Wednesday, September 16, 2009

49% of Consumers Worldwide Would Switch Banks if Victim of Card Fraud

"49% of consumers across eight countries would consider switching or definitely switch banks if they or someone they knew was hit by card fraud"

I'd say it's time for banks to ditch the username/password/20 questions game and start "genuinely" authenticating online banking sessions by requiring users to swipe their card and enter their PIN. You know, the same way their customers access cash at an ATM.

The current system benefits only the bad guys.

Banks cannot continue on their current path. Asking questions such as:  What's your mother's maiden name,

What's the make of your first car,  What is the First Letter of the Middle Initial of your Second dog...all that kinda stuff, is not's either accessible at social networking sites or available by simple keylogging schemes.

But  converting customers to Swiping vs. Typing, that's genuine authentication.  Especially the way HomeATM instantaneously encrypts the cardholder data.  Financial institutions would enhance their image by providing their customers with an encryption enabled online banking log-in. There's proof of this.  Look to Barclays who has already distributed well over a million of their PINSentry devices.

It's not a coincidence that Barclays bank was recently rated #1 for providing the most secure online banking application in the U.K. Why? Because they require their online banking customers to use their PINSentry device for two-factor authentication.

"Barclays was the only one of the 10 banks surveyed to get a rating of 'excellent'. The company requires all its online customers to use a "two-factor authentication" (2FA) system involving a PINsentry device which generates a one-time password for each session".

"HomeATM is far more useful than the PINSentry device. It provides not only two-factor authentication log-in, but it does it without generating a one-time password (OTP) which have been recently exposed as hackable. Once the PINSentry device authenticates the user, it's usefulness is done until the next time the user logs in...whereas with HomeATM's device, logging in is only the beginning of what it enables the consumer to do.

Our Slim or SafeTPIN device can be further utilized for online bill payments, (online bill payment customers increase bank profitability by it) person to person money transfers (in real time) secure Internet End-to-End Encrypted Card Present transactions, peace of mind, loyalty, image and brand enhancement and so much more.

So the bottomline is: Would banks prefer risking the loss of 49% of their customers, or would they prefer to provide their customers with a free PCI 2.x Certified PED along with the peace of mind, safety and security of a 2FA 3DES E2EE PCI 2.x "certified" (not compliant, certified) solution which their customers can use in the privacy of their own home. Hmmmm.....

Still Confused as to which way to go: I leave you with this: Court Allows Suit Against Bank Based on Poor Online Banking Log-In

A recent survey by ACI Worldwide of consumers around the world found that one in five have been hit by debit or credit card fraud in past five years. The research, of more than 2,400 consumers across eight countries, also found that if an individual or someone they knew was hit by card fraud:
22 per cent would change financial institutions, and a further

27 per cent would "consider" changing financial institutions.
I'd say it's as easy as 1-2-3:

1- (Issue card)
2- Issue PIN
3. Issue Card Reader/PIN Entry Device

 Of course there's another formula they can use:

Do the math

Reblog this post [with Zemanta]

Outlook Dim in Fight Against CyberCrime - NextGov

Protecting sensitive computer systems and networks from cyberattack requires international standards, but limited experience with Internet crime in developing countries and a reluctance from some nations to participate have stalled cooperation, said a panel of security experts on Monday.

"It's one grid, one global network, and we're all stuck in the same boat," said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. "We need to establish some rules."

President Obama's cybersecurity plan, released in May, stated that "the United States needs to develop a strategy . . . to shape the international environment and bring like-minded nations together on a host of issues, including acceptable norms regarding territorial jurisdiction, sovereign responsibility and use of force." The plan also included among its 10 near-term priorities the development of a framework for international cybersecurity policy.

The obstacle, however, is convincing countries to cooperate with the international effort, including the prosecution of cybercriminals...

Continue Reading

Reblog this post [with Zemanta]

Aldi Never Did Take Credit Cards...

The NACS (National Association of Convenience Stores) is in the midst of it's battle over high interchange fees.  As part of their ongoing PR program to fight these fees, they use Aldi as a poster boy...saying they never did take credit cards, and only accept PIN Debit Cards.  Here's their story:

Aldi Continues to Eschew Credit Cards
Nearly all of the grocer’s locations accept only cash and PIN debit cards.

September 16 - NACS - BATAVIA, Ill. – When most supermarket chains started accepting credit cards in the 1990s, Aldi stood firm. With around U.S. 1,000 stores in 29 states, the grocery chain mostly accepts only cash and PIN-based debit card transactions, Digital Transactions reports.

The only exception is a group of 49 stores in Oklahoma that accept the Discover credit card, charging customers a quarter “convenience” fee for the privilege. “We have no plans to expand that,” said Aldi Vice President Mark Bersted.

Aldi refuses to take credit cards to control costs, given that retailers have to pay interchange fees to process credit card charges. PIN-based debit cards do not have as high a fee associated with it.

“People not using credit cards would be paying for people who do want to use them,” said Bersted. “Because of the very high fees with credit cards, we would be unable to keep our prices as low as they are.”   Visa and MasterCard have made it virtually impossible for merchants to add a surcharge to credit-card transactions, but Discover and American Express Co. have been a bit more flexible in allowing retailers to recoup some of the interchange fees. Last year, Aldi started allowing payments with Visa and MasterCard signature debit cards at its stores in Florida, Minnesota and Oklahoma because of the underdeveloped PIN-debit merchant base, Bersted said.

, , , , , ,

Shift4 Reports Strong Increase in Card Information Replacement Technology (CIRT)

LAS VEGAS, NV -- (Marketwire) -- 09/15/09 -- Shift4 Corporation, a leading developer of enterprise payment solutions, reports strong increase in merchant demand for Card Information Replacement Technology(SM) (CIRT).

Shift4's DOLLARS ON THE NET(TM) payment gateway is fully integrated with CIRT to deliver fast, reliable and secure electronic transactions for merchants of all sizes while greatly simplifying PCI Compliance.

"Shift4 is pleased and encouraged to see others in the payments industry introducing new technologies that may hold the promise of protecting cardholder data (CHD) throughout the entire transaction lifecycle. The market is showing strong demand for technologies that remove sensitive cardholder data from the merchant's payment system and replace it with something that merely represents the real numbers. At this critical point in the vetting of these new technologies, it is essential that merchants seek out and understand the differences between true tokenization and other offerings, which may be called tokenization but are in fact, encryption. Shift4 has been providing true tokenization to our merchants since 2005," said Dave Oder, President and CEO, Shift4 Corporation.

Card Information Replacement Technologies from Shift4 include: 4Go SafeSwipe(TM), i4Go(TM), and tokenization. These offerings safeguard the merchant payment environment by removing and replacing sensitive CHD from the payment process before it enters the Point-of-Sale (POS) system, Property Management System (PMS), or in the world of the Internet, the merchant's site or hosting provider's environment. CIRT simplifies the process of securing sensitive information by preventing it from being stored, processed, or transmitted in the merchant environment, which greatly reduces the cost and complexity of Payment Card Industry (PCI) compliance. Essentially, merchants utilizing CIRT are much more likely to be able to achieve and maintain a state of PCI compliance while concurrently removing all cardholder data from their payment environment.

"As the industry continues to acknowledge and adopt technologies that address Real Security issues, it is important to understand the differences between true tokenization and offerings that are tokenization in name only. There are a lot of adaptations that use the name only but are, in fact, various encryption key handlers, hashing schemes, and 'at-once' transaction schemes. Many of the new end-to-end encryption schemes limit merchants' choices regarding which bank or processor they will be able to work with. By working with Shift4, merchants retain the power of choice and can work with any bank or processor they see as most beneficial to their business," said Steve Sommers, Senior Vice President, Applications Development, Shift4 Corporation.

Tokenization was defined for the first time in the Payment Industry in 2005 at a Security Conference in Las Vegas, Nevada. Shift4's tokenization replaces a card number with a randomly generated unique alphanumeric value that represents the card information for a particular transaction and merchant, used mostly, but not exclusively, for post authorization data retention. In some tokenization in name only adaptations, which use keys or partial keys, a key being compromised would have to be reported as a breach. Since, by definition, Shift4 tokens are not CHD and there are no keys associated with the true token, they have no value if stolen and do not need to be protected under PCI rules.

The power of the true tokenization is the token provider's system. The system must be robust and feature rich to provide the merchant with all the capability they would have if they had retained the card number, including reporting, retrieval, and chargeback defense. Shift4's token is not a key, a partial key, a hash, or any 1-to-1 relationship with a card number and can be stored up to 24 months or as long as the merchant's retention period dictates. This way, the token can be used in any check-in/check-out scenario like hotel and auto-rental, a book and ship scenario of Mail-Order/Telephone-Order (MOTO) and eCommerce, or other scenarios such as "card-on-file" and recurring billing scenarios.

About Shift4 Corporation

Shift4®, a leading developer of secure financial transaction processing software and services, provides web-based, real-time enterprise payment solutions for leaders in the hospitality, retail, food services, auto rental and eCommerce markets. Through connectivity to most major processors, DOLLARS ON THE NET provides both high-speed and low-cost authorizations and settlements for credit, debit, check, private label and gift card transactions. DOLLARS ON THE NET also includes the ability to access, review and edit transactions prior to settlement, as well as a searchable, 24-month archive of transactions for reporting and chargeback defense. For more information, please contact our sales department at (800) 265-5795 or visit

Media Contacts

Randy Carr

Vice President of Marketing

Shift4 Corporation

702-597-2480 ext. 43300

Email Contact

Source: Company Press Release

SANS Report: We're Focusing on the Wrong Security Threats

The Top Cyber Security Risks

Two risks dwarf all others, but organizations fail to mitigate them

Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members. - September 2009


Executive Summary

Priority One: Client-side software that remains unpatched.

Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers when users visit infected web sites. (See Priority Two below for how they compromise the web sites). Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities. Some exploits do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software. The victims' infected computers are then used to propagate the infection and compromise other internal computers and sensitive servers incorrectly thought to be protected from unauthorized access by external entities. In many cases, the ultimate goal of the attacker is to steal data from the target organizations and also to install back doors through which the attackers can return for further exploitation. On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words the highest priority risk is getting less attention than the lower priority risk.

Priority Two: Internet-facing web sites that are vulnerable.

Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most web site owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors that trusted those sites to provide a safe web experience.

Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms.

Other than Conficker/Downadup, no new major worms for OSs were seen in the wild during the reporting period. Even so, the number of attacks against buffer overflow vulnerabilities in Windows tripled from May-June to July-August and constituted over 90% of attacks seen against the Windows operating system.

Click here to Read the Full Report

Reblog this post [with Zemanta]

Video: PCI Compliance Missteps

sponsored by McAfee, Inc.


Interpreting and applying technology and controls to the Payment Card Industry Data Security Standard (PCI DSS) can be confusing. Ed Moyle, Manager, CTG, outlines the common mistakes organizations make when trying to meet a PCI DSS audit and how to avoid them. He also outlines the key areas companies need to focus on when dealing with an assessment, including:

  • Impact of scope

  • Authentication data, and requirements if you encrypt the PAN

  • Issues related to application lifecycle management

  • Areas where documentation is often insufficient

Speaker Ed Moyle Manager, CTG
Ed Moyle is currently a manager with CTG's Information Security Solutions practice, providing strategy, consulting, and solutions to clients worldwide. His previous positions include VP and ISO with Merrill Lynch Investment Managers, Department of Defense JCALS consultant with CSC, and lead developer and manager of Research and Development at ICT. He is also the founding partner of compliance and information security consultancy Security Curve.

Reblog this post [with Zemanta]

UKash Teams with First Atlantic Commerce

Hamilton, Bermuda and London, Sept. 16, 2009 -PIN Payments News Blog- First Atlantic Commerce (FAC), a leading, international, multicurrency online payment and risk management solutions provider, and Ukash, a leading online cash payment solution, have teamed up to offer Ukash payment options to FAC’s merchants in the Latin American Caribbean Region, UK and Europe.

Ukash, which is regulated by the UK Financial Services Authority (FSA), combines the timeless simplicity of cash with the benefits of the internet to create a simple and unique payment solution that allows consumers to buy securely, anonymously and privately online.

FAC, a secure, PCI certified payment gateway that offers a range of payment options to its merchants including Visa, MasterCard, American Express and PayPal, has added Ukash to its payments platform, which means that FAC merchants can now easily accept riskfree cash payments on their website.

The move gives merchants access to, and retention of, new consumer markets including customers that do not want to disclose their financial details online, and those that do not have access to credit and debit cards.

Ukash has become a globally recognized payment method that enables online transactions using cash. Merchants benefit from accepting Ukash because the system opens up new consumer markets, while offering freedom from credit and debit card fraud, repudiations and chargebacks.

FAC merchants can now access Ukash together with PayPal and a range of card brands for credit card processing through a single interface.

Andrea Wilson, FAC’s Chief Executive Officer, said: “We are excited about the addition of Ukash to our payments platform. First Atlantic Commerce continually strives to add value for our merchants, and this integration will give them an additional option for their customers to make online payment for goods and services. It also enables merchants to access additional and alternative payment options in emerging markets like Brazil, Uruguay, Russia and Poland.”

Mark Chirnside, Chief Executive Officer at Ukash, said, “The mission for Ukash is to make online shopping available to anybody, anywhere in the world and this deal with FAC is the next step towards realizing that goal. FAC works across a broad range of exciting sectors on a truly global scale so being added to FAC’s payment platform will make Ukash available to thousands of new merchants who can then enable their customers to enjoy the benefits of using cash to shop, pay and play online.”

For more information on how you can start accepting Ukash via FAC’s platform, contact FAC at or visit Ukash at .

About First Atlantic Commerce

First Atlantic Commerce (FAC) is a leading Internet, multicurrency payment and fraud risk solutions provider. Headquartered in Bermuda, and established in 1998 to create secure cardbased payment solutions for ebusinesses, FAC’s cGate® technology offers service, flexibility and security to adapt to many business and bank acquirer requirements.

FAC provides merchants with multicurrency payment solutions in addition to fraud and data management services including AVS, CVV2/CVC2/CID, 3D

Secure™ and IP Geolocation in multiple jurisdictions across Europe, Asia and the Latin American Caribbean Region. For more information, please visit .

About Ukash

Ukash® is a globally recognised ecommerce payment method to enable online purchases using cash, providing freedom from credit and debit card fraud, repudiations and chargebacks, and protecting personal identity.

Ukash® is regulated by the UK Financial Services Authority (FSA) and operates as one of only a small number of Electronic Money Institutions, a status that allows a single maximum online cash payment transaction of up to £500/€750.

Uniquely numbered Ukash® vouchers are widely available through payment terminals in retail outlets across Europe, South Africa and Australia. From spring 2009, Ukash vouchers have also been issued online from the company’s website in most European territories.

The technology behind Ukash is protected by several patents registered across the Smart Voucher database and functionality and is, as such, protected by Patent Law in all the major economies of the world. Ukash® is a registered trademark of Smart Voucher Ltd.

In 2008, Ukash® established a strategic partnership with South African payments giant Blue Label Telecoms to develop the brand’s services. For more information please visit .

Source: Company press release.

Reblog this post [with Zemanta]

CornerStone to Use Jack Henry & Associates for Automation

Monett, Mo., Sept. 16, 2009 -- Jack Henry & Associates, Inc. (Nasdaq: JKHY), a leading provider of integrated technology solutions and data processing services for financial institutions, today announced that CornerStone State Bank has selected Jack Henry Banking’s Core Director core processing system to provide enterprise-wide automation. This Minnesota-based bank, which has more than $95 million in assets, will implement Core Director in-house.

According to Chad Olness, president of CornerStone State Bank, “Technology is a key component in a bank’s ability to continually enhance the levels of service and convenience it delivers, aggressively and successfully compete, increase profitability and operating efficiencies, and contain operating costs. After a strategic evaluation of our current and long-term technology requirements, we evaluated multiple technology platforms and companies with several fundamental goals. We wanted to streamline our operations and the ongoing support process with a single vendor relationship. We wanted a technology partner that has a large and loyal customer base. We wanted to improve operating efficiencies and reduce our silos of technology with a fully integrated technology platform. And we wanted a core system that has the vendor’s long-term commitment. We believe we met each of these goals and can support our aggressive technology plan and high expectations through our technology partnership with Jack Henry Banking and the operating infrastructure based on Core Director.”

Core Director is a Windows®-based, client/server system that provides banks ranging from de novo institutions to those with assets exceeding $2 billion with enterprise-wide automation. The system leverages the industry’s most cost-efficient operating platform, can be installed in-house or implemented through Jack Henry Banking’s OutLink Data Centers™, and is fully integrated with more than 50 complementary products and services. Core Director provides intuitive point-and-click operation and customizable functionality, and supports unique user preferences and specific functional requirements with an extremely flexible browser user interface that can be easily customized and continually modified for every system user.

Tony Wormington, president of Jack Henry & Associates, said, “We are excited that CornerStone State Bank has joined the more than 230 banks that have already entrusted their ability to process financial transactions, automate business processes, and manage their mission-critical information to Core Director. We believe our proven ability to provide the integrated business tools that banks need to execute and maximize their business strategies and to capitalize on the dynamic trends shaping customer expectations and the financial services industry will enable us to establish a long and successful technology partnership with this progressive bank.”

In addition to Core Director, CornerStone State Bank will initially implement an array of Jack Henry Banking’s complementary solutions including Core Director® Teller, the InTouch Voice Response® telephone banking solution, NetTeller Online Banking™, NetTeller Cash Management™, the NetTeller Bill Pay™ solution, Electronic Statements—Interactive, components of the modular Synergy™ Enterprise Content Management (ECM) solution, and the 4|sight™ Item Imaging platform.

About CornerStone State Bank

Chartered in 1974, as one office in Le Sueur, Minnesota, now CornerStone State Bank has grown into five communities; Le Sueur, Cloquet, Belle Plaine, Montgomery, and Green Isle, Minnesota. As an independent locally owned bank, all staff at CornerStone State Bank is committed to hometown service and the growth of our customers and communities. Additional information is available at .

About Jack Henry Banking

Jack Henry Banking, a division of Jack Henry & Associates, Inc., is a leading provider of integrated computer systems for banks ranging from de novo to mid-tier institutions. Jack Henry Banking currently serves approximately 1,500 banks as a single source for integrated, enterprise-wide automation and as a single point of contact and support. Additional information is available at .

About Jack Henry & Associates, Inc.

Jack Henry & Associates, Inc. (Nasdaq: JKHY) is a leading provider of computer systems and ATM/debit card/ACH transaction processing services primarily for financial services organizations. Its technology solutions serve more than 9,800 customers nationwide, and are marketed and supported through three primary brands. Jack Henry Banking supports banks ranging from de novo to mid-tier institutions with information processing solutions. Symitar™ is the leading provider of information processing solutions for credit unions of all sizes. ProfitStars® provides highly specialized products and services that enable financial institutions of every asset size and charter, and diverse corporate entities to mitigate and control risks, optimize revenue and growth opportunities, and contain costs. Additional information is available at .

Source: Company press release.

Reblog this post [with Zemanta]

TimesofMoney and IDBI Bank Team for Money Remittance

MUMBAI: TimesofMoney, a leading payment service provider has announced a tie-up with IDBI Bank to launch the bank’s remittance service - ‘India Remit’ for its customers in UK. This association further strengthens the relationship between the two as it marks the second global remittance corridor set up from TimesofMoney after the same was launched for US. The bank will use TimesofMoney’s transaction processing capability to offer end-to-end online money transfer for its NRI customers in UK.

Under this arrangement, ‘India Remit’ will enable IDBI Bank’s customers in UK to directly transfer money online to any IDBI Bank in India. With this alliance IDBI Bank can offer a seamless, secure and quick money transfer service to its customers wherein they can directly transfer money from their bank account to the receivers account in India.

Speaking about this alliance, Mr. Avijit Nanda, President, TimesofMoney said “It is our constant endeavor to offer seamless & secure end-to-end online money transfer solutions to IDBI Bank’s customers. This tie-up strengthens our relationship with the bank as it marks yet another step to extend our convenient & secure money transfer solutions to the bank’s customers in UK & USA”.

Commenting on this alliance, Mr. O.V. Bundellu, Deputy Managing Director IDBI Bank said, “IDBI Bank is keen on providing its esteemed customers state of the art solution for their service needs. The tie-up with TimesofMoney is a significant step in this direction. The service will enable NRIs based in UK & USA to use the IDBI Bank’s network and enjoy benefits of account-to-account transfer to remit money online to beneficiary’s bank account held with any branch of any bank in India. The remittance service is extremely user friendly, and can be effected in fully secured manner from the comforts of home.

About Remit2India:

A burgeoning global expatriate community and the Indian Diaspora of over 20 million can scarcely be ignored. India has been consistently ranked as the World's No. 1 remittance receipt country. Since traditional money transfer methods have been plagued with ills of inordinate delays and exorbitant fees, therein lay a need for a new age channel to overcome these hindrances. This paved the way for the birth of India Money Transfers.
Remit2India, the flagship brand of TimesofMoney, is the global one stop destination for money transfers for NRIs across the world. is the only portal to be adjudged the “World's No. 1 Independent Online Money Transfer Portal for NRIs” by ACNielsen ORG Marg. Remit2India is also the winner of the Savile Row Brand Leadership Award 2007. With presence in over 23 countries and serving lakhs of NRI customers, Remit2India is a noted success in the world of web-based money transfers. It's revolutionary remittance solution for the Indian Diaspora provides for an extensive global coverage, aggregates diverse payments and delivery modes and has the distinction of having the widest delivery network in India.

Has NFC Solved Their Chicken & Egg Problem with SWP?

SWP protocol to boost NFC deployments?

Wednesday, September 16, 2009
from Contactless News

An NXP Semiconductors official believes the single wire protocol specification has solved the chicken and egg problem that has dogged the mobile payments industry. Speaking with ZDNet Asia at the NFC World Asia event in Singapore this week,

Charles Dachs, NXP’s head of product management, noted that lack of standardization has stalled many NFC pilots.

The SWP, first introduced by Gemalto in 2006, has been endorsed by the Global System for Mobile communications Association (GSMA). Dachs said the industry is still at an “early adoption” phase of NFC mobile payments–though consumers can expect “large deployments” in 2011 and 2012.

Read more here[end]

Cyber & Data Risk Insurance Conference Today

Underwriters, lawyers and federal agents are gathering at the Union League today and tomorrow for the third-annual Cyber and Data Risk Insurance Conference.

They're meeting a week after Albert Gonzalez, of Miami, in one of the biggest data-fraud cases to date, pleaded guilty in federal court in Boston to leading a ring that stole 40 million Visa and MasterCard records from TJ Maxx and other U.S. retailers, and moved them to

American Conference Institute’s 3rd National Advanced Forum on Cyber & Data Risk Insurance

Underwriting, Claims and Coverage Strategies for Managing Privacy/Security, Data and Network Risk and Liability

Wednesday, September 16, 2009 to Thursday, September 17, 2009

Union League, Philadelphia, PA, United States

Now in its 3rd highly popular year: Interactive Workshop on Negotiating Cyber Risk Policies and Provisions - September 17, 2009 2:00 p.m. – 5:15 p.m.
Overview - Agenda - Workshops - Who Should Attend - Speakers

Networking, comparing products, assessing risks, business strategies, new laws and new technological pitfalls… It’s all part of American Conference Institute’s unique annual Cyber & Data Risk Insurance Conference — be there!

The cyber risk insurance arena is growing and changing rapidly. A wave of new privacy laws this year is raising the bar for businesses that keep confidential client information. Privacy and security breaches continue to make headlines (think Heartland for example). In fact, in the current economy, serious breaches are increasing in frequency — and in scope, costs and impact for businesses unlucky enough to experience one. Demand for cyber/data risk insurance products is growing rapidly as businesses become more net-savvy and look for ways to cover their risks.

That’s why American Conference Institute developed our successful inaugural Cyber Risk Insurance conference back in September 2007 — and the response in 2008 was even stronger! Thanks to those of you who’ve attended — come back this year for a revised, updated agenda, new additions to the faculty, and terrific discussions generated by all the new developments. If you haven’t come and you are a professional in this industry, don’t miss out — this conference is your best opportunity to get the tools you need to evaluate the competition and accurately assess, price and mitigate risk so you can maximize your profitability while minimizing potential liabilities.

Attend and get critical, valuable information on:

  • How cyber risk pricing and product is changing so you can take advantage of the opportunities that lie ahead

  • Assessing the true costs of a data breach, including business interruption and lost opportunities

  • Limiting liability for 3rd party acts or omissions

  • Identifying, assessing and underwriting risk – while making sure you avoid hidden traps and pitfalls

  • The latest on litigation and regulation so you can respond with new products, claims strategies, and defenses

  • Using information about where claims are arising and how they are being resolved to underwrite and sell the product more effectively

Don’t miss this unique opportunity to network, benchmark your products against the competition, and gain valuable information on potential risks and liabilities so you can shape your coverage to ensure profitability. Be where your peers — and competitors — will be September 16 & 17!

SafetyPay Added to Cardinal Commerce Lineup

Cardinal's eCommerce platform Cardinal Centinel has added another alternative payment service as it has integrated alternative payment system SafetyPay into it's mix.   SafetyPay, allows online banking customers to shop online worldwide and pay directly through their online banking account in their local currency.

Cardinal Centinel is a software authentication platform which allows over 30,000 merchants to use a mixture of alternative payment brands such as Bill Me Later, Ebates, eBillme, eLayaway, Green Dot MoneyPak, Mazooma, MyECheck, NACHA Secure Vault Payments, PayPal, RevolutionCard and Ukash.

Carrefour and MoneyGram Sign Romanian Agreement

MINNEAPOLIS--(PIN Payments News Blog)--MoneyGram International (NYSE: MGI - News), a leading global money transfer provider, announced today that it has signed an agreement with Carrefour, Europe’s largest retailer, to add money transfer service agents and facilities to 22 Carrefour hypermarkets throughout Romania. Carrefour hypermarkets are strategically located in Romania, servicing the largest metropolitan urban areas such as Bucharest, Brasov, Constanta and Cluj, and reaching a population of more than 5 million, in these metropolitan areas alone.

“We are pleased to expand our relationship with Carrefour and establish a key presence in its prominent Romanian hypermarkets,” said John Hempsey, head of MoneyGram International Limited. “Romania continues to be a significant focus in MoneyGram’s global growth strategy. The country is one of MoneyGram’s largest markets in terms of transactions received. More than 2 million Romanians live in Spain, Italy, the United States and the United Kingdom and regularly send money home to their families.”

The agreement provides significant value to Carrefour’s customers in Romania. MoneyGram’s money transfer service supports Carrefour’s one-stop-shop philosophy, allowing customers to send and receive money transfers in convenient, safe and familiar shopping locations.

“Adding MoneyGram’s reliable money-transfer services to our markets in Romania will save our customers time and resources, especially those customers with relatives who are living abroad and sending funds back home,” said Jean Claude Mota, Carrefour director. “In addition to shopping for both department store goods and groceries, customers can now complete international financial transactions, all during one store visit.”

MoneyGram has provided services in Romania for more than 15 years. Agents in Romania include Romanian Commercial Bank, UniCredit Tiriac Bank, OTP Bank, ProCredit Bank, Libra Bank, Alpha Bank, Speed Transfer, Smith&Smith, and Intesa San Paolo Ban. In June, MoneyGram began offering multi-currency payout, providing customers with the option to select payout in euros, local lei or U.S. dollars. The introduction of multi-currency payout in Romania demonstrates MoneyGram’s continued commitment to enhance its product offerings and provide consumers around the globe with a superior value.

About MoneyGram International

MoneyGram International offers more control and more choices for people separated from friends and family by distance or those with limited bank relationships to meet their financial needs. A leading global provider of money transfer services, MoneyGram International helps consumers to safely send money around the world with funds arriving at available agent locations in as little as 10 minutes. Its global network is comprised of 180,000 agent locations in more than 190 countries and territories. MoneyGram’s convenient and reliable network includes retailers, international post offices and financial institutions. To learn more about money transfer at an agent location, please visit

Coinstar Closes Offering of $200 Million Convertible Senior Notes

BELLEVUE, Wash.--(PIN Payments News Blog)--

Coinstar, Inc. (NASDAQ: CSTR) today announced that it has closed its previously announced public offering of
$175 million principal amount of its 4.00% convertible senior notes due in 2014. In connection with the closing,
the underwriters exercised their option to purchase an additional $25 million principal amount of convertible senior
notes to cover over-allotments. Accordingly, the Company issued $200 million aggregate principal amount of
convertible senior notes at closing.

Net proceeds of the convertible senior notes offering will be used to repay the outstanding amounts under the
Company's term loan under its senior secured credit facility and to pay down a portion of the outstanding amounts
under the Company`s $400 million revolving line of credit under its senior secured credit facility. Any remaining
amounts may be used for general corporate purposes.

See Previous Press Releases:

- Coinstar Prices Offering of Convertible Senior Notes
- Coinstar Announces Offering of Convertible Senior Notes
In connection with the offering, Morgan Stanley, BofA Merrill Lynch, Jefferies & Company, Inc., and RBC Capital Markets
Corporation acted as the joint book-running managers.

The convertible senior notes offering was made pursuant to an effective automatic shelf registration statement, including
a prospectus and an applicable prospectus supplement related to the offering, filed by Coinstar with the Securities and
Exchange Commission ("SEC"). You may get these documents for free by visiting EDGAR on the SEC`s website at Copies of the prospectus supplement and accompanying base prospectus may also be obtained by
contacting Morgan Stanley & Co. Incorporated, 180 Varick St, 2nd Floor, New York, NY 10014,
Department, email:, telephone: (866) 718-1649; BofA Merrill Lynch, 4 World Financial
Center, New York, NY 10080, Attn: Prospectus Department; Jefferies & Company, Inc.,520 Madison Avenue, New York, NY
10022, telephone: 1-888-449-2342; or RBC Capital Markets, Three World Financial Center, 200 Vesey Street, 8th Floor,
New York, NY 10281-8098, Attention: Equity Syndicate, telephone: (212) 428-6670.

About Coinstar, Inc.

Coinstar, Inc. (NASDAQ: CSTR) is a leading provider of automated retail solutions offering convenient products and
services that make life easier for consumers and drive incremental traffic and revenue for its retailers. The Company`s
core automated retail businesses are self-service coin counting and self-service DVD rental. Other Coinstar products
and services include e-payment products - such as gift cards, prepaid debit cards and other prepaid products -and
money transfer services. The Company`s products and services can be found at more than 90,000 points of presence
including supermarkets, drug stores, massmerchants, financial institutions, convenience stores, restaurants, and
money transfer agents.

Coinstar, Inc.
Investor Contact:
Rosemary Moothart, 425-943-8140
Director of Investor Relations
Media Contact:
Marci Maule, 425-943-8277
Director of Public Relations

Disqus for ePayment News