Outage Costs PayPal Users Up To $32 Million -- Report (EBAY)

According to the Silicon Alley Insider, Monday's outage cost PayPal users between $7 and $32 Million...

eBay's (EBAY) payments business PayPal went down Monday for about 4.5 hours.

Uptime monitoring service Royal Pingdom estimates the outage cost PayPal's vendors between $7 million and $32 million.

Pingdom: According to eBay (which owns PayPal), about $2,000 in payments flow through PayPal’s systems every second. This means that PayPal processes about $7.2 million in payments every hour for its users.

On its official blog PayPal has stated that the service was completely down, globally, for about one hour. So the outage cost PayPal users at least around $7 million. But PayPal also admits that it took an additional 3.5 hours after that before the service was fully restored, something we also need to take into account.

This means that the outage and following service problems cost Paypal users somewhere between $7 million and $32 million in lost payments.

Continue Reading

Related articles by Zemanta

• PayPal blackout hits e-commerce (deals.venturebeat.com)
• PayPal and the Cost of Downtime (datacenterknowledge.com)
• The Online Payment Wars Continue: PayPal Officially Announces Flexible API (techcrunch.com)
• A Look at PayPal's 2Q2009 Financial Results (paymentsnews.com)
• Paypal crashes (warintel.blogspot.com)
• PayPal suffers from e-commerce outage (news.cnet.com)

MasterCard Becomes The First Card Brand To Publish PCI Fines

Evan Schuman's "Storefront Backtalk" is reporting that MasterCard has published it's PCI fines in a move to remove itself from the PCI shadow of Visa...

MasterCard has become the first card brand to publish its PCI fines and related requirements, a move that could be the latest signal that MasterCard wants to step out of the PCI shadow of its larger rival, Visa. The dollars themselves do not reflect a radical change, although they do include some healthy increases.

“The noncompliance assessment structure now contains escalating assessments per violation within a calendar year,” said the document sent to members earlier this summer. “Maximum assessments for initial noncompliance for Level 2 and Level 3 merchants have increased to $25,000 and $10,000, respectively. Furthermore, the $500,000 annual aggregate maximum for acquirer noncompliance assessments related to program noncompliance has been discontinued.”

As for those escalations, MasterCard has grouped Levels 1 and 2 together. The first violation for those groups is $25K, jumps to $50K for the second violation, $100K for the third violation and $200K for the fourth. Level 3 retailers face first through fourth violation fines of $10K, $20K, $40K and $80K. Service providers that are ranked either Level 1 or Level 2 will see first through fourth violation fines of $25K, $50K, $100K and $200K.

Continue Reading at Storefront Backtalk

Editors Note:  Want to find out how you can remove your company from the scope of PCI compliance?  Send me an email:  jfrank@homeatm.net

Survey Says...Swipe!

Survey finds e-threats adapting to online behavioral trends

Editor's Note:  If the cardholder "swiped" instead of "typed" then the malware would be rendered non-consequential.  When the cardholder "swipes" their card, the cardholder data is immediately "encrypted" inside our PCI 2.x certified card reader with built-in PIN Pad.  The 3DES DUKPT encrypted file is then sent via the Internet (not the Web) to a secure HSM.  No data is ever in the clear so the cardholder is SAFE from the threat of Malware...and keylogging and phishing. 

Mountain View, Calif., Aug. 7, 2009 -- Malware writing has become a full-fledged business -- shaped after corporate models, according to BitDefender®, an award-winning provider of innovative anti-malware security solutions. Today, BitDefender released the results of its malware and spam survey from January through June 2009, showing HTML newsletter-impersonating spam and web 2.0 phishing attempts witnessing a sharp rise.

Malware Threats in Review

During the fist six months of 2009, malware writers have continued their efforts to infect computer users in order to receive direct financial gain and/or to seize control over their machines. According to the report, Trojan-type malware is on the rise, accounting for 83 percent of the global malware detected in the wild.

While Trojans were the most active e-threats in the last six months, the notorious Downadup Internet worm caused the most damage to users. Downadup managed to infect a record number of worldwide computers (about 11 million) and made headlines of most, if not all, computer magazines and mainstream media. Targeting systems with unpatched MS08-067 vulnerabilities, the worm can send itself to any clean computer it has already infected on the same network and looks to gain access to file shares. Although Microsoft issued an out-of-cycle patch for the vulnerability, the infection is still in the wild, with hundreds of systems compromised on a daily basis.

"The Internet is one of the most important communications vehicles -- used for business, schooling and leisure. It has also become a channel for criminals to gain access to a vast number of computer systems, financial data and information," said Vlad Vâlceanu, Head of BitDefender Antispam Research Lab. "Cybercriminals are not going to stop looking for ways to enhance their e-threats, which is why it is essential for computer users to make sure they have a security solution in place that can provide them with advanced, proactive protection."

BitDefender found that during the last six months, the most active countries in terms of spreading malware were China, France and the United States, followed by Romania, Spain and Australia.

BitDefender estimates that more than 55,000 users fall victim to phishing scams each month, totaling an impressive 330,000 victims from January through June 2009. In order to successfully deceive their victims, phishers must impersonate (aka spoof) the genuine page as accurately as possible. However, while replicating the original webpage is simply a matter of copy-and-pasting, the spam message usually contains misspelled words and/or negligent formatting.

This is not the case with most of the phishing raids targeting Bank of America. Not only is the text impeccably laid out, but the phishing page has also been crafted with an unusual attention to detail, suggesting that the people responsible for the phishing attacks are a highly organized gang of cyber-criminals.

"Most importantly, unlike malware, phishing and spam are universal e-threats -- they work on any computer, regardless of their operating systems and security patches," Vâlceanu commented. "Extra caution and a highly-rated antimalware solution with antispam, antiphishing and antimalware modules are a must-have for anyone surfing the web."

For more information on this survey, please visit http://www.bitdefender.com/site/view/BitDefender-E-Threats-Landscape-Rep .

To stay up-to-date on the latest e-threats, sign-up for BitDefender's RSS feeds here.

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Source: Company press release. 

Related articles by Zemanta

• Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com)
• 'Both Sides of the Mouth' Security Analysis (information-security-resources.com)
• ISR News: 1.9M Infected by Stealth BotNet (information-security-resources.com)
• Social Networking is a Security Risk - 2/3rd's of Businesses Say!! (pindebit.blogspot.com)

Does Bing have More Bang than Google?

The Bing Bang

Bing it On!

By Don Davis - Internet Retailer

Search engines account for much of the traffic to retailers’ web sites, and Google dominates search. That means any challenge to Google’s near-monopoly position in search is big news—and potentially good news—for e-retailers.

Google today faces a big challenge indeed, from software giant Microsoft Corp., which threw down the gauntlet June 3 with the launch of its new search engine, Bing. Microsoft is backing up Bing with a major national advertising campaign, has cut deals to make Bing the default search engine on millions of PCs and mobile phones, and says it’s willing to spend billions more to gain search market share.

And there’s one more reason to believe Google finally has a worthy competitor: Microsoft just might have built a better search engine.

Instead of just providing a list of links to web pages, Bing’s search results page categorizes results, makes it easy to refine queries, lets users track queries, provides a glimpse into the web page listed, and summarizes the content of consumer and expert reviews from across the web.

“It’s very cool to see someone making a bold move forward in search,” says Eric Archuleta, CEO of online musical instruments retailer Musician’s Hut. “I’m a fan of Bing. It’s helpful to me to find more information, instead of just an index. It’s going to be a great tool for shoppers.”

He’s not alone in praising Microsoft’s work. Bing “will so improve the search experience that users will demand other engines follow suit,” wrote analyst Shar VanBoskirk of Forrester Research Inc. in a recent report entitled “Bing: The Next Big Search Thing.”

Retailers are also high on Bing for another reason: It could give them an alternative to Google for paid search, and prompt Google, Microsoft and Yahoo to court marketers’ dollars with innovations and better pricing.

Continue Reading

Related articles by Zemanta

• Yahoo, Microsoft and search innovation (marsdd.com)
• What 'Microhoo' means for Google (money.cnn.com)
• Bing to Power Yahoo Search? (mashable.com)
• Bing will be Yahoo's search (ubergizmo.com)
• Bing Becomes the Main Alternative to Google Search (thaibrother.com)
• Bing is the New Google, In One Way ... (mashable.com)

Amazon Builds Android App

Amazon builds an Android app to let more customers shop via mobile phone

Amazon.com Inc. has introduced its latest mobile shopping application, Amazon App for Android, which is available as a free download to a user’s Android operating system-based device in the online Android Market.

The Amazon mobile app includes the experimental Amazon Remembers feature, first introduced in the e-retailer’s iPhone and iPod Touch app, that gives Android users two different ways to use their device camera to find and remember items available for sale on Amazon.com: they can either snap a photo of an item or a barcode and then receive a product match. For many photos and barcodes, matches are instant; other items take a few minutes, Amazon says.

Android is an open-source operating system that can be customized for Internet-enabled handheld devices. Amazon’s App for Android can be downloaded from Amazon.com/android_app, or by searching for “Amazon.com” in the Android Market section of an Android mobile device.

“Customers have been requesting an Amazon shopping application on their Android devices,” says Sam Hall, director of Amazon Mobile. “In addition to their favorite Amazon shopping features, Amazon App for Android users can use Amazon Remembers to easily keep track of the items they see in their daily lives and even instantly match photos and barcodes to products available at Amazon.com.”

Continue Reading at Internet Retailer

Debit Cards Overtake Credit Cards

The Wall Street Journal is reporting that Debit is replacing Credit when it comes to consumer payment choices.

"As the credit-card industry reinvents itself amid a dismal economyand a new regulatory regimen, consumers are rebelling. They’re goingdebit.

Some 58.2% of card transactions are now paid for with debit cards,compared to 41.8% with credit cards, according to data from the NilsonReport. Debit cards now represent 38.3% of card dollars spent, comparedto only 26% in 2002. 

Recent research from Javelin indicates that credit cards are nearly twice as likely to fall prey to card fraud." 

Continue Reading at WSJ Blogs

Related articles

• Shoppers 'need more protection' (news.bbc.co.uk)
• Social Security Debit Card Gains Traction (usnews.com)
• Debit Card Usage Continues to Grow (pindebit.blogspot.com)
• Debit Surpasses Credit for the1st Time in Visa History (Volume & Transactions) (pindebit.blogspot.com)
• Yet Another Example of Consumers Preferring Debit Cards (paymentsnews.com)

Internet Gambling Payment Processor Indicted

Internet Gambling Payment Processor Charged With Bank Fraud, Money Laundering and Illegal Gambling Offenses

NEW YORK, Aug. 6 /PRNewswire-USNewswire/ -- Lev L. Dassin, the Acting U.S. Attorney for the Southern District of New York, and Joseph M. Demarest, Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (FBI), announced today the filing of an indictment charging Douglas Rennick with bank fraud and other offenses stemming from his role in processing more than $350 million for Internet gambling companies. According to the indictment filed yesterday in Manhattan federal court:

Since at least 2007 through June 2009, Rennick opened a number of bank accounts in the United States under various corporate names, such as KJB Financial Corporation, Account Services Corporation and Check Payment Financial Co. In opening the accounts, he and his co-conspirators falsely represented that the accounts would be used for such purposes as issuing rebate checks, refund checks, sponsorship checks, affiliate checks and minor payroll processing. In fact, Rennick and his co-conspirators used the accounts to receive funds from offshore Internet gambling companies that offered, variously, poker, blackjack, slots and other casino games. Rennick and his co-conspirators then disbursed those funds via checks to U.S. residents seeking to cash out their gambling winnings. Rennick and his co-conspirators provided false and misleading information to U.S. banks about the purpose of the accounts because the banks would not have processed the transactions had they known they were gambling-related. In total, Rennick and his co-conspirators processed more than $350 million transferred from a Cyprus bank account to various U.S. bank accounts for this purpose.

Rennick is charged with one count each of conspiracy to commit bank fraud, conspiracy to engage in money laundering and conspiracy to operate an illegal gambling business. If found guilty, Rennick faces a maximum term of 30 years in prison and a $1 million fine on the bank fraud charge, 20 years in prison and a $500,000 fine on the money laundering charge, and five years in prison and a $250,000 fine on the gambling charge. The indictment also seeks the forfeiture of at least approximately $565,908,288, which represents the amount of proceeds obtained as a result of the illegal gambling and bank fraud conspiracies. The case has been assigned to U.S. District Judge Sidney H. Stein.

Rennick, 34, currently resides in Canada.

Mr. Dassin praised the investigative work of the FBI and thanked the Department of Homeland Security's U.S. Immigration and Customs Enforcement and the Internal Revenue Service for their assistance in the investigation. Mr. Dassin added that the investigation is continuing.

Assistant U.S. Attorneys Arlo Devlin-Brown and Jonathan New are in charge of the prosecution, and Assistant U.S. Attorney Jeffrey Alberts is in charge of the forfeiture in this case.

The charges contained in the indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

SOURCE U.S. Department of Justice

Related articles

• Canadian charged with laundering online gambling winnings (nationalpost.com)
• Money laundering and counterfeiting by terrorist and drug traffickers (ukscams.co.uk)
• Counterfeiters, Pirates and Organized Crime (information-security-resources.com)
• Stolen US Credit Cards Fund Terrorist Attacks (pindebit.blogspot.com)

NCR's Ethical Hacking Curruculum

NCR stays ahead of criminals through ethical hacking curriculum

Partnership with University of Abertay Dundee leads to proactive global security solutions for ATMs

DULUTH, Ga. – NCR Corporation(NYSE: NCR), the global leader in ATMs, is staying ahead of criminalhacking threats to ATMs by having academia help uncover potentialthreats first.

Working with the University of Abertay Dundeein Dundee, Scotland, NCR has developed the world’s leadingcorporate-academic alliance devoted to uncovering and addressingcriminal hacking threats posed to ATMs.  Rather than reacting to knownthreats as they arise, the security intelligence gained and adoptedbetween NCR and the University of Abertay through the ‘Ethical Hacking’ program is designed to stop would-be hackers and viruses before crimes occur.

Approved and partially-funded through the United Kingdom ’s Knowledge Transfer Partnership (KTP), the awarded contracts represent a joint venture between the University of Abertay Dundeeand NCR Labs, the advanced development arm of NCR. The aim of theprogram is to ensure that consumer trust in self-service is notcompromised by criminal actions involving ATMs.

The current contract, the second to be approvedthrough the KTP, focuses on personal authentication measures requiredto gain access to ATMs. The critical knowledge of illicit access toATMs is an ongoing and growing threat to many ATM users.

“NCR is committed to holding its place as theindustry leader in defending the integrity of the ATM channel for thosewho place their financial trust in us,” said Mark Grossi, head of NCRLabs. “This relationship is one of the ways NCR stays at the forefrontof technology in our proactive fight against ATM crime.”

“The support from the Knowledge TransferPartnership and NCR has enabled the university to develop world-leadingresearch and education that have a significant impact on globalsecurity,” said Colin McLean, program tutor, school of computing andcreative technologies, University of Abertay Dundee. “We’ve enjoyed building a relationship with NCR and take pride in thecontributions these students have made in preventing unlawful criminalthreats.”

The success from NCR’s partnership with the University of Abertayhas led to notable achievements for both parties. The university hassince implemented an ethical hacking program and offers two degrees –Bachelor of Science and Masters of Science in Ethical Hacking.Additionally, NCR has incorporated the program’s findings on crimeprevention into its research and development to provide secure ATMsolutions to financial institutions.

All program proposals receive approval through theKnowledge Transfer Partnership, which was designed to capitalize on thewide-ranging knowledge, technology and skills found within the U.K. Each program is funded in part by the Technology Strategy Board and 17 other funding organizations.

NCR is a leading provider of hardware and software security solutions for ATMs.  Among NCR’s ATM security portfolio:

• 
  
  NCR has sold more than 50,000 licenses of Solidcore for APTRA™, the only proven security solution to preserve system integrity and prevent malware on ATMs. 
• 
  
  NCR’s latest family of ATMs, NCR SelfServ,is the first to introduce a protected USB architecture that isself-contained within the ATM, helping mitigate the risk of fraudulentconnection of unauthorized USB devices.
• 
  
  Fraudulent Device Inhibitor (FDI) is an externalilluminated hardware feature or kit that makes it difficult forcriminals to attach foreign devices on or around an NCR ATM card reader.
• 
  
  Intelligent Fraud Detection (IFD) is a uniqueapproach to countering ATM fraud. Designed to be flexible, NCR IFD candetect a variety of fraudulent devices that criminals may attempt toadd to the ATM fascia. The deployer receives an instant alert as soonas a fraudulent device has been added to the ATM, even before any fraudhas taken place.

About NCR Corporation
NCR Corporation (NYSE: NCR) is a global technology company leadinghow the world connects, interacts and transacts with business. NCR’sassisted- and self-service solutions and comprehensive support servicesaddress the needs of retail, financial, travel, healthcare,hospitality, entertainment, gaming and public sector organizations inmore than 100 countries.  NCR (www.ncr.com) is headquartered in Duluth, Georgia.

# # #

NCR is a trademark of NCR Corporation in the United States and other countries.

News Media Contact

Jeff Dudash

NCR Corporation

919.435.6976

jeff.dudash@ncr.com

Related articles by this Blog

• 450K Per Day...Can You Say...SQL (Sequel) (pindebit.blogspot.com)
• Card Skimmers Create 149% Increase in ATM Fraud (pindebit.blogspot.com)
• Financial Systems Unacceptably Vulnerable! (pindebit.blogspot.com)

TSYS Class A Approves Several VeriFone Solutions

TSYS Class A approves several VeriFone solutions

San Jose, Calif., Aug. 6, 2009 -- TSYS Acquiring Solutions has Class A approved several wireless connectivity models of VeriFone's Vx Solutions product family. These new GPRS Class A approvals follow the July 16th announcement of VeriFone Vx WiFi and Ethernet products.

The wireless models newly approved by TSYS for Class A support and training are the:

• Vx 510 GPRS
• Vx 610 GPRS
• Vx 670 GPRS - Pictured on Right
  

These Class A approvals provide TSYS acquiring clients with a full range of traditional countertop, WiFi and wireless products and bring VeriFone's total class A processor approvals in North America for the Vx Family to over fifteen.

VeriFone's Vx Solutions deliver a complete portfolio of solutions across all vertical markets. Based on the Verix platform, Vx Solutions provide a common user interface across multiple form factors as well as consistent software, PA DSS accepted applications, and support, resulting in lower cost of ownership.

About TSYS Acquiring Solutions

TSYS Acquiring Solutions is the pre-eminent supplier of acquiring solutions, related systems and integrated support services to the acquiring industry and its customers. TSYS Acquiring Solutions delivers comprehensive solutions and support that securely and reliably process billions of credit and debit transactions every year. From authorization and capture services to the clearing and settling of merchant transactions, critical customer support functions and information management services, TSYS Acquiring Solutions helps acquirers effectively manage and grow their merchant portfolios. TSYS Acquiring Solutions is a wholly owned TSYSR (NYSE: TSS) subsidiary.

About VeriFone Holdings, Inc. (www.verifone.com ) VeriFone Holdings, Inc. ("VeriFone") (NYSE: PAY) is the global leader in secure electronic payment solutions. VeriFone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. VeriFone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.



Source: Company press release.

Related articles by Zemanta

• VeriFone wireless payment scales new heights on Ben Nevis charity climb (smartcardalliance.org)

Twitter Hit by DoS Attack

The Wall Street Journal's Jerry Dicolo reports that Twitter Says it was Hit By 'Denial of Service' Attack

Twitter Inc. said it's fighting off a coordinated Web attack that has made its popular microblogging site inaccessible for several hours Thursday morning.

"We are defending against a denial-of-service attack, and will update status again shortly," the company said in a blog post shortly before 11 a.m. EDT, Thursday.

In an update to the blog post, Twitter said its site is back online, but that the company is "continuing to defend against and recover from this attack." Not surprisingly, posts related to the cyber attack have soared to the top of Twitter's most popular topics queue now that the site is back online.

Social-networking giant Facebook Inc. also had network issues this morning, with some users reporting that certain features have been slow or not working.

Facebook said no user data was at risk and that the problems are now mostly resolved. The site is still monitoring the situation.

Denial-of-service attacks are a common weapon employed by cyber criminals to disrupt the working of Web sites. Perpetrators enlist millions of computers to attempt to access a particular site. The site cannot handle the massive increase in traffic, and is rendered inaccessible.

Continue Reading at WSJ

Related articles by Zemanta

• Bits: Twitter Overwhelmed by Web Attack (bits.blogs.nytimes.com)
• Twitter site reopens after attack (news.bbc.co.uk)
• Twitter Hit By 'Malicious' Cyber-Attack (news.sky.com)
• Twitter Down Due to Denial of Service Attack (DDoS) (mashable.com)
• Twitter hit by denial of service attack (cnn.com)
• Twitter, Facebook, and LiveJournal Down at the Same Time! (Update) (readwriteweb.com)
• Hacker attack shuts down Twitter (thestar.com)
• Hacker attack shuts down Twitter (msnbc.msn.com)
• Twitter Attack Brings a Day Without Social Media (gawker.com)
• Is Twitter down? What to do... (malcolmcoles.co.uk)

There's Encryption, and Then There's the iPhone 3GS

The day I saw the Apple commercial depicting an individual entering their credit card number into an iPhone I cringed. 

Of course I do the same thing every time I think about someone "typing" their numbers into a box on a website.

Last Friday ago in a post entitled: "In Two Weeks Your iPhone Will Be Hacked"  I talked about the threats exposed at the Black Hat Conference in Las Vegas.  Now I read that the iPhone 3GS is tantamount to writing your credit card number on a post it note and hanging it on your computer screen.  (which is essentially the same thing as typing it into a box on a website...

All I can do is continue to repeat our mantra: "Don't Type...Swipe!  (and remind you that you can't say I didn't didn't tell you so!)

(Excerpts Taken From ZDNET and Wired)

"Apple claims that hundreds of thousands of iPhones are being used by corporations and government agencies. What it won’t tell you is that the supposedly enterprise-friendly encryption included with the iPhone 3GS is so weak it can be cracked in two minutes with a few pieces of readily available freeware.  “It is kind of like storing all your secret messages right next tothe secret decoder ring,” said Jonathan Zdziarski, an iPhone developerand a hacker who teaches forensics courseson recovering data from iPhones. “I don’t think any of us [developers]have ever seen encryption implemented so poorly before, which is whyit’s hard to describe why it’s such a big threat to security.”

"The encryption functionality of the iPhone 3GS is so easy to crack that it is essentially "broken" when it comes to protecting sensitive personal data such as credit card numbers, according to a forensics expert and iPhone developer."

"I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security," Jonathan Zdziarski told Wired.

With physical access to an iPhone 3GS and some free software, data can be extracted within two minutes and an image of the entire raw disk in about 45 minutes, he said. The iPhone decrypts the data on its own once the extraction has begun, Zdziarski explained in a video demonstration.

Zdziarski added that there are other weaknesses with the iPhone: Pressing the Home button, and even zooming in on a screen, automatically creates a screenshottemporarily stored in the iPhone’s memory, which can be accessed later.

And then there’s the keyboard cache: key strokes logged in a file onthe phone, which can contain information such as credit card numbers orconfidential messages typed in Safari. Cached keyboard text can berecovered from a device dating back a year or more, Zdziarski said.

Apple has been touting the encryption and other features to entice corporate users to the device. Nearly 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones per company, the company said on its financial results conference call on Tuesday."

Click here to read the article at Wired in it's entirety.

Bottomline Acquires BofA's PayMode Product

BofA, Bottomline partner to expand payment and invoice network

Portsmouth, N.H. and Charlotte, N.C., Aug. 5, 2009 -- Bank of America (NYSE: BAC) and Bottomline Technologies (NASDAQ: EPAY) today announced a strategic relationship to advance the growth of Bank of America’s market-leading electronic network for payment and invoice automation.

Bottomline Technologies will acquire Bank of America’s PayMode® product, operations and vendor network. The two companies are entering into a multi-year agreement to operate and enhance this innovative Software as a Service (SaaS) offering. In addition to continuing to market PayMode to new clients, Bank of America will retain existing PayMode client relationships and join Bottomline’s Strategic Advisory Council. The bank will also have an equity interest in the company via warrants for one million Bottomline shares.

Under this agreement, Bank of America and Bottomline will deliver next generation solutions for integrated payables automation, enabling businesses to capitalize on the two organizations’ shared vision for automated business-to-business electronic invoice and payment processing and remittance data delivery. With 80,000 vendors, PayMode is one of the largest and fastest-growing business-to-business payments networks operating today. The relationship will leverage Bottomline’s experience with SaaS solutions including its advanced invoice management workflow, global payment platforms and innovative cash management offerings used by leading corporations around the globe.

“PayMode remains an important part of Bank of America’s electronic payments suite of solutions,” said Dub Newman, Global Product Management executive for Bank of America. “This deal ensures clients will receive the same high level of service they expect from the PayMode service into the future. After a thorough evaluation, we concluded that working with Bottomline will accelerate the growth and capability of PayMode and enable us to quickly deliver an even more compelling offering to our clients. We selected Bottomline due to its deep domain expertise, focus on financial supply chain technology and impressive order-to-pay solution set. Combining forces, we will provide even greater value to our clients.”

“We have entered into a very significant relationship for Bottomline,” said Rob Eberle, President and CEO of Bottomline Technologies. “With Bank of America, we have teamed up with a truly market-moving organization and added one of the largest vendor networks available today to our payment and invoice management solution set. We believe that this arrangement will significantly accelerate our strategic plan and business model, while firmly establishing Bottomline as a leading player in financial supply chain automation.”

PayMode facilitates the electronic exchange of payments and invoices between organizations and suppliers. By making vendor payments electronically, organizations can quickly raise operational efficiency and derive greater value from the accounts payable and corporate treasury functions. In addition, there are significant environmental benefits achieved by cutting the use of paper checks, invoices and remittance advices, hence reducing all participants’ carbon footprint.

Today, approximately 550 Bank of America clients leverage PayMode for their payables automation and 80,000 suppliers receive electronic payments and comprehensive remittance data. This results in processing cost savings, improved working capital management and enhanced payment processes and controls. Approximately $300 billion in electronic transactions have been processed through PayMode since its inception. Bottomline will provide PayMode service and support for Bank of America and Bank of America clients under a long-term agreement, while making PayMode available to its own customers and other channels.

Financial terms of the arrangement, which is expected to close in the next 90 days, were not disclosed at this time. Bottomline expects the transaction to be accretive to its results during fiscal year ended June 30, 2010.

To help raise awareness of the environmental benefits achieved by transitioning from paper to electronic processing, Bottomline has posted a green savings calculator on its corporate web site. The calculator can be accessed by clicking this link: www.bottomline.com/gogreen .

About Bank of America

Bank of America is one of the world's largest financial institutions, serving individual consumers, small- and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company provides unmatched convenience in the United States, serving approximately 53 million consumer and small business relationships with more than 6,100 retail banking offices, more than 18,500 ATMs and award-winning online banking with 29 million active users.

Bank of America is among the world's leading wealth management companies and is a global leader in corporate and investment banking and trading across a broad range of asset classes serving corporations, governments, institutions and individuals around the world. Bank of America offers industry-leading support to more than 4 million small business owners through a suite of innovative, easy-to-use online products and services. The company serves clients in more than 150 countries. Bank of America Corporation stock (NYSE: BAC) is a component of the Dow Jones Industrial Average and is listed on the New York Stock Exchange.

About Bottomline Technologies

Bottomline Technologies (NASDAQ: EPAY) provides collaborative payment, invoice and document automation solutions to corporations, financial institutions and banks around the world. The company’s solutions are used to streamline, automate and manage processes involving payments, global cash management, transactional documents and invoice approval. Organizations trust these solutions to meet their needs for cost reduction, competitive differentiation and optimization of working capital. Headquartered in the United States, Bottomline also maintains offices in Europe and Asia-Pacific. For more information, visit www.bottomline.com .

Source: Company press release.

Bank Customers Who Pay Bills Online 15% More Profitable

Financial institutions need to be aware that in the midst of this banking crisis, consumers are unusually sensitive to fees and are prone to switching banks.

*** Two PIN Payments Blog Related Posts ***

50% of Banking Customers Hit by Fraud Change Banks

Online Banking Data Being "Fed to the Phishes

Meanwhile a studyfrom fintech vendor Fiserv found that bank customers who pay billsonline are over  15% more profitable
and 76% more loyal than those whodon't.

Seven years of Javelin consumer survey data underscore the necessity of designing banking products and services to serve the customers’ craving for financial control, as 8 out of 10 online households now bank online. The industry has made laudable strides in bringing customers to their Web sites to bank and pay bills.

For the first time, slightly more consumers paid at bank sites than at biller-direct sites. Yet many banks and credit unions
have been slow to upgrade, creating a wide gap in online capabilities and usage between the nation’s four biggest banks – Bank of America, Citi, JPMorgan Chase and Wells Fargo – and smaller regional, community banks and credit unions.

Primary Questions

• How fast will online banking and bill-pay adoption grow over the next five years?
• How active are users of online-banking and bill-pay services?
• Can banks use online-banking and bill-pay services to boost revenues, increase customer loyalty, reduce costs and create cross-selling opportunities?

• Can mid-size banks and credit unions boost the performance of their online-banking services to better compete with giant national financial institutions?

Editor's Note: I can answer that question.  Yes. (want more detail?  See answer to next question)

• What services can make online banking more appealing to consumers?
Editor's Note:  Want to make online banking more appealing to consumers?  Appeal to their peace of mind.  Provide a PCI 2.x Certified Two Factor 3DES DUKPT Beginning to End Encryption Platform powered by HomeATM.  Guarantee your customers that your bank will eliminate phishing and the increasing threats caused by Malware,  Cloned Bank Websites and more.  It WILL provide your banking institution with an enhanced image, and lure wary online banking customers who are looking to make the switch.  

For more information on how HomeATM can empower your online banking platform, give me a shout!  jfrank@homeatm.net


OR CONTINUE READING "BANKS UNDER SIEGE" BELOW THE ATTACK OF THE CLONES PICTURE

 

Related articles

• Online Banking's Innate Security Flaws (Information-Security-Resources.com, by John  B. Frank)
• 3DES, DUKPT & E2EE Explained (information-security-resources.com by John B. Frank)
  
• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)
• If "Https://" is Really "Httbs//" Then How Do You Secure Online Transactions? (pindebit.blogspot.com)
• Cybercrime (pindebit.blogspot.com)
• Online Theft Doubles...Fastenating! (pindebit.blogspot.com)
• Wells Fargo Introduces Online, Same Day Bill Payment (paymentsnews.com)

Banks Are Under Siege

BANKS and bank customers face anarray of threats to their security as international criminal groupsroll out a new generation of viruses, malware, fake websites andsophisticated phishing emails.

Internet banking experts say without co-ordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters.

Editor's Note:  That's what I've been sayingfor the last 15 months on this blog.  It was (not safe) safer to typeyour card numbers into a box at a merchant checkout center a year agothan it is today and it's (not safe) safer to do it today than it willbe tomorrow. 

It's satisfying to see "Internet Banking Experts" start to to publicly admit there is an inherent weakness in the system. 

HomeATM'sdevice (pictured above) is a secure solution to the phishing, DNSattack and cloned web site threats which permeate the online bankingworld.  Our solution exactly replicates how one would access their cashat an ATM.   1. You swipe your card, and 2. You Enter your PIN.  It'scalled 2FA (two-factor-authentication)and it would virtually eliminate phishing overnight.  The Track 2 datais "instantaneously" encrypted upon the swipe of the card and the PINis also 3DES Encrypted and protected by DUKPT (Derived Unique Key Per Transaction). Our unique end-to-end encryption methodology provides the most secureauthentication and payment application available today. Period. 

Early next week, HomeATM expects to become the only eCommercePayment company in either hemisphere to be both PCI 2.x Certified andTG-3 certified.  Swipe don't Type.  It's how retailers and consumershave been doing it at brick and mortar locations since the early 80'sand it's how it should be done online.  Until now, there wasn't anaffordable way to get consumers there very own SwipePIN device.  ButHomeATM has gotten the price down to the point that banks couldliterally give them away...thus empowering their online bankingcustomers to not only log-in securely but pay bills in real-time, sendor receive money in real-time and conduct safe, secure onlinetransactions.  I've stated that it is as simple as 1-2-3.  Two arealready done.  The bank issues the card, the bank issue the PIN...nowthe bank can issue the HomeATM Internet POS terminal.   The storycontinues... 

Almost one-quarter of the entire Australian population has beenaffected by identity theft crimes, according to a recent survey by VedaAdvantage and that number keeps growing each year.   "Last yearsome 450,000 Australians were the victims of fraud," NSWAttorney-General John Hatzistergos said last weekend as he announcednew laws that effectively duplicate Queensland's cyber crime laws.

"Nearly a billion dollars was taken from people and confiscatedby criminals, using a variety of different techniques, trading inpeople's personal information, such as passwords, pin numbers, namesand addresses.

The state based approach to the problem will not work says ProfessorBill Caelli from Queensland University of technology's InformationSecurity Institute. Prof Caelli says only co-ordinated global action bygovernments can secure the net.

Speaking to the Sunday Mail from amajor IT conference in Paris where the issue of securing the net ishigh on the agenda, Prof Caelli claimed "banks were simply not capable of providing secure internet banking."

There is a big discussion happening globally about web services such as internet banking. The question is, "Can you create large-scale secure transaction systems on the web – and the answer is coming back as no."

Already thisyear, two of Australia's biggest banks have reported significantattacks on their internet banking portals. Both attacks came aftersignificant investments by the banks to upgrade their online bankingplatforms.

"The criminals tend to target one bank and when that institution shutsthem down they move to another bank so it goes in circles," said GaryGill, head of forensics at KPMG.

Australia's biggest bank, the Commonwealth Bank, reported that amalicious attack had probably contributed to its banking website,Netbank, crashing on the busiest days of the year – the two days beforethe end of the financial year.

Steve Batten, the media spokesman for the Commonwealth Bank, said thatNetbank was designed to handle 13,000 customers online concurrently.  Last Monday, 18,500 customers were logging in concurrently and 1.59million hits were registered in the 24-hour period.  Mr Batten saidthat the bank suspected that some of that traffic was malicious.

In February ANZ Bank reported a sophisticated scam that led to a fakeweb page appearing to customers after they logged in to the ANZinternet banking site.

First Internet Bank Offers Contactless Debit Card

Indianapolis, Aug. 5, 2009-- First Internet Bank (First IB) announced today it has begun issuing debit cards that include the Visa payWave (contactless) feature. These contactless debit cards promise First IB cardholders a faster and easier check-out, with the same security protection given to traditional magnetic stripe cards.

Each First IB debit card enabled with Visa payWave is embedded with an advanced computer chip that uses radio frequency to perform the transaction. By simply holding the First IB debit card with Visa payWave close to a contactless card reader, customers can complete a purchase transaction in seconds. The cardholder remains in possession of his or her card at all times and, for most purchases under $25, will not be required to sign. In cases where the merchant does not accept contactless transactions, cardholders can still swipe the card, just as they always have.

Since its launch ten years ago, First IB has offered customers a lineup of convenient account access services - including a robust website with self-service features for anytime account access, and traditional magnetic stripe Visa debit cards as a secure alternative to carrying cash. The contactless debit card offering is the most recent enhancement to the Bank's lineup of added value services. First IB has also introduced mobile banking as well as personal budgeting and account aggregation services in the past twelve months.

"First Internet Bank strives to be a leader in innovation, and the adoption of this card keeps First IB at the forefront of banking technology," said Mr. David B. Becker, President and CEO. "Studies have shown, and our employee pilot program confirms, that cardholders find contactless payments to be fast and easy. We are pleased to offer our customers this new feature for everyday purchases. It's just another way we work to make banking easier for our customers."

For more information on the First IB debit card with Visa payWave, customers are encouraged to visit http://www.firstib.com/personalaccts/debit.html. More information is also available from Visa, including a link to locate a nearby merchant that accepts payWave cards, at http://www.visa.com/visapaywave .

About First IB

With over $540 million in assets, First Internet Bank of Indiana (First IB, www.firstib.com) is the first state-chartered, FDIC-insured institution to operate solely via the Internet and has customers in all 50 states. Deposit services include checking accounts, regular and money market savings accounts with industry-leading interest rates, CDs, and IRAs. First IB also offers consumer loans, conforming mortgages, jumbo mortgages, and home equity loans and lines of credit. First IB is a wholly owned subsidiary of First Internet Bancorp (OTC Bulletin Board: FIBP).

Source: Company press release.

Related articles by Zemanta

• High bank fees for hard-up customers (money.cnn.com)
• US Bank Adds Visa payWave to Unembossed Instant Issue Debit Cards (paymentsnews.com)

HomeATM Has a Billion Dollar "Present" for the Airline Industry

More rules and increasingly sophisticated fraud detection tools essential to Travel Services Industry's success warding off current and emerging trends SCOTTSDALE, Ariz., Aug 5 

SCOTTSDALE, Ariz., Aug 5 /PRNewswire/ -- Fraud detection tools and payment fraud losses are top of mind according to a recent webinar and poll of airline fraud investigators. The survey results, released today by 41st Parameter Inc, a leading provider of fraud detection and prevention systems to the Airline Industry, report insufficient rules and defense mechanisms in place at most airlines. The results forecast the continued emergence of new reservation booking vehicles and a shift in the payment landscape. Additional details include:

Fraud Prevalent Industry-wide - Every airline reported some measure of fraud within their "card not present" channels, with nearly one-quarter experiencing elevated percentages.

(Editor's Note: If it's "card not present" that creates the $1 Billion Dollar problem, then it seems to me that the obvious solution is to change to a "card present" environment! HomeATM can do that with our PCI 2.x certified PIN Entry Device which encrypts the data from beginning to end!)

 

Airlines report more than a billion dollars annually in online fraud loss. To effectively reduce these losses, each needs to be up-to-date with the appropriate technologies and be prepared for fraudsters to exploit new forms of payment and booking channels.

"The Travel Industry is under siege by well organized international fraud rings. Without comprehensive technology tools to aid investigators, airlines face a greater risk of fraud succeeding, especially as fraudsters exploit new channels and payment methods which in many cases are not currently detected," said Ori Eisen, founder and chief innovation officer, 41st Parameter. "41st Parameter utilizes over 400 rules in conjunction with sophisticated device identification capabilities to help our customers, including some of the world's largest airlines, prevent fraud before it happens; significantly reducing bad debt write-offs."

Other survey questions posed include:

- How many payment options do you offer beyond credit cards?
- What percentage of your fraud is from international or cross-border transactions?
- What percentage of your reservations are written off as bad debt or fraud?
- How many Fraud Investigators does your company employ?

The complete list of questions and responses, along with the webinar recording, are available by request at: www.the41st.com/travel


Additional 41st Parameter Airline Industry Press Releases:
41st Parameter Speaking about the "Importance of Device Data for True Intelligence" at Airlines Reporting Corporation (ARC) Forum

Airlines Tackle $1.4 Billion Online Fraud Challenge With 41st Parameter's Device Identification Technology

US Airways Selects 41st Parameter's FraudNet

41st Parameter Enables Airline & Travel Industry Service Provider MITec to Expand Business and Protect Clientele

41st Parameter and Leading Airlines Battle on Card Not Present Fraud

41st Parameter Provides Fraud-Reduction Solution to Continental Airlines for Card-Not-Present ticket sales


About 41st Parameter
41st Parameter provides solutions for detecting and preventing fraud across multiple channels for the world's most valued and recognizable brands. Leading financial institutions, and e-commerce companies, and travel services businesses rely on 41st Parameter's technology to protect them from cybercrime threats including card not present fraud, new account origination fraud, phishing and account compromise, credit bust outs, and fraud ring attacks. Founded in 2004, 41st Parameter makes the process of detecting and preventing fraud easier and more effective, reducing both expenses and potential losses. As a leading web fraud detection innovator the company supplies industry-proven solutions which integrate advanced device identification with comprehensive risk management capabilities. To learn more about 41st Parameter, visit www.the41st.com


Survey results are nonscientific and for informational purposes only.  All trademarks are the property of their respective owners.

Related articles by Zemanta

• Card Not Present Fraud up 132% in UK (pindebit.blogspot.com)

The Internet Can be Utilized to Transmit Encrypted Data

But the Web is NOT a Safe Place with which to Conduct Transactions...

Many people use the terms Internet and World Wide Web (aka. the Web) interchangeably, but in fact the two terms are not synonymous. The Internet and the Web are two separate but related things.


How are they Different ?

The term Internet evolved from Inter-Networking.It is a massive super-network of millions of networks built all acrossthe globe. It actually represents the overall network infrastructurecomprising of Fibre optic cables, routers, switches, gateways,computers among other network constituents. Every node(computer) oninternet is accessible by every other node connected to the Internetand that’s how Internet is primarily used for communication andInformation sharing.

There are some well defined Internet protocols for performingseveral purposes such as data transfer, remote access, informationsharing using Internet. ‘World Wide Web’ employs Hyper Text Transfer Protocol(HTTP)to facilitate Information sharing on Internet. In other words, ‘Web’ issimply an Information sharing model, built on top of the internet.

In simpler words

‘World Wide Web’ (WWW) or simply ‘Web’ is basically a subset of Internet. It represents the largest sub-network on Internet, which employs HTTP protocol and lets us  (and hackers) access information published  (or typed) on a Webpage via a software called a Web browser.

That said, it's just a matter of time before EVERYONE realizes the web is not a safe place to conduct financial transactions.. The same is true for online banking authentication.   When you "type" primary card numbers or passwords, what you type can be accessed by the bad guys...

For those who missed it, I am republishing a post regarding the danger online banks face when it comes to losing customers due to inadequacies of their authentication and the web itself.

It's just a "matter of time" before EVERYONE realizes that the Web was not built for eCommerce and that if they stay on course, there will be a train wreck the magnitude of which has not been seen.

The banks have another choice...get on board the "gravy train" HomeATM can provide and open up a whole new world (wide web) of security for their customers and enchance their image, their bottom line and their branding strategy all at once.

You don't have to be a "seer" (or read "between the lines") anymore, to realize that the web is broken. You can simply read the headlines. Websense, in their new research report, pulls no punches when they state:

"The conjunction of technologies and the monetizing of hacking have resulted in a web environment where no websites, legitimate or not can be trusted."

Half of Banking Customers Hit by Card Fraud Change Banks

One in Five Hit by Card Fraud in Past Five Years: ACI Worldwide Survey HALF (49%) Would Consider Changing Banks Following Card Fraud...22% "Would" Change Banks! Editors Note: Wow, if I was a financial institution offering "online banking"that headline would haunt me 24 hours a day until I figured out a wayto either change it or use it to create an opportunity for my onlinebank to flourish. My first thought would be: "If 50% would consider "changing banks AFTER" they get hit by card fraud/onlinebanking/phishing fraud, how many would consider "changing banks" to"AVOID" getting hit? And to which competitor would they go? I'd conclude that if they "left because of insecurity" they would probably "come on board BECAUSE of security." Soif I wanted to open a portal for dissatisfied online banking customers,I would use a uniquely positioned product to ensure my customerssecurity. I'm thinking Swipe vs. Type here. Then I would think...howmany potential customers could my bank procure by "guaranteeing" onlinesecurity? Research would determine if it was millions or only"Hundreds of Thousands." I think I made my point. If not, thenthere's always this: "Fraud reduction isone area where financial institutions are able to take decisive andpositive action to reduce losses and enable them to protect their image and retain the trustof their customers." Protect Your Customer...in fact "Enable Them" Protect Your Image...in fact "Enhance It" Considering the drastic rise in cybercriminal activity, especially activity aimed at financial institutions, I would think that thekey to any online banking branding strategy would be about protectingthe customer from phishing and malware and protecting, better yet,enhancing the financial institutions image. Those two principalsshould drive any strategy. Sincebanks cannot control whether their customers visit a malware infestedwebsite, they have to find another way to protect both themselves andtheir customers from malware. The "other way" is to require theircustomers to Swipe vs. Type. As I've said in the past, two of thethree steps are already done by the bank. They issue the card, theyissue the PIN, the last remaing issue is a device that reads the cardand the PIN. The best choice is a PCI 2.x certified PIN Entry Devicedesigned for eCommerce use. It'sthe fastest and familiar way to securely authenticate their user and byeliminating "typing" you eliminate the threats from malware andphishing. These days, it's all about security. The web is NOTsecure. Therefore financial transactions need to be conducted"outside" the browser space. However,for the sake of argument, let's assume those principals are not adheredto. Assume that banks are willing to take the risk that theirclients' online banking information will get phished, that it's "just acost of doing business." The game has changed. When 50% of consumerssay they might change banks if they (or somebody they know) experiencedcard fraud it's not just about phishing anymore. It becomes a muchmore serious problem. Iwould think that banks might be less willing to take on the risk thathalf of their customers will jump ship. That very real threat is onethat HomeATM can eliminate as well. We don't operate within thebrowser, we operate without. We simply utilize the Internet as the"conduit" whereby the encrypted cardholder information is channeled. It cannot be unencrypted until it reaches an HSM. Phisherscan't phish if consumers don't type. If online banking consumers aregoing to switch banks anyway, why not have a strategy to "swipe them"off their feet? Ihave to seriously ask...when will a bank "connect the dots" and offertheir customers the only PCI 2.x and TG-3 certified personal e-bankinglog-in device in two hemispheres. It is a no brainer. Guarantee theirsecurity. What is the guarantee? That your customers data is safe and therefore your customer is safe. Ourdevice would render phishing useless by requiring secure 2FA login(swipe card/enter PIN) With our device it doesn't matter what malwareis on the computer, it wouldn't be able to steal username/password databecause that data is NOT typed in anymore. It might very well still beon the PC, but it's no longer used for logging in. Typing has beeneliminated and without typing, the bad guys can't steal your customer'scard numbers. Eliminate typing and you also eliminate the threat of keyloggers, cloned bank websites, counterfeit cards AND losing yourvaluable customer to a competitor. Twofactor 3DES DUKPT End to End Encrypted PCI 2.x and TG-3 CertifiedMilitary Grade security... used for securing online banking log-in,money transfers, conducting more secure online transactions and thusenhancing your bank's image...all for $12 a pop? Yeah...So get aheadof your competition by simply connecting the dots! Your almostthere...2 outta 3 ain't bad, but 3 outta 3 is better.

NEW YORK, July 28, 2009 (GLOBE NEWSWIRE) -- ACI Worldwide, Inc.(Nasdaq:ACIW), a leading international provider of electronic paymentssoftware and solutions, today announced that its global card fraudsurvey revealed that 18 percent of consumers questioned have beenvictims of credit or debit card fraud in the past five years. Theresearch, of more than 2,400 consumers across eight countries, alsofound that if an individual or someone they knew was hit by card fraud,22 percent would change financial institutions, and a further 27percent would consider changing financial institutions. In the light of these findings, and the continued commitment byfinancial institutions around the world to protect their customers fromcard fraud, ACI Worldwide has launched its Guide to "Stopping CardFraud in its Tracks," with contributions from Nationwide BuildingSociety, to provide advice to fraud managers in banks to help combatcard fraud and protect their customers. Editor's Note: In the US andUK 27% or 1 in 4 people have been toasted by card fraud. Replace thetoaster with a PCI 2.x certified PED. And give them away! Cause youcare! The money will come! In fact, last time I checked (in April)the American Bankers Association said: “Banksthat demonstrate a keen understanding of customer needs and put forthcapabilities that align with them can differentiate themselves fromcompetitors, command higher pricing, and become the provider of choice for deposit-rich market segments. Successful banks will develop programs that demonstrate industryunderstanding, critical product capability, and communicate commitment.” The survey highlights some wide variations in fraud trends aroundthe world. In the US and UK, 27 percent of respondents have been hit bycard fraud in the past five years, compared to only seven percent inDubai, eight percent in Germany and 15 percent in Australia, China andSingapore. When it comes to customer attitudes to card fraud, a fifthof the respondents said they are not confident their financialinstitution can protect them, with this number rising to over a thirdin China. What's more, almost half of respondents said that they would changebanks, or at least consider it, if they or someone they knew was hit bycard fraud. Editor's Note: Okay, nowif I'm in the banking industry and I read this, I wouldn't be hauntedanymore. I would be excited. Because I would see a HUGE opportunityto capitalize on these consumer behavioral attitudes. If Half wouldchange banks (even if it was just someone they knew who was hit by cardfraud) that means I have the opportunity to "lure" them to my financialinstitution. Did I just say lure? I did. You can "Phish" for online banking customers by eliminating...phishing. HomeATM'sOnline Banking program would would keep banking customers safe andsecure and attract dissatisfied customers who leave their banks. It'ssimply a branding strategy. You brand your bank as the most secureonline banking system available. And you secure it with a PCI 2.x andTG-3 certified system. And you "give them away" with a smile on yourface. Because it empowers you, protects your customers, enhances yourimage and will make you money! Pete Corrie, head of financial crime at Nationwide Building Society,comments: "The number of card payments globally has increaseddrastically over the past few years and, consequently, the wholeindustry has seen associated fraud levels go up. David Nussenbaum, vice president and product line manager at ACIWorldwide, adds: "The international research we have conducted showsthat although card fraud trends vary around the world, it is still apersistent problem for banks. In order to protect themselves and theircustomers against potential fraudulent attacks, financial institutionsare looking for ways to implement effective anti-fraud strategies,while maintaining efficiency and keeping costs to a minimum. We believethat our Guide will provide some useful and practical advice." The ACI Worldwide research on card fraud was conducted during July2009 in Australia, Brazil, China, Dubai, Germany, Singapore, the UK andthe USA surveying a total of 2,408 respondents. To download the ACIWorldwide Guide to 'Stopping card fraud in its tracks', go to www.aciworldwide.com/stopcardfraud. Security researchers expose weaknesses in authenticating most Internet transactions (deals.venturebeat.com) Vulnerabilities Allow Attacker to Impersonate Any Website (wired.com) More holes found in Web's SSL security protocol (macworld.com) One in Five Consumers Hit by Payment Card Fraud in Past Five Years (paymentsnews.com) Online Banking's Innate Security Flaws (information-security-resources.com) Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com) BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com) Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com) Gartner Tells Banks "Beware of Disintermediation" (pindebit.blogspot.com)