Tuesday, November 24, 2009

Online Banking Doomed Unless We Start Swiping vs. Typing!

PC World has an excellent article regarding Online Banking Trojans which are becoming increasingly more sophisticated.  As regular followers of this blog are well aware, I've long proclaimed that HomeATM can virtually "ELIMINATE" the threats posed by phishing.  When it comes to online banking trojans, they are simply data mining programs.  

What data would there be to mine if online banking customers were empowered with the same technology used to access cash at an ATM...i.e. Swipe their bank issued card and enter their bank issued PIN with a PCI 2.x certified PIN Pad?  The short answer is that we instantaneously encrypt the log-in session using 3DES/DUKPT encryption.  As the data NEVER enters the browser, there's nothing to "browse."  Encrypted data is useless.  The only problems ATM users experience are related to skimming devices and hidden cameras, neither of which is a threat to a HomeATM user who logs on to their online banking session in the safety and privacy of their own home. 

What they "don't" talk about is that online banking community uses SSL to secure the session and there are flaws in SSL which have the industry scrambling to put a band-aid on.  Later with the band-aids.  It's time to revamp the whole system.  In Europe, they are increasingly using hardware devices to authenticate the online banking session.  (see related article below
, Todos delivers 20 Millionth eBanking Security Product)

Oh...and don't forget what the Editor in Chief of Bank Technology News recently proclaimed: 
Online Banking is Dead - Bank Technology News Editor-In-Chief

Here's the article from PC World: 

Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded.

Traditionally, such malware stole usernames and passwords for specific banks; but the criminal had to access the compromised account manually to withdraw funds. To stop those attacks, financial services developed authentication methods such as device ID, geolocation, and challenging questions. Unfortunately, criminals facing those obstacles have gotten smarter, too. One Trojan horse, URLzone, is so advanced that security vendor Finjan sees it as a next-generation program.

Greater Sophistication

Banking attacks today are much stealthier and occur in real time. (Translation: One-Time Passwords are at risk) Unlike keyloggers, which merely re­­cord your keystrokes, URLzone lets crooks log in, supply the required authentication, and hijack the session by spoofing the bank pages. The assaults are known as man-in-the-middle attacks because the victim and the attacker access the account at the same time, and a victim may not even notice anything out of the ordinary with their account.

According to Finjan, a so­­phisticated URLzone process lets criminals preset the percentage to take from a victim's bank account; that way, the ac­­tivity won't trip a financial institution's built-in fraud alerts. Last August, Finjan documented a URLzone-based theft of $17,500 per day over 22 days from several German bank ac­­count holders, many of whom had no idea it was happening.

But URLzone goes a step further than most bank botnets or Trojan horses, the RSA antifraud team says. Criminals using bank Trojan horses typically grab the money and transfer it from a victim's account to various "mules"--people who take a cut for themselves and transfer the rest of the money overseas, often in the form of goods shipped to foreign addresses.

URLzone also seems to detect when it is being watched: When the researchers at RSA tried to document how URLzone works, the malware transferred money to fake mules (often legitimate parties), thus thwarting the investigation.

Silentbanker and Zeus

Silentbanker, which appeared three years ago, was one of the first malware programs to em­­ploy a phishing site. When victims visited the crooks' fake banking site, Silentbanker in­­stalled malware on their PCs without triggering any alarm. Silentbanker also took screenshots of bank accounts, redirected users from legitimate sites, and altered HTML pages.

Zeus (also known as Prg Banking Trojan and Zbot) is a banking botnet that targets commercial banking accounts. According to security vendor SecureWorks, Zeus often focuses on a specific bank. It was one of the first banking Trojan horses to defeat authentication processes by waiting until after a victim had logged in to an account successfully. It then impersonates the bank and unobtrusively injects a request for a Social Security number or other personal information.

Zeus uses traditional e-mail phishing methods to infect PCs whether or not the person enters banking credentials. One recent Zeus-related attack posed as e-mail from the IRS. Unlike previous banking Trojan horses, however, the Zeus infection is very hard to detect because each victim receives a slightly different version of it.


Clampi, a bank botnet similar to Zeus, lay dormant for years but recently became quite active. According to Joe Stewart, director of malware research for SecureWorks, Clampi captures username and password information for about 4500 financial sites. It relays this information to its command and control servers; criminals can use the data immediately to steal funds or purchase goods, or save it for later use. The Washington Post has collected stories from several victims of the Clampi botnet.

Clampi defeats user authentication by waiting for the victim to log in to a bank account. It then displays a screen stating that the bank server is temporarily down for maintenance. When the victim moves on, the crooks surreptitiously hijack the still-active bank session and transfer money out of the account.  Editor's Note:  If people would STOP TYPING their username and passwords to log-in and replaced the authentication with a Card Swipe and PIN Entry (which ensures you are on the genuine online banking website) then this threat would be eliminated as well. 

Defending Your Data

Since most of these malware infections occur when victims respond to a phishing e-mail (which we eliminate) or surf to a compromised site, SecureWorks' Stewart recommends confining your banking activities to one dedicated machine that you use only to check your balances or pay bills.

Good News People!  The HomeATM PCI 2.x Certified PIN Entry Device IS A SEPARATE AND DEDICATED MACHINE which online banking customers can use to:

1. Log In (Genuine Two Factor Authentication)

2. Check Balances

3. Pay Bills

4. Conduct Real-Time Money Transfers

5. Conduct Secure Online Transactions with Credit and Debit Cards.

Alternatively, you can use a free OS, such as Ubuntu Linux, that boots from a CD or a thumbdrive. Before doing any online banking, boot Ubuntu and use the included Firefox browser to ac­­cess your bank site.

Editor's Note:  That seems like a tremendously huge pain in the ass.  I thought the financial industry was focusing on "convenience."  Besides...as reported last week on this blog... 50% of American's don't even know what phishing is, so what percentage are going to know how to use or boot up with a Ubuntu thumbdrive?   I would venture a guess that close to 100% of Americans know how to swipe their card and enter their PIN.

Most banking Trojan horses run on Windows, so temporarily using a non-Windows OS defeats them, as does (TEMPORARILY) banking via mobile phone.  (I say temporarily, because when hackers set their sights on mobile banking, smart phones use browsers, which is the root of the problem in the first place.  Think outside the browser...think encryption "inside the box."

The key step, however, is to keep your antivirus software current; most security programs will detect the new banking Trojan horses.  Editor's Note:  Even if you have the most up to date Anti-Virus programs installed, Zeus bypasses detection 77% of the time.  So...that ain't happening.

There is an online banking Trojan out there that is bypassing up-to-date anti-virus programs as much as 77% of the time, according to security company Trusteer. The Zeus Trojan is also known as Zbot, WSNPOEM, NTOS and PRG. It is the most prevalent financial malware on the web, Trusteer says. (Editor's Note:  Others say it's Clampi

According to Trusteer: "When we set out to measure the efficiency of anti-virus products in the wild against Zeus, we had no idea what kind of results we would get," said Amit Klein, CTO of Trusteer and head of the company’s research organization.

"The findings, that up-to-date anti-virus programs were only effective at blocking Zeus infections 23 percent of the time, are disturbing".

This is bad news for consumers and banks, since the vast majority of Zeus infections are going unnoticed."

Reblog this post [with Zemanta]

Ignify Becomes First and Only Mid-Market eCommerce Platform to Achieve PCI Compliance for the PA-DSS Standard

LOS ANGELES - (BUSINESS WIRE) - Ignify, a global provider of eCommerce, ERP and CRM solutions and services, today announced that Ignify eCommerce 4.0 (the company's flagship platform) which has been deployed in hundreds of large online storefronts has become the industry's first and only mid-market eCommerce solution to achieve PCI Security Standards Council (PCI) compliance for the Payment Application Data Security Standard (PA-DSS). This achievement ensures Ignify eCommerce customers the highest level of protection against fraud and data theft by passing PCI's strict standards against storing sensitive data including magnetic stripe, CVV2, or PIN numbers for online transactions.

"We are very pleased and proud to have earned PCI's compliance for data security," said Pankaj Kumar, chief technology officer for Ignify. "Fraud remains the number one security concern for online retailers as techniques for misappropriating secured customer data becomes ever more sophisticated. Ignify's ability to conduct online transactions without ever needing to store sensitive information like credit card or PIN numbers offers our retail partners and the customers they serve a strong sense of comfort."

PCI's PA-DSS standard is the organizations managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to the PA-DSS requirements, but must still be secured in accordance with the PCI DSS.

"From its inception, Ignify eCommerce has been designed with data security as a top priority and this acknowledgement from the PCI Security Standards Council reflects our continued commitment to our customers," added Ignify's Director of eCommerce Operations, Ranjit Goray.

Ignify eCommerce 4.0 is an end-to-end online storefront and business commerce platform. This leading solution offers several refined features including: advanced heuristic fraud detection, real-time reporting and Google analytics, and a unique marketing & promotions module allowing administrators and marketing staff to deliver promotions, edit coupons and mark discounts all on-the-fly from a simple easy to understand dashboard. In addition, Ignify eCommerce 4.0 is the leading online web store and e-commerce solution for Microsoft Dynamics ERP and has been deployed at over 200 sites including: McDonalds Corporation, Aerosoles, Giant Bicycles and the Atlanta Falcons and Dallas Cowboys NFL teams among many others.

About Ignify

Ignify is a privately-held ISO 9001 certified company focused on the mid-market and enterprise business space for ERP, CRM and eCommerce implementations. The company provides design, consulting and implementation services for ERP, CRM initiatives for mid-market and enterprise businesses. Ignify is a Top-tier Microsoft Gold Certified partner ranked in both the Microsoft Dynamics Inner Circle and the Microsoft Dynamics Presidents Club in 2009. Ignify offers a comprehensive set of Business to Business (B2B) and Business to Consumer (B2C) eCommerce solutions for increasing online sales while lowering overall operation costs. Ignify has offices in Los Angeles, Silicon Valley, Nashville, Chicago, Toronto, Manila, Pune and Bangalore.

For more information, visit www.ignify.com or call 888-446-4395.

Visa/MasterCard Telemarketing Scam Uncovered

Hey there PIN Payments News Blog readers...Just a heads up for everyone regarding the latest in Visa fraud. Royal Bank received this communication about the newest scam. This one is pretty slick since they provide YOU with all the information, except the one piece they want..

Note, the callers do not ask for your card number; they already have it!
  Probably because you "typed" it into a box on some website...(couldn't resist :-)

Anyway, this information is worth reading.. By understanding how the VISA & MasterCard telephone Credit Card Scam works, you’ll be better prepared to protect yourself. One of our employees was called on Wednesday from ‘VISA’, and I was called on Thursday from ‘MasterCard’.

The scam works like this:

Person calling says – ‘This is (name), and I’m calling from the Security and Fraud Department at VISA. My Badge number is 12460, Your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona ?’ When you say ‘No’, the caller continues with, ‘Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?’ You say ‘yes’.

The caller continues – ‘I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. ‘Do you need me to read it again?’

Here’s the IMPORTANT part on how the scam works – The caller then says, ‘I need to verify you are in possession of your card’. He’ll ask you to ‘turn your card over and look for some numbers’. There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he’ll say, ‘That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?’

After you say no, the caller then thanks you and states, ‘Don’t hesitate to call back if you do’, and hangs up. You actually say very little, and they never ask for or tell you the card number.. But after we were called on Wednesday, we called back. Within 20 minutes to ask a question. Are we were glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card. We made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don’t give it to them. Instead, tell them you’ll call VISA or Master Card directly for verification of their conversation.

The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you’re receiving a credit; however, by the time you get your statement you’ll see charges for purchases you didn’t make, and by then it’s almost too late and/or more difficult to actually file a fraud report.

What makes this more remarkable is that on Thursday, I got a call from a ‘Jason Richardson of MasterCard’ with a word-for-word repeat of the VISA Scam. This time I didn’t let him finish. I hung up! We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening. I dealt with a similar situation this morning, with the caller telling me that $3,097 had been charged to my account for plane tickets to Spain , and so on through the above routine.

It appears that this Is a very active scam, and evidently quite successful.

Pass this on to all your family and friends

Niki Laxamana

Detective Constable (99739)

Toronto Police Service Fraud Squad – Corporate Section

40 College Street, 3rd Floor

Toronto, Ontario Canada M5G 2J3 B:

(416) 808-7344 F: (416) 808-7302

Reblog this post [with Zemanta]

F-Secure Releases Its 2009 Holiday Cyber-Watch List for Cyber Monday

F-Secure,Internet Security,Anti-Virus, Antispyware,Firewall, Parental ControlsSource: F-Secure Press Release

Internet Security Experts Reveal the Products Most Likely to Be Targeted by Search Engine Scammers This Holiday Season

SAN JOSE, CA--(Marketwire - November 23, 2009) - The Internet security experts at F-Secure today revealed a list of products most likely to be used by search engine scammers to prey on unsuspecting holiday shoppers. The list compiles projected holiday 2009 gift favorites, including iPods and merchandise related to Michael Jackson's blockbuster "This Is It" film. The hottest gifts will be the most searched for online, and thus become prime targets for cybercriminals.

Search engine scams, i.e. nefarious links that masquerade as normal search results, are particularly dangerous this holiday season as online shopping is predicted to be relatively strong compared to traditional retail. This, coupled with the fact that more and more grandparents, typically a less tech-savvy demographic, are shopping online could result in a search engine scam blitzkrieg around this holiday season's most popular gifts.

The products most likely to be targeted by cybercriminals include:

  • -- The popular video game "Call of Duty: Modern Warfare 2"

  • -- Merchandise related to the Michael Jackson film "This Is It"

  • -- The Flip UltraHD Camcorder

  • -- Apple's iPod

  • -- Nintendo's Wii

  • -- Playskool's Chuck My Talking Truck

How the search engine scams work

F-Secure's global security labs team, which monitors and analyzes the changing security threat landscape, has seen a significant rise in search engine scams in 2009. With search engine scams, cybercriminals leverage public interest in major breaking news items to create bogus news-related links (e.g. articles, websites, videos) that can be used to obtain sensitive data -- mainly financial information -- from Internet surfers upon click-through. These efforts are typically bolstered by an Ad Words campaign that improves the Google rankings of bad links, resulting in more click-throughs and a higher rate of crime.

How to protect yourself while online shopping (Editor's Note: Don't Type/Enter Your Card in a Box)

"Though they are not new, search engine scams have become a highly lucrative tactic for cybercriminals. We've seen the bad guys bank on almost every major news event this year, so we anticipate that they will exploit the most popular gifts people will be looking to buy over the holidays," said Mikko Hypponen, Chief Research Officer, F-Secure. "We strongly urge people to only shop on trusted ecommerce websites, using their individual site search engines. If that's not a possibility, perform a 'safe link' check on unknown URLs with technology like F-Secure's Browsing Protection."

Internet users can surf safely by checking unknown URLs at http://browsingprotection.f-secure.com. F-Secure's Browsing Protection quickly and easily lets users know whether or not a link is malicious. People can also protect their computers year round with F-Secure's Internet Security 2010, which offers comprehensive security for the home PC user. As part of a special, limited-time offer, F-Secure Internet Security 2010 is available for purchase with F-Secure Online Backup for a total of $59.99 -- a savings of $49.99 off the list price. Please visit http://campaigns.f-secure.com/usbundle/ to purchase.

F-Secure's list of the 'most dangerous gifts' was compiled based on Amazon's Most Gifted items, cross-checked against a Google Trends analysis of the most searched for product names during past holiday seasons. Please find the full list of the 'most dangerous gifts of 2009' at http://www.f-secure.com/en_US/security/security-center/security-stories/holiday-cyber-watch-list-2009.html.

F-Secure -- Protecting the irreplaceable

While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd. www.f-secure.com

BitDefender Offers Tips for Safe Online Holiday Shopping

Nov 23, 2009 10:08 ET

SOURCE: BitDefender

What Every Savvy Shopper in Pursuit of Online Deals Should Know Before Entering (Typing) a Credit Card Number...  (Editor's Note: Just Don't Do It!)

BUCHAREST, ROMANIA--(Marketwire - November 23, 2009) - It's that time of year again. Thanksgiving is just around the corner, the holidays are coming up, and it's time to shop! BitDefender, an award-winning provider of innovative anti-malware security solutions, offers up some simple tips to help consumers protect themselves from online scammers this holiday season.

"Taking advantage of the many benefits of online shopping like competitive pricing, great selection, or even freebies like zero shipping fees and free gift wrapping, doesn't have to cost consumers more than they've bargained for," said Catalin Cosoi, BitDefender's senior antispam researcher. "By being aware of a few key issues, consumers can shop safely with the knowledge they need to protect their personal information and their PC."

The following tips include suggestions to consider before shopping online this holiday season and throughout the New Year:

Know where you're shopping and read the fine print. Not every Web site and online shop is a safe and reputable merchant! The truth is many thieves are quite skilled at crafting very convincing, legitimate-looking online shopping sites. Be very careful who you purchase from.

If the merchant wants more than your name and email address in order to cash in that coupon, beware. A common phishing tactic targeting online shoppers utilizes online promotions and sales to entice a consumer to enter personal information in order to receive coupons or other merchandise. While many reputable sites offer coupons or samples, they will never ask for excessive amounts of personal information to redeem them, most only require a name and email address.


-- Always shop from a secure PC with a good security suite installed.

-- Try to stick to the known and trusted sites.

-- Be wary of "great gift" or "special offer" emails from unknown

addresses, it is likely fake and should be avoided.

-- Use credit cards instead of debit cards. Debit cards offer a lower

liability in case you are the victim of fraud.

-- Check for security seals on all shopping sites.

-- Make sure that the connection to the website is an https. This doesn't

guarantee safety, but in most cases these sites are safe.

-- Consider alternative ways of payment, such as cash upon delivery.

To listen to the Tips for Safe Online Holiday Shopping podcast featuring Catalin Cosoi, click here. And to stay up-to-date on the latest e-threats, product and business news, sign-up for BitDefender's RSS feeds.

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry's anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's http://www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Trustwave Expands Global Operations With New Offices in Mexico and Colombia

SOURCE: Trustwave

Nov 24, 2009 06:01 ET

Provides Dedicated Support to Local Customers

CHICAGO, IL--(Marketwire - November 24, 2009) - Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, has opened new offices in Mexico City and Bogota, Colombia. These additional locations will enable better regional support of data security and compliance initiatives with the Payment Card Industry Data Security Standard (PCI DSS).

An increase in Latin American demand for compliance validation with the PCI DSS necessitated the additional locations. PCI DSS is the payment card industry security requirement for entities that process, transmit and/or store cardholder data, and has been endorsed by all the major card brands -- Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. Trustwave will continue to provide the region its full suite of security and compliance solutions, including managed security services and compliance validation services for PCI DSS.

"For MasterCard, offering top-notch security solutions to our customers and cardholders is of utmost importance. This is why we are pleased that Trustwave is expanding its services to Mexico and Colombia," said Guillermo Maniaux, vice president, Security and Risk Management, MasterCard Mexico and Central America. "Through our partnership with Trustwave our customers benefit from a broad range of proprietary, on-demand compliance solutions and managed security services."

"As PCI DSS compliance validation gains momentum in Latin America, it's critical that merchants work with an organization that understands the local culture and can provide technology and solutions that meet their needs," says Guillermo Enrique Puerto Avella, Gerente General at Incocrédito, a service provider to the financial services industry. "Trustwave has been our partner for several years and has continued to expand their service offering, in addition to their locations. We're excited about their Bogota office because they can now serve local businesses that need to secure their network environment and protect sensitive data."

These office openings continue Trustwave's expansion into the Latin American market. Trustwave has regional headquarters in São Paulo, Brazil, as well as a location in Santiago, Chile. Managing Director Jarrett Benavidez continues to head the Latin America/Caribbean region, which serves South America, Central America and the Caribbean.

"The expansion into Latin America will bring more resources to our clients to help protect their information and comply with regulatory standards like the PCI DSS," says Robert J. McCullen, chairman and CEO of Trustwave. "These office openings exemplify our dedication and commitment to this market."

"We've seen a continued increase in PCI DSS compliance validation activity in this region, which makes it clear that merchants, acquiring banks and service providers understand its importance," said Benavidez. "We now have more resources to devote to businesses with local language support."

Reblog this post [with Zemanta]

A Revolutionary "Case" Study

Steve Case and Ted Leonsis throw in the towel on Revolution Money


Wow! It’s a great country. American Express is paying $300 million for alternative payments venture Revolution Money. For a venture with virtually no revenue, no material clients, and, a faulty – or to be charitable unproven, business model, that’s a nice exit.

So, in a nutshell Amex is buying a pricey payments platform. To what end? Amex says it plans to use the technology so develop online, reloadable prepay, social media, US mobile, and pin debit payment products. If the Revolution Money platform genuinely accelerates its ability to address these target opportunities, it may prove worth it. P2P payments are the most promising.

P2P payments and money transfer are a natural network business and complement to American Express’s existing payment network. To the extent that Revolution Money’s technology enables Amex to develop its P2P capability more quickly, that offers the best upside.

Continue Reading...but before you do

If P2P payments are the most promising and P2P payments and money transfer are a natural network business, then what could be better than HomeATM's "REAL TIME solution?

Sender: Swipes Any BankCard, Enters PIN, Sends email

Recipient: Receives email, Swipes Any BankCard, Enters PIN.

HomeATM's Real Time Remittance:

It's like inserting a $100 bill into an ATM

and having it come out at the ATM

your friend is standing at.

That Simple...That Fast...That Real...in "Real Time"

(Using any existing bank cards, existing PINs and existing bank rails)

Reblog this post [with Zemanta]

Fact Act Webinar from FIS


Have you performed your annual FACT Act assessment yet?

A year has passed since your institution was first required to comply with the FACT Act. No doubt you have spent the last year executing your written Identity Theft Prevention Program based upon your risk; however, like other financial institutions, you must periodically monitor, evaluate and adjust your program.

Have you reassessed and updated your Identity Theft Prevention Program to keep pace with evolving identity theft trends or to better manage fraud incidents that you may have experienced this past year? Did you find any gaps in your compliance?

Join us for a complimentary webinar, "FACT Act Compliance – Preparing For Your Annual Identity Theft Program Assessment," on Dec. 2, 2009 at 2:00 p.m. EST.

During this one-hour session, we will discuss how to:

  • Effectively detect, prevent and mitigate identity theft

  • Demonstrate ongoing FACT Act compliance

  • Easily update your Identity Theft Prevention Program

To register, call 1 888 933 8637 (press 1 twice) or visit www.fisglobal.com/redflag.

Reblog this post [with Zemanta]

The Global Cards Industry in 2010 - Lafferty Group Webinar

Lafferty Group


The Global Cards Industry in 2010

A world turned upside down

Exclusive Lafferty Webinar








02 December 2009

13:00 – 14:00 BST (London)

Michael Lafferty, Chairman, Lafferty Group

Olann Kerrison, Head of Analysis & Content, Lafferty Group

$197 (plus 15 percent VAT for UK residents) per participant

The cards industry worldwide is going through a period of unprecedented change and turmoil, as the balance of global economic power swings dramatically towards Asia and other emerging markets. The dimensions of this change are truly breathtaking in their significance, and include:
  1. A dramatic decline in US cards industry profitability

A counter-balancing and equally dramatic increase in cards industry profitability in the rest of the


Unprecedented regulatory hostility to the industry in the US

Explosive growth in the cards industry in Asia, particularly China

A reordering of credit card profit pools, with markets like Brazil, Turkey and Australia now larger 

      than the US

Explosive growth of debit cards everywhere around the world, at the expense of credit cards

  7. A shift in the balance of power in the cards industry itself, away from issuers and towards acquirers

All of these important trends and developments will be discussed at this special 60-minute Lafferty webinar. Featuring Michael Lafferty, Chairman of Lafferty Group, and Olann Kerrison, Head of Analysis & Content at Lafferty, the webinar will have a strong international focus and will be highly interactive.

Drawing on our proprietary 65-country cards and consumer finance industry research database, the content will cover:

  1.  The global outlook for the cards industry

  2.  Regional overviews of the state of the industry – covering:

          ● North America

          ● Latin America

          ● Europe

          ● Middle East and Africa, and

          ● Asia-Pacific

  3.  The outlook for cards in key country markets, including:

          ●  US

          ●  Mexico

          ●  Canada

          ●  Brazil

          ●  UK

          ●  Turkey

          ●  Russia

          ●  Spain

          ●  China

          ●  Japan

          ●  Korea

          ●  India

          ●  Australia

Deliverables for webinar participants include:

          ●  The presentation slides

          ●  A recording of the entire webinar

          ●  A research note on the global cards industry in 2010 


A fee of $197 (plus 15 percent VAT for UK residents) is payable for each webinar participant.

To register to attend, please fill out the ONLINE REGISTRATION FORM

Once you have registered you will receive a confirmation email outlining how to join the event.

An annual subscription to Lafferty Webinars is also available for only $997. This includes attendance to our monthly webinars, the complete recording and research notes post-event, plus access to the full archive of past webinars. To subscribe, please fill out the ANNUAL SUBSCRIPTION FORM.

For assistance, please contact Mike Murphy – mike.murphy@lafferty.com

Citigroup to Sell Diners Club North America to Bank of Montreal

NEW YORK - JUNE 7:  (FILE PHOTO) In this file ...Image by Getty Images via Daylife

Citigroup sells Diners Club N. American ops

(AP) – 3 hours ago

NEW YORK — Citigroup Inc. said Tuesday it is selling its Diners Club North American franchise to BMO Financial Group as it continues to shed noncore assets and streamline operations. Financial terms of the deal were not disclosed.

The sale of the North American operations comes more than a year after Citigroup sold the international portion of the Diners Club operations to Discover Financial Services. The international business was sold to Discover in April 2008 for $165 million.

New York-based Citi, among the hardest hit banks by the credit crisis last year, has been selling off divisions throughout 2009 that are no longer considered part of its primary consumer and institutional banking operations.

Continue Reading

Reblog this post [with Zemanta]

Gartner Identifies the Top 10 Consumer Mobile Applications for 2012

STAMFORD, Conn., November 18, 2009 — Gartner, Inc. has identified the top 10 consumer mobile applications for 2012. Gartner listed applications based on their impact on consumers and industry players, considering revenue, loyalty, business model, consumer value and estimated market penetration.

“Consumer mobile applications and services are no longer the prerogative of mobile carriers,” said Sandy Shen, research director at Gartner. “The increasing consumer interest in smartphones, the participation of Internet players in the mobile space, and the emergence of application stores and cross-industry services are reducing the dominance of mobile carriers. Each player will influence how the application is delivered and experienced by consumers, who ultimately vote with their attention and spending power.”

“The ultimate competition between industry players is for control of the ‘ecosystem’ and user experience, and the owner of the ecosystem will benefit the most in terms of revenue and user loyalty,” Ms. Shen said. “We predict that most users will use no more than five mobile applications at a time and most future opportunities will come from niche market ‘killer applications’.”

The top 10 consumer mobile applications in 2012 will include:

No. 1: Money Transfer

This service allows people to send money to others using Short Message Service (SMS). Its lower costs, faster speed and convenience compared with traditional transfer services have strong appeal to users in developing markets, and most services signed up several million users within their first year. However, challenges do exist in both regulatory and operational risks. Because of the fast growth of mobile money transfer, regulators in many markets are piling in to investigate the impact on consumer costs, security, fraud and money laundering. On the operational side, market conditions vary, as do the local resources of service providers, so providers need different market strategies when entering a new territory.

Video: Demo of HomeATM

No. 2: Location-Based Services

Location-based services (LBS) form part of context-aware services, a service that Gartner expects will be one of the most disruptive in the next few years. Gartner predicts that the LBS user base will grow globally from 96 million in 2009 to more than 526 million in 2012. LBS is ranked No. 2 in Gartner’s top 10 because of its perceived high user value and its influence on user loyalty. Its high user value is the result of its ability to meet a range of needs, ranging from productivity and goal fulfillment to social networking and entertainment.

No. 3: Mobile Search

The ultimate purpose of mobile search is to drive sales and marketing opportunities on the mobile phone. To achieve this, the industry first needs to improve the user experience of mobile search so that people will come back again. Mobile search is ranked No. 3 because of its high impact on technology innovation and industry revenue. Consumers will stay loyal to some search services, but instead of sticking to one or two search providers on the Internet, Gartner expects loyalty on the mobile phone to be shared between a few search providers that have unique technologies for mobile search.

No. 4: Mobile Browsing

Mobile browsing is a widely available technology present on more than 60 percent of handsets shipped in 2009, a percentage Gartner expects to rise to approximately 80 percent in 2013. Gartner has ranked mobile browsing No. 4 because of its broad appeal to all businesses. Mobile Web systems have the potential to offer a good return on investment. They involve much lower development costs than native code, reuse many existing skills and tools, and can be agile — both delivered and updated quickly. Therefore, the mobile Web will be a key part of most corporate business-to-consumer (B2C) mobile strategies.

No. 5: Mobile Health Monitoring

Mobile health monitoring is the use of IT and mobile telecommunications to monitor patients remotely, and could help governments, care delivery organizations (CDOs) and healthcare payers reduce costs related to chronic diseases and improve the quality of life of their patients. In developing markets, the mobility aspect is key as mobile network coverage is superior to fixed network in the majority of developing countries. Currently, mobile health monitoring is at an early stage of market maturity and implementation, and project rollouts have so far been limited to pilot projects. In the future, the industry will be able to monetize the service by offering mobile healthcare monitoring products, services and solutions to CDOs.

No. 6: Mobile Payment

Mobile payment usually serves three purposes. First, it is a way of making payment when few alternatives are available. Second, it is an extension of online payment for easy access and convenience. Third, it is an additional factor of authentication for enhanced security. Mobile payment made Gartner’s top 10 list because of the number of parties it affects — including mobile carriers, banks, merchants, device vendors, regulators and consumers — and the rising interest from both developing and developed markets. Because of the many choices of technologies and business models, as well as regulatory requirements and local conditions, mobile payment will be a highly fragmented market. There will not be standard practices of deployment, so parties will need to find a working solution on a case-by-case basis.

No. 7: Near Field Communication Services

Near field communication (NFC) allows contactless data transfer between compatible devices by placing them close to each other, within ten centimeters. The technology can be used, for example, for retail purchases, transportation, personal identification and loyalty cards. NFC is ranked No. 7 in Gartner’s top ten because it can increase user loyalty for all service providers, and it will have a big impact on carriers' business models. However, its biggest challenge is reaching business agreement between mobile carriers and service providers, such as banks and transportation companies. Gartner expects to see large-scale deployments starting from late 2010, when NFC phones are likely to ship in volume, with Asia leading deployments followed by Europe and North America.

No. 8: Mobile Advertising

Mobile advertising in all regions is continuing to grow through the economic downturn, driven by interest from advertisers in this new opportunity and by the increased use of smartphones and the wireless Internet. Total spending on mobile advertising in 2008 was $530.2 million, which Gartner expects to will grow to $7.5 billion in 2012. Mobile advertising makes the top 10 list because it will be an important way to monetize content on the mobile Internet, offering free applications and services to end users. The mobile channel will be used as part of larger advertising campaigns in various media, including TV, radio, print and outdoors.

No. 9: Mobile Instant Messaging

Price and usability problems have historically held back adoption of mobile instant messaging (IM), while commercial barriers and uncertain business models have precluded widespread carrier deployment and promotion. Mobile IM is on Gartner’s top 10 list because of latent user demand and market conditions that are conducive to its future adoption. It has a particular appeal to users in developing markets that may rely on mobile phones as their only connectivity device. Mobile IM presents an opportunity for mobile advertising and social networking, which have been built into some of the more advanced mobile IM clients.

No. 10: Mobile Music

Mobile music so far has been disappointing — except for ring tones and ring-back tones, which have turned into a multibillion-dollar service. On the other hand, it is unfair to dismiss the value of mobile music, as consumers want music on their phones and to carry it around. We see efforts by various players in coming up with innovative models, such as device or service bundles, to address pricing and usability issues. iTunes makes people pay for music, which shows that a superior user experience does make a difference.

Additional information is available in the Gartner report “Dataquest Insight: The Top Ten Consumer Mobile Applications for 2012." The report is available on Gartner’s website at http://www.gartner.com/resId=1205513.


Christy Pettey


+1 408 468 8312


Holly Stevens


+44 0 1784 267412


About Gartner:

Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.

Disqus for ePayment News