Wednesday, January 13, 2010

ProPay to Host 2010 Data Security Summit



Distinguished Leaders from the Payment Industry to Speak About Protecting Sensitive Payment Information and Ways to Avoid a Data Compromise



LEHI, Utah--(BUSINESS WIRE)--ProPay (www.propay.com), an industry leader in end-to-end data security encryption, credit card processing and electronic payment services, announced the lineup for its 2010 Data Security Summit set for March 9-10, 2010, at The Canyons Resort in Park City, Utah.


“The payment industry is under constant attack, and sensitive payment data continues to fall into the hands of hackers”




This year’s roster of presenters features Avivah Litan, Vice President and Distinguished Analyst, Gartner Research; Bob Russo, General Manager, PCI Security Standards Council; Chris Mark, CPISM/A, CISSP, CIPP; Tia Ilori, Compliance Program Manager, Visa; John Bartholomew, Vice President of Sales, and David Ellis, Director of Forensic Investigations, Security Metrics; Fred Laing, President, UMACHA—Regional NACHA Association—and Chairman of the Internet Council; Matt Sarrel, Executive Director, Sarrel Group; and Veronica Flanagan, Vice President of Payment Network Compliance, Wells Fargo Merchant Services.



  • Over the two-day conference, speakers will address:

  • Risks associated with storing sensitive payment data

  • The magnitude and long-term effects of a data compromise on shareholder value

  • How data thieves are trying to get to your data

  • How you can protect your sensitive payment data from data thieves

  • What you need to do to ensure PCI-DSS compliance

  • How online credit card compromise is perpetrated

  • Additional security insights and strategies



“The payment industry is under constant attack, and sensitive payment data continues to fall into the hands of hackers,” said Gary Goodrich, CEO of ProPay. “The 2010 Data Security Summit will give attendees the background and ammunition they need to go on the offensive. The presenter lineup that has been assembled is a Who’s Who list from the payment industry. Certainly, they will enlighten the attendees with new information that will aid their business’ safety and security moving forward.”



Featured Speakers Include:




Avivah Litan, Vice President and Distinguished Analyst, Gartner



Ms. Litan is arguably the most respected and widely read expert on financial fraud. She also covers authentication, identity theft, fraud detection and prevention applications, as well as other areas of information security and risk. She speaks frequently around the country on payment systems and financial flows in the business-to-consumer and business-to-business markets.



Bob Russo, General Manager of the PCI Security Standards Council



Mr. Russo works with representatives from American Express, Discover Financial, JCB, MasterCard Worldwide and Visa International to drive awareness and adoption of the PCI Data Security Standard. As part of his responsibilities, Russo oversees the PCI Security Standards Council's training, testing and certification programs for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) and related staff, serving as a key resource for the certification process. He also coordinates research and analysis regarding PCI DSS, soliciting feedback from the vendor and merchant community, and driving recruitment of stakeholders as Participating Organizations in the Council.



Chris Mark, CPISM/A, CISSP, CIPP



Mr. Mark is a noted payment card security expert. In addition to working for MasterCard and with Visa on their respective security programs, Chris was a member of the PCI SSC technical working group. He was one of the industry's first QSAs and conducted scores of PCI DSS assessments. From 2007-2009 Chris conducted PCI related training on behalf of Visa and was a QSA trainer. He personally trained over 10,000 people worldwide. Chris has published numerous articles and spoken at numerous events on the topic of information security within the payment card industry.



Tia Ilori, Compliance Program Manager, Visa



Ms. Ilori has held numerous positions throughout the organization in areas such as Technology Support Services, Issuer Risk Management, and Fraud Investigations and Incident Management. In her current role as a Compliance Program Manager, Tia is responsible for the management of Visa's US Payment Card Industry Data Security Standard (PCI DSS) Level 1 and Level 2 merchant compliance program, as well as managing Visa's franchise security best practices programs which helps drive PCI DSS into franchise businesses. Tia recently authored a Visa data security bulletin outlining key payment system security practices franchise operators can leverage to meet their obligation to comply with the PCI DSS and is also directly responsible for managing and hosting Visa's PCI DSS training seminars.



Fred Laing, President, UMACHA



Mr. Lang is president of UMACHA, a NACHA regional association, and has been for 25 years. Mr. Laing has designed and presented workshops on all facets of the ACH network including risk management, compliance, marketing and rules. He has also developed and presented sessions on Payment Systems Fraud, Data Security and Cash Management.



John Bartholomew, VP Sales, Security Metrics



Mr. Bartholomew, Vice President of Sales for Security Metrics, has been with Security Metrics since 2001 and has contributed to consistent triple-digit growth for the company. Security Metrics has assisted more than 400,000 merchants in over 40 countries with their PCI compliance.



David Ellis, Director of Forensic Investigations, Security Metrics



Mr. Ellis holds QIRA (Qualified Incident Response Assessor), QSA (Qualified Security Assessor), and CISSP (Certified Information Systems Security Professional) certifications. In addition to his forensics background, David has over 20 years of law enforcement and investigation experience. He was a Lieutenant of Police with the Oakland Police Department and has trained at the FBI National Academy.



Matt Sarrel, Executive Director, Sarrel Group



Mr. Sarrel is a Certified Information Systems Security Professional (CISSP) with 20 years of information and network security experience. Sarrel currently writes for a number of publications and websites including PC Mag, eWeek, CIO Update and GigaOM. Sarrel has written for and spoken to numerous international audiences about information technology and information security. He participated as an expert in two Federal Trade Commission workshops, one about spam in 2003 and one about spyware in 2004.



Veronica Flanagan, Vice President of Payment Network Compliance, Wells Fargo



Ms. Flanagan is responsible for managing all facets of Wells Fargo Merchant Services’ compliance with Visa, MasterCard, Discover and debit network rules, managing programs such as PCI, PA-DSS and the Triple Data Encryption Standard (TDES). She has 17 years of industry experience that includes roles as Credit and Risk Manager for Wells Fargo Merchant Services and Director of Service Quality at Visa.



Registration fees for the 2010 ProPay Data Security Summit are $199 per person. ProPay is offering a $50 early bird discount if registration is completed by February 1, 2010. For more information about the Data Security Summit, including how to register and speaker topics, please visit www.propaysummit.com, or e-mail marketing@propay.com or call 888-227-9856.



About ProPay



Since 1997, ProPay has led the market in providing simple, safe and affordable credit card processing and electronic payment services for businesses ranging from the small, home-based entrepreneur to multi-billion-dollar enterprises. ProPay is leading the industry as a provider of complete end-to-end payment security and encryption solutions for organizations. ProPay’s solutions reduce a merchant's risk of breaches and PCI scope by removing the data. ProPay is a privately held company, headquartered in Lehi, Utah. For information, visit www.propay.com/pressroom.

Half Of UK Internet Users Now Bank Online

PaymentsSource | Wednesday, January 13, 2010



At least 22 million adults in the United Kingdom, or 53% of the country’s 41.4 million regular Internet users, banked online in 2009, according to Financial Fraud Action UK, a trade group for the payments industry. Last year represented the first time the percentage of UK online-banking users exceeded 50% of regular Internet users, the trade group said Tuesday.



Meanwhile, the number of UK consumers initiating banking tasks by phones fell 9.9% in 2009, to 14.5 million from 16.1 million in 2005, the trade group says. The group reached its conclusion via surveys and market research.









Among the consumers who use online banking, 95% use banking Web sites to check account balances, the most popular online banking activity in the UK, the trade group says.



But many consumers still prefer to bank by phone. “Phone banking still remains a popular way for people to enquire about their account, with more than six in ten phone-banking customers using the service in this manner,” the group adds in a statement.



eCampus Offers PayPal to Students & Shoppers



LEXINGTON, KY--(Marketwire - January 13, 2010) - eCampus.com, the leading Internet textbook retailer, and the only online retailer to offer used textbooks, textbook rentals, etextbooks, new textbooks and a student marketplace, is now accepting PayPal for online payments. eCampus customers can use PayPal for more than 6 million textbooks, books, and DVDs.



PayPal provides a safer, easier way to pay online. With PayPal, eCampus customers can now pay for items through account balances, bank accounts, debit cards, or credit cards without sharing their financial information.



The addition of PayPal as a payment method helps eCampus.com achieve its primary mission of providing students the most options at the cheapest prices to fulfill their textbook needs. eCampus.com offers the ability for students to purchase used and new textbooks, download etextbooks, rent textbooks, shop from hundreds of individual sellers, and sell books back for cash. President and CEO Matt Montgomery states, "PayPal gives our students and customers the flexibility to purchase their textbooks in a variety of ways with security and peace of mind. With the addition of PayPal to the most complete variety of textbook selections, we are the best destination for textbook needs."



eCampus.com continuously strives to stay on the forefront of advances in the textbook and online retail industry. This year, eCampus.com became one of the first companies to offer textbook rentals. The company looks forward to continuing to offer the newest methods, the cheapest prices, and the absolute best ways to satisfy America's textbooks needs.



About eCampus.com



eCampus.com was established on July 2, 1999. Since then, eCampus.com has grown into a major online retailer for college and high school textbooks. eCampus.com's mission is to provide the easiest, fastest, cheapest way for college and university students to buy textbooks and stuff. The internet ought to be fun and shopping for textbooks should be as fast and convenient as shopping for anything else on the internet. The company makes a personal commitment to every customer that eCampus.com will be the best source for everything they need.



Follow our Social Media Press Releases http://www.ecampus.com/rss/pressreleases.xml

CompSource Chooses Mazooma Debit-Based Payment Solution



Now U.S. consumers can make fast, secure, online purchases from CompSource.com directly from their bank account



MIAMI, FLORIDA--(Marketwire - Jan. 13, 2010) - Mazooma, the first real-time, online debit payment solution for U.S. consumers, today announced that CompSource Inc., a leading eCommerce electronics retailer in the United States, has signed an agreement to integrate Mazooma on its website, www.compsource.com.



CompSource customers can now pay directly from an online back account by selecting Mazooma at checkout. Like CompSource, Mazooma is focused on the customer's shopping experience, offering them convenience, easy-of-use, and security. Currently, Mazooma supports 75 percent of all consumer bank accounts in the U.S. and has no jurisdictional limitations.



CompSource has been a success due to its high level of customer service and selection which includes over 200,000 name brand computer hardware and software products for both national and international mail order. With Mazooma's real-time transaction capability, CompSource is able to maintain this level of service and ship customer goods immediately. With access to 16 warehouses around the US, CompSource guarantees same day shipping on all overnight shipments.



CompSource is enabling the Mazooma payment option through Cardinal Centinel®, the leading technology platform for enabling alternative payment brands in both eCommerce and mobile Commerce, from Cleveland-based CardinalCommerce Corporation.



"Unparalleled customer service is our mission," said Dean Bellone, President of CompSource. "In choosing Mazooma, we had to deliver a payment option that supports our clients with the same focus and intensity that we do. Mazooma provides a fast, easy and secure debit option that simply works."



"CompSource selected Mazooma because all payment solutions are not created equal," said Paul Phillipson, Managing Director, USA, at Mazooma. "Many payment options sound similar in terms of ease-of-use and effectiveness for both merchant and customer, however, Mazooma is the first solution of its kind. Through our partnership, CompSource can provide a safe, debit based payment option that is intuitive for customers with immediate order fulfillment."



"The success story of our valued Customer, CompSource, is a source of pride at Cardinal," said Michael Keresman III, Chief Executive Officer, CardinalCommerce Corporation. "As a long-time Centinel Customer, CompSource has provided a growing selection of payment options for its Customers. Now, through Centinel, CompSource can quickly and easily add the Mazooma debit solution, and continue to offer the best-of-the-best customer experience."



About Mazooma



Mazooma was founded to provide consumers and merchants with a safe, secure and convenient bank account payment channel for online shopping. The eCommerce industry has long recognized that current online payment systems do not provide a platform to service the millions of consumers who cannot or will not use a credit card online. To serve this market, Mazooma developed a system that combines the security and comfort of online banking with the convenience and speed of a simple payment checkout process. Mazooma provides consumers with an instant and safe way to pay for online purchases directly from their bank accounts - authorized through the financial institutions they know and trust. Mazooma provides online merchants with a new way to reach customers and increase revenue, all while reducing their costs of payment processing. For more information, visit www.mazooma.com.



About CompSource



CompSource Inc. was founded in 1991 with a primary emphasis on national and international mail order. CompSource carries over 300,000 name brand computers, hardware, software, consumer electronics and office need products. CompSource has access to more than 16 warehouses around the U.S. to help assure quick, efficient delivery. CompSource typically receives over 7,000 unique visitors to their website and over 600 phone calls per day - with this purchasing power they are able to provide customers with the lowest possible prices from over 1,900 vendors. Because true value is more than just a low price, CompSource also features a custom configuration division which customizes PC's to customer specifications ranging in price from $349 and up. CompSource offers customers efficient, reliable performance and quality brand names - CompSource, Simply Better. For more information on CompSource, visit www.compsource.com.



About CardinalCommerce



CardinalCommerce Corporation is the global leader in enabling authenticated payments, secure transactions and alternative payment brands for both eCommerce and mobile commerce. Cardinal Centinel® enables payment brands such as Verified by Visa, MasterCard® SecureCodeTM, PayPalTM, Bill Me Later®, MazoomaTM, and more to a network of thousands of merchants and merchant service providers. Cardinal's mobile platform, Cardinal MAXTM, makes it easy for merchants to sell through the mobile channel by linking them directly with consumer mobile phones. Cardinal's proprietary and easily deployable technology provides consumers, merchants, credit/debit card issuers, and processors with the ability to conduct authenticated Internet, wireless, and mobile transactions safely and securely. Headquartered in Cleveland, Ohio, with facilities in the United States, Europe, and Africa, Cardinal services a worldwide customer base. For more information, visit www.cardinalcommerce.com.

MasterCard Worldwide Announces Advisors Merchant Solutions







SOURCE: MasterCard Worldwide

 

Data-Driven Offering Leverages Expertise of MasterCard Advisors and the Information Power of the MasterCard Worldwide Network, Providing Actionable Business Intelligence for Merchants



PURCHASE, NY--(Marketwire - January 12, 2010) - MasterCard Worldwide today introduced MasterCard Advisors Merchant Solutions, (www.mastercardadvisors.com/merchants). This first-of-its-kind suite of information products, data analytics and marketing services will enable decision makers across merchant organizations to understand spending activity in their industry category; evaluate their sales performance against their competitive set; and focus direct marketing efforts to target the very best prospects and hard to reach segments. This offering underscores the information power of the MasterCard Worldwide Network, the strong merchant relationships of MasterCard's U.S. Commerce Development function, and the expertise of MasterCard Advisors, the company's professional services arm, to provide merchants with actionable business intelligence that can inform strategy and marketing decisions.



"In today's highly competitive and challenging retail environment, detailed and timely information is essential to effectively managing one's overall business," said David Clarke, Group Executive, U.S. Commerce Development, MasterCard Worldwide. "We have a long history of working with merchants, and just about every one we speak to states the need for enhanced, actionable information and more effective marketing solutions.



"Advisors Merchant Solutions is in response to that need. These are powerful solutions for decision makers across the organization -- from marketing and operations to real estate and finance. They help enable far more informed decision-making on critical issues such as inventory management, store location planning, market share tracking, as well as strategies to attract customers and improve spending volumes."



Tapping into MasterCard Advisors' unique capabilities, this suite of information and marketing solutions was developed by the application of advanced analytic and/or behavioral modeling techniques to reported activity in various channels of the MasterCard Worldwide Network. Advisors Merchant Solutions robust reporting, modeling and consumer behavioral segmentation capabilities are based on the billions of transactions processed each year from across the 340 million MasterCard-branded credit, charge and debit cards issued in the United States. Reporting also incorporates estimates of sales by all other payment forms in retail sectors (cash, check, debit, charge and credit card sales across all networks), thus providing a complete view of retail activity at both a national and local level.



"With Advisors Merchant Solutions, MasterCard is putting the full power of its data and analytics capabilities at the service of merchants," notes Andrew Woodward, Senior Vice President, Merchant Solutions for MasterCard Advisors. "Comprised of SpendingPulse, Benchmark Analytics and Custom Marketing Solutions, this is a strong offering of unique data-driven information and marketing services. Together they allow companies to benchmark their sales performance against their industry category, better anticipate demand, and target marketing efforts, by leveraging real spend behavioral data. This has not previously been available."



Since the pilot program began, Advisors Merchants Solutions has been engaged by several leading retailers including hhgregg, a super-regional appliance and electronics retailer.



When hhgregg engaged Advisors Merchant Solutions to help with acquiring new customers, the results significantly outperformed the penetration rate compared to similar prior promotions. The retailer increased its market share in the consumer electronics and appliances industry category among those targeted, compared to the control group.



"We were impressed with the sophisticated behavioral and data driven marketing approach Advisors took, as well as the turnkey nature of the engagement," said hhgregg Vice President of Marketing Jeff Pearson. "We enjoyed working with their team -- not only for their savvy advice, but for the results they delivered."



Advisors Merchant Solutions suite is made up of three distinct components:



-- SpendingPulse™(1) is a macro-economic indicator reporting on

national retail sales. Based on aggregate sales activity in the MasterCard

payments network coupled with survey-based estimates for certain other

payment forms such as cash and check, it has come to be one of the

timeliest and most accurate sources of information about consumer spending

activity. Sector reports include those on Airlines, Specialty Retail and

Apparel, Auto Parts and Tire Sales, eCommerce, Electronics & Appliances,

Furniture & Furnishings, Gasoline, Hotels & Lodging, Jewelry, Luxury,

Restaurant and Department Stores.

-- Benchmark Analytics is a web-based application that delivers

behaviorally-based competitive intelligence by analyzing merchant

performance against the industry category and/or a set of competitors,

nationally by state, all the way down to defined MSAs or DMAs. The insights

can inform critical decision making on advertising/marketing, buying and

merchandising, and retail operations.

-- Custom Marketing Solutions identifies cardholders of participating

banks that represent the best prospects for merchant marketing offers.

Leveraging actual behavioral data to identify best prospects, and

developing tailored offers geared to specific target segments, merchants

can efficiently drive customer acquisition, win back lapsed customers and

increase spend.




View video on Advisors Merchant Solutions: http://tinyurl.com/yan276l



About MasterCard Advisors



MasterCard Advisors provides payments consulting, information, analytics, and customized services to financial institutions and their merchant partners worldwide. Addressing complex challenges in strategy, marketing, risk, and operations, MasterCard Advisors helps clients maximize the value of their businesses. As the professional services arm of MasterCard Worldwide, MasterCard Advisors is uniquely qualified to provide clients with insights and solutions that drive tangible impact and financial gain. For more information, go to www.mastercardadvisors.com.



About MasterCard Worldwide



MasterCard Worldwide advances global commerce by providing a critical economic link among financial institutions, businesses, cardholders and merchants worldwide. As a franchisor, processor and advisor, MasterCard develops and markets payment solutions, processes approximately 21 billion transactions each year, and provides industry-leading analysis and consulting services to financial-institution customers and merchants. Powered by the MasterCard Worldwide Network and through its family of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. For more information go to www.mastercard.com. Follow us on Twitter: @mastercardnews. (1) SpendingPulse does not represent MasterCard financial performance.

The Different Fraud Protections for Signatures and PINs



New York Times

By JENNIFER SARANOW SCHULTZ


Last week’s New York Times article “How Visa, Using Card Fees, Dominates a Market” detailed the behind-the-scenes struggle between banks and retailers to encourage customers to sign when making debit card purchases or to punch in their PIN because of the higher fees that stores pay banks for signatures.



Many readers took issue with the notion in the article that the debate over signing versus typing in a PIN “is a pointless distinction to most consumers, since the price is the same either way.”



Some readers said they felt there actually was a big difference between signatures and PINs for consumers in terms of fees and cost, safety and protection against fraud and purchase records, among other issues.



We’ve boiled this down to four main points: which costs more, which is safer, which offers more protection in the case of fraud and which is easier to track.



Last week, we looked at the cost differences for consumers and on Monday, we looked at which use of a debit card might better protect consumers’ accounts from the risk of fraud. (To be sure, many people think using credit is better than using any kind of debit transaction, but we’ll save that issue for another series.)



In this installment, we look at the differences in protections available if you’re a victim of signature vs. PIN transaction fraud and we’ll cover the remaining issue in our next installment.



Q.



What are the differences, if any, in protections available if you’re a victim of signature vs. PIN transaction fraud?

A.



If you’re the victim of fraud, the protections available to you can be very different depending on whether the transaction in question was done with a signature or a PIN and depending on which network processed the transaction.



Federal law generally limits consumer liability in debit card transaction fraud to $50, if the consumer notifies the financial institution within two business days. When timely notice is not given, the cap under federal law is $500, assuming other reporting requirements are met.



But some transaction networks offer consumers “zero liability,” meaning they mandate that financial institutions reimburse cardholders. Assuming those consumers meet certain fraud reporting requirements, they would pay nothing for unauthorized transactions.



Both Visa and MasterCard offer such a zero liability policy if the purchases in question are made with signatures. Visa, for instance, offers a zero liability policy for signature transactions processed over the Visa network, and MasterCard offers a similar policy, assuming certain requirements are met.



The protections for PIN purchases, however, are more varied. While Visa offers zero liability as well for PIN transactions processed over Interlink, its PIN debit network, MasterCard doesn’t offer a similar zero liability policy for PIN transactions “at this point,” said a MasterCard spokeswoman.



According to the spokeswoman, MasterCard does not offer zero liability for PIN purchases for a number of reasons, including, most important, the fact that its network processes only a small percentage of the PIN transactions used with its cards.



Financial institutions, however, may offer their own zero liability policy or other protections for PIN transactions. For instance, while the Star network, which processes PIN transactions, does not require that financial institutions offer zero liability, it is “aware of financial institutions that do offer zero liability as standard practice for all debit card transactions — whether they are PIN or signature authenticated,” said a spokeswoman for First Data, the parent company of the Star network.



To find out what protections you have for PIN transactions, look at the back of your debit card to see which networks may handle your transactions and check with your bank to see if you’re guaranteed anything beyond federal regulations for fraudulent PIN transactions.



According to David Robertson, publisher of the Nilson Report, a major reason for the additional protections for signature transactions is that there’s a much greater risk of fraudulent signature than fraudulent PIN transactions. “Visa and MasterCard have tried to mitigate that differential between the signature and the PIN networks by offering zero liability,” he said.



If you’re worried about fraud, Michelle Jun, a staff lawyer at the Consumers Union, recommends using your credit card instead of your debit card because of the additional protections available for credit cards.



The federal liability cap for credit cards is $50, and when you report a fraudulent credit transaction, a hold is put on your account and you don’t have to pay the disputed amount.



The 2008 Survey of Consumer Payment Choice





Public Policy Discussion Paper No. 09-10

by Kevin Foster, Erik Meijer, Scott Schuh, and Michael A. Zabek



This paper presents the 2008 version of the Survey of Consumer Payment Choice (SCPC), a nationally representative survey developed by the Consumer Payments Research Center of the Federal Reserve Bank of Boston and implemented by the RAND Corporation with its American Life Panel.



The survey fills a gap in knowledge about the role of consumers in the transformation of payments from paper to electronic by providing a broad‐based assessment of U.S. consumers’ adoption and use of nine payment instruments, including cash.



  • The average consumer has 5.1 of the nine instruments, and uses 4.2 in a typical month.

  • Consumers make 53 percent of their monthly payments with a payment card (credit, debit, and prepaid).

  • More consumers now have debit cards than credit cards, and

  • consumers use debit cards more often than cash, credit cards, or checks individually.

  • Cash, checks, and other paper instruments are still popular and account for 37 percent of consumer payments.

  • Most consumers have used newer electronic payments, such as online banking bill payment, but they account for only 10 percent of consumer payments.

  • Security and ease of use are the characteristics of payment instruments that consumers rate as the most important.



JEL Classifications: D12, D14, E42Full-text paper pdf

Tables of standard errors pdf

Survey questionnaire pdf

Consumer Payments Research Center site



"Dozens of Credit Unions" Affected by Zeus Malware





ZuesBot Makes its rounds through Credit Unions



A flurry of zuesbot attacks have been occurring at credit unions throughout the country. All credit unions should provide a warning and information to their members.



Zuesbot is a particularly nasty malware that is bypassing top AntiVirus / Malware scanners.





Once infected it waits for the user to login to their online banking, logs the credentials, then pops up a screen that asks the user to further verify their login by entering their credit card data.  All information gathered is sent back the the attackers





While some users may be skeptical and not enter their data, the damage is already done. The online banking credentials have been compromised.



So, if you have members reporting this, the only recourse is to shut down their machine, change the online banking account passwords, look for changes to the account, wipe and reload the user's machine.



After receiving notification, CUISPA issued an alert to its registered members and identified dozens of cases throughout the country.



This is a variant of the same attack that is making news in the ACH world.





Corporations unsuspectingly download the Zuesbot malware, which waits for access to the company's online banking site. At which time the attacker takes over to leverage the ACH capabilities of the company.





Shall we all reconsider stronger one time use / out of band authentication?



View Full CUISPA REPORT by logging onto ALERTS.CUISPA.ORG view the Alerts Forums 





CUs Warned about Security-Skirting Malware



HomeATM Headline News through January 12th





Payment Card Interchange Fees and Merchant Service Charges: An International Comparison

by Fumiko Hayashi As payment cards have become an increasingly important electronic retail payment type in many countries, payment card fees, especially interchange fees, have become the source of a good deal of controversy. Read more



Heartland Settles with Visa, Agrees to Pay Nearly $60 Million for ...

Digital Transactions Gartner Inc. security analyst Avivah Litan has estimated the Visa issuers' losses at about $50 million, not including customer-service expenses



Eye on Processing: Glitches Strike in U.S., Germany, And Australia

Payment card processing glitches struck in the U.S., Germany, and Australia over the past week. Although full details about them still aren’t known, the foreign ones apparently involved... http://www.digitaltransactions.net/newsstory.cfm?newsid=2415



Consumers Favor Debit Cards, But Prepaid Cards Lag Far Behind

While electronic payment methods continue to gain ground against paper-based payments, consumers show widely varying attitudes toward specific types of electronic methods, according to a recently... http://www.digitaltransactions.net/newsstory.cfm?newsid=2412



Bill Me Later hit with class-action lawsuit over interest rates

Baltimore Business Journal Bill Me Later is an online payment processor that Internet retailers use to boost sales. When making a purchase online, consumers who choose to use Bill Me

Ingenico Introduces End-to-End Security Solutions for Merchants

Ingenico has announced a "comprehensive strategy to provide secure end-to-end solutions to assist merchants in complying with the PCI Data Security Standards." Ingenico says its strategy addresses the entire payment transaction process including: data in flight, data at rest, and architecture.



MALICIOUS BANKING APP FOUND ON ANDROID MARKET

First Tech Credit Union has warned that a malicious application designed to steal banking details has made its way onto Google's Android Market. More on this story: http://www.finextra.com/news/fullstory.aspx?newsitemid=20930



Best Buy Cuts off Visa Contactless with Little Risk to Sales

Digital Transactions A source close to Visa tells Digital Transactions News that Visa made a business decision not to support payWave with PIN debit.



Facebook Payments Operation Could Rival Paypal

ADOTAS by Gavin Dunaway | ADOTAS – As it aims for a larger slice of the virtual goods pie and possibly step on PayPal's turf, Facebook has put up notice that it is ...



Lawsuit Challenges Bill Me Later Fees

American Banker (subscription) By Daniel Wolfe The fee structure of eBay's Bill Me Later instant credit service violates a California consumer protection law, according to a law firm that



Banks and Card Issuers Are Investing in Technology to Speed-up and Improve Reporting and Prevention of Fraud

Studies by a division of the US treasury, the Financial Crimes Enforcement Network (FinCEN), determined that suspicious transactions related to credit card fraud increased by 95% from 2007 to 2008, a figure that is expected to rise again by the close of 2009. As a result, banks need to stay on top of ways they can improve their handling of fraud cases by speeding up resolution processes, increasing effectiveness and investing in new technologies. Read more



Facebook looking to beef up e-commerce team

CNET by Caroline McCarthy Facebook is turning up the heat on becoming a big player in the online payments world, according to a couple of job postings for a new ...



Is Google the best candidate to create a good, customer-focused cloud banking ...

ZDNet (blog) I have had it with credit cards, banks, mutual fund companies, PayPal, debit cards, MasterCard and Visa. As far as I'm concerned they are all fired. ...



What retailers have mobile sites or apps?

istockAnalyst.com (press release) According to a recent Foresee Results survey, one-third of online shoppers already use their mobile phones for M-Commerce. These shoppers pulled out their







Feature Story



The Different Fraud Protections for Signatures and PINs: THE NEW YORK TIMES By JENNIFER SARANOW SCHULTZ



Last week’s New York Times article “How Visa, Using Card Fees, Dominates a Market” detailed the behind-the-scenes struggle between banks and retailers to encourage customers to sign when making debit card purchases or to punch in their PIN because of the higher fees that stores pay banks for signatures.



Many readers took issue with the notion in the article that the debate over signing versus typing in a PIN “is a pointless distinction to most consumers, since the price is the same either way.”



Some readers said they felt there actually was a big difference between signatures and PINs for consumers in terms of fees and cost, safety and protection against fraud and purchase records, among other issues.



We’ve boiled this down to four main points: which costs more, which is safer, which offers more protection in the case of fraud and which is easier to track.



Last week, we looked at the cost differences for consumers and on Monday, we looked at which use of a debit card might better protect consumers’ accounts from the risk of fraud. (To be sure, many people think using credit is better than using any kind of debit transaction, but we’ll save that issue for another series.)



In this installment, we look at the differences in protections available if you’re a victim of signature vs. PIN transaction fraud and we’ll cover the remaining issue in our next installment.



Q. What are the differences, if any, in protections available if you’re a victim of signature vs. PIN transaction fraud?



A. If you’re the victim of fraud, the protections available to you can be very different depending on whether the transaction in question was done with a signature or a PIN and depending on which network processed the transaction.



Federal law generally limits consumer liability in debit card transaction fraud to $50, if the consumer notifies the financial institution within two business days. When timely notice is not given, the cap under federal law is $500, assuming other reporting requirements are met.



But some transaction networks offer consumers “zero liability,” meaning they mandate that financial institutions reimburse cardholders. Assuming those consumers meet certain fraud reporting requirements, they would pay nothing for unauthorized transactions.



Both Visa and MasterCard offer such a zero liability policy if the purchases in question are made with signatures. Visa, for instance, offers a zero liability policy for signature transactions processed over the Visa network, and MasterCard offers a similar policy, assuming certain requirements are met.



The protections for PIN purchases, however, are more varied. While Visa offers zero liability as well for PIN transactions processed over Interlink, its PIN debit network, MasterCard doesn’t offer a similar zero liability policy for PIN transactions “at this point,” said a MasterCard spokeswoman.



According to the spokeswoman, MasterCard does not offer zero liability for PIN purchases for a number of reasons, including, most important, the fact that its network processes only a small percentage of the PIN transactions used with its cards.



Financial institutions, however, may offer their own zero liability policy or other protections for PIN transactions. For instance, while the Star network, which processes PIN transactions, does not require that financial institutions offer zero liability, it is “aware of financial institutions that do offer zero liability as standard practice for all debit card transactions — whether they are PIN or signature authenticated,” said a spokeswoman for First Data, the parent company of the Star network.



To find out what protections you have for PIN transactions, look at the back of your debit card to see which networks may handle your transactions and check with your bank to see if you’re guaranteed anything beyond federal regulations for fraudulent PIN transactions.



According to David Robertson, publisher of the Nilson Report, a major reason for the additional protections for signature transactions is that there’s a much greater risk of fraudulent signature than fraudulent PIN transactions. “Visa and MasterCard have tried to mitigate that differential between the signature and the PIN networks by offering zero liability,” he said.



If you’re worried about fraud, Michelle Jun, a staff lawyer at the Consumers Union, recommends using your credit card instead of your debit card because of the additional protections available for credit cards.



The federal liability cap for credit cards is $50, and when you report a fraudulent credit transaction, a hold is put on your account and you don’t have to pay the disputed amount.

Point-of-Sale (POS) Hardware Market in China 2008-2012





DUBLIN--(BUSINESS WIRE)--Research and Markets (http://www.researchandmarkets.com/research/c21f0c/pointofsale_pos) has announced the addition of the "Point-of-Sale (POS) Hardware Market in China 2008-2012" report to their offering.



“Point-of-Sale (POS) Hardware Market in China 2008-2012”



A point-of-sale (POS) hardware is a computerized replacement for a cash register. The POS system can include the ability to record and track customer orders, process credit and debit cards, connect to other systems in a network, and manage inventory. Business benefits such as increasing efficiency, productivity gains, control over operations that increase the productivity of serving staff, fine-tuning of business model and return on investment are driving the demand for POS systems. Further, the replenishment markets; wherein the companies are looking to replace legacy systems, offer potential opportunities for the next generation advanced POS systems.



In addition, EMV compliance - Europay/MasterCard/Visa standard for chip-embedded cards - is expected to drive the EMV compatible POS systems in the Chinese market.



The Chinese market for POS machines is undergoing a developmental phase. There has been a lot of technological advancement and expansion in the Chinese market of POS machine. New technologies are being continuously added into the POS machine system on the section of display, storage, hard disks, operation platform, etc. In China, both the foreign as well as domestic manufacturers (despite having a considerable volume sales) try to save time on R&D activities; thus, compromising on the design and functionalities of the POS machines.



The report by TechNavio Insights forecasts the size of the Point-of-Sale (POS) Hardware Market in China over the period 2008-2012. Further, it discusses the key market trends, drivers and challenges of the POS Hardware Market in China, and profiles some of the key vendors of this industry.

Key Topics Covered:


  • 1. Introduction

  • 2. POS Hardware in China Market Size & Forecast

  • 3. Market Trends

  • 4. POS Hardware Growth Drivers

  • 5. Challenges for POS Hardware Industry

  • 6. POS Hardware Vendors

  • Other Reports in this Series

  • List of Exhibits

  • Exhibit 2.1: POS Hardware in China Market Size and Forecast 2008-2012 (In $ million)

  • Exhibit 2.2: POS Hardware Distribution as per Retail Store Format - 2008

Companies Mentioned:

  • FUJITSU LIMITED

  • Hewlett-Packard (HP)

  • Hypercom Corporation

  • International Business Machines Corporation (IBM)

  • NCR Corporation

  • VeriFone Holdings, Inc

  • Fujian Landi Commercial Equipment Co, Ltd

  • Fujian Newland Computer Co, Ltd

  • SAND Information Technology System Co Ltd

  • Shenzhen Xinguodu Technology Coltd

  • SPECTRA Technologies Holdings Co Ltd

For more information visit http://www.researchandmarkets.com/research/c21f0c/pointofsale_pos



Coinstar, Inc. to Report 2009 Fourth Quarter and Full Year Financial Results on February 11, 2010



BELLEVUE, Wash.--(BUSINESS WIRE)--Coinstar, Inc. (NASDAQ:CSTR) will report financial results for the 2009 fourth quarter and full year on Thursday, February 11, 2010, after market close. At 2:00 p.m. PST (5:00 p.m. EST) Coinstar management will host a conference call to review the results.



The conference call will be webcast live on the Investor Relations section of Coinstar’s website at www.coinstar.com, where it will be archived. A recording of the call will be available approximately two hours after the call ends through February 25, 2010, at 1-888-286-8010 or 1-617-801-6888, passcode 12734608.



Coinstar’s fourth quarter financial results press release will be available on the Investor Relations section of the company's website on February 11 after market close.



About Coinstar, Inc.



Coinstar, Inc. (NASDAQ:CSTR) is a leading provider of automated retail solutions offering convenient products and services that make life easier for consumers, and drive incremental traffic and revenue for its retailers. The company’s core automated retail businesses are self-service coin counting and self-service DVD rental. Other Coinstar products and services include e-payment products – such as gift cards, prepaid debit cards and other prepaid products – and money transfer services. The company’s products and services can be found at more than 90,000 points of presence including supermarkets, drug stores, mass merchants, financial institutions, convenience stores, restaurants, and money transfer agents. For more information, visit www.coinstar.com.

FIS’ HORIZON Increasing Deployment Momentum

http://www.fisglobal.com
Cardinal Bank is latest client to select the highly integrated core banking system



JACKSONVILLE, Fla.--(BUSINESS WIRE)--FIS™(NYSE: FIS), today announced that its HORIZON™ Banking Solution achieved a successful sales year in 2009, securing 16 multi-year new core processing contracts with financial institutions throughout the country. FIS is one of the world’s largest providers of banking and payments technology and was recently recognized as the most admired core banking vendor by Aite Group.



“Cardinal Bank has built a solid reputation in the industry for understanding the banking needs of customers and providing innovative solutions that set us apart from our competitors. FIS shares these philosophies and consistently demonstrates why they’re one of the leading providers of solutions to the banking industry”



Through its fully integrated suite of applications and innovative functionality, HORIZON is meeting the strategic needs of the community bank segment. Marking another achievement, FIS’ HORIZON accomplished a sales milestone in October 2009 by completing five new multi-year core processing agreements with financial institutions for the month.



Cardinal Bank, the approximately $2 billion asset sized banking subsidiary of Cardinal Financial Corporation (Nasdaq: CFNL), was one of the latest clients to sign up for HORIZON. The bank signed an extensive agreement to deploy FIS’ HORIZON core banking system along with the following HORIZON modules:





The bank is implementing a full suite of FIS banking and payments solutions, including bill payment, Internet banking, telephone banking, card production services, and risk and compliance. Cardinal Bank is also leveraging the integration between the FIS Electronic Funds Transfer (EFT) system and HORIZON's card management application to provide state-of-the-art ATM and debit card services to their customer base – resulting in streamlined and efficient processes at its branch platform. Further strengthening the relationship, Cardinal Bank will also have access to the NYCE Payments Network, a leading U.S. electronic payments network and an FIS company, and the InterCept Switch surcharge-free networks as part of its implementation.



“Cardinal Bank has built a solid reputation in the industry for understanding the banking needs of customers and providing innovative solutions that set us apart from our competitors. FIS shares these philosophies and consistently demonstrates why they’re one of the leading providers of solutions to the banking industry,” said Alice Frazier, executive vice president, office of the chairman, Cardinal Bank. “Our investment in the FIS HORIZON system provides us with the advanced technologies necessary to meet our strategic business and growth objectives through streamlining processes, increasing cost efficiencies and improving our competitive position in the marketplace.”



Commenting on HORIZON’s recent success, Anthony Jabbour, executive vice president, FIS’ Financial Solutions Group stated, “FIS is continuing to build momentum with HORIZON sales in the marketplace through our commitment in developing a robust, fully integrated core banking platform with advanced functionality that meets the needs of financial institutions within the community bank market. Through our integrated solutions, FIS is powering banks with a solid combination of products and services to help clients not just meet, but exceed their strategic business goals.”



Continued Jabbour, “More and more financial institutions, like Cardinal Bank, are choosing HORIZON as its premier core solution of choice. We’re more than a technology provider, but a technology partner with a keen focus in understanding the specific needs of our banking clients and their valued customers.”



HORIZON is a highly integrated, core account processing solution equipped to meet the needs of financial institutions. It offers clients enhanced financial reporting capabilities, innovative transaction processing and advanced relationship management technology to help banks gain a more comprehensive view of their customers. HORIZON is built to run on the IBM® iSeries platform and offers flexibility in deployment options, including licensed in-house software or a variety of outsourcing options.



About Cardinal Financial Corporation



Cardinal Financial Corporation, a financial holding company headquartered in Tysons Corner, Virginia, serves the Washington Metropolitan region through its wholly-owned subsidiary, Cardinal Bank, with 25 conveniently located banking offices. Cardinal also operates George Mason Mortgage, LLC; Cardinal First Mortgage, LLC; Cardinal Trust and Investment Services; and Wilson/Bennett Capital Management, Inc. The Company's stock is traded on NASDAQ (CFNL). For additional information, please visit our Web site at www.cardinalbank.com or call 703.584.3400.



About FIS



FIS delivers banking and payments technologies to more than 14,000 financial institutions and businesses in over 100 countries worldwide. FIS provides financial institution core processing, and card issuer and transaction processing services, including the NYCE Network. FIS maintains processing and technology relationships with 40 of the top 50 global banks, including nine of the top 10. FIS is a member of Standard and Poor's (S&P) 500® Index and consistently holds a leading ranking in the annual FinTech 100 rankings. Headquartered in Jacksonville, Fla., FIS employs more than 30,000 on a global basis. FIS is listed on the New York Stock Exchange under the “FIS” ticker symbol. For more information about FIS see www.fisglobal.com.

Hacker Cracks Bank Server, Steals Customer Login Credentials

More free credit monitoring for online banking customers!


Hackers have stolen the login credentials (username/passwords) for almost more than 8,500 customers from a small New York bank.  The login details of 8378 Suffolk County National Bank (SCNB) customers have been stolen after a hacker breached its security and accessed a server which contained user log-in details.  Here's the Press Release from the Bank:




PRESS RELEASE



Contact: Douglas Ian Shaw

Corporate Secretary

(631) 727-5667

www.SuffolkBancorp.com

4 West Second Street

Riverhead, NY 11901

(631) 727-5667 (Voice) - (631) 727-3214 (FAX)

e-mail to: invest@suffolkbancorp.com



SUFFOLK BANCORP THWARTS DATA INTRUSION AT BANKING SUBSIDIARY NO FINANCIAL LOSSES TO CUSTOMERS DISCOVERED



Riverhead, New York, January 11, 2010 — Suffolk Bancorp (NASDAQ - SUBK) announced today that on December 24, 2009, its banking subsidiary, the Suffolk County National Bank (“SCNB”) discovered through an internal security review that an unauthorized intruder accessed certain customers’ Log In information via the computer server hosting SCNB’s Online Banking system. Based on SCNB’s investigation, which is ongoing, the unauthorized access occurred during a finite, six-day-period between November 18 and November 23, 2009. 8,378 Online Banking customers were affected, amounting to less than 10 percent of SCNB’s total customers.



Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server. To date, SCNB has found no evidence of any unauthorized access to Online Banking accounts, nor received any reports of unusual activity or reports of financial loss to its customers.





SCNB has taken a number of additional steps to minimize any possible effect of this incident on its customers. It:



• Immediately launched an aggressive investigation of the incident with assistance from outside experts in forensics.

• Notified the consumer reporting agencies (Experian®, Trans Union® and Equifax®) of the incident.

• Notified the Office of the Comptroller of the Currency, its primary regulator; the New York State Consumer Protection Board; the New York State Office of Cyber Security & Critical Infrastructure Coordination; and law enforcement agencies.

• Notified all customers affected via first class mail posted today.

• For affected retail customers, arranged for credit monitoring services for 2 years, at SCNB’s expense.

• For affected business customers, arranged for Positive Pay service from SCNB, or Deluxe Security Checks for one year, at SCNB’s expense.



Further information regarding these services is available on SCNB’s web site, www.SCNB.com. Customers wishing to reassure themselves of their status with regard to this incident can contact the manager of their local branch office. Telephone numbers for each office can be obtained from the web site, or at SCNB’s main number, 1 (631) 208-2200. Investors and shareholders should be advised that a provision of approximately $351,000, net of taxes, or about $0.04 per share, was booked during the fourth quarter of 2009 to account for expenses which may or may not be incurred in responding to this incident. This provision is based on the SCNB’s current assessment of the incident. Additional expenses may be incurred to address additional issues, if any, uncovered in the course of completing the investigation. President and Chief Executive Officer, J. Gordon Huszagh commented, “The security of customers’ information is of utmost importance to SCNB. While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the Internet requires our dedication to continuous monitoring and security.” He continued, “To colleagues and customers alike, we continually emphasize that Good Relationships are Good Business. Good relationships are built on trust, and trust is based on honest communication and on actions taken in good faith. While at this time we know of no misuse of our customers’ data, we have taken all of the actions noted above to minimize any future inconvenience to our customers.”



He concluded, “We understand that this kind of incident is a source of concern: both to our customers, even if their personal information is not misused; and to our shareholders for the expense incurred in response. We have responded to this incident as promptly, diligently and forthrightly as we know how, and will continue to do so until it is fully resolved. We apologize for the concern, and any inconvenience caused by this incident. We thank our customers and shareholders for maintaining their relationship with SCNB and its parent, Suffolk Bancorp.” SCNB previously informed customers that toward the end of this month SCNB will be introducing many improvements to our Online Banking service. This project has been underway for some time, and among the enhancements are additional security features. Suffolk Bancorp is a one-bank holding company engaged in the commercial banking business through the Suffolk County National Bank, a full service commercial bank headquartered in Riverhead, New York. “SCNB” is Suffolk Bancorp’s wholly owned subsidiary. Organized in 1890, the Suffolk County National Bank has 29 offices in Suffolk County, New York. Safe Harbor Statement Pursuant to the Private Securities Litigation Reform Act of 1995 This press release includes statements which look to the future. These include statements about the expected outcome of Suffolk Bancorp’s ongoing investigation of the data intrusion, expenses that may be incurred in connection with the data intrusion, and pending improvements in SCNB’s Online Banking services. These remarks are based on management’s current plans and expectations. They are subject, however, to a variety of uncertainties that could cause future results to vary materially from Suffolk’s current expectations, including, without limitation, additional results of the ongoing forensic investigations.



# # # # #













Disqus for ePayment News