Monday, October 5, 2009

Card Not Present Fraud Strong Week



Last week was "Online Banking is Weak Week" and the PIN Payments News Blog enjoyed it's biggest week ever. 



This week is "Card Not Present Fraud is Strong/Week" and I'll start it off with a quick primer on exactly what  Card Not Present Fraud is, why it exists and what can be done to eliminate it. 



First off...Card-Not-Present fraud is responsible for the dramatic rise in card fraud.  Even though CNP transactions constitute less than 10% of all transactions, CNP fraud DOUBLED in 2008 and now is responsible for over 50% of ALL card fraud.  Transactions done via the Web are "typed" into boxes on merchant websites and therefore many report that the "web" is responsible for this tremendous surge.   I say it's not the web, it's the typing.  



Most people believe that despite the great efforts made to stem credit card fraud
the fraudsters will always find a way, with the latest figures showing a relentless increase in the crime – especially over the web.



But I say, there is a solution, but first we must change the way we pay online by morphing a "card not present" environment into a "card present" one.
  Actually it's a combination of two solutions.  1. Don't Type...Swipe and 2. Don't EVER allow unencrypted data to enter the browser space.  Do those two things and voilla!  Problem Solved!  HomeATM has a patented and PCI 2.x certified technology that provides both of those solutions.



Statistics from UK payments organisation APACS show the huge increase in ‘card-not-present’ fraud – use of your card on the internet, phone or mail order. This figure has more than doubled from £150.8m in 2004 to £328.4m in 2008. CNP Fraud represents half the total of card fraud losses of £609.9m in 2008



Today, most CNP fraud takes place on the Internet



In its simplest form Card Not Present (“CNP”) fraud involves the unauthorized use of a stolen credit or debit card number, by "typing"  vs. Swiping the card through a magnetic stripe reader.  By "typing" the Primary Account Number (PAN)  expiration Data and (if required by the merchant) the 3 Digit CVV Code, to purchase product or services...that information is captured by the bad guys instead of by a PCI 2.x certified magnetic stripe reader/PIN Entry Device. 







In most cases, the victims maintain possession of their card and are unaware of the unauthorized activity until notified by a merchant or they review their monthly statements. 



Once a criminal possesses the credit card number and potentially the cardholder name and address they have the necessary information to attempt CNP fraud.  Criminals use a variety of methods to gain access to credit card data,  validate that the cards are active and circulate the cards to perpetrate CNP fraud.





Some of the more common methods are summarized below.



Skimming - Skimming is the theft of credit card information by a dishonest employee of a legitimate merchant, by manually copying down numbers, or using a magnetic stripe reader device. Skimming often takes place in restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view.



Phishing -
Phishing is a criminal activity whereby fraudsters attempt to acquire sensitive information, such as credit card numbers, addresses, social security numbers, drivers’ license numbers, usernames and passwords by appearing as a trustworthy organization in an electronic communication. Phishing is typically carried out by email or instant messaging, and often directs users to provide the sensitive information at a website  monitored by the criminals, although phone contact has been used as well.



Carding -
Carding is a term used by criminals for a process they use to validate stolen credit card numbers. The criminals submit the credit card number and the cardholders’ personal data on a website that has real-time transaction processing. Typically, small monetary purchases are made in order to not attract the attention of a merchant and to preserve the credit limit on the card. Once validated, the card number and related details will be sold to or exchanged with other criminals who will use the information to make larger purchases.  All of those methods work, but pale in comparison to the biggest threat.  Ready for the BIG one....?





Malware A new PandaLabs Report says worldwide computer malware infections grew 15% in ONE MONTH and now stands at 60%. WOW! 



As if that is not bad enough, they report that U.S. computers are infected
with the most dangerous malware strain... Banking Trojans.  Those are the ones that steal online banking credentials...including log-in details, credit and debit card numbers and one-time passwords. 



Until last Thursday, arguments abounded about which online banking Trojan was the most dangerous...was it Clampi, Zeus...or maybe Conficker although everyone is in agreement that all three are present a clear and unprecedented danger.  Then, last Thursday, a new "next generation" malware was discovered.  It's called URLZone and it steals your cash and covers it up by rewriting the bank statements.  Nice eh? 



Fortunately, the engineers at HomeATM saw that the
browser was nothing more than an information highway for the bad guys to..."browse" for financial transactions information and designed a device that keeps that information OFF the browser by encrypting it "inside the box."  (our device allows the user to "swipe" their card, and capture the information stored on the magnetic stripe thus constituting a what Visa and MasterCard define as a "card present" transaction.  By creating a "card present" environment we are eliminating the Card NOT Present environment.)

Today, the bad guys have figured out that malware is the best way to go.   it does all the work for them...silently waiting until a financial institution is visited and capturing...Primary Account Numbers, Expiration Dates, 3 Digit CVV codes, online banking credentials, such as username and passwords...even "one time passwords."

Why are they "browsing" for that information?  Well besides the simple answer...(They Can) it's because once they procure them they make a whole lotta cash. 



How do we stop them?  There's only one way.  Hint: It's not anti-virus programs which are fooled up to 77% of the time).

The obvious way is to transform the Internet from a "card not present" environment into a "card present" one.  By capturing the data on the magnetic stripe or the information located on the integrated chip on a smart card) and instantaneously encrypting it, we can prevent the data from entering the dangerous space known as web browsers. 

If there is no data traveling through the browser, then what good does mining it do?

Take a look at the Malware growth graphic (above left ...click to enlarge)  In 2003, 04, 05 and 06, there was less than 800,000 malware programs.  Now there are over 30,0000.  Again, 60% of all PC's worldwide are infected.  So, there is only one way to beat back the bad guys and that is to morph the net into a card present environment by "swiping vs.  typing."



By capturing and encrypting the Track 1 and Track 2 data, and keeping it it's encrypted form until it reaches it's destination (an HSM) we keep the cardholder data (and banking log-in credentials) safe from the bad guys...










Reblog this post [with Zemanta]

Amazon Announces Amazon Mobile Payments Service

Image representing Amazon EC2 as depicted in C...Image via CrunchBase

Amazon Payments Announces Amazon Mobile Payments Service for Developers and Merchants - Extending the Popular Amazon "1-Click" Check Out Experience to Mobile Devices



New Service Enables Tens of Millions of Amazon.com Customers to Easily Make Mobile Payments Using the Payment and Shipping Information in Their Amazon.com Accounts



SEATTLE--(BUSINESS WIRE)--Oct. 5, 2009-- Amazon Payments LLC, an Amazon.com company (NASDAQ:AMZN), today announced the availability of the Amazon Mobile Payments Service (Amazon MPS), providing developers, merchants and distributors of mobile applications an easy way to process payments from mobile devices and extend Amazon’s 1-Click checkout experience to their customers. Amazon MPS enables tens of millions of Amazon customers to use the existing payment and shipping information in their Amazon.com accounts to make purchases from their mobile devices. To get started using the Amazon Mobile Payments Service, visit http://amazonpayments.com/mps.



“We’re pleased to make it easier for our Amazon Payments developers and merchants to extend mobile payment options and the ease of 1-Click checkout to their customers,” said Howard Gefen, Director of Amazon Mobile Payments. “Amazon customers can now also make purchases on third party sites without needing to set up separate payment accounts—they simply use the payment information in their existing Amazon accounts.”



Amazon Mobile Payments Service provides developers and merchants with a payment option for their customers that is as easy and familiar as the checkout experience on Amazon.com - including the convenience of Amazon’s 1-Click checkout. After signing in from an Amazon MPS enabled device or mobile application, customers are automatically able to make future purchases from their mobile devices using 1-Click functionality. Through a simple set of API’s and an optimized mobile browser experience, developers and merchants can easily extend single or multi-use payment options to their customers. Developers and merchants who already offer Amazon Payments on their website can easily add the new mobile payment option for their customers without any additional backend technology development.



“A seamless purchasing process is one of the most important aspects to a great mobile shopping experience,” said Paul Reddick, CEO of Handmark, a leading creator and distributor of mobile applications and services, and an initial user of the Amazon Mobile Payments Service. “The Amazon Mobile Payments Service delivers a fast, easy and familiar mobile payment option millions of people trust and we are pleased to be one of the first to extend it broadly to our customers and partners.”



Amazon MPS is built on the same flexible, reliable, and secure Amazon Payments infrastructure that many developers and businesses are using today for their PC based checkout experience. The Amazon Mobile Payments Service optimizes the check out experience for mobile devices and provides tens of millions of Amazon.com customers the peace of mind and convenience of shopping on mobile third party sites using information from their Amazon.com account.



About Amazon.com



Amazon.com, Inc. (NASDAQ: AMZN), a Fortune 500 company based in Seattle, opened on the World Wide Web in July 1995 and today offers Earth's Biggest Selection. Amazon.com, Inc. seeks to be Earth's most customer-centric company, where customers can find and discover anything they might want to buy online, and endeavors to offer its customers the lowest possible prices. Amazon.com and other sellers offer millions of unique new, refurbished and used items in categories such as Books; Movies, Music & Games; Digital Downloads; Electronics & Computers; Home & Garden; Toys, Kids & Baby; Grocery; Apparel; Shoes & Jewelry; Health & Beauty; Sports & Outdoors; and Tools, Auto & Industrial.



Amazon and its affiliates operate websites, including www.amazon.com, www.amazon.co.uk, www.amazon.de, www.amazon.co.jp, www.amazon.fr, www.amazon.ca, and www.amazon.cn.



As used herein, “Amazon.com,” “we,” “our” and similar terms include Amazon.com, Inc., and its subsidiaries, unless the context indicates otherwise.



About Amazon Payments



Amazon Payments provides consumers, merchants, and developers the simple and trusted way to pay and get paid online or through a mobile device. Amazon Payments enables consumers to send and receive payments for goods or services by using the payment methods already associated with their Amazon.com accounts. Merchants and developers can also take advantage of a portfolio of payment and checkout solutions, such as Checkout by Amazon, Amazon Simply Pay and Amazon Flexible Payments Services, to enable tens of millions of Amazon customers to complete purchases on their websites and applications. Go to http://www.amazonpayments.com for more details.



Source: Amazon.com, Inc.



Amazon.com, Inc.

Amazon Media Hotline, 206-266-7180
Reblog this post [with Zemanta]






McLean, Va., Oct. 5, 2009 -– Sage North America today announced that its Sage Payment Solutions division has been added to the Preferred Partner Program of NAFCU Services Corporation, a wholly owned subsidiary of the National Association of Federal Credit Unions (NAFCU). Preferred Partners undergo extensive evaluation, and are approved by the NAFCU Services Advisory Committee and Board of Directors, made up of NAFCU member credit union CEOs and senior executives. Sage is recognized by industry analyst firm IDC as the leading provider of financial and ERP software and services for businesses with fewer than 1,000 employees*. The company serves 2.9 million small and mid-sized businesses in North America and 5.8 million worldwide.







“Sage Payment Solutions has developed a reputation for providing an exceptional customer experience,” said Dave Horn, vice president of business development and marketing for Sage Payment Solutions. “Our full-service offering, along with our passionate commitment to the customer, will be a tremendous benefit to credit unions and their small and midsize business customers looking for merchant services.”



Sage Payment Solutions will provide NAFCU members with competitive pricing for its merchant services, as well as a range of offerings to help their small and mid-sized business customers improve efficiency. As a provider of market-leading business software solutions – such as ACT! by Sage, Peachtree by Sage, and Sage MAS 90 ERP – Sage, through Sage Payment Solutions, will offer free incremental marketing opportunities to help credit unions attract and support small and mid-sized business customers.



“Beyond traditional lending activities, offering a range of services is an excellent way for credit unions to build new relationships and deepen existing ones,” said David Frankil, president of NAFCU Services. “Merchant card processing is a great way to reach out to businesses, and that’s why we’re glad to add a global company like Sage Payment Solutions as a NAFCU Services Preferred Partner.”



For more than 20 years, Sage Payment Solutions has been making it easy for businesses to accept electronic payments. Processing services are currently being provided to more than 140,000 businesses, who are delivering improved customer experiences by accepting multiple forms of payment, including credit and debit cards, electronic checks, gift cards, and automatic recurring payments. With Sage Payment Solutions, businesses can also expand the way they accept payments, from card present and mail order/telephone order (MO/TO), to Internet and payments integrated with Sage and other third party software.



Sage Payment Solutions is one of 28 Preferred Partner programs offered by NAFCU Services Corporation to the credit union community. For more information about NAFCU Services Corporation, please visit www.nafcu.org/nafcuservices .



About Sage North America



Sage North America is part of The Sage Group plc, a leading global supplier of business management software and services. Sage North America employs more than 4,100 people and supports nearly 2.9 million small and medium-size business customers. The Sage Group plc, formed in 1981, was floated on the London Stock Exchange in 1989 and now employs 14,500 people and supports 5.8 million customers worldwide. For more information, please visit the Web site at www.sagenorthamerica.com .



Source: Company press release.

Zain Offers Relief, Free Money Transfer to Philippines

logo_zain_mobile





Zain’s money transfer service between Bahrain and the Philippines has launched free money transfers between the countries in order to provide relief to victims of the recent typhoons. The service will be free until October 11, allowing families in Bahrain to transfer money back home to the Philippines free of charge.



They’ve also launched a partnership with the Philippine Embassy in Bahrain where customers can donate to a general fund via SMS. Zain has promised to match private donations.



Bashar al Alami, a manager at Zain says,



“For the Philippines specifically, customers can transfer money directly to Global – Gcash. GCash is well known in the Philippines for establishing a wide network for mobile banking,” he added."



Continue Reading

Mercator Advisory Group Press Release





Boston, Oct. 5, 2009 -- Bob Landry has joined Mercator Advisory Group to expand the company's payments industry research services into retail banking. Landry brings more than 30 years experience in the financial services industry including an eleven year tenure with TowerGroup where Landry held a variety of positions including chief research officer.



"Bob has a rare understanding of both the business drivers and technology in the banking industry," said Robert Misasi, president of Mercator Advisory Group. "That knowledge base coupled with his proven expertise in founding and successfully growing practices in advisory organizations make him the ideal candidate to drive our banking expansion."



Landry joined Mercator from CGI, a global diversified supplier of end to end IT and business process services with over $4 billion in annual revenues where he served as partner, director of banking and financial markets strategy. While at CGI, Landry lead CGI's US based banking and investment strategy group and served as a senior executive consultant.



Before CGI, Landry worked for the TowerGroup from 1995 until 2006 where he was charged with building several research practices covering core systems, customer strategies, delivery channels, consumer lending, retail payments, emerging technologies, financial services strategies and IT spending. Landry has held positions at Software Services of America, Henco Software, Honeywell Information Systems and RCA Computer Systems.



Landry, vice president, Banking Group Services, said, "It's a rare opportunity to join a research organization of this caliber and be tasked with expanding its core competencies into new areas. I've spent over 30 years understanding and analyzing how technology is used in retail banking. I'm looking forward to applying that knowledge at Mercator."



Landry has spoken frequently at events held by major industry associations, including Bank Administration Institute, American Bankers Association, and European Financial Management and Marketing Association.



About Mercator Advisory Group



Mercator Advisory Group is the leading independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors.



Please visit us online at http://www.mercatoradvisorygroup.com .



Source: Company press release.

American Express Announces Management Shuffle

American Express CompanyImage via Wikipedia

New York, Oct. 5, 2009 -- American Express Company (NYSE: AXP) today announced several senior leadership and organizational changes to position the company for growth during a time of change in the payments industry and take advantage of opportunities as the world economy comes out of the recession.



Effective immediately:

  • The company’s global consumer, small business and network businesses will report to Edward P. Gilligan, vice chairman. Mr. Gilligan had previously led the global Business to Business Group.


  • A new Global Services organization that includes company-wide customer service, technologies, operations, business processing and information management will report to Stephen J. Squeri, who has been promoted to group president. Mr. Squeri has been in charge of Technologies and Corporate Development.


  • A new Enterprise Growth organization is being created to leverage existing assets, generate incremental fee revenue and drive the company’s entry into new payment areas and related businesses. A senior level executive from outside American Express is being recruited to head this organization.Each of these executives will report to Kenneth I. Chenault, chairman and chief executive.


  • With Mr. Gilligan taking on additional responsibilities, Anré Williams, president, Global Commercial Card, and Charles Petruccelli, president, Global Business Travel will also report to Mr. Chenault.


Judson C. Linville continues as president and CEO, U.S. Consumer Services, reporting to Mr. Gilligan. He is responsible for the consumer card, Membership Rewards and consumer travel businesses in the company’s largest market and for the prepaid card and travelers cheque businesses globally.



In addition, American Express announced that president Alfred F. Kelly Jr. has decided to leave the company early next year.



“In the context of discussions we have had about longer term plans for the organization, Al made clear to me that he wanted the opportunity to run a company as chief executive,” said Mr. Chenault. “Given my own plans for the coming years, we both agreed that was not likely to happen at American Express in the short term. Al concluded it did not make sense for him to be part of the new organizational structure, and that it was an appropriate time to look at opportunities outside of American Express. Until he leaves next year, Al will continue to lead our transition to a bank holding company.”



Mr. Chenault said: “American Express has a strong, experienced management team and a unique collection of assets. We have the right products for a new economy, a diverse set of payments businesses, an enviable customer base, a powerful global brand and an extraordinary team of employees dedicated to providing exceptional customer service. Furthermore, we have a number of terrific opportunities for growth and a set of winning strategies to help us capitalize on them. The new organizational structure I am announcing today will help us realize the full potential of these assets and ensure that American Express continues to be a leader in global payments.”



Additional details on the organizational changes as well as the company’s business strategies and priorities are outlined in a memo to employees that is available on the company’s website at www.americanexpress.com/aboutus



American Express is a leading global payments and travel company founded in 1850. For more information, visit www.americanexpress.com .


Source: Company press release.
Reblog this post [with Zemanta]

Visa Releases Global Data Encryption Best Practices







SAN FRANCISCO, Oct. 5 / Visa Inc. (NYSE: V) today announced global industry best practices for data field encryption, also known as end-to-end encryption. The best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the "clear."



"While no single technology will completely solve for fraud, data field encryption can be an effective security layer to render cardholder data useless to criminals in the event of a merchant data breach," said Eduardo Perez, global head of data security, Visa Inc. "Using encryption as one component of a comprehensive data security program can enhance a merchant's security by eliminating any clear text data either in storage or in flight," he added.



In addition to issuing encryption best practices, Visa has led efforts to develop a much needed industry data field encryption standard as chair of the ANSI X9F6 standards working group. Establishing industry wide standards are essential for ensuring that emerging encryption solutions are open, consistent and enable merchant choice. X9 is the ANSI accredited committee for financial services that is focused on "standardization for facilitating banking operations." Membership includes financial institutions, vendors, insurance companies, associations, retailers and regulators.



"Given the interest expressed by merchants and processors, guidance from the card brands is a critical determinant in figuring out how to move ahead with encrypting data in transit, especially absent a global standard," said Avivah Litan, Vice President and Distinguished Analyst, Gartner Inc. "Companies should also be aware that if data is decrypted anywhere in their system, they are still at risk for a data breach."



Visa's best practices are designed to help organizations:

  • Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption.

  • Use robust key management solutions consistent with international and/or regional standards.

  • Use key-lengths and cryptographic algorithms consistent with international and/or regional standards.

  • Protect devices used to perform cryptographic operations against physical/logical compromises.

  • Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs or fraud management.

It's important to note that sensitive authentication data such as full contents of the magnetic strip, CVV2, PIN/PIN block should not be used for any purpose other than payment authorization and may not be stored after authorization, even if encrypted.



While data field encryption applies after the card is swiped and throughout the merchant's environment, encryption solutions between acquirer processors and Visa would further reduce the value of card data to criminals. Visa accepts encrypted transaction data from acquirers, third-party processors and merchants directly connected to VisaNet. Visa has offered an authorization and settlement encryption solution since early 2008, and the service is available to direct connect clients.



"Investing in data field encryption is valuable, but should be understood as a complement rather than a replacement for PCI DSS compliance, which remains the best protection against a data compromise," Perez concluded.



About Visa Inc.: Visa Inc. operates the world's largest retail electronic payments network providing processing services and payment product platforms. This includes consumer credit, debit, prepaid and commercial payments, which are offered under the Visa, Visa Electron, Interlink and PLUS brands. Visa enjoys unsurpassed acceptance around the world, and Visa/PLUS is one of the world's largest global ATM networks, offering cash access in local currency in more than 200 countries and territories. For more information, visit www.corporate.visa.com.

Link to Visa Best Practices, Data Field Encryption Version 1.0: http://corporate.visa.com/_media/best-practices.pdf





SOURCE Visa Inc.


Bangladesh Bank Announces Mobile Money Transfer Inititative

Money transfer by mobile

The electronic transaction project will take off in six months

Md Hasan



Money transfer is about to go digital in six months, as Bangladesh Bank has approved the launch of an electronic prepaid card system that will have a mobile payment option.



The central bank permitted Trust Bank Ltd to act as a settlement bank for digital money transfer.



"The Electronic Prepaid Card System will be a multiple bank, multiple channel platform, where Trust Bank will act as the settlement bank," BB said in a recent notice.



With the card, a customer will be able to deposit and withdraw cash directly from ATMs and all other channels. A card will have a secret PIN to access the service. Also, the system allows an authorised user to transact by mobile.



In case of foreign remittance, any amount could be withdrawn by prepaid card, but the amount is limited to a maximum of Tk 10,000 for now, Bangladesh Bank officials said.



In line with the central bank directive, any bank having Q-cash or a similar platform can issue prepaid cards for customers to transact money. Presently, 23 banks are linked with the Q-cash network.





Continue Reading

Building on Experience, Fiserv Sharpens Focus on Online Business Banking



Brookfield, Wis., October 5, 2009 -PIN Payments News Blog- Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced an integrated strategy for online business banking services. The new strategy will focus on the digital transformation and delivery of compelling solutions that financial institutions can offer to better serve the growing business banking market. This Fiserv strategy was developed by a cross-functional team drawing on deep experience in retail and small business online banking and corporate cash management. Fiserv has offered business banking solutions for more than 20 years, and today more than 1.3 million business customers use its services.



As part of the new approach, all of the company's products designed for the online business banking user will be managed under a single umbrella, ensuring the delivery of innovative and market-focused online services to banks and credit unions. The industry-standard user experience for which Fiserv online banking products are known will be combined with functionalities tailored to meet the needs of any organization - from small or home-based businesses, through mid-market, to large corporate and money-center institutions.



"Business customers each have a unique set of needs, often influenced by their size and the complexity of their financial reporting requirements, yet all businesses can benefit from online financial management tools and services that are intuitive and well-designed," said Todd Lesher, division president, Electronic Banking Services, Fiserv. "Fiserv has studied the needs of the business user to ensure that our online banking products enable our bank and credit union clients to deliver the most desired functionalities and a superior user experience."



A focus on improving the user experience is consistent with the direction that financial industry analysts recommend for online business banking, as it can result in an increased and deeper use of services by business owners and their employees, regardless of their Internet tenure, and growth in more efficient electronic transactions over time.



"The impact to the bottom line may be difficult to measure, but banks can improve customer retention, stickiness and relationships by focusing on the user experience," said Jacob Jegher, a senior analyst at Celent. "The ultimate goal of the bank should be to have satisfied users that can easily navigate within the system. The user should enjoy the online experience and be able to perform his or her job without getting frustrated. A positive experience can encourage users to try new features and will in turn, over time, increase revenues for the bank."



In addition to usability, Fiserv is focused on flexible delivery methods and depth of functionality within online business banking services. This combination enables increased interactions and profitability for an organization. Multiple delivery methods, including ASP and licensed options, allow financial institutions to deploy the latest digital technology to their clients as services continue to be enhanced.



To execute the new strategy, a dedicated team of associates has been created at Fiserv. The team is led by Dan Nagy, senior vice president and general manager, Business Services, who joined Fiserv in March from J.P. Morgan, where he was a managing director of treasury services, global clearing, FX, account and information services.



"Fiserv has consistently demonstrated an ability to drive customer loyalty and profitability for financial institutions via the online banking channel," Lesher said. "Dan and his team bring significant experience in online business banking and cash management, and we are investing in ongoing research to understand the needs of business users. Fiserv has all of the pieces in place to help our clients capitalize on another growth opportunity."



"Fiserv aims to drive continued adoption and increased usage of business banking tools by leveraging our expertise in user-focused online product design, and we will continue to partner with financial institutions to help them navigate the often complex delivery of business banking services," Nagy said.



About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.





#   #   #

Western Union Announces Mobile Remittance for Malaysia





Western Union to launch mobile remittance service in Malaysia



Western Union is partnering with Malaysian telco Maxis to launch a cross-border mobile money transfer service targetting the country's large migrant workers community.



With the launch of the service in early 2010, more than 11 million Maxis subscribers in Malaysia will be able to send funds from their mobile phones. The recipient will be able to pick up the funds in cash at more than 345,000 Western Union Agent locations in 200 countries.





Continue Reading at Finextra

Why is My Online Banking So Lame?

I saw a funny article in "The Norman Transcript" on the subject of online banking and as last week was " Online Banking is Weak Week" on the PIN Payments News Blog, I felt compelled to share some excerpts:



Excerpts from The Norman Transcript

by Dave Moore





If my bank did a better job of protecting its customers who choose to do online banking over the Internet, I might tell you who they are. However, since they have recently decided to implement weaker online protections than they previously had in place, I will from now on refer to them as My Bozo Bank (MBB). (The name has been changed to protect the guilty).



I was already in a funky mood when I received an e-mail from MBB that read as follows: "Dear Mr. Moore; Your online banking account and free bill pay service have not been accessed since 9/18/2008. It is our goal to provide you with the most convenient financial services available. For security reasons, please contact Customer Service within the next 30 days to reactivate your online banking account and bill pay service. If we do not hear from you, your account will be deleted."



"Isn't that just swell?" I thought. True enough, I rarely do online banking; I just don't have much use for it. Even so, I hadn't really planned on spending the morning trying to talk my bank into not cancelling my online account. At least they didn't put links in the e-mail for me to click on; instead, phone numbers for customer service were provided. After checking to make sure that the phone numbers were legitimate, I called MBB and was connected to a cheerful customer service representative.



I should have been tipped off from the get-go when I saw how easy it was to access and change my account information. In order to confirm that I was who I said I was, all Miss Cheerful asked me for was my account number and the amount of my last deposit. Suddenly, I was no longer a stranger, but a valued customer with all of the rights and privileges of a king. The moral of this part of the story: don't lose your checkbook or throw away un-shredded deposit slips.



The worse was yet to come, though. I was informed that I was going to be issued a new, temporary online banking password, and that I should login to my account and change it to something more secure. My new temporary password was the last four digits of my "Social." Ugh; that would never do.



I also was disturbed that My Bozo Bank has not implemented any of the security measures known as "two-factor authentication" that are now recommended by the Federal Deposit Insurance Corporation (FDIC) and the Federal Financial Institutions Examination Council (FFIEC). I wrote about two-factor authentication almost three years ago in an article titled, "Two-factor authentication flawed, but a good move." As of today, all it takes to access a bank account at Last-Place is a username and password. This, too, is totally unacceptable.

My Bozo Bank ended its e-mail with the following: "We apologize for any inconvenience this may cause you. We simply want to ensure the safety and security of your financial information. If there is anything we can do to assist you, please don't hesitate to call."



Well, I'm calling. A copy of this article will be forwarded to the president of my bank. I'll give them a week or so to get their security up to snuff. Failing that, I will move my account to a bank that understands online banking security. I hear that Bank of America now offers two-factor authentication; maybe I'll check them out. I recommend that you, too, scrutinize your bank's online security policies and, if found lax, fire your bank. There's just too much at stake.





Dave Moore has been repairing computers in Norman since 1984, when he borrowed $1,200 to buy a Commodore 64 system. He can be reached at 919-9901 or www.davemoorecomputers.com.







Reblog this post [with Zemanta]

Bank in Wyoming Gmails 1300 Account Details to Wrong Address

Image representing Google as depicted in Crunc...Image via CrunchBase

CNet News reports that Google has recently been ordered to deactivate a Gmail account that has received a misdirected email with sensitive information from a bank in Wyoming.



The email in question contained names, addresses, SS numbers and loan information on 1,300 customers, and was followed by another email from the same bank asking the account owner to disregard and delete the previous message and contact the bank to confirm he did it. Since it hasn't been done, the bank has contacted Google and asked them to deactivate the account.



Editor's Note: Scary



Continue Reading



Reblog this post [with Zemanta]

Bank of America Merrill Lynch Launches CashPro(R) Online

Photo of Bank of America ATM Machine by Brian ...Image via Wikipedia

Next-Generation Banking Channel Will Provide Businesses with Faster, Easier Online Management, Robust Security Features and Single Point of Access to a Wide Range of Financial Services and Products

SAN FRANCISCO, Oct. 5 /PRNewswire/ -PIN Payments News Blog- Bank of America Merrill Lynch today announced the launch of its new CashPro® Online banking channel, which features intuitive technology that allows commercial and corporate clients to move beyond transactions to focus on their core businesses.



The result of a multi-million dollar investment that addresses the needs and preferences of clients, CashPro Online is expected to be available starting in November and will provide a single point of access to global treasury, debt, cash management, investments, trade finance, foreign exchange services and other financial capabilities.



Other planned benefits include a new payments hub that will allow Bank of America Merrill Lynch to integrate common payments processes, react more swiftly to evolving standards and regulatory changes, and leverage payments capabilities to increase efficiency, said Cindy Murray, Global Corporate Banking eCommerce executive at Bank of America Merrill Lynch.



"This is the next generation of online banking for commercial and corporate clients," Murray said. "With its intuitive design and focus on integrating financial information to improve work flow, CashPro Online can empower our clients beyond transactions, helping them increase productivity and profitability."



CashPro Online is designed to give businesses access to their financial products anytime and from anywhere. It also has features providing for real-time feedback and instant client support through e-mail, chat, and mobile alerts, and its use can be tailored to specific company sizes and industries.



"This technology will allow us to provide targeted solutions for individual business segments," Murray said, adding that clients will be able to personalize their preferences using CashPro Online's dashboard.



CashPro Online was developed with input from an advisory council of 19 clients. It is expected to be available beginning in November for new clients and existing clients who used a previous version of CashPro. Remaining clients will move to the new channel in 2010.

Bank of America


Bank of America is one of the world's largest financial institutions, serving individual consumers, small- and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company's corporate and investment banking, and sales and trading businesses operate under the Bank of America Merrill Lynch brand. Bank of America Merrill Lynch focuses on middle-market and large corporations, institutional investors, financial institutions and government entities. It provides innovative services in M&A, equity and debt capital raising, lending, trading, risk management, research, and liquidity and payments management. Bank of America Merrill Lynch serves clients in more than 150 countries and has relationships with 99 percent of the U.S. Fortune 500 companies and nearly 96 percent of the Fortune Global 500.



Bank of America Merrill Lynch is the marketing name for the global banking and global markets businesses of Bank of America Corporation. Lending, derivatives, and other commercial banking activities are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., member FDIC. Securities, strategic advisory, and other investment banking activities are performed globally by investment banking affiliates of Bank of America Corporation ("Investment Banking Affiliates"), including, in the United States, Banc of America Securities LLC and Merrill Lynch, Pierce, Fenner & Smith Incorporated, which are both registered broker-dealers and members of FINRA and SIPC, and, in other jurisdictions, locally registered entities. Investment products offered by Investment Banking Affiliates: Are Not FDIC Insured * May Lose Value * Are Not Bank Guaranteed



www.bankofamerica.com



CashPro® is a registered trademark of Bank of America Corporation.



SOURCE Bank of America Merrill Lynch
Reblog this post [with Zemanta]

Combining Debit and Online Banking Programs as Revenue/Loyalty Generators



Bank Systems & Technology: The Blog: Using Debit and Online Banking Programs as Revenue/Loyalty Generators

Using Debit and Online Banking Programs as Revenue/Loyalty Generators By Contributor Oct 4, 200908:52 PM ET



By Lynne Laube, Cardlytics



Research shows that more than half of consumers view debit and online banking programs as the most important products and services their bank offers. However, most banks do not invest in them. This can be attributed to the fact that debit cards have thin margins primarily based on interchange, and bill pay and online banking are typically managed as cost centers, generating no profit at all.



However, by leveraging transaction data, banks can turn these products and services into centers that generate profit and increase customer loyalty. This information can be securely utilized in ways that bring meaningful profits and loyalty to institutions’ online servicing and debit programs by enabling merchants to effectively target customers and drive revenue-generating account activity with rich reward offerings.



The rise of debit and the growth of online banking have created new opportunities for the banking industry. Banks can now bring two assets to the retail community. First, retailers can reach banking customers through the bank’s trusted online channel. Second, banks can leverage their unique view into how customers shop to ensure that the right offers from retailers reach the right customers. However, this requires careful strategies specifically targeting at banking.  (Editor's Note:  HomeATM's SLIM would provide the bank with the necessary analytics to create offers that are relevant.  In addition, programs such as Hawkins Strategic Innovative "personalized marketing" platforms can coexist to cross-analyze and create not only relevant offers, but pertinent ones)



A bank is the custodian of its customers’ transactions and has a unique online relationship with its customers. While these are very valuable assets, they also come with equally important obligations for a bank. As banks consider strategies for unlocking the value of their transaction data, they should consider the following:



Own the relationship. Pursue solutions that make your customers understand that you are using your privileged relationship to bring your customers value – not a third party. Customers appreciate that banks know a great deal about them and expect banks to leverage this knowledge.



Keep transaction data in the vault. Solutions that rely on transaction data leaving the bank are fraught with risk. Even if legal, the risk of a security or privacy breach over time is high. Customers expect banks to protect this data and they should.



Use a solution exclusively crafted for banking. (such as replicating the way consumers access cash at an ATM)



Banking plays a unique and special role in the U.S. economy. Be wary of solution providers outside of the banking industry trying to tap into banking’s most valuable assets. If it works for airlines, it probably doesn’t work for banking.



The rise of debit and the growth of online banking have created new assets for banks to tap into during this period of unprecedented industry turmoil. Customers receive great value, and retailers cost effectively reach prospective and current customers. And, banks monetize the value of their transacting consumer relationships, increasing profits and building customer loyalty.



Lynne Laube is president and co-founder of Atlanta-based Cardlytics.

















The Best Way to Swipe Online Banking Credentials

From Lita Epstein at Daily Finance:

"Based on a survey by the American Bankers Association,  25 percent of the population prefers to do its banking online and that number is growing. In fact, the survey found that the Internet is the preferred banking mode for all customers under the age of 55 and the popularity of ATMs has fallen in all age groups.

Through 2012, the number of online banking users is projected to grow at a compound annual rate of 20 percent, according to a report from the Tower Group. The Tower Group defines online banking as anything done once a person logs onto a bank's website.


All brick and mortar banks are experiencing growth in their online services.




  • Bank of America has 30 million online banking customers.

  • Chase has 13.9 million online bank customers.

Clearly, the trend is toward online banking.





Editor's Note:  Unfortunately, there is another trend.  This trend is called hackers and newly introduced online banking trojans.  Online Banking Trojans (OBT's) are created and designed to steal online banking credentials. 



Clampi, Zeus, and newly discovered (10/01) URLZone are designed to go undetected by anti-virus programs and wait for the user to reach a financial services site, 4500 of which are recognized by these malware programs. 



Upon reaching the site, the malware steals the user's online banking log-in details, including one-time passwords.  (OTP's) in real-time.  URLZone even rewrites the online bank statements to show that the money is still there.  See more about URL Zone in the "related articles section below)



 Prominently featured during last week's, "Online Banking is Weak Week," is talked about OBT's and stated that: "in order to remove the online banking consumer from the scope of such threats, the log-in procedure must be done outside the browser space."  



The best way to remove the online banking customer from the scope of these threats is to arm them them with weapons of Hack destruction, i.e.  the HomeATM SLIM.   (also eliminates the threats posed by Phishing, Pharming, DNS Hijacking, Cloned Bank Websites, Keyloggers and Malware...)





Simply put, HomeATM's SLIM "enables online banking customers to authenticate themselves in the exact same manner trusted by both banks and consumers to dispense cash in real time at an ATM."  









By mandating that online banking customers swipe their existing bank issued card and entering their existing bank issued PIN, the bank enjoy the security benefits of "True" Two-Factor Authentication as both the card information and the PIN would be instantaneously encrypted inside the SLIM and therefore the log-in credentials would NEVER enter or travel through browser space unencrypted.  (Think INSIDE the Box) 



But the HomeATM Slim is not done yet.  It's only beginning.



Not only does it instantaneously 3DES DUKPT E2E Encrypt the data (including the Track 2 data) to create an impenetrable online banking solution, it allows consumers to conduct bank-card to bank-card money transfers in "real-time"  (P2P, A2A, P2B and B2B) using ANY bankcard.  (Citi to Wells, BofA to Chase,  etc.)



Still not done:  HomeATM's SLIM "also" enables a "secure" conduit with which to conduct eCommerce credit, debit and PIN Debit transactions in a "card present" environment.  Both Visa and MasterCard define "card present" as any transaction which "captures the data on the magnetic stripe" (swiping vs. typing)



Simply Put: Although "card not present" transactions probably constitute less than 10% of all transactions, they definitely are responsible for over 50% of all card fraud...and growing.  Therefore, the Card Not Present environment is responsible for the MAJORITY of card fraud.  By creating an environment whereby customers could "Swipe" vs. "Type" we eliminate the "card NOT present" environment...thus eliminating CNP fraud. 

Maybe we should rename the "SLIM" the "Eliminator!"  Nah, as there are only "two" chances to secure our card holder data when it comes to online financial transactions: SLIM and None!  I do have a pet name for SLIM though...I call it "The Inevitable!"









From SC Magazine:  E-Commerce Security





Opinion: Take no chances with card security









Oct 2, 2009 4:14 PM



Time has run out for businesses that handle credit card information.



"Card companies should be re-investigating secure alternatives, such as PC-based (chip and) PIN terminals...












Reblog this post [with Zemanta]

Fiserv Launches New ACH Onboarding Solution



- Commercial OnBoarding ACH from Fiserv provides automated corporate customer set-up to save time, money and manpower while improving customer experience and reducing customer attrition rates -





Brookfield, Wis., October 5, 2009 -PIN Payments News Blog- Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced its new Commercial OnBoarding ACH solution to simplify the new corporate customer set-up process within a financial institution's payment processing systems and make it more efficient, cost-effective and reliable.



Designed with Web 2.0 technology, Commercial OnBoarding ACH from Fiserv provides seamless integration with external systems to receive and feed customer data files to internal Automated Clearing House (ACH) systems. In addition, the solution provides management control over all data input with dual approval over operator-entered data. An example of the Fiserv core competency in payments and market leadership in ACH software and services, the Commercial OnBoarding ACH solution controls workflow sequence to ensure that all processes related to initial customer set-up through testing are handled accurately and trouble-free the first time, every time, resulting in a better customer experience and therefore less attrition. By implementing a faster and more complete onboarding system, financial institutions can improve satisfaction among commercial banking relationships and recognize profitability sooner through enhanced operational efficiency.



"The new Commercial OnBoarding ACH solution from Fiserv leverages our Convergent Payments Optimization approach to multi-channel payments management and supports a single workflow and workforce objective using SOA technology," said Sam Robb, vice president of Global Payment Solutions, Fiserv. "This approach is designed to protect and improve upon the investments our customers have made in their current payment systems as we deliver the next generation of payment processing capabilities."



Since corporate customer onboarding usually involves numerous resources to enter customer data such as company name, address and contact information into multiple systems, it can be a very time-consuming, inefficient and error-prone process. Entering customer information manually in several disparate systems often presents ongoing data maintenance challenges as well. Having an automated, single point-of-entry using Commercial OnBoarding ACH from Fiserv simplifies and streamlines this inefficient, manual process. 



"One of the biggest drivers for banks wanting to improve their onboarding process is to proactively address customer attrition," said Dave Robertson, Partner, Treasury Strategies, an independent consulting firm. "In the first 12 to 18 months, banks can suffer up to 30 percent deposit attrition for new customers. But with successful onboarding, that rate can be cut in half."



About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.





###



Firserv also announced that Pete Kight, Vice Chairman of Fiserv and founder of CheckFree Corporation, will speak at the Tiburon CEO Summit on October 7 in San Francisco, Calif.



Brookfield, Wis., October 5, 2009 - Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today announced that Pete Kight, Vice Chairman of Fiserv and founder of CheckFree Corporation, will speak at the Tiburon CEO Summit on October 7 in San Francisco, Calif. Kight, a pioneer in the financial services technology industry, is recognized for his success in bringing to market innovations that have led the digital transformation of financial services, such as electronic billing and payment. At the Tiburon CEO Summit, Kight will share the Fiserv vision for the digital consumer and investor, the impact their expectations will have on investment services providers, and the value of leveraging technology to better serve the household's long term goals.



Kight is recognized as one of the 10 unsung financial heroes by Money magazine and was featured in FORTUNE magazine where CheckFree's e-payments functionality was named one of the "Seven Silver Bullet Technologies". In 2007, Kight received the Ellis Island Medal of Honor and was the first recipient of the Peter J. Kight Lifetime Achievement Award from Bank Technology News, a SourceMedia publication.



The Tiburon CEO Summit is hosted by Tiburon Strategic Advisors, a market research and strategy consulting firm. For more information about the Tiburon CEO Summit, visit http://www.tiburonadvisors.com/



About Fiserv

Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.



Reblog this post [with Zemanta]

Disqus for ePayment News