Friday, September 4, 2009

FIS and Metavante Receive DoJ Clearance to Proceed with Merger

Fidelity National Information Services, Inc. and Metavante Technologies, Inc., Receive Department of Justice Clearance to Proceed with Planned Merger
  • Press Release

  • Source: Fidelity National Information Services, Inc.

  • PIN Payments Blog

JACKSONVILLE, Fla. and MILWAUKEE, Sept. 3 /PRNewswire-FirstCall/ -- Fidelity National Information Services, Inc. (NYSE: FIS - News) and Metavante Technologies, Inc. (NYSE: MV - News) today announced that the companies have received clearance from the U.S. Department of Justice to complete their proposed merger without conditions. Completion of the merger remains subject to receipt of FIS and Metavante shareholder approvals, and other customary closing conditions.

FIS will hold a special meeting of its shareholders on September 4, 2009 to vote on the issuance of FIS common stock in connection with the merger of Metavante into a wholly owned subsidiary of FIS, and to vote on the issuance of approximately 16 million shares of FIS common stock to affiliates of Thomas H. Lee Partners, L.P. and Fidelity National Financial, Inc. in connection with the equity investments in FIS to be made by those parties coincidentally with the completion of the merger. FIS shareholders of record as of June 29, 2009, will be entitled to vote at the special meeting. Metavante will also hold a special meeting of its shareholders on September 4, 2009 to vote on the approval of the merger agreement. Metavante shareholders of record as of June 29, 2009, will be entitled to vote at the special meeting.

FIS and Metavante expect the merger to close during the fourth quarter of 2009.

About Fidelity National Information Services, Inc.

Fidelity National Information Services, Inc. (NYSE: FIS - News), a member of the S&P 500 Index, is a leading provider of core processing for financial institutions; card issuer and transaction processing services; and outsourcing services to financial institutions and retailers. FIS has processing and technology relationships with 40 of the top 50 global banks, including nine of the top 10. FIS is a member of the S&P 500 Index and has been ranked the number one banking technology provider in the world by American Banker and the research firm Financial Insights in the annual FinTech 100 rankings. Headquartered in Jacksonville, Fla., FIS maintains a strong global presence, serving more than 14,000 financial institutions in more than 90 countries worldwide. For more information on FIS, please visit

About Metavante

Metavante Technologies, Inc. (NYSE: MV - News) is the parent company of Metavante Corporation. Metavante Corporation delivers banking and payments technologies to approximately 8,000 financial services firms and businesses worldwide. Metavante products and services drive account processing for deposit, loan and trust systems, image-based and conventional check processing, electronic funds transfer, consumer healthcare payments, electronic presentment and payment, outsourcing, and payment network solutions including the NYCE Network, a leading ATM/PIN debit network. Metavante ( is headquartered in Milwaukee. Metavante and NYCE are registered trademarks of Metavante Corporation, which is the principal subsidiary of Metavante Technologies, Inc.

Anita Ramasastry

Heartbreak over Heartland: Why Prosecution for Data Breaches Isn't Enough


Friday, September 4, 2009

Debit card users often feel safe because their cards are PIN-protected. But recent events show that, like credit cards, debit cards can be compromised, when the databases of large retail merchants or card processors are hacked.(Editor's Note:  Clarification...she's talking about the PAN, (Primary Account Number)  not the PIN.  Like Credit Cards, "Signature Debit Cards can be easily hacked.   All you need is the PAN.  The PIN provides an additional layer of security, which is why Signature Debit cards are 15 times more likely to be fraudulent than PIN Debit Cards)

In late August, the U.S. Department of Justice issued indictments in what is, to date, the largest data breach in the United States – with over 130 million credit and debit card numbers compromised. (Editor's Note:  When PIN"s get hacked, there will be an exponentially greater fuss)  Albert Gonzalez, 28, of Miami, Florida, and two unnamed co-conspirators allegedly used an intricate hacking techniques to break past computer firewalls and gain access to this confidential information, as well as to intercept packets of data that were being transmitted in real time.

When a credit or debit card is used, the card numbers are stored  (Editor's Note:  Therein lies the problem...if merchants didn't "store it" or "handle it" as is the case with a HomeATM transaction, the hackers have nothing to hack) so that the information can be transmitted back to your bank for withdrawal of funds or billing to your statement. Companies are required by various regulations and industry rules to have security measures that will safeguard sensitive customer data. However, hackers can and will try to outsmart the best security measures. (Outsmart this:  With no data stored or handled, what can hackers hope to achieve?)

In this column, I will discuss the recent security breach and some of its implications and costs. While the arrest of the alleged hacker is important, it remains to be seen whether this action will be an effective deterrent to others. Moreover, after-the-fact arrests are not enough: There needs to be a renewed focus on security standards within the card industry.  (Editor's Note:  When it comes to eCommerce, fraud is exponentially worse.  Card NOT Present Fraud is the leader.  So, if you want to eliminate Card NOT Present fraud, you must eliminate the "Card NOT Present" environment.  How do you do that?  It's simple  Swipe vs. Type and voilla! you've got yourself a "Card Present" transaction.   Make Sense?  You bet it does.)  

The Recent Indictment

In late August, the Acting U.S. Attorney for New Jersey announced an indictment against Gonzales and his two unidentified co-conspirators. The three are charged with a scheme involving five corporate data breaches, including the single largest reported data breach in U.S. history. The scheme is believed to constitute the largest hacking and identity theft case Justice has ever prosecuted.

According to the indictment, 130 million credit and debit card numbers, together with account information, were stolen from Heartland Payment Systems, Inc., based in Princeton, N.J.; 7-Eleven, Inc.; Hannaford Brothers Co., which operates grocery stores in Maine and Massachusetts; and two other, unidentified corporations.

Between October 2006 and May 2008, Gonzalez is alleged to have acted with his two coconspirators to select large corporations, and identify security vulnerabilities, both by in-person observation and by online investigation. For example, according to the indictment, Gonzalez and an individual identified only as "P.T." would visit the retail locations of their potential victim companies, seeking to identify the type of checkout machines and card readers they used.

The indictment alleges that, after this reconnaissance was completed, the three conspirators would upload information to servers – which served as hacking platforms – that were located in New Jersey and several foreign countries. The three conspirators allegedly used the servers first to store information critical to their hacking schemes, and then to launch their attacks. Through these attacks, the indictment alleges, they installed "sniffers" that conducted real-time interception of credit and debit card data being processed by the corporate victims' servers.

As noted above, the results were staggering: Reportedly, more than 130 million card numbers were stolen.

Is Our Data Secure? (Editor's Answer:  Not until it is no longer stored, handled and if it's end-to-end-encrypted during tranmission)

We have a strong legal structure that kicks in after an infraction; both federal regulations and card industry rules provide consumers with great protections if someone steals their card or card numbers. (Editor's Note:  I would  eliminate the word "great")

But it is still a headache (I would replace "headache" with "extremely inconvenient")  for the consumer to report false charges and get them erased, make sure money fraudulently transferred from bank accounts is replaced, and procure replacement cards. Moreover, such breaches are costly to companies and banks, and the costs get passed on to cardholders in the form of higher fees, interest rates and the like.

That raises a pressing question: Can more be done to prevent this kind of hacking activity?

Editor's Note:  In a word, YES.

Reblog this post [with Zemanta]

Tim Hortons Adds MasterCard PayPass for U.S. Stores

Following the announcement that Whataburger has added MasterCard PayPass at its U.S. locations, MasterCard Worldwide has announced that Tim Hortons is now accepting MasterCard PayPass at its more than 400 U.S. locations.
In addition to accepting traditional magnetic-stripe cards, Tim Hortons now enables its U.S. customers to make their purchases by simply tapping their MasterCard PayPass card or device at checkout, for faster transactions, greater payment flexibility and less time spent waiting in line.

Tim Hortons first began accepting MasterCard PayPass in many of its 3,000 stores in Canada.
With MasterCard PayPass, Tim Hortons customers simply tap their PayPass-enabled MasterCard card or device on a PayPass-accepting reader at check-out.

MasterCard PayPass also does not require customers to sign receipts for purchases under $25, further speeding up the transaction.

Continue Reading at QSRWeb

Reblog this post [with Zemanta]

Need More (on) Cynergy?

Cynergy Is an Example of Economic Stresses on ISOs, Experts Say - Digital Transaction News

Tuesday’s news that Cynergy Data was filing for bankruptcy and planning to sell its assets (PIN Debit Payments Blog: Cynergy Data Files for Chapter 11) serves as perhaps an extreme example of the fierce toll the recession is taking on independent sales organizations, observers say. Indeed, some say the ravages of reduced payment volumes, failed merchants, and squeezed margins could well shutter more ISOs, or send more into bankruptcy protection, before the year is out. “I think we’re going to see more going down,” says Richard W. Noble, chief executive of BCC Merchant Solutions, a North Kansas City, Mo.-based ISO

Fourteen-year-old Cynergy Data blamed a weak economy and an “unsustainable debt load “ for its decision to seek Chapter 11 protection and sell its assets to The ComVest Group, a private-equity firm with controlling interests in other ISOs, including Pipeline Data Inc., Cardaccept Inc.,,, and Northern Merchant Services Inc. (Digital Transactions News, Sept. 1). ComVest’s managing partner is Pete Kight, the founder and long-time chief executive of CheckFree Corp., now part of Fiserv Inc.

Continue Reading at DTN

Reblog this post [with Zemanta]

MoneyGram International Introduces Text Message Receive Notice

MoneyGram International has announced that members of its MoneyGram Rewards program can now be notified via SMS text message that a money transfer transaction has been picked up by the receiver. SMS Receive Notice has been launched in the U.S., France, Germany and Spain.

The MoneyGram Rewards program provides members with discounts on money transfers, as well as services designed to empower them with "bank-like" control over their money transfer activity, including a personalized card for expediting transfers, quarterly statements, email notifications when transfers are received, and the ability to manage their account and profile online. To receive text message notifications, customers must enroll in the MoneyGram Rewards program online, or ask a MoneyGram service agent to enroll them at the time of a transaction...

Continue Reading at Colloquoy

Reblog this post [with Zemanta]

BlackBerry Secures Biz Transactions with certgate


Secure business transactions using BlackBerry devices

Posted on 04 September 2009.

Certgate in cooperation with the informatics centre of the (mutual) savings bank organization SIZ extended secure mobile business transactions to BlackBerry devices. certgate SmartCard microSD with its built-in cryptographic chip enables Distributed Electronic Signature (DES) with EBICS through a secure SSL connection. As a result, more decision makers frequently traveling for business can now authorize urgent financial transactions in a secure fashion away from their desks.

Technical details:

The personal key needed for a secure electronic signature is stored on certgate SmartCard microSD. The EBICS remote server connection is SSL-encrypted. Users download all orders ready for signing through a secure connection with their mobile devices. They then select a transaction to be signed, create a valid electronic signature and return the encrypted document. The bank's EBICS server indicates to the authorized user the number of required signatures and how many have been given.

EBICS and electronic signature:

EBICS (Electronic Banking Internet Communication Standard) is a standard in German banking business supporting internet-based communication for electronic banking. EBICS transactions provide the basis for transfer of encrypted orders to the bank-specific target system. Transferred data must be signed by one or more authorized individuals according to a pre-defined signature category. certgate SmartCard microSD PKI is suited for use as a signature card with EBICS and meets the high standards of the German Signature Law (SigG).

Reality Check: Web Threats (Video)

sponsored by TippingPoint

Premiered:  26 Aug 2009
Language:  English

In this video, security expert Lenny Zeltser explores today's emerging Internet security threats to help organizations fine-tune their defenses. Lenny examines attack patterns that have included the use of email as a gateway for fraud, the mighty power of network bots, the fertile ecosystem for web-based attacks, and the increased precision of modern attacks.

The presentation presents lots of real-world examples of cyber attacks, and discusses the financial incentives behind the malicious activities that occur on the Internet. This timely talk will cover:

  • What is driving modern-day attackers to large-scale and targeted attacks

  • Which recent breaches exemplify threat categories organizations need to track

  • The approaches Internet criminals employ to trick victims and bypass defenses

  • Whether you should adjust security architecture to match today's threat landscape

Lenny Zeltser

Security Consulting Manager, Savvis

Lenny Zeltser leads a security consulting team at Savvis. He is also a board of directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the SANS Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books. Lenny is one of the few individuals in the world who has earned the highly regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. For more information about his projects, see

Disqus for ePayment News