Report: Social Networking Phishing Attacks Up More Than 240% U.S. extends its lead as No. 1 country hosting phishing attacks, according to MarkMonitor's new brandjacking report
Jun 29, 2009 | 02:39 PM By Kelly Jackson Higgins | DarkReading
Social networks are increasingly becoming a favorite method of attack for phishers as they look for more efficient ways to reach potential victims, according to a newly released report.
Overall, phishing attacks rose 36 percent in the first quarter of this year compared to the same period in 2008, according to a sampling of banking brands used in MarkMonitor's Brandjacking Index report for January through April 2009. And more than 500 organizations worldwide were phished in the first quarter of this year, up 14 percent from the fourth quarter of last year, according to MarkMonitor.
Phishing attacks on social networking sites increased more than 240 percent compared to the same time last year, just behind attacks on payment services, which jumped a whopping 285 percent versus the first quarter of '08. "They exploit the trust one user has with another [on a social network]. There's a tendency to open up something from one of your 'friends' on these sites," says Frederick Felman, chief marketing officer at MarkMonitor. "This is the biggest innovation in phishing attacks since RockPHISH, and it's more social than technical exploitation. RockPHISH was an infrastructure play, but this is using someone else's infrastructure to spread the badness."
The good news, however, is that social networks are relatively quick to shut down phishing attacks on their sites, Felman says.
Glitch snarls CBA's online bank | Chris Zappone June 29, 2009 - 2:22PM
Commonwealth Bank's web banking service NetBank failed today, in what could be a hacker attack, leaving thousands of customers unable to access their accounts via the internet.
A recorded message on the bank's phone access line acknowledged the problem with NetBank, saying it was ''working to resolve this as a matter of emergency.'' The bank blamed "intermittent network issues" and gave no set time for the entire system to be restored.
"Service is currently beginning to resume and some customers are being serviced," a spokesman for the bank said, although NetBank did not appear to be functioning by mid-afternoon.
The bank apologized to customers for the inconvenience.
Customers who tried to access their accounts online received a message saying, ''NetBank is temporarily unavailable,'' and urging them to try to phone their customer account line. Customers unable to access their accounts should ring 132 221, the bank said. Hacker attack?
Commonwealth Bank has attracted a flurry of phishing attempts, fraudulent emails and online scams in recent months, since launching an upgraded online banking portal.
Phishing is the use of fraudulent emails to scam customers out of personal details like bank account passwords. (Editor's Note: Again, if consumers were not trained to "type" their log-in details, such as a username and password, and instead, swiped their bank issued debit card and entered their bank issued PIN code, the threat of phishing would be eliminated. It is how you access the bank's ATM so why wouldn't and shouldn't it be the way you access your online banking account? Swipe, don't Type).
Although the network issues experienced today are thought to be unrelated, Commonwealth has taken the service down temporarily to run tests on the system to check its integrity, said chief information officer Michael Harte. "We haven't completely ruled out an attempt to do a denial of service attack,'' he said. Continue Reading at BusinessDay
Bank of America and First Data Form Next-Generation Payment Solutions Company
CHARLOTTE, N.C. and DENVER, June 29 /PRNewswire/ -- Bank of America N.A. and First Data Corp. announced today the formation of a new company that will deliver next-generation payments solutions to merchants ranging from small business to commercial and corporate clients worldwide.
Bank of America Merchant Services, LLC will provide clients with the most comprehensive suite of innovative payments solutions including credit, debit and prepaid cards to merchant loyalty, check and eCommerce payments, the companies said.
Thomas Bell, chief strategy officer and president of First Data's financial services business, was named chief executive officer of Banc of America Merchant Services.
"The combination of First Data's world-class technology and industry experience with the power of Bank of America's brand and branch referral channel will enhance Banc of America Merchant Services' position as an efficient and innovative player in the payments market," Bell said.
Merchant clients also will benefit from new service offerings including loyalty and prepaid programs, along with mobile commerce and check solutions that will drive return traffic to their stores and provide their consumers with the security, convenience and rewards they have come to expect.
"For our clients, the most important transaction they have occurs the moment their customer pays them for what they do. This alliance provides stronger payments acceptance capabilities as well as enhanced business-reporting tools and a better experience for their customers," said Catherine P. Bessant, president of Bank of America's Global Product Solutions group. "The formation of this new company underscores our full commitment to the merchant services business."
For merchants seeking to expand their offerings in the fast-growing virtual marketplace, Banc of America Merchant Services will offer the scalability, integrated capabilities and deep understanding of the transactional process to deliver industry leading eCommerce solutions.
"The First Data, Bank of America alliance will create a payments company with more than 70 years of combined merchant experience," said Michael Capellas, chairman and CEO of First Data. "Together, we will help clients keep pace with the dynamic virtual marketplace by delivering secure, scalable and reliable payment processing and the broadest set of innovative payments solutions at highly competitive prices."
Bank of America will contribute approximately 240,000 merchant relationships and First Data will contribute approximately 140,000 merchant relationships to the new company. Following a transition period, First Data will provide the merchant processing and related services. The combined entity will process over one billion transactions per month.
Banc of America Merchant Services will be approximately 46.5 percent owned by Bank of America and 48.5 percent by First Data, with the remaining stake held by Rockmount Investments, LLC, an investment vehicle controlled by a third party investor.
Financial impacts from the transaction will be discussed when Bank of America releases second-quarter earnings on July 17. First Data will discuss financial impacts of the alliance on their next quarterly results call in August.
Bank of America Merrill Lynch acted as financial advisor and Wachtell, Lipton, Rosen & Katz acted as legal advisor to Bank of America. Sutherland Asbill & Brennan and Perkins Coie acted as legal advisors to First Data.
First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for 5.3 million merchant locations and thousands of card issuers in 37 countries. For more information, visit www.firstdata.com.
Bank of America
Bank of America is one of the world's largest financial institutions, serving individual consumers, small- and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company provides unmatched convenience in the United States, serving approximately 55 million consumer and small business relationships with more than 6,100 retail banking offices, more than 18,500 ATMs and award-winning online banking with nearly 30 million active users. Bank of America is among the world's leading wealth management companies and is a global leader in corporate and investment banking and trading across a broad range of asset classes serving corporations, governments, institutions and individuals around the world. Bank of America offers industry-leading support to more than 4 million small business owners through a suite of innovative, easy-to-use online products and services. "Bank of America Merrill Lynch" describes the marketing name for the global banking and global markets businesses of Bank of America Corporation. The financial advisory services referred to above were performed by Merrill Lynch, Pierce, Fenner & Smith Incorporated, an investment banking affiliate of Bank of America Corporation and a registered broker-dealer and member of FINRA and SIPC. The company serves clients in more than 150 countries. Bank of America Corporation stock (NYSE: BAC) is a component of the Dow Jones Industrial Average and is listed on the New York Stock Exchange.
In the latest blow to online gamers in China, Beijing has prohibited the use of virtual money to buy real world goods.
Until now, online game players who win virtual currency have been able to use it to purchase all sorts of things, including real money, giving rise to a burgeoning trade in virtual currency, valued at 10 billion to 13 billion yuan in 2008, according to the China Internet Network Information Centre (CNNIC).
But no more. According to new regulations released jointly by the Ministry of Commerce and the Ministry of Culture last week, virtual currency should be exchanged only for virtual goods and services provided by the issuer of the currency.
Wincor Nixdorf partners with mobile specialist for new mobile banking offers
PADERBORN, Germany — Sevenval GmbH, a technology specialist in mobile Internet portals, and Wincor Nixdorf International have formed a strategic partnership, bundling their collective expertise to enable financial institutions to have access to mobile banking offerings.
According to a news release, the partnership allows Sevenval to expand its international activities by leveraging Wincor Nixdorf's PC/E Retail Banking Solution Suite with Sevenval’s multichannel output technology. In the future this will allow Wincor Nixdorf to map retail banks’ Internet portals and services on mobile terminals and home entertainment systems.
The new browser-based software PC/E Mobile Banking ensures that banks can offer financial services such as account information, funds transfers or sales of securities by mobile phone. The software makes use of the bank’s existing IT infrastructures and optimizes customer access to the mobile banking channel.
Wincor says the benefit for banks is that their mobile channels can be expanded without the need to develop additional, redundant infrastructures, and customers enjoy an optimal mobile banking experience. In addition, services familiar from Internet banking and high standards of security can be ensured on mobile terminal devices just as on stationary ones.
"The customization of the output format to the different mobile terminal devices guarantees that the complete solution is easy for bank customers to use and that the technical work, time involved and costs to banks remain modest," said Thomas Certa, head of solution marketing at Wincor Nixdorf. "Our cooperation with Sevenval means that we will be able to rely on technology components that have proven themselves on the market. This will help us in our ongoing, long-term objective of strengthening our solution portfolio for mobile banking and mobile payment."
Sevenval’s FIT technology is already in use at numerous banks in Europe. It automatically adapts online services for use on Internet-capable mobile telephones. Depending on the device features, Sevenval FIT Multi Channel Server optimizes the navigation, display and content of Internet banking portals on any mobile telephone with the support of a continually-updated profile database. Whether a customer has a classic mobile phone, PDA, BlackBerry or iPhone — for every product on the market, customers receive an optimized and easy-to-use version of the bank’s Internet services.
Newer mobile phones are often supported even before they are officially released for sale. Other Internet-capable devices such as games consoles, navigation systems or multimedia television set-top boxes are also added to the profile database.
"The solution’s flexible architecture also allows product information and other services such as financial information and ATM finders to be added," said Sascha Langfus, of Sevenval. "Owing to its multichannel product portfolio and international presence, Wincor Nixdorf is an ideal partner for us in our continued expansion of our leading market position in mobile banking."
Michael Jackson's death themed malware campaigns spreading
The sudden death of Michael Jackson quickly opened a window of opportunity for cybercriminals to capitalize on.
With a malicious spam campaign, blackhat SEO search results poisoning which is serving scareware within the first 100 search results for Michael Jackson’s death, and an opportunistic participant in Zango adware’s network using typosquatting, malicious activity is prone to increase during the next couple of days.
Here are more details on the campaigns currently in circulation:
The malicious spam campaign is enticing users to visit a compromised web site (Beatz radio beatzradio.com.au) where the bogus Michael.Jackson.videos.scr screensaver is served.
There is a risk of banking websites falling prey to a new form of malicious keyboard logger, but there is a way to reduce your risk.
(Yeah, Swipe, Don't Type. Pretty much eliminates keylogging doesn't it? In fact it's key to logging-in securely)
Away from the physical world of ATM skimming practices, it's the online domain where criminals are continuing to refine the way they steal your personal banking data.
According to a current banking threat detailed by one of Kaspersky's leading chief security experts, banking websites are at significant risk of being attacked by ingenious malware scripts that can remember passwords entered by customers, using a clever screenshot tactic which reports details of the victim's passwords back to the attacker.
Special types of malware are being developed just for breaking the passwords found on different internet banking sites.
"Most of the banking fraud happening at the moment online is with Trojan horses. There's quite a lot of it that will hijack your online banking connection with different types of banks", says Costin Raiu, who forms part of the Global research and analytics team at Kaspersky Lab.
As technology soars, so too does cyber crime By: Wassayos Ngamkham Published: 29/06/2009 at 12:00 AM
Aspate of electronic money transfer scams has raised doubts about the security of state-of-the-art technology banking systems known as E-banking.
Despite the technological advances, bank-to-bank wire transfers are still considered risky because they are vulnerable to increasingly sophisticated hackers, Crime Suppression Division investigator Akkaradet Pimolsri said.
The arrest of two Russian hackers and a Thai man in a bank fraud gang is a case in point.
On June 15, Anton Soldatenkov, 26, Vnuchenko Oleksandr, 32, and Prakiat Bunmo!, 34, were arrested after withdrawing 6.5 million baht in cash from a Krung Thai Bank branch at Siam Eastern Industrial Park, in Rayong's Pluak Daeng district.
Five days earlier, two banks - Krung Thai Bank and Siam Commercial Bank - were allegedly tricked into transferring almost 10 million baht combined into the three men's account through the online banking system. Continue Reading
British Museum Company guarantees payments with high speed secure payment service from YESpay
June , 2009, London – The British Museum Company has selected YESpay’s EMBOSS Payment Processing Service to provide a high speed payment service that is fully accredited by its card acquirer and compliant with the Payment Card Industry Data Security Standard (PCI DSS) across seven locations and 34 tills.
The company, the commercial force behind the British Museum, needed an approved acquirer of EFT transactions and payments to run its settlement service.
Muna Khan, IT Manager, The British Museum Company, said, “We were concerned with the security of handling of our own payments and we had no way of tracking payments with our existing technology. We would occasionally receive phone calls from customers to advise that their monthly bill hadn’t been taken, which raised concerns of the level of service we were providing.”
The pre-accredited YESpay EMBOSS bureau service means all transactions are logged centrally in real time during online authorisation. Also, by running batched overnight settlements it means no further store intervention is required. The company’s end-to-end EMBOSS service and data centres are already fully PCI DSS compliant to Level 1.
Khan added, “We can log onto a secure site and instantly access a record of payments made. If there are any discrepancies between sales and payments not matching we can download statistics and check records.”
Rohit Patni, EVP Sales and Marketing, YESpay, said, “By outsourcing its card payments processing to YESpay, The British Museum has a high speed payment service to meet the demands of its business. The overhead of maintaining payments itself has been removed and it has freed up staff to concentrate on other issues. The company has considerably cut the costs of bank accreditation and complying with PCI requirements and only pays a low monthly fee.”
The technology supports all major credit and debit card brands mail order and is ready to support other technology, such as kiosks.
Out of business, Clear may sell customer data - It would go to a similar provider authorized by the TSA
By Robert McMillan
IDG News Service - Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.
Until this week, the Clear service had given customers a way to skip long security lines in certain airports. For a $199 annual fee, air travelers could be pre-screened for flight and then use Clear's security checkpoints instead of the TSA's. Clear was run by New York's Verified Identity Pass, which also shut down on Monday.
Customers had to provide personal information, including credit card numbers, fingerprints and iris scans in order to participate in the program. After Clear abruptly shut its doors -- it has not yet declared bankruptcy -- some worried that this data could fall into the wrong hands.
"They had your social security information, credit information, where you lived, employment history, fingerprint information," said Clear customer David Maynor, who is chief technical officer with Errata Security in Atlanta. "They should be the only ones who have access to that information."
Banks have a "serious issue" with phishing attacks aimed at their online banking customers. It's time they take a long and serious look at a simple solution...2FA (two-factor authentication)
The nature of this beast known as "phishing" is to lure these onlinebanking folks, with a sophisticated and genuine looking trap whichincludes genuine looking emails which provide links to genuine lookingsites. (a new "type" of bait and switch)
Once there, users are simply instructed to do what they've been programmed to do since day one with online banking. They are told to "type" in their username and password to log-in. Problem is, once they "type" in their "username | password" they provide full access to their accounts to the phisheries. Continue Reading at Seeking Alpha
Javelin Strategy and Research just press released an announcement regarding a "new study" that purports to evaluate providers of alternative payments solutions for online retail transactions. In fairness, it should be noted that Javelin Strategy and Research and Acculynk have a business relationship (i.e. cash has exchanged hands) which, in this bloggers "opinion" more than likely skews their objectivity at least a lil' bit. In fairness, there's always the possibility that it doesn't. In which case it could be simply a coincidence that Acculynk was found to "come closest to widespread success" HomeATM is taking a wait and see approach. We believe that as online fraud becomes even more prevalent than it already is, consumers will get the message and migrate away from typing their card numbers into a box on a website...which would preclude them from being able to use their mouse to enter their PIN. Here's Javelin's press release:
Alternative Online Consumer Payments: Banks and Merchants Weigh a Host of New Options
Javelin Study Evaluates How Well Emerging Vendors Solve Online Transaction Needs
SAN FRANCISCO--(BUSINESS WIRE)--Javelin Strategy & Research (www.javelinstrategy.com) today released a report that evaluates providers of alternative payment solutions for online retail transactions. The report, Predicting Alternative Payments Vendor Success: Balancing Needs Among Banks, Merchants, and Consumers (http://www.javelinstrategy.com/lp/AlternativePaymentsBrochure.html), reviews the rates and the value of services provided by nine vendors.
"Several emerging methods are strong at balancing the needs of banks, merchants and consumers, which historically predicts success in new payment methods. None of the solutions are perfect, yet we found many vital differences among those we analyzed," said Mary Monahan, Managing Partner and Research Director.
Included in the report are vendors with some level of emerging status (eliminating vendors such as PayPal and BillMeLater), as well as some level of financial-institution orientation (eliminating Revolution Money). Vendors evaluated include Acculynk, eBillme, HomeATM, Mazooma, Moneta, NACHA SVP, Noca, SeerGate, and Verient.
Key Findings from the Report Include:
The three vendor solutions that come closest to widespread success are those offered by Acculynk, eBillme and Moneta – with Verient’s platform finishing close behind.
Many former alternatives for online retail transactions are quickly going mainstream.
Emerging payment methods from traditional payment providers have the advantage of trusted brands and established networks for issuance, acceptance and processing.
To retain and grow valuable customer relationships, financial institutions must offer dynamic, alternative payment solutions that meet consumer, merchant and bank needs.
"Financial institutions are faced with increasing competition from non-financial institution payment brands, such as PayPal, that seek to usurp transaction volume, particularly online," said Bruce Cundiff, Director of Payments Research and Consulting. "As consumers shift from credit cards to various forms of ‘pay-now’ methods, financial institutions must offer new payment methods to remain the primary and all-around trusted financial provider."
About Javelin Strategy & Research
Javelin is the leading independent provider of quantitative and qualitative research focused exclusively on financial services topics. Based on the most rigorous statistical methodologies, Javelin conducts in-depth primary research studies to pinpoint dynamic risks and opportunities. Javelin helps its clients achieve their initiatives through three service offerings, including syndicated research subscriptions, custom research projects and strategic consulting. Javelin’s client list includes some of the largest banks, credit unions, card issuers, and technology enterprises in the financial services industry. For more information about this or other Javelin reports, please visit www.javelinstrategy.com/research or contact Elizabeth Travers at (925) 225-9100 ext 31 or at etravers@javelinstrategy.com.
"In fairness, it should be noted that Javelin Strategy and Researchand Acculynk have a business relationship (i.e. cash has exchangedhands) which, in this bloggers "opinion" more than likely skews theirobjectivity at least a lil' bit."
-Not sure how this skewsobjectivity. It seems to me Javelin has always reported on implicationsof actual data. It seems to me you have to understand the data andresearch methodology to make your own assumptions. If we throw out allresearch companies who service the industry for a fee, I guess we'releft with...hmm. I not actually sure who we're left with. Maybe agovernment agency or a fed bank report. My only point is to look at thedata and how conclusions are derived. Statistically significantfindings are indeed findings, whether you like the results or not.
It's not that I don't like the results. It's that I am using aneducated guess to decipher what the results were based on. The truthis, most research companies, or analysts agree that if you "type" yournumber into a box on a website, it will get hacked. It is not it "might gethacked"...it WILL. So, with that said, I don't know how well the vendorin question "solves" online transaction needs, when their solution"requires" first, for the consumer "type" their card number into a box(as per usual) before they inherently admit that doing so is not safe...and then lock the keyboard to ensure that consumers do NOT use it, to enter their PIN. I don't think my imagination isrunning away with me when I project that intercepting mouse clicks, viascreen scrapers, or mouse-logging is going to be that difficult of atask for sophisticated hackers to figure out. My point isn't that Idon't LIKE the results. My point is that they don't make sense. Settingup consumers to have their PIN codes hacked is not, in my mind,"solving transaction needs."
You have to admit, that much is true.
Onthe flip side, if the report was entitled, Javelin Study Evaluates HowWell Emerging Vendors "CONVENIENTLY" Solve Online Transaction Needs,then I might agree with their findings. It is less convenient to get aPCI 2.0 Certified Device into the hands of the consumer than it is to simplyvisit a website that downloaded the vendors API. . But part of theproblem, (the part that hackers love) is that pushing "convenience"over "security" won't work in the long run.
Thanks for taking the time to anonymously comment! - JBF
I will not anonymously comment, as I wrote the Javelin report (andhave had minimal interaction with Acculynk as a Javelin client). Iwould like to address the accusations of bias and influence directly.
Thereport I wrote was based on independently gathered information andconsumer data on various solutions, with the primary criterion forefficacy of a solution being the balance of value that said solutionprovides for the constituents in an online retail transaction: financial institutions, merchants, and consumers.
Secondly,you cannot separate convenience and security. Consumer usability wasABSOLUTELY part of my analysis, and I make no apologies for it.
Itis very easy to have zero fraud. Have zero transactions. Elegantsolutions take both the reality and the perception (consumer andotherwise) issues associated with security into account, effectivelybalancing the two. Leading (and ending) with a message that is basedsolely on "better security," and one that marginalizes and ignoresconsumer usability is a path fraught with peril.
Thanks forcommenting on the press release for our new report and linking to oursite. Please let me know if you have any additional questions aboutthis or our other research.
Bruce Cundiff stated above that It is very easy to have zero fraud with zero transactions. I couldn't agree more. That said, We've done 80K + transactions with zero fraud. Over $7M in dollars. All verifiable with eFunds.
I love America and I especially love the Internet because it disintermediates us all so elegantly and swiftly.
I'velong followed your thoughts on ecommerce and highly respect yourconsidered thinking, writing, and speeches on same. However, as to yourlatest report Predicting Alternative Payments Vendor Success I mustmake some comments and please bear in mind that John Frank and MitchellCobrin speak for themselves just as I do here.
As you correctlystated, with zero transactions you will have zero fraud. However Itrust you are willing to look at hard data which we will happilyprovide and validate through eFunds that from January 2008 through May2009, HomeATM ran over 80K PIN transactions totaling over 7M inprocessing with ZERO fraud or breach and no biased users.
Oursole purpose in running said transactions was to prove that our systemwas impervious to malware, phishing, man-in-the-middle attacks, and anyother method of hacking. It may (or may not) interest you that in the1990's I was personally preaching, writing patents, and raising moneyand awareness that music and video would inevitably be compressed,captured and redistributed freely on the web.
While I wastechnically correct, I could never convince the entertainment industrythat THEY had a problem and my business and personal fortune dissolved.
Imorphed my thinking to financial transactions and I say this with alldue respect to your obvious understanding that while the music industryin it's very best year did 15B in sales, that much money is moved everyhour on the Internet.
Is HomeATM the easiest ecommerce solution?Absolutely not. Do we have challenges getting our PIN entry devicesdistributed ubiquitously, absolutely. But I will give you a freeprediction analogous to the one I gave executives at Warner, Sony, RCA,etc. There will be a Napster of personal information where I can go toget your SSN, mother's maiden name, and or any other plastic card andidentity information you posses... unless said data is encrypted WITHhardware AT the point of data entry. I promise.
Bank of America and First Data Form Next-Generation Payment Solutions Company
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uHgm5A2guu940u5n3qMYcoH_jTidlMDWxU9HsldKGIGj0f4kjYo29UBY3Mz9p_MgWgRfF0oXmBkmeU6-EKzGo2pppFRd9WkmruQ--BJxo1XAn5F4u5E7GmUuouSbSJfykj72V2O1Z7wyBueUImSmY=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tmQ-Q_UBjYQ5EpMJDkeYDn9RNKYUeHmETXFZ5ENlmUXIhd6hEBtebuLpoT5E86zilZGjGohmyqvyLkeV081TUpVrLgQwxBmqCbs_BUCowJ1-wohxNTBauEf6DkmQoDQJDkRc3xC7JJTKY0s9G20V0p=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tt7ENF1h3s5go2SMX6iEf1YFs9GzvtzmX0y_OgEj_NA8Jg7kB9HY7UyxkUnDfcUwj66IaER0Cz3bj3OrA27_pGprE5Wgx28iKnSAgaiDluyYYYdGHOAhryiRapfoHUwhqRbIhwcKJc2-gRcyi3ugA2=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uLdxYULRzayis6Rs8M7D5dCmKDVk6ACHIlcpIjO5w_R4SEOZXMZrWDtYfFQCH8LDK_BPbilOawAhxHrZ_mps7sM7G0tW5PEpfswQI1fkpFRJSujgqTwZ861C-SgcuKgMzqiN5hCLftYS55R93m0Ze5=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sdVzF-ei9u3ybpiOTiBpogqOdtgE_Sbh5SEBuEpz5ShwzIoTIQv0TQ1cGHpD9SH3rF4KYHtDKMwNqHcqLWIkBCp9dXwNjwGNHMTd6lx1lRfWtiRJEvk3HlzU-A65vkJtKhHD1zj0k9sHQV-FrXmmoZ=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vgmPhQ2x3dEclPmBDzpep8nhzPkqbHEHfb_jukz5P8HG4SH1xSNrhmOReXEIoo-3SUtR5jONV8IGD4-lEjOuvIWD1HnSfQ0xtnZG5SikFlwcAom8k_Ddqgwsu83di7pztO_KU3b5hgZ2RCbFl-8PrJ=s0-d)
ext 31 or at 
Global Payments to Announce Fourth Quarter and Year-End Earnings on July 23, 2009
-Not sure how this skewsobjectivity. It seems to me Javelin has always reported on implicationsof actual data. It seems to me you have to understand the data andresearch methodology to make your own assumptions. If we throw out allresearch companies who service the industry for a fee, I guess we'releft with...hmm. I not actually sure who we're left with. Maybe agovernment agency or a fed bank report. My only point is to look at thedata and how conclusions are derived. Statistically significantfindings are indeed findings, whether you like the results or not.
It's not that I don't like the results. It's that I am using aneducated guess to decipher what the results were based on. The truthis, most research companies, or analysts agree that if you "type" yournumber into a box on a website, it will get hacked. It is not it "might gethacked"...it WILL. So, with that said, I don't know how well the vendorin question "solves" online transaction needs, when their solution"requires" first, for the consumer "type" their card number into a box(as per usual) before they inherently admit that doing so is not safe...and then lock the keyboard to ensure that consumers do NOT use it, to enter their PIN. I don't think my imagination isrunning away with me when I project that intercepting mouse clicks, viascreen scrapers, or mouse-logging is going to be that difficult of atask for sophisticated hackers to figure out. My point isn't that Idon't LIKE the results. My point is that they don't make sense. Settingup consumers to have their PIN codes hacked is not, in my mind,"solving transaction needs."
You have to admit, that much is true.
Onthe flip side, if the report was entitled, Javelin Study Evaluates HowWell Emerging Vendors "CONVENIENTLY" Solve Online Transaction Needs,then I might agree with their findings. It is less convenient to get aPCI 2.0 Certified Device into the hands of the consumer than it is to simplyvisit a website that downloaded the vendors API. . But part of theproblem, (the part that hackers love) is that pushing "convenience"over "security" won't work in the long run.
Thanks for taking the time to anonymously comment! - JBF
Bruce Cundiffsaid...
I will not anonymously comment, as I wrote the Javelin report (andhave had minimal interaction with Acculynk as a Javelin client). Iwould like to address the accusations of bias and influence directly.
Thereport I wrote was based on independently gathered information andconsumer data on various solutions, with the primary criterion forefficacy of a solution being the balance of value that said solutionprovides for
the constituents in an online retail transaction: financial institutions, merchants, and consumers.
Secondly,you cannot separate convenience and security. Consumer usability wasABSOLUTELY part of my analysis, and I make no apologies for it.
Itis very easy to have zero fraud. Have zero transactions. Elegantsolutions take both the reality and the perception (consumer andotherwise) issues associated with security into account, effectivelybalancing the two. Leading (and ending) with a message that is basedsolely on "better security," and one that marginalizes and ignoresconsumer usability is a path fraught with peril.
Thanks forcommenting on the press release for our new report and linking to oursite. Please let me know if you have any additional questions aboutthis or our other research.
John B. Franksaid...
Kenneth G. Magessaid...
Bruce,
I love America and I especially love the Internet because it disintermediates us all so elegantly and swiftly.
I'velong followed your thoughts on ecommerce and highly respect yourconsidered thinking, writing, and speeches on same. However, as to yourlatest report Predicting Alternative Payments Vendor Success I mustmake some comments and please bear in mind that John Frank and MitchellCobrin speak for themselves just as I do here.
As you correctlystated, with zero transactions you will have zero fraud. However Itrust you are willing to look at hard data which we will happilyprovide and validate through eFunds that from January 2008 through May2009, HomeATM ran over 80K PIN transactions totaling over 7M inprocessing with ZERO fraud or breach and no biased users.
Oursole purpose in running said transactions was to prove that our systemwas impervious to malware, phishing, man-in-the-middle attacks, and anyother method of hacking. It may (or may not) interest you that in the1990's I was personally preaching, writing patents, and raising moneyand awareness that music and video would inevitably be compressed,captured and redistributed freely on the web.
While I wastechnically correct, I could never convince the entertainment industrythat THEY had a problem and my business and personal fortune dissolved.
Imorphed my thinking to financial transactions and I say this with alldue respect to your obvious understanding that while the music industryin it's very best year did 15B in sales, that much money is moved everyhour on the Internet.
Is HomeATM the easiest ecommerce solution?Absolutely not. Do we have challenges getting our PIN entry devicesdistributed ubiquitously, absolutely. But I will give you a freeprediction analogous to the one I gave executives at Warner, Sony, RCA,etc. There will be a Napster of personal information where I can go toget your SSN, mother's maiden name, and or any other plastic card andidentity information you posses... unless said data is encrypted WITHhardware AT the point of data entry. I promise.
kgm
Chairman/CEO
HomeATM ePayment Solutions