Bottomline Acquires BofA's PayMode Product

BofA, Bottomline partner to expand payment and invoice network

Portsmouth, N.H. and Charlotte, N.C., Aug. 5, 2009 -- Bank of America (NYSE: BAC) and Bottomline Technologies (NASDAQ: EPAY) today announced a strategic relationship to advance the growth of Bank of America’s market-leading electronic network for payment and invoice automation.

Bottomline Technologies will acquire Bank of America’s PayMode® product, operations and vendor network. The two companies are entering into a multi-year agreement to operate and enhance this innovative Software as a Service (SaaS) offering. In addition to continuing to market PayMode to new clients, Bank of America will retain existing PayMode client relationships and join Bottomline’s Strategic Advisory Council. The bank will also have an equity interest in the company via warrants for one million Bottomline shares.

Under this agreement, Bank of America and Bottomline will deliver next generation solutions for integrated payables automation, enabling businesses to capitalize on the two organizations’ shared vision for automated business-to-business electronic invoice and payment processing and remittance data delivery. With 80,000 vendors, PayMode is one of the largest and fastest-growing business-to-business payments networks operating today. The relationship will leverage Bottomline’s experience with SaaS solutions including its advanced invoice management workflow, global payment platforms and innovative cash management offerings used by leading corporations around the globe.

“PayMode remains an important part of Bank of America’s electronic payments suite of solutions,” said Dub Newman, Global Product Management executive for Bank of America. “This deal ensures clients will receive the same high level of service they expect from the PayMode service into the future. After a thorough evaluation, we concluded that working with Bottomline will accelerate the growth and capability of PayMode and enable us to quickly deliver an even more compelling offering to our clients. We selected Bottomline due to its deep domain expertise, focus on financial supply chain technology and impressive order-to-pay solution set. Combining forces, we will provide even greater value to our clients.”

“We have entered into a very significant relationship for Bottomline,” said Rob Eberle, President and CEO of Bottomline Technologies. “With Bank of America, we have teamed up with a truly market-moving organization and added one of the largest vendor networks available today to our payment and invoice management solution set. We believe that this arrangement will significantly accelerate our strategic plan and business model, while firmly establishing Bottomline as a leading player in financial supply chain automation.”

PayMode facilitates the electronic exchange of payments and invoices between organizations and suppliers. By making vendor payments electronically, organizations can quickly raise operational efficiency and derive greater value from the accounts payable and corporate treasury functions. In addition, there are significant environmental benefits achieved by cutting the use of paper checks, invoices and remittance advices, hence reducing all participants’ carbon footprint.

Today, approximately 550 Bank of America clients leverage PayMode for their payables automation and 80,000 suppliers receive electronic payments and comprehensive remittance data. This results in processing cost savings, improved working capital management and enhanced payment processes and controls. Approximately $300 billion in electronic transactions have been processed through PayMode since its inception. Bottomline will provide PayMode service and support for Bank of America and Bank of America clients under a long-term agreement, while making PayMode available to its own customers and other channels.

Financial terms of the arrangement, which is expected to close in the next 90 days, were not disclosed at this time. Bottomline expects the transaction to be accretive to its results during fiscal year ended June 30, 2010.

To help raise awareness of the environmental benefits achieved by transitioning from paper to electronic processing, Bottomline has posted a green savings calculator on its corporate web site. The calculator can be accessed by clicking this link: www.bottomline.com/gogreen .

About Bank of America

Bank of America is one of the world's largest financial institutions, serving individual consumers, small- and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company provides unmatched convenience in the United States, serving approximately 53 million consumer and small business relationships with more than 6,100 retail banking offices, more than 18,500 ATMs and award-winning online banking with 29 million active users.

Bank of America is among the world's leading wealth management companies and is a global leader in corporate and investment banking and trading across a broad range of asset classes serving corporations, governments, institutions and individuals around the world. Bank of America offers industry-leading support to more than 4 million small business owners through a suite of innovative, easy-to-use online products and services. The company serves clients in more than 150 countries. Bank of America Corporation stock (NYSE: BAC) is a component of the Dow Jones Industrial Average and is listed on the New York Stock Exchange.

About Bottomline Technologies

Bottomline Technologies (NASDAQ: EPAY) provides collaborative payment, invoice and document automation solutions to corporations, financial institutions and banks around the world. The company’s solutions are used to streamline, automate and manage processes involving payments, global cash management, transactional documents and invoice approval. Organizations trust these solutions to meet their needs for cost reduction, competitive differentiation and optimization of working capital. Headquartered in the United States, Bottomline also maintains offices in Europe and Asia-Pacific. For more information, visit www.bottomline.com .

Source: Company press release.

Bank Customers Who Pay Bills Online 15% More Profitable

Financial institutions need to be aware that in the midst of this banking crisis, consumers are unusually sensitive to fees and are prone to switching banks.

*** Two PIN Payments Blog Related Posts ***

50% of Banking Customers Hit by Fraud Change Banks

Online Banking Data Being "Fed to the Phishes

Meanwhile a studyfrom fintech vendor Fiserv found that bank customers who pay billsonline are over  15% more profitable
and 76% more loyal than those whodon't.

Seven years of Javelin consumer survey data underscore the necessity of designing banking products and services to serve the customers’ craving for financial control, as 8 out of 10 online households now bank online. The industry has made laudable strides in bringing customers to their Web sites to bank and pay bills.

For the first time, slightly more consumers paid at bank sites than at biller-direct sites. Yet many banks and credit unions
have been slow to upgrade, creating a wide gap in online capabilities and usage between the nation’s four biggest banks – Bank of America, Citi, JPMorgan Chase and Wells Fargo – and smaller regional, community banks and credit unions.

Primary Questions

• How fast will online banking and bill-pay adoption grow over the next five years?
• How active are users of online-banking and bill-pay services?
• Can banks use online-banking and bill-pay services to boost revenues, increase customer loyalty, reduce costs and create cross-selling opportunities?

• Can mid-size banks and credit unions boost the performance of their online-banking services to better compete with giant national financial institutions?

Editor's Note: I can answer that question.  Yes. (want more detail?  See answer to next question)

• What services can make online banking more appealing to consumers?
Editor's Note:  Want to make online banking more appealing to consumers?  Appeal to their peace of mind.  Provide a PCI 2.x Certified Two Factor 3DES DUKPT Beginning to End Encryption Platform powered by HomeATM.  Guarantee your customers that your bank will eliminate phishing and the increasing threats caused by Malware,  Cloned Bank Websites and more.  It WILL provide your banking institution with an enhanced image, and lure wary online banking customers who are looking to make the switch.  

For more information on how HomeATM can empower your online banking platform, give me a shout!  jfrank@homeatm.net


OR CONTINUE READING "BANKS UNDER SIEGE" BELOW THE ATTACK OF THE CLONES PICTURE

 

Related articles

• Online Banking's Innate Security Flaws (Information-Security-Resources.com, by John  B. Frank)
• 3DES, DUKPT & E2EE Explained (information-security-resources.com by John B. Frank)
  
• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)
• If "Https://" is Really "Httbs//" Then How Do You Secure Online Transactions? (pindebit.blogspot.com)
• Cybercrime (pindebit.blogspot.com)
• Online Theft Doubles...Fastenating! (pindebit.blogspot.com)
• Wells Fargo Introduces Online, Same Day Bill Payment (paymentsnews.com)

Banks Are Under Siege

BANKS and bank customers face anarray of threats to their security as international criminal groupsroll out a new generation of viruses, malware, fake websites andsophisticated phishing emails.

Internet banking experts say without co-ordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters.

Editor's Note:  That's what I've been sayingfor the last 15 months on this blog.  It was (not safe) safer to typeyour card numbers into a box at a merchant checkout center a year agothan it is today and it's (not safe) safer to do it today than it willbe tomorrow. 

It's satisfying to see "Internet Banking Experts" start to to publicly admit there is an inherent weakness in the system. 

HomeATM'sdevice (pictured above) is a secure solution to the phishing, DNSattack and cloned web site threats which permeate the online bankingworld.  Our solution exactly replicates how one would access their cashat an ATM.   1. You swipe your card, and 2. You Enter your PIN.  It'scalled 2FA (two-factor-authentication)and it would virtually eliminate phishing overnight.  The Track 2 datais "instantaneously" encrypted upon the swipe of the card and the PINis also 3DES Encrypted and protected by DUKPT (Derived Unique Key Per Transaction). Our unique end-to-end encryption methodology provides the most secureauthentication and payment application available today. Period. 

Early next week, HomeATM expects to become the only eCommercePayment company in either hemisphere to be both PCI 2.x Certified andTG-3 certified.  Swipe don't Type.  It's how retailers and consumershave been doing it at brick and mortar locations since the early 80'sand it's how it should be done online.  Until now, there wasn't anaffordable way to get consumers there very own SwipePIN device.  ButHomeATM has gotten the price down to the point that banks couldliterally give them away...thus empowering their online bankingcustomers to not only log-in securely but pay bills in real-time, sendor receive money in real-time and conduct safe, secure onlinetransactions.  I've stated that it is as simple as 1-2-3.  Two arealready done.  The bank issues the card, the bank issue the PIN...nowthe bank can issue the HomeATM Internet POS terminal.   The storycontinues... 

Almost one-quarter of the entire Australian population has beenaffected by identity theft crimes, according to a recent survey by VedaAdvantage and that number keeps growing each year.   "Last yearsome 450,000 Australians were the victims of fraud," NSWAttorney-General John Hatzistergos said last weekend as he announcednew laws that effectively duplicate Queensland's cyber crime laws.

"Nearly a billion dollars was taken from people and confiscatedby criminals, using a variety of different techniques, trading inpeople's personal information, such as passwords, pin numbers, namesand addresses.

The state based approach to the problem will not work says ProfessorBill Caelli from Queensland University of technology's InformationSecurity Institute. Prof Caelli says only co-ordinated global action bygovernments can secure the net.

Speaking to the Sunday Mail from amajor IT conference in Paris where the issue of securing the net ishigh on the agenda, Prof Caelli claimed "banks were simply not capable of providing secure internet banking."

There is a big discussion happening globally about web services such as internet banking. The question is, "Can you create large-scale secure transaction systems on the web – and the answer is coming back as no."

Already thisyear, two of Australia's biggest banks have reported significantattacks on their internet banking portals. Both attacks came aftersignificant investments by the banks to upgrade their online bankingplatforms.

"The criminals tend to target one bank and when that institution shutsthem down they move to another bank so it goes in circles," said GaryGill, head of forensics at KPMG.

Australia's biggest bank, the Commonwealth Bank, reported that amalicious attack had probably contributed to its banking website,Netbank, crashing on the busiest days of the year – the two days beforethe end of the financial year.

Steve Batten, the media spokesman for the Commonwealth Bank, said thatNetbank was designed to handle 13,000 customers online concurrently.  Last Monday, 18,500 customers were logging in concurrently and 1.59million hits were registered in the 24-hour period.  Mr Batten saidthat the bank suspected that some of that traffic was malicious.

In February ANZ Bank reported a sophisticated scam that led to a fakeweb page appearing to customers after they logged in to the ANZinternet banking site.

First Internet Bank Offers Contactless Debit Card

Indianapolis, Aug. 5, 2009-- First Internet Bank (First IB) announced today it has begun issuing debit cards that include the Visa payWave (contactless) feature. These contactless debit cards promise First IB cardholders a faster and easier check-out, with the same security protection given to traditional magnetic stripe cards.

Each First IB debit card enabled with Visa payWave is embedded with an advanced computer chip that uses radio frequency to perform the transaction. By simply holding the First IB debit card with Visa payWave close to a contactless card reader, customers can complete a purchase transaction in seconds. The cardholder remains in possession of his or her card at all times and, for most purchases under $25, will not be required to sign. In cases where the merchant does not accept contactless transactions, cardholders can still swipe the card, just as they always have.

Since its launch ten years ago, First IB has offered customers a lineup of convenient account access services - including a robust website with self-service features for anytime account access, and traditional magnetic stripe Visa debit cards as a secure alternative to carrying cash. The contactless debit card offering is the most recent enhancement to the Bank's lineup of added value services. First IB has also introduced mobile banking as well as personal budgeting and account aggregation services in the past twelve months.

"First Internet Bank strives to be a leader in innovation, and the adoption of this card keeps First IB at the forefront of banking technology," said Mr. David B. Becker, President and CEO. "Studies have shown, and our employee pilot program confirms, that cardholders find contactless payments to be fast and easy. We are pleased to offer our customers this new feature for everyday purchases. It's just another way we work to make banking easier for our customers."

For more information on the First IB debit card with Visa payWave, customers are encouraged to visit http://www.firstib.com/personalaccts/debit.html. More information is also available from Visa, including a link to locate a nearby merchant that accepts payWave cards, at http://www.visa.com/visapaywave .

About First IB

With over $540 million in assets, First Internet Bank of Indiana (First IB, www.firstib.com) is the first state-chartered, FDIC-insured institution to operate solely via the Internet and has customers in all 50 states. Deposit services include checking accounts, regular and money market savings accounts with industry-leading interest rates, CDs, and IRAs. First IB also offers consumer loans, conforming mortgages, jumbo mortgages, and home equity loans and lines of credit. First IB is a wholly owned subsidiary of First Internet Bancorp (OTC Bulletin Board: FIBP).

Source: Company press release.

Related articles by Zemanta

• High bank fees for hard-up customers (money.cnn.com)
• US Bank Adds Visa payWave to Unembossed Instant Issue Debit Cards (paymentsnews.com)

HomeATM Has a Billion Dollar "Present" for the Airline Industry

More rules and increasingly sophisticated fraud detection tools essential to Travel Services Industry's success warding off current and emerging trends SCOTTSDALE, Ariz., Aug 5 

SCOTTSDALE, Ariz., Aug 5 /PRNewswire/ -- Fraud detection tools and payment fraud losses are top of mind according to a recent webinar and poll of airline fraud investigators. The survey results, released today by 41st Parameter Inc, a leading provider of fraud detection and prevention systems to the Airline Industry, report insufficient rules and defense mechanisms in place at most airlines. The results forecast the continued emergence of new reservation booking vehicles and a shift in the payment landscape. Additional details include:

Fraud Prevalent Industry-wide - Every airline reported some measure of fraud within their "card not present" channels, with nearly one-quarter experiencing elevated percentages.

(Editor's Note: If it's "card not present" that creates the $1 Billion Dollar problem, then it seems to me that the obvious solution is to change to a "card present" environment! HomeATM can do that with our PCI 2.x certified PIN Entry Device which encrypts the data from beginning to end!)

 

Airlines report more than a billion dollars annually in online fraud loss. To effectively reduce these losses, each needs to be up-to-date with the appropriate technologies and be prepared for fraudsters to exploit new forms of payment and booking channels.

"The Travel Industry is under siege by well organized international fraud rings. Without comprehensive technology tools to aid investigators, airlines face a greater risk of fraud succeeding, especially as fraudsters exploit new channels and payment methods which in many cases are not currently detected," said Ori Eisen, founder and chief innovation officer, 41st Parameter. "41st Parameter utilizes over 400 rules in conjunction with sophisticated device identification capabilities to help our customers, including some of the world's largest airlines, prevent fraud before it happens; significantly reducing bad debt write-offs."

Other survey questions posed include:

- How many payment options do you offer beyond credit cards?
- What percentage of your fraud is from international or cross-border transactions?
- What percentage of your reservations are written off as bad debt or fraud?
- How many Fraud Investigators does your company employ?

The complete list of questions and responses, along with the webinar recording, are available by request at: www.the41st.com/travel


Additional 41st Parameter Airline Industry Press Releases:
41st Parameter Speaking about the "Importance of Device Data for True Intelligence" at Airlines Reporting Corporation (ARC) Forum

Airlines Tackle $1.4 Billion Online Fraud Challenge With 41st Parameter's Device Identification Technology

US Airways Selects 41st Parameter's FraudNet

41st Parameter Enables Airline & Travel Industry Service Provider MITec to Expand Business and Protect Clientele

41st Parameter and Leading Airlines Battle on Card Not Present Fraud

41st Parameter Provides Fraud-Reduction Solution to Continental Airlines for Card-Not-Present ticket sales


About 41st Parameter
41st Parameter provides solutions for detecting and preventing fraud across multiple channels for the world's most valued and recognizable brands. Leading financial institutions, and e-commerce companies, and travel services businesses rely on 41st Parameter's technology to protect them from cybercrime threats including card not present fraud, new account origination fraud, phishing and account compromise, credit bust outs, and fraud ring attacks. Founded in 2004, 41st Parameter makes the process of detecting and preventing fraud easier and more effective, reducing both expenses and potential losses. As a leading web fraud detection innovator the company supplies industry-proven solutions which integrate advanced device identification with comprehensive risk management capabilities. To learn more about 41st Parameter, visit www.the41st.com


Survey results are nonscientific and for informational purposes only.  All trademarks are the property of their respective owners.

Related articles by Zemanta

• Card Not Present Fraud up 132% in UK (pindebit.blogspot.com)

The Internet Can be Utilized to Transmit Encrypted Data

But the Web is NOT a Safe Place with which to Conduct Transactions...

Many people use the terms Internet and World Wide Web (aka. the Web) interchangeably, but in fact the two terms are not synonymous. The Internet and the Web are two separate but related things.


How are they Different ?

The term Internet evolved from Inter-Networking.It is a massive super-network of millions of networks built all acrossthe globe. It actually represents the overall network infrastructurecomprising of Fibre optic cables, routers, switches, gateways,computers among other network constituents. Every node(computer) oninternet is accessible by every other node connected to the Internetand that’s how Internet is primarily used for communication andInformation sharing.

There are some well defined Internet protocols for performingseveral purposes such as data transfer, remote access, informationsharing using Internet. ‘World Wide Web’ employs Hyper Text Transfer Protocol(HTTP)to facilitate Information sharing on Internet. In other words, ‘Web’ issimply an Information sharing model, built on top of the internet.

In simpler words

‘World Wide Web’ (WWW) or simply ‘Web’ is basically a subset of Internet. It represents the largest sub-network on Internet, which employs HTTP protocol and lets us  (and hackers) access information published  (or typed) on a Webpage via a software called a Web browser.

That said, it's just a matter of time before EVERYONE realizes the web is not a safe place to conduct financial transactions.. The same is true for online banking authentication.   When you "type" primary card numbers or passwords, what you type can be accessed by the bad guys...

For those who missed it, I am republishing a post regarding the danger online banks face when it comes to losing customers due to inadequacies of their authentication and the web itself.

It's just a "matter of time" before EVERYONE realizes that the Web was not built for eCommerce and that if they stay on course, there will be a train wreck the magnitude of which has not been seen.

The banks have another choice...get on board the "gravy train" HomeATM can provide and open up a whole new world (wide web) of security for their customers and enchance their image, their bottom line and their branding strategy all at once.

You don't have to be a "seer" (or read "between the lines") anymore, to realize that the web is broken. You can simply read the headlines. Websense, in their new research report, pulls no punches when they state:

"The conjunction of technologies and the monetizing of hacking have resulted in a web environment where no websites, legitimate or not can be trusted."

Half of Banking Customers Hit by Card Fraud Change Banks

One in Five Hit by Card Fraud in Past Five Years: ACI Worldwide Survey HALF (49%) Would Consider Changing Banks Following Card Fraud...22% "Would" Change Banks! Editors Note: Wow, if I was a financial institution offering "online banking"that headline would haunt me 24 hours a day until I figured out a wayto either change it or use it to create an opportunity for my onlinebank to flourish. My first thought would be: "If 50% would consider "changing banks AFTER" they get hit by card fraud/onlinebanking/phishing fraud, how many would consider "changing banks" to"AVOID" getting hit? And to which competitor would they go? I'd conclude that if they "left because of insecurity" they would probably "come on board BECAUSE of security." Soif I wanted to open a portal for dissatisfied online banking customers,I would use a uniquely positioned product to ensure my customerssecurity. I'm thinking Swipe vs. Type here. Then I would think...howmany potential customers could my bank procure by "guaranteeing" onlinesecurity? Research would determine if it was millions or only"Hundreds of Thousands." I think I made my point. If not, thenthere's always this: "Fraud reduction isone area where financial institutions are able to take decisive andpositive action to reduce losses and enable them to protect their image and retain the trustof their customers." Protect Your Customer...in fact "Enable Them" Protect Your Image...in fact "Enhance It" Considering the drastic rise in cybercriminal activity, especially activity aimed at financial institutions, I would think that thekey to any online banking branding strategy would be about protectingthe customer from phishing and malware and protecting, better yet,enhancing the financial institutions image. Those two principalsshould drive any strategy. Sincebanks cannot control whether their customers visit a malware infestedwebsite, they have to find another way to protect both themselves andtheir customers from malware. The "other way" is to require theircustomers to Swipe vs. Type. As I've said in the past, two of thethree steps are already done by the bank. They issue the card, theyissue the PIN, the last remaing issue is a device that reads the cardand the PIN. The best choice is a PCI 2.x certified PIN Entry Devicedesigned for eCommerce use. It'sthe fastest and familiar way to securely authenticate their user and byeliminating "typing" you eliminate the threats from malware andphishing. These days, it's all about security. The web is NOTsecure. Therefore financial transactions need to be conducted"outside" the browser space. However,for the sake of argument, let's assume those principals are not adheredto. Assume that banks are willing to take the risk that theirclients' online banking information will get phished, that it's "just acost of doing business." The game has changed. When 50% of consumerssay they might change banks if they (or somebody they know) experiencedcard fraud it's not just about phishing anymore. It becomes a muchmore serious problem. Iwould think that banks might be less willing to take on the risk thathalf of their customers will jump ship. That very real threat is onethat HomeATM can eliminate as well. We don't operate within thebrowser, we operate without. We simply utilize the Internet as the"conduit" whereby the encrypted cardholder information is channeled. It cannot be unencrypted until it reaches an HSM. Phisherscan't phish if consumers don't type. If online banking consumers aregoing to switch banks anyway, why not have a strategy to "swipe them"off their feet? Ihave to seriously ask...when will a bank "connect the dots" and offertheir customers the only PCI 2.x and TG-3 certified personal e-bankinglog-in device in two hemispheres. It is a no brainer. Guarantee theirsecurity. What is the guarantee? That your customers data is safe and therefore your customer is safe. Ourdevice would render phishing useless by requiring secure 2FA login(swipe card/enter PIN) With our device it doesn't matter what malwareis on the computer, it wouldn't be able to steal username/password databecause that data is NOT typed in anymore. It might very well still beon the PC, but it's no longer used for logging in. Typing has beeneliminated and without typing, the bad guys can't steal your customer'scard numbers. Eliminate typing and you also eliminate the threat of keyloggers, cloned bank websites, counterfeit cards AND losing yourvaluable customer to a competitor. Twofactor 3DES DUKPT End to End Encrypted PCI 2.x and TG-3 CertifiedMilitary Grade security... used for securing online banking log-in,money transfers, conducting more secure online transactions and thusenhancing your bank's image...all for $12 a pop? Yeah...So get aheadof your competition by simply connecting the dots! Your almostthere...2 outta 3 ain't bad, but 3 outta 3 is better.

NEW YORK, July 28, 2009 (GLOBE NEWSWIRE) -- ACI Worldwide, Inc.(Nasdaq:ACIW), a leading international provider of electronic paymentssoftware and solutions, today announced that its global card fraudsurvey revealed that 18 percent of consumers questioned have beenvictims of credit or debit card fraud in the past five years. Theresearch, of more than 2,400 consumers across eight countries, alsofound that if an individual or someone they knew was hit by card fraud,22 percent would change financial institutions, and a further 27percent would consider changing financial institutions. In the light of these findings, and the continued commitment byfinancial institutions around the world to protect their customers fromcard fraud, ACI Worldwide has launched its Guide to "Stopping CardFraud in its Tracks," with contributions from Nationwide BuildingSociety, to provide advice to fraud managers in banks to help combatcard fraud and protect their customers. Editor's Note: In the US andUK 27% or 1 in 4 people have been toasted by card fraud. Replace thetoaster with a PCI 2.x certified PED. And give them away! Cause youcare! The money will come! In fact, last time I checked (in April)the American Bankers Association said: “Banksthat demonstrate a keen understanding of customer needs and put forthcapabilities that align with them can differentiate themselves fromcompetitors, command higher pricing, and become the provider of choice for deposit-rich market segments. Successful banks will develop programs that demonstrate industryunderstanding, critical product capability, and communicate commitment.” The survey highlights some wide variations in fraud trends aroundthe world. In the US and UK, 27 percent of respondents have been hit bycard fraud in the past five years, compared to only seven percent inDubai, eight percent in Germany and 15 percent in Australia, China andSingapore. When it comes to customer attitudes to card fraud, a fifthof the respondents said they are not confident their financialinstitution can protect them, with this number rising to over a thirdin China. What's more, almost half of respondents said that they would changebanks, or at least consider it, if they or someone they knew was hit bycard fraud. Editor's Note: Okay, nowif I'm in the banking industry and I read this, I wouldn't be hauntedanymore. I would be excited. Because I would see a HUGE opportunityto capitalize on these consumer behavioral attitudes. If Half wouldchange banks (even if it was just someone they knew who was hit by cardfraud) that means I have the opportunity to "lure" them to my financialinstitution. Did I just say lure? I did. You can "Phish" for online banking customers by eliminating...phishing. HomeATM'sOnline Banking program would would keep banking customers safe andsecure and attract dissatisfied customers who leave their banks. It'ssimply a branding strategy. You brand your bank as the most secureonline banking system available. And you secure it with a PCI 2.x andTG-3 certified system. And you "give them away" with a smile on yourface. Because it empowers you, protects your customers, enhances yourimage and will make you money! Pete Corrie, head of financial crime at Nationwide Building Society,comments: "The number of card payments globally has increaseddrastically over the past few years and, consequently, the wholeindustry has seen associated fraud levels go up. David Nussenbaum, vice president and product line manager at ACIWorldwide, adds: "The international research we have conducted showsthat although card fraud trends vary around the world, it is still apersistent problem for banks. In order to protect themselves and theircustomers against potential fraudulent attacks, financial institutionsare looking for ways to implement effective anti-fraud strategies,while maintaining efficiency and keeping costs to a minimum. We believethat our Guide will provide some useful and practical advice." The ACI Worldwide research on card fraud was conducted during July2009 in Australia, Brazil, China, Dubai, Germany, Singapore, the UK andthe USA surveying a total of 2,408 respondents. To download the ACIWorldwide Guide to 'Stopping card fraud in its tracks', go to www.aciworldwide.com/stopcardfraud. Security researchers expose weaknesses in authenticating most Internet transactions (deals.venturebeat.com) Vulnerabilities Allow Attacker to Impersonate Any Website (wired.com) More holes found in Web's SSL security protocol (macworld.com) One in Five Consumers Hit by Payment Card Fraud in Past Five Years (paymentsnews.com) Online Banking's Innate Security Flaws (information-security-resources.com) Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com) BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com) Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com) Gartner Tells Banks "Beware of Disintermediation" (pindebit.blogspot.com)

Researchers Insecure BIOS Rootkit' Pre-loaded in 60% of Laptops

via ZDNet

LAS VEGAS — A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers.

The service — called Computrace LoJack for Laptops— contains design vulnerabilities and a lack of strong authentication that can lead to “a complete and persistent compromise of an affected system,” according to Black Hat conference presentation by researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies.

Computrace LoJack for Laptops, which is is pre-installed on about 60 percent of all new laptops, is a software agent that lives in the BIOS and periodically calls home to a central authority for instructions in case a laptop is stolen. The call-home mechanism allows the central authority to instruct the BIOS agent to
wipe all information as a security measure, or to track the whereabouts of
the system.

For it to be an effective theft-recover service, Ortega and Sacco explained that it has to be stealthy, must have complete control of the system and must be highly persistent to survive a hard disk wipe or operating system reinstall.

“This is a rootkit. It might be legitimate rootkit, but it’s a dangerous rootkit,” Sacco declared. The research team stumbled upon the rootkit-like technology in the course of their work on BIOS-based malware attacks. At last year’s CanSecWest security conference, the duo demonstrate methods for infecting the BIOS with persistent code that survive reboots and reflashing attempts.

[ SEE: Researchers demo BIOS attack that survives hard-disk wipe ]

Related articles by Zemanta

• BIOS "Rootkit" Preloaded In 60% of New Laptops (it.slashdot.org)
• Laptop Lojack Vulnerability Exposed, Affecting 60 Percent of New Notebooks [Security] (gizmodo.com)

Typing vs. Swiping is Tantamount to Swimming in Shark Infested Waters

Malware Statistics for July - NetSecurity.org

Cybercriminals arefocusing on finding new vulnerabilities in the most popular softwarewith the aim of exploiting them to achieve their goal – infectingcomputers with one or, more often than not, several malicious programs.Secondly, cybercriminals attempt to hide their activity so that iteither passes unnoticed, or seem to be resulting in minimal damage tothe infected machine.

"All this makes surfing the Internet without a fully-patched operatingsystem or an up-to-date antivirus solution tantamount to swimming inshark-infested waters – and this applies to even the most experiencedusers."

Graphic Depicts Countries where most attempts to infect computers via the web were recorded:

Related articles by Zemanta

• Conficker Strikes...Or Does it? (blogs.abcnews.com)

PayPal's Black Monday

Evan Schuman writes about yesterday' "worldwide" PayPal outage in StorefrontBacktalk. 

PayPal Outage Monday Points Out Centralized Processing Weakness
Written by Evan Schuman
August 4th, 2009

Forsomewhere between one and five hours on Monday (Aug. 3), e-tailexecutives get a harsh reminder from EBay how they are all potentiallyone coding error away from millions in lost revenue.

EBay’s PayPal group went dark worldwide for all users for an hour Monday, starting at about 1:30 PM (New York time). Many users were unable to make purchases for a much longer period, until the final users were restored by about 6:30 PM.

The Wall Street Journal quoted EBay spokesperson Anuj Nayar as saying that the cause of the outage was an “internal network hardware issue” and that EBay was “looking into how to address our affected merchants.”...

Melissa Hathaway Logs Off as Cyber-Security Tsar/Czar

According to CBR Online, President Obama has lost the acting cyber tsar he appointed just six months ago to head his new White House office of cybersecurity.  According to media reports in the US press this morning, Melissa Hathaway has resigned for personal reasons. The top cybersecurity aide apparently plans to return to the private sector.

Breaking the story, The Wall Steet Journal noted that ‘the resignationhighlights the difficulty the White House has had following through onits cybersecurity effort.’ This is despite US intelligence officialsgrowing increasingly concerned about Chinese and Russian cyberspiessurveilling American infrastructure and military networks.

Hathaway was a former consultant at Booz Allen Hamilton. She came in as a cyber coordination executive for the director of national intelligence.  It was widely expected that she would eventually be named as Assistant to the President for Cyberspace, a position recommended when the Center for Strategic and International Studies commission said Obama needed create a National Office for Cyberspace, headed by a direct report.

Hathaway has chaired the National Cyber Study Group (NCSG), a senior-level inter-agency body and is recognized as being instrumental in developing the Comprehensive National Cybersecurity Initiative (CNCI).

Reportedly Hathaway had become dismayed by the slow pace of the appointment process and had not felt empowered enough to drive through some of the changes she had expected to have been made.

Read the Full Article

Related articles by Zemanta

• US cyber-security tsar steps down (news.bbc.co.uk)
• Report: White House acting cyberspace chief resigns (news.cnet.com)
• Obama To Name Cyber Czar To Combat Cyber Terrorism: A Can Of Digital Worms? (themoderatevoice.com)

Heartland's Q2 Shows Effects of Breach

Heartland swings to Q2 net loss as cost of data breach mounts

Last year's data breach (Editor's Note: Technically it was this year, since they announced during Obama's inauguration last January) at Heartland Payment Systems continues to prove costly, with the vendor incurring related pre-tax expenses of $19.4 million in the second quarter, contributing to a net loss for the three months.

The $19.4 million in various expenses, accruals and reserves comes on top of $12.6 million in costs in the first quarter attributable to the massive data breach, which saw malicious software in the firm's processing system potentially compromising the card data of millions of people.

Of the $32 million for the six months, $22.1 million, relates to fines imposed by the card brands in April 2009 against the company and its sponsor banks and a settlement offer made.

Continue Reading at Finextra

Related articles by Zemanta

• Data Sniffing Costs Heartland Bigtime (pindebit.blogspot.com)
• Heartland Annual Report Shows Breach Effects (pindebit.blogspot.com)
• Heartland Threatening Legal Action (pindebit.blogspot.com)
• Heartland Reinstated to Visa's List of PCI DSS Providers (pindebit.blogspot.com)
• Is Heartland Hacker in Custody? (pindebit.blogspot.com)

FT Says KKR Preparing FDC for IPO

KKR eyes market blitz of up to six IPOs

By Martin Arnold in London

Published: August 1 2009 03:00 | Last updated: August 1 2009 03:00

Kohlberg Kravis Roberts, the world's biggest buy-out group, is preparing up to six companies for initial public offerings worth billions of dollars, including Toys R Us, as it sells some of its most valuable groups back to the stock market.

There have been virtually no IPOs in the past two years but, as the worst of the financial crisis recedes and stock markets start to rebound, investors are eagerly waiting to see if private equity firms such as KKR will start listing companies bought in the boom years.

A person familiar with KKR said the companies it was preparing to float included US toy retailer Toys R Us; HCA, one of America's biggest hospital groups; First Data, the credit card processor; TDC, the Danish telecommunications group; and Dollar General, the discount retailer.

"We think there are five to six companies in the [KKR] portfolio that can be taken public in the next 12 months," said a person familiar with KKR's plans...

Continue Reading

Merchant ID Theft Advisory Board Offers Prevention Tactics

Merchant ID Theft Advisory Board Offers Prevention Tactics

E-ditor's Note:  It's great that they are doing this, but I have a rather "stupid type" of idea.  How about instead of incorporating "prevention" tactics, we incorporated "E-limination tactics?"   
Here's one:  E-liminate Typing.  That's the Cause...The E-ffect is we'll E-liminate Phishing and the threats from Malware, ClonedWebsites, maybe even a couple terrorist attacks to boot!  

 Phoenix, Aug. 3, 2009 -- An epidemic of ID Theft--nine million cases reported annually and 262 million ID records reported stolen since 2005 --is the driver of Merchants Information Solutions' creation of the U.S.'s first volunteer business-government Board dedicated to stopping ID thieves by creating and delivering the latest and best prevention practices.

High level experts in ID Theft and Information Technology from the FBI, Avnet, GoDaddy.com, Merchants Information Solutions, a bank fraud specialist, cyber forensics specialist and a media crisis expert are among the founders of the Merchants ID Theft Advisory Board.

ID theft gangs are often months ahead of law enforcement with new tactics. From getting gang members hired at target companies and new hacking techniques to pretending to be legitimate vendors with the purpose of data access, ID thieves are creative and relentless. The Board plans to try and level the playing field by getting effective prevention knowledge and methods out rapidly and frequently.

"With hundreds of business clients who reduce risk by using our ID Theft recovery protection for millions of their employees and customers, we are very aware of the latest ID theft and data breach crimes and trends. It's not pretty and it's getting worse. We decided we could do something significant to help legitimate organizations protect themselves with this remarkable Board of very distinguished national and international experts," said Mark Pribish, Board Chair and VP of the ID Theft Practice at Merchants.

The Merchants ID Theft Advisory Board voted at its inaugural meeting to create and distribute free a sophisticated and up-to-the-minute best practices guide in the prevention of ID theft and data breach events. The group's unique and high level expertise in matters related to data protection and breaches provides a formidable think tank of real world professionals.

Most data breach events occur through social engineering including current and former employees and vendors who are often part of criminal networks. Though organizations may have protections in place, the ever-evolving and sinister tactics by ID thieves require ongoing prevention updates. By comprising the Board of real-world savvy and very sophisticated specialists, the Merchants ID Theft Advisory Board is set to play a key role in offering the latest methods of stopping ID theft and the pain it causes.

Pribish, a national authority and speaker on ID theft prevention and recovery and Board co-chair Gregg Ostro, a media expert experienced in data breach crises researched extensively to find the right mix of Board members. The result is a group of highly qualified specialists from leading organizations with a direct interest in minimizing the legal, financial and brand image impact of data breach events.

"This preeminent group that has been assembled to combat ID Theft through education and recommending best practices is nothing short of world class. My goals for this Board are to guide the discussion, help with information preparation and ensure the best tools of communication are created so we can empower organizations with effective prevention," Ostro, Advisory Board co-chair and CEO of GO Media Cos. said.

The all volunteer Merchants ID Theft Advisory Board includes: Kent Ailes, VP Risk Management, AZ Federal Credit Union; David Beauchamp, Partner, Bryan Cave, LLP; Michael Benoit, Partner, Hudson Cook, LLP; Paul Charles, International Entrepreneur & Principal, Charles & Associates, LLC; John Iannarelli, Supervisory Special Agent, FBI; Christine Jones, Chief Counsel, GoDaddy.com; Gregg Ostro, President & CEO, Go Media Cos.; Steve Phillips, Chief Information Officer, Avnet; Mike O'Shaughnessy, COO, Forensic Consulting Solutions, LLC; Scott Smith, President & Managing Director, NXG Strategies; Russ Johnson, President & CEO, Merchants Information Solutions, Inc.; Mark Pribish, VP & ID Theft Practice Leader, Merchants Information Solutions, Inc.

About Merchants Information Solutions: Founded in 1912, Merchants is a leading provider of low-cost identity theft protection and recovery solutions, helping to support the risk management objectives of financial institutions, associations, employer groups, and the automotive industry, by offering revenue opportunities through fee-based subscription services. Merchants also has a robust line of on-demand background screening solutions empowering pre-employment, tenant screening and behavioral physiological assessment clients to instantly assess candidates in minutes. For more information, visit www.merchantsinfo.com .

Source: Company press release.

Related articles by Zemanta

• Credit Hackers Win the Credit Card Game ... Legally (wired.com)
• U.S.: Identity theft grows as hackers get savvier (cnn.com)

OCC Sends Out Letter Re: CARD Act Requirements

OCC sends out letter regarding CARD Act requirements

Washington, D.C., Aug. 3, 2009 -- On May 22, 2009, the Credit Card Accountability Responsibility and Disclosure Act of 2009 (Credit CARD Act) was signed into law. This law amends the Truth in Lending Act, 15 USC 1601 et seq., to impose certain requirements on credit card issuers that raise cardholders’ annual percentage rates (APRs) based on factors including the credit risk of the cardholder, market conditions, and other factors.

Effective August 22, 2010, Section 148 of the Credit CARD Act1 requires that if a creditor increases the APR based on such factors:

• The creditor must maintain reasonable methodologies for assessing those factors.
• Thecreditor must, at least every six months, review accounts on which theAPR has increased to assess whether such factors have changed,including whether any risk has declined.
• The creditor must do so for all accounts on which the APR has been increased since January 1, 2009.
• Thecreditor must reduce the APR previously increased when a reduction isindicated by the review, although the Credit CARD Act does not “requirea reduction in any specific amount.”
• In the event of an APR increase, the creditor must provide the cardholder with written notice of the reasons for the increase.

As noted above, Section 148 does not become effective until August 22, 2010.

However, because its requirements will apply to APR increases made on or after January 1, 2009, the OCC reminds national banks that, effective August 22, 2010, they must conduct the periodic reviews required by the Credit CARD Act on any accounts on which the APRs were increased as described above on or after January 1, 2009. Accordingly, national banks must maintain and have available such information concerning APR increases for such accounts as needed to enable them to conduct the required reviews.
Please direct questions about this matter to your supervisory office, to the Compliance Policy Division at (202) 874-4428, or to the Community and Consumer Law Division at (202) 874-5750.

Source: Company press release.