range.  Voltage SecureData™, by reducing audit scope and ongoing operational cost, is experiencing a rapid increase in demand and quickly establishing itself as the preferred solution for end-to-end encryption and stateless tokenization.

Enterprise Customers Representing a Wide-Variety of Industries

A wide-variety of enterprise customers are increasingly turning to Voltage to protect information throughout their organizations and beyond. A selection of new customers includes:

  • Fortune 100 global payments and travel company

  • Fortune 100 provider of property and casualty insurance for auto, home and business

  • Fortune 200 global media and entertainment company

  • Fortune 500 provider of financial services to institutional investors

Voltage Standardization Initiatives Continue

Voltage continues to participate in a number of industry standardization initiatives including:

  • NIST
    (National Institute of Standards and Technology) is reviewing Feistel
    Finite Set Encryption Mode (FFSEM), designed to encrypt smaller blocks
    of data in a manner that preserves the format of data – see the
    Computer Security Division annual report

  • PCI
    Security Standards Council – Voltage is a participating organization
    and is a strong advocate of end-to-end encryption and tokenization
    technologies as effective mechanisms for the reduction of audit scope

  • IEEE–
    Voltage is involved in developing the P1619.3 key management protocol
    and the P1363.3 pairing-based public key cryptography standard

  • ASC X9 – Voltage is participating in the F1, F4 and F6 efforts to protect payment data

  • IETF
    – Voltage-contributed RFCs 5048, 5049 and 509 which cover open
    standards for Identity-Based Encryption and have now been approved.

  • Most
    recently, Voltage was one of the few security vendors that participated
    in the National Cyber Leap Year Summit. This invitation-only event was
    organized by the White House Office of Science and Technology Policy
    and the Federal Networking and Information Technology Research and
    Development Program, and was designed to provide expert advice to the
    government on the best ways to address today's most pressing
    cyber-security problems.

About Voltage Security

Voltage Security, Inc., an enterprise security company, is an encryption innovator and global leader in end-to-end data protection. Voltage solutions, based on next generation cryptography, provide end-to-end encryption, tokenization and stateless key management for protecting valuable, regulated and sensitive information based on policy. Voltage products enable reduction in audit scope with rapid implementation and the lowest total cost of ownership in the industry through the use of award-winning cryptographic solutions, including Voltage Identity-Based Encryption™ (IBE) and a new breakthrough innovation: Format-Preserving Encryption™ (FPE). Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureFile™ and the Voltage Security Network™ (VSN), an on-demand managed service for the extended business network.

As a service to the industry and general public, the company maintains the Voltage Data Breach Index and Map which is continuously updated with global data breach information: . The Company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. Customers include Global 1000 companies in banking, retail, insurance, energy, healthcare and government. To learn more about Voltage customers and sign up for the customer news letter please visit


Reblog this post [with Zemanta]

Attack of the Tweets: Major Twitter Flaw Exposed

U.K. researcher says vulnerability in Twitter API lets an attacker take over a victim's account -- with a tweet

By Kelly Jackson Higgins
- arkReading

A newly exposed cross-site scripting (XSS) vulnerability in Twitter
lets an attacker wrest control of a victim's account merely by sending
him or her a tweet.

U.K. researcher James Slater reported the serious flaw earlier this
week, and now says Twitter's fix in response to his disclosure doesn't
actually fix the problem. "It seems they've made a pretty amateurish
attempt to fix the issue, completely missing the massive problem
staring them in the face," Slater said in his blog.

The attack basically exploits an input validation weakness in a field
of the form used for adding third-party Twitter clients, such as
TweetDeck and Twitterific. The form doesn't fully vet what can go in
that box, Slater said, so an attacker can put JavaScript tags there as
well as raw HTML code, for instance. "Whatever I type in that box will
appear at the end of my tweets," he blogged in a follow-up post. "Anyone who sees that tweet will then be viewing that code."

Continue "Dark Reading"

Reblog this post [with Zemanta]

Disqus for ePayment News