Senator Proposes Use of Internet Gambling Revenue to Help Fund Health Care Reform

WASHINGTON, Sept. 21 /PIN Payments News Blog/ -- An increased focus on the benefits of Internet gambling regulation are expected as the Senate Finance Committee considers a proposal introduced on Saturday to use Internet gambling revenue to offset the costs of health care reform. The amendment offered by Senator Ron Wyden (D-OR) would dedicate Internet gambling tax revenue generated through implementation of the currently pending Internet Regulation, Consumer Protection and Enforcement Act (H.R. 2267) to increase low-income subsidies provided through the America's Healthy Future Act of 2009. A PricewaterhouseCoopers analysis shows that collecting taxes on regulated Internet gambling would allow the U.S. to capture up to $62.7 billion over the next decade.



"We applaud Senator Wyden's proposal to collect and put to good use tens of billions in Internet gambling revenue that would otherwise be lost in the underground marketplace," said Michael Waxman, spokesperson for the Safe and Secure Internet Gambling Initiative. "The Senate Finance Committee should approve the resolution, finally putting to an end a failed prohibition on Internet gambling that leaves Americans unprotected and unlicensed offshore operators as the only beneficiary in a thriving marketplace."



The Internet Gambling Regulation, Consumer Protection and Enforcement Act of 2009 (H.R. 2267), introduced in May by House Committee on Financial Services Chairman Barney Frank (D-MA), would establish a framework to permit licensed gambling operators to accept wagers from individuals in the U.S. The legislation mandates a number of significant consumer protections including safeguards against compulsive and underage gambling, money laundering, fraud and identify theft. Additional provisions in the legislation reinforce the rights of each state to determine whether to allow Internet gambling activity for people accessing the Internet within the state and to apply other restrictions on the activity as determined necessary.



A companion to Chairman Frank's legislation introduced by Rep. Jim McDermott (D-WA), the Internet Gambling Regulation and Tax Enforcement Act (H.R. 2268), would raise revenue for the U.S. Treasury primarily through ensuring that applicable individual taxes, corporate taxes and license fees on regulated Internet gambling activities are collected. Without this legislation, this revenue will remain uncollected while millions of Americans gamble online without consumer protections.



About Safe and Secure Internet Gambling Initiative



The Safe and Secure Internet Gambling Initiative promotes the freedom of individuals to gamble online with the proper safeguards to protect consumers and ensure the integrity of financial transactions. For more information on the Initiative, please visit www.safeandsecureig.org. The Web site provides a means by which individuals can register support for regulated Internet gambling with their elected representatives.



SOURCE Safe and Secure Internet Gambling Initiative

Keeping Credit Cards Secure: Washington Times

"I think the U.S. is targeted because there's more and wealthier people on the Internet and we're more active in e-commerce," Avivah Litan - Distinguished Analyst at Gartner Research - Quoted in Washington Times 



Editor's Food for Thought:  If the U.S. did bite the bullet and decide to spend $8 Billion Dollars to switch over to Chip and PIN it is NOT going to reduce eCommerce Fraud one iota 



At least not until we start swiping the card itself.  (Replacing the Card Not Present Environment with a Card Present one.)  As long as there is a Card Not Present" environment, there will be fraud, because fraud, like water, finds the path of least resistance.   The path we are on (typing vs. swiping) makes it easy for the bad guys to steal our personal data and wreak havoc.   Wake up and smell the coffee!



Until we start "swiping our cards" it would make NO DIFFERENCE WHATSOEVER, in terms of eCommerce Fraud, whether the cards that banks issue are Contactless, Chip and PIN, Magnetic Stripe...or anything else.  



What difference does it make whether there is an integrated circuit built into the card if we don't swipe the card? It wouldn't matter if a card had the users DNA embedded onto the card if the card is not read.  Until  consumers stop entering their credit/debit card number by typing  it into a box on a website, there will be fraud.  Where am I wrong here?  Hint:  Nowhere!



Anyway, I thought  it important to make the distinction prior to you reading the Washington Times article below.  In regards to the "brick and mortar" space, I agree that switching over to Chip and PIN would greatly reduce fraud created by cloning magnetic stripe cards, but, again, until we start swiping and stop typing,  it won't matter if the card is Smart, Dumb, a Kindergartner or Einstein.





There is the only one "Smart vs. Dumb" argument when it comes to transacting on the web.   What's dumb is typing/entering our card information into a browser environment.   What's Smart is swiping the card in order to instantaneously "encrypt" the card information keeping it from the bad guys.  (in fact, it's such a simple concept, I got a Kinder-Gartner to draw it up for you...she's right!)



By the way, HomeATM's PCI 2.x certified personal point of sale terminal would not only enable consumers to swipe their magnetic stripe card, but we also have an EMV version which would enable consumers to swipe smart cards. 



So let's not confuse eCommerce transactions with brick and mortar.  In the brick and mortar world the card is swiped.  Until we convert the "card not present" methodology currently relied on for Internet Financial Transactions, into a "card present" environment, by providing consumers with a personal card reader and PIN Entry Device, the point is moot.



Here's the Washington Times Story: (excerpts only)

Keeping credit cards secure

By William Ehart



Next-generation security for debit and credit cards is on hold in the United States as banks and retailers argue over who should pay for a new system. Americans continue to use plastic for more and more transactions, at checkout counters, over the phone and on the Internet, despite increasingly frequent security breaches.



But the banking industry's losses have not been large enough to spur a consensus on financing the estimated $8 billion cost of moving beyond the aging magnetic-stripe technology now in use, analysts and consumer advocates say. "Up until now, it hasn't been that necessary, but in the last few years, hundreds of millions of cards have been compromised," said Avivah Litan, a Gartner Research analyst.

"The question is, how much more fraud do the banks want to tolerate?"

"The old formula that a lot of them are still using is, 'What is the cost of fraud or loss versus the cost of putting in a new system,' and it's the wrong formula.

"You have to consider what is your fraud loss, what is the cost of losing your customers, the decline of your stock price, what's the cost of your fraud resolution units and the loss of your reputation? - Linda Foley - Founder of Identity Theft Resource Center in San Diego



The industry is tight-lipped on fraud losses, although they are known to be in the billions each year.

"They don't ever reveal the exact numbers, so we don't know," said Ms. Litan. "All we know is there are a lot of breaches and there's a lot of money being spent on security in the wrong places." The "chip and PIN" system used for payment cards in much of the world greatly reduces the risk from cyberthieves. (Editor's Note: Again, it would NOT reduce "card not present" fraud until we stop typing)

Although this smart-card system isn't foolproof, in most cases a thief would need to physically possess your card in order to withdraw cash or make an unauthorized charge. With magnetic-stripe technology, hackers can reprogram a dummy card with your account information. (Editor's Note: A cyberthief would NOT need to physically possess your card until the card industry mandates a "card present" environment for the web...i.e. "Swipe...Don't Type!)

A microchip embedded in each smart card contains the user's account information, and some transactions also require a PIN number. The "chip and PIN" system is used in Europe, Mexico and elsewhere, Ms. Litan said. It will be rolled out in Canada next month. Everyone along the electronic-payments food chain agrees that more security is needed, from the banks that issue the cards to the retailers that accept them to the payment processors whose networks transmit essential information.

It's just that retailers think the banks should pay more and that banks think the retailers and payment processors should pay more.



Every consumer would need new cards — by some estimates, Americans hold more than a billion of them. Even more daunting, every card-swipe machine in the country would need to be replaced. Nagraj Seshadri, senior product marketing manager at security company Sophos, said it cost $1.6 billion to roll out "chip and PIN" in Britain. Since the U.S. poulation of 300 million is five times greater, it could cost $8 billion to do the same here, he said.

Yet the value of purchases made in the United States with Visa Inc.'s debit and credit cards alone exceeded $1.6 trillion last year. And this country is a big bull's-eye for hackers around the world.

Related articles by Zemanta

• Online Banking's Innate Security Flaws (information-security-resources.com)


• A Look at the Issues Associated with Mag Stripe Cards (paymentsnews.com)


• 'Both Sides of the Mouth' Security Analysis (information-security-resources.com)


• 3DES, DUKPT & E2EE Explained (information-security-resources.com)


• Comparing Apples To The "Real Deal" (information-security-resources.com)

Gartner: Security Software Market will Total $14.5 Billion in 2009

The worldwide security software market will total $14.5 billion in 2009, an 8% increase from 2008, according to Gartner. In 2008, it grew at 19 per cent, and Gartner anticipates the market to grow 13 per cent in 2010 as revenue will total $16.3 billion.



In Europe, the security software market will total €3.2 billion in 2009, representing 7% growth from 2008.



“Although the worldwide security software market is affected by the economic downturn, the growth will continue to be strong in 2009 as security remains a critical area where drastic cuts cannot be afforded,” said Ruggero Contu, principal research analyst at Gartner. “In the medium term, the greatest growth opportunities will come from software as a service (SaaS), appliance based offering and small and medium businesses (SMBs), which are in security catch-up mode compared with large companies and therefore spend a higher percentage of their budgets on security.”



In 2009, consumer security will remain the largest segment (in terms of total software revenue) in the security software market, representing 25 per cent of the total market. Gartner estimates it will account for $3.6 billion, growing 4 per cent in 2009. The enterprise security software market formed by a number of segments such as endpoint protection platform, email security boundary and user provisioning is predicted to account for $10.9 billion, reaching 9 per cent growth in 2009.



Continue Reading at  Net-Security.org 



Additional information is available in the Gartner report "Market Trends: Security Markets, Worldwide, 2007-2013." 

VerifySmart's New Card Fraud Prevention and Detection Technology Targets Multi-Billion Dollar Financial Fraud Loss Market; Lets Consumers Off The Liability Hook

TAGUIG, Metro Manila, Philippines, Sept. 21 /PIN Payments News Blog/ - VerifySmart(TM) Corp. (VSMR: OTCBB): VerifySmart, a global leader in secure and fraud free payment processing services, introduces a new 'no-fault' fraud protection solution technology (the "Technology") for credit and debit card holding consumers, and unprecedented fraud detection and prevention protocols for merchants and financial institutions.



VerifySmart's Technology comes at a watershed moment in the global financial community, when astronomical credit and debit card fraud losses make headlines with alarming regularity. While most financial institutions are hesitant to post actual credit and debit card fraud loss numbers, the figures are staggering as far back as 2005, when an FBI report indicated that credit card fraud represented the majority of the $315 billion US financial fraud loss for that year. A recent European study reported that more than 22 million adults fell victim to credit card fraud in 2006.



Financial institutions and consumers alike hoped that the recently introduced, so-called Chip and PIN technology, first introduced in the UK, would drastically reduce credit and debit card fraud, but a 2008 APACS (Association of Payment Clearing Services) report indicates a loss prevention gain of just 0.02%, after Chip and PIN technology was adopted (0.14% fraud losses as a percentage of card turnover pre Chip and PIN, versus 0.12% post Chip and PIN).



An unwelcome sidebar disadvantage of Chip and PIN, VISA, and other currently available so-called credit and debit card fraud prevention and detection technologies is the assumption of 'total card holder liability' made by many financial institutions. That is, the widespread practice, by banks and other financial institutions, of assigning loss liability to the cardholder on the assumption that the cardholder either wrote down or otherwise disclosed their PIN number and are therefore liable and accountable for the loss. The apparent growing lack of faith in Chip and PIN and other card fraud prevention technologies is evident in the fine print.



One of Canada's oldest banks introduces its faith in the new Pin and CHIP technology policy to credit card customers in writing as follows: "If a cardholder fails to comply with any obligation in the section entitled personal identification number (PIN) and someone other than the cardholder makes any PIN-based transactions on the Visa account, the cardholder will be liable for those transactions and any interest, fees and losses incurred...." The same national bank outlines debit card liability in their cardholder agreement: ""Contributing to unauthorized use: if someone uses your bank card or PIN without your authority but your actions (or inaction) contributed to that unauthorized use, you are responsible for all losses...."



All popular and available credit and debit card fraud prevention and detection systems have a single element in common, and that is the single element. Once a credit or debit card has been stolen, a seasoned criminal or fraud expert can quite easily breach required securities, assume an identity, and successfully execute several commercial transactions - at the expense of the card holder (fraud and theft insurance notwithstanding).



VerifySmart's Technology adds a second, hacker-safe layer of protection, and several levels of reassurance for consumers and financial institutions alike, by involving a second element, and with that second element, a secure 'double-check' to the transaction process.



How VerifySmart(TM) Technology Works



In smart contrast to Chip and PIN, VerifySmart(TM) provides a complete solution to lost or stolen cards, identity theft and cloned cards while putting control of the transactions directly in the hands of the card owner. VerifySmart(TM) has developed key technology that is simple yet effective. The cornerstone is an authentication model that decouples the verification and PIN process from the physical card or transaction medium offering the industry a new and proven fraud reduction mechanism.



VerifySmart's key benefit is a two-part authentication whereby a second source (mobile phone or PDA and a PIN) of identification which cannot be forged, is required to complete the transaction.



VerifySmart's credit and debit card fraud detection and prevention technology is patent and patent-pending (PCT approved) in 29 countries ranked by strategic importance and wireless penetration rates.



In addition, using VerifySmart's credit and debit card fraud detection and prevention technology, card transactions and other applications, such as internet transactions can be verified without requiring the banks and merchants to invest in new equipment and without major modifications to legacy systems.



VerifySmart(TM) Technology provides for verification through the end client's mobile device, such as a cell phone, with the transaction completely under the control of the card holder at all times. The process is simple and secure, uses technology that consumers and businesses alike are familiar with, does not require new hardware and only takes seconds to complete. VerifySmart's methodology uses a two factor system to verify both the transaction and unique owner credentials in real time creating a security model that is effectively impossible to breach.



VerifySmart's debit and credit card processing occurs in less than ten seconds, as follows:

- The merchant (or ATM machine) swipes the customer's card in the normal manner.
 - The debit signal transmits to the bank but before entering the bank's
 system it is directed by VerifySmart(TM) to the card holder's mobile
 phone;
 - The card holder's mobile device is unique as to its phone number and
 identity code so the transmission is secure to that one device;
 - The card holder receives a cell phone message that a transaction is in
 progress with their card for a named merchant and asks for
 authorization;
 - The card holder then enters their unique PIN number to authorize the
 transaction or refuses the transaction (if they do not acknowledge
 with their PIN the transaction will fail);
 - Upon receiving the authentication signal from the owner, the
 VerifySmart(TM) system allows the signal to complete its journey to
 the bank and the merchant receives the 'all clear'.

About VerifySmart(TM)



VerifySmart(TM) Inc designed and developed a Proprietary Hardware/Software Solution that solves Credit/Debit Card fraud by using two Factor Authentication. The Company's Core Technology is designed to meet the needs of the Security challenged Transaction Processing Industry. Present day solutions, such as Verified by Visa, Chip and Pin and CVV Code (all which can be compromised) have not reduced payment card fraud by any significant factor. The VerifySmart(TM) solution has reduced fraud to zero in earlier production pilots. the Company's proven and highly scalable solution is gaining worldwide attention and placing VerifySmart(TM) at the forefront of the fraud prevention revolution

Device Fingerprinting Worse than Passwords?

Are we going backwards instead of forwards in our fight against cybercrime?  Passwords are bad enough, but a study shows that people falsely believe that device fingerprinting will protect them.



I've been lamenting about the inherent weaknesses in "password" protection for well over 18 months.  Consumers know it is not safe.  But what they don't know, is that a possible replacement for passwords, something called "device fingerprinting" is just as lame. 



So I will LAMEnet some more...



Prior to bringing you the following article/study, let me provide you with  two quotes...one from Symantec and another from Avivah Litan, distinguished analyst at  Gartner Research. 

Then ask yourself.  If the problem is the browser, why introduce a so-called solution which relies on the browser?  Are we taking two steps backwards when it comes to online security?  Sure seems that way.   I think it's been proven that you don't plug a hole in a dyke by sticking your finger in it. 



Again, in order to provide a secure environment, financial transactions MUST be conducted outside the browser space.  It is NOT a recommendation.  It is FACT.  Read these two quotes, read the story and then take two steps backwards and see the forest through the trees...

"The truth is that 'fingerprint' security technology is no longer effective," said Rowan Trollope, senior vice president of product development at Symantec.   "The bad guys figured out how to get around our technology."

Speaking of device fingerprinting, Avivah Litan, a Gartner VP and analyst who focuses on financial fraud...said "the technology has limits...it's not foolproof at all," "If a cyber criminal takes over

your browser, it won't work." 

Editor's Note:  Got it?  Okay...here's the latest word on how we can secure online transactions!





Users Prefer Device Fingerprinting to Passwords

Study finds 70 percent of respondents say they'd be willing to have their PCs and mobile devices authenticated by an online merchant before completing a transaction.

The latest data protection and information security survey conducted by the independent Ponemon Institute suggests that consumers would be willing to let Big Brother encroach a bit on their individual computing devices in exchange for more online security and lot less memorization of pesky user names and passwords.



Of the 551 participants who responded the Traverse City, Mich.-based researcher's online survey, 70 percent said they'd be willing to have their computers authenticated by an online merchant before purchases are completed and 75 percent of those surveyed said that computer authentication is preferred because it's more convenient than remembering passwords or answering pre-selected questions.



According to a 2007 password study by Microsoft, the average person has 6.5 Web passwords, each of which is shared across almost four different Web site. The study also found that each user has about 25 accounts that require passwords and he or she types an average of eight passwords a day.

If this particular study and it's relatively small sample size is indicative of how the majority of consumers feel, so-called device fingerprinting software and technology developed by the likes of Los Altos, Calif.-based ThreatMetrix will soon find a much larger market with e-tailers, online payment processors and even social networking and e-dating sites.

Editor's Note:  Take a step backwards here...look up...see the forest?

"Actually, I did find the responses a little surprising," said Larry Ponemon, chairman and founder of the Ponemon Institute. "The responses were overwhelmingly positive and it's clear people are becoming more comfortable with technology that can authenticate their machines."

The idea of allowing a third-party Web site to use a software that would then report back the IP address, browser and physical location of a PC or mobile device still strikes some as an invasion of privacy.  However, the notion of divulging personal information such as a mother's maiden name or the last four numbers of a social security number apparently bothers Internet users even more.

"The thing I've learned over a number of years is that timing is everything," said Tom Grubb, vice president of marketing at ThreatMetrix. "I really feel like it's the right time for this technology.



The timing is right?  The only thing I see good timing for is to review Symantec's take on device fingerprinting one-more-time...

"The truth is that 'fingerprint' security technology is no longer effective," said Rowan Trollope, senior vice president of product development at Symantec.  "The bad guys figured out how to get around our technology."

Typhone Awarded Electronic Transaction Card Patent

PORTLAND, Ore.--PIN Payments Blog-- Tyfone (www.tyfone.com), a global provider 
of mobile financial services infrastructure and fully integrated mobile NFC payments
/secure transaction capabilities, today announced the company was awarded a second
patent for its innovations in smart card-based electronic wallet technology. 

This newest patent, US 7,581,678, is entitled "Electronic Transaction Card." 

Using time-varying magnetic fields, Tyfone`s patented technology enables the use of a memory card as an electronic wallet and/or the
ability to use that memory card for the secure transmission of financial information. This groundbreaking technology is used in the 
company`s u4ia® (euphoria) Mobile Financial Services platform, which completed successful beta testing in June of this year. 

In the growing contactless payment marketplace, Tyfone`s patented technologies and u4ia secure memory card platform enable a 
Trusted Service Manager (TSM) to bring scale to the ecosystem by enabling existing market-deployed handsets to
become NFC ready. This leads to significant benefits to consumers and the key stakeholders such as banks, transportation
companies, mobile operators and merchants, without change to the current ecosystem and without incurring significant cost to enable it. 

Unlike other software-only technologies that refer to their application as an electronic wallet, Tyfone`s platform includes a neutral secure 
element -- thereby making it a true electronic container or "wallet." This solution allows a TSM to securely manage different consumer credit, 
debit, transportation and pre-paid accounts for use in a wide range of payment and other secure transactions. 

A key application for Tyfone`s newly patented technology is using SideTapTM to conduct a contactless payment transaction. Using SideTap, 
consumers purchase goods at point of sale simply by tapping their mobile device at point of sale. 

"To Tyfone, this patent is the culmination of tireless work developing a neutral solution not only as a viable implementation of NFC that
can be broadly used today, but also as a truly game-changing technology," said Dr. Siva Narendra, chief technology officer at Tyfone. 
"As was demonstrated when initial testing was completed with the key stakeholders in the NFC value chain, Tyfone`s newly patented 
technology brings us one step closer to a ubiquitous contactless payment reality. Tyfone`s secure memory card technology is out of the 
R&D lab, has been tried and tested and is ready for the next stage in evolving the stakeholders` existing business models into new 
revenue opportunities." 

"Enabling near field communications without requiring design changes to the handset is the fastest way to proliferate contactless 
applications," said Patrick Gauthier, who launched Visa Paywave and is now CEO of SMC Advisors, a management consulting firm focused
on emerging payments, mobile and e-commerce businesses. "Tyfone`s technology is critical to jump start NFC by providing a packaging that
is familiar to the consumers, delivering a neutral secure element that is appropriate for banks and service providers, and enabling a new class
of use cases that can drive revenue for operators." 

About Tyfone:

Tyfone connects money and mobility via a highly secure, scalable and flexible Mobile Financial Services (MFS) infrastructure thaTt is tailored 
to meet the evolving needs of mobile network operators, transportation agencies, retailers and financial institutions. With its complete 
MFS platform and global alliance partners, Tyfone is uniquely qualified to deliver issuer-centric turnkey solutions with fully integrated 
contactless payments capabilities. To discover why Tyfone is becoming the partner of choice for MFS technologies to many of the
world`s leading organizations, please visit www.tyfone.com. 

Tyfone
Carol Grunberg, +1 503-546-9364
carol.grunberg@tyfone.com

Community Banks Focusing on Secure Payments

Washington, D.C., -PIN Payments News Blog- Community banks are continuing to invest in payments-related products, according to a nationwide community bank payments survey released today by the Independent Community Bankers of America (ICBA).



The 2009 ICBA Community Bank Payments Survey (www.icba.org ), conducted every two years, revealed that 52 percent of community banks increased payments-related spending, while only 11 percent decreased spending.



The survey also revealed that 62 percent of community banks offer merchant remote deposit capture (RDC), up 41 percent since 2007; debit cards continue to be the dominant consumer-payments vehicle for community banks; and debit card and check fraud are of great to concern to community banks.



"The 2009 ICBA Community Bank Payments Survey shows that, even during these challenging economic times, community banks (www.icba.org ) are increasing their investment in payments products and services that enable customers to execute secure banking transactions anywhere at any time," said Viveca Ware, ICBA senior vice president of payments and technology policy.



"It's evident that most community banks now understand the benefits their investments in payment technology bring to operational efficiency for both the bank and the customer."



The number of community banks that offer merchant remote deposit capture is expected to increase to 78 percent by 2011. RDC adoption rates are strongest among the largest community banks, with 97 percent of those with more than $500 million in assets offering merchant RDC versus 32 percent of community banks with assets less than $100 million.



While debit cards ranked as the most important payments vehicle, and checks were the second most important, the outside fraud associated with both has been a challenge for community banks, the survey showed.



Debit cards have been hit particularly hard, with 91 percent of survey respondents citing the need to reissue cards due to fraud, while 78 percent said they experienced a monetary fraud loss. Check fraud continues to be a problem as well, with 56 percent of community banks experiencing monetary fraud losses last year.

"While community banks such as mine are heavily committed to protecting our customers and our bottom lines, fraudsters continue to be just as committed to exploiting banking customers," said John Buhrmaster, chairman of the ICBA Payments and Technology Committee and president of 1st National Bank of Scotia, N.Y. "Payments fraud risk can be mitigated, but not without effort or expense."



Other key findings from the 2009 ICBA Community Bank Payments Survey include:

• Online bill payment is becoming more prevalent across the community banking sector. All banks over $250 million in assets (99 percent) offer this service, while smaller community banks offering the service (74 percent) are rapidly closing the gap.


• Community banks still consider checks the most important business payments product, followed by ACH origination, cash management, bill payment and payment-card merchant processing.


• Six percent of community banks offer mobile banking services today, with 27 percent planning to increase their technology spending in this area by 2011.


• Community banks are close to implementing all-image check processing. While 82 percent of community banks currently receive their cash letters electronically, an additional 9 percent plan to do so next year.
  
  

The survey was conducted from June 1-26, 2009, and included 43 questions with responses from 909 community banks with asset sizes from under $100 million to more than $500 million. For more information, visit www.icba.org .



About ICBA



The Independent Community Bankers of America (www.icba.org ), the nation's voice for community banks, represents nearly 5,000 community banks of all sizes and charter types throughout the United States and is dedicated exclusively to representing the interests of the community banking industry and the communities and customers we serve. For more information, visit www.icba.org .



Source: Company press release.

NAB: "Mobile Payments Not in the Cards"

In an article written by Suzanne Tindal, for ZDnet Australia, she reports that National Australian Bank will deploy over 2500 Contactless Terminals to merchants by Christmas, but has pulled the plug on a mobile payments platform that relied on a software download to the phones SIM.



NAB rolls out contactless terminals



Suzanne Tindal, ZDNet.com.au - September 21 2009

National Australia Bank has announced that it will roll out systems to over 500 Melbourne merchants this month, which will enable them to take customers' payment when they hold their cards up to a reader, but has stopped developing technology for payments via mobile phone.

"The bank had also been trialling contactless payments via mobile phone, made possible by downloading a software application to a phone SIM. However, despite positive results from a three-month trial of this technology which found that 90 per cent of participants were happy making payments using the mobile technology, the bank said mobile payments weren't on the cards.

"Mobile payments rely upon card issuing companies and telcos positioning product together," a spokesperson for the bank said. "We are not pursuing development of this at this point in time."

Editor's Note:  Sounds like they read Javelin's Report (see previous post) on contactless/mobile payments where they stated:

"The contactless payments ecosystem is presently a series of “islands” with little-to-no mutual realization of value among the various constituents. The report indicated that the success of contactless solutions depends on some disruptive factor or wide-scale deployment that bridges the gaps and allows for value creation among all constituents that connects the islands. 

Javelin: Contactless Payments Have Little-to-No-Mutual Realization of Value

San Francisco, -PIN Payments News Blog– Javelin Strategy & Research (www.javelinstrategy.com ) today released a report revealing that the contactless payments ecosystem is presently a series of “islands” with little-to-no mutual realization of value among the various constituents. The report indicates that the success of contactless solutions depends on some disruptive factor or wide-scale deployment that bridges the gaps and allows for value creation among all constituents that connects the islands.



The Javelin report, Contactless/Mobile Payments Ecosystem: Solutions Must Bridge Islands of Value to End Market Stagnation, also reveals that until this bridging occurs, Near Field Communication (NFC) and the evolution of mobile payments will flounder in the U.S. market.



“Efforts to deploy contactless and mobile payments solutions have suffered from conflicting value propositions among various constituents, specifically merchants, payment networks, card-issuing financial institutions, and wireless carriers,” said James Van Dyke, President & Founder. “But companies such as Vivotech and newcomer Zenius are seeking to build solutions that bridge the gaps in value among the constituents. Consumer awareness and behavior changes are also necessary.”



Key Findings of the Javelin Strategy & Research Report:

• Smartphone ownership will be a key driver in consumer adoption of more robust mobile activity, including mobile payments. (For more on smartphone and iPhone usage, please refer to our 2009 Mobile-Banking and Smartphone Forecast Report.)
  
  


• Current smartphone owners show a much higher propensity to use contactless cards and are more likely to extend this into mobile payments usage.
  
  


• The tipping point for wide-scale mobile payment deployments will sync with the growth of selected smartphones and the congruence of value for each ecosystem player.
  
  


• As ecosystem players realize the value of NFC beyond the payments, the path to value from large-scale deployments of NFC solutions will become clearer.
  
  


• Wireless offers with higher uptakes will lead to a greater likelihood that customers will engage in mobile payment activities
  
  

“Finding the right base of consumers that will drive contactless usage and make the leap to early adoption of mobile payments is an integral part of widespread deployment,” said Mary Monahan, Research Director & Managing Partner. “Several population segments show propensity to use contactless and mobile payments – including mobile bankers, smartphone owners and tech-savvy consumers. In-depth information on these segments will enable all industry players to better understand their individual value proposition and their position in the ecosystem.”



To arrange an interview with Mr. Van Dyke or Ms. Monahan and/or view research on this topic or a similar topic (available to qualified members of the press), please contact Crystal Mendoza at +1.925.225.9100 ext. 35 or cmendoza@javelinstrategy.com .



About Javelin Strategy & Research



Javelin provides superior direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiatives. Our advantages are rigorous process, independent position, and expert people. For more information about this or other Javelin reports, please visit www.javelinstrategy.com/research or contact Elizabeth Travers at (925) 225-9100 ext. 31 or etravers@javelinstrategy.com .

Source: Company press release.

$3 Million Raise for Mocapay

Denver, -PIN Payments News Blog- Mocapay, a leader in mobile gift, loyalty, and marketing, is proud to announce today that they have closed $3.0 million in funding from Spartan Mobile, Lacuna and other investors.



“We are very excited to have Spartan Mobile as the lead investor in this round and we look forward to their active role in helping to guide the Company,” said Kevin Grieve, CEO of Mocapay. “To close a funding round in this economic environment is a testament to the momentum of our business and the viability of our business strategy. We continue to see market interest in our mobile commerce services and our ability to support a new-to-market mobile payments and marketing product.”



Currently, Mocapay provides merchants’ the capability to mobile-enable their gift and loyalty programs which allows consumers to transact at the point-of-sale, access their account balance and transaction history, find the nearest merchant location accepting mobile gift and loyalty, and reload their gift account, all from their mobile phone.



In addition, Mocapay customers can take advantage of the Gift-A-Friend application, which enables consumers to send mobile gift accounts to their friends and family directly to their mobile phone from the Mocapay website (www.mocapay.com ).



Proceeds from the funding will go towards supporting new customer implementations, expanding business development efforts, and developing additional enhancements to the mobile commerce platform, for both payments and marketing services.



“We look forward to the opportunity to help Mocapay grow and establish themselves as the leader in the mobile payments and marketing space,” says Chris Martin, investment manager of Spartan Mobile. “We see the tremendous value and potential of Mocapay, as they continue to expand their footprint among merchants’ gift, loyalty, and marketing programs.”



About Mocapay (www.mocapay.com )



Mocapay provides the only mobile commerce platform that supports integrated mobile payments, marketing and distribution at point-of-sale. Mocapay delivers unequaled direct marketing opportunities and customer loyalty to merchants while providing consumers with the unprecedented ability to transact simply and securely with their mobile device and receive real-time promotions from their favorite retailers.



About Spartan Mobile



Spartan Mobile is an investment fund out of Dallas, TX that has invested in the mobile space since 2005, specializing in mobile marketing, information and promotions. Spartan, backed by the Headington Group, provides capital, manpower, and takes an active role in helping to guide its companies to continued success.



About Lacuna (www.lacuna.com )



The Lacuna Venture Fund is a pioneer in the concept of Gap Capital, which helps early-stage companies negotiate the gap between product innovation and marketplace adoption. The company provides financial capital and go-to-market expertise to accelerate the success of promising entrepreneurial companies.



Source: Company press release.

CNN on Cybercrime

CNN Money.com had a great article on Cybercrime last Thursday. Did you know that the number of NEW Web Security Threats Tripled this year?



Yup...we are now looking at a mere 1.7 Million Threats. Let me put that in perspective for you...



If I were to do a unique post on each threat...assuming each post took 30 minutes...and assuming I worked 12 hours a day...7 days a week for 365 days a year...it would take me a mere 194 years before I was done. (that would be me...pictured on the right...years before completion)



Put another way, if I actually had started this project on September 17th, 1815, I still would not be finished. (What's that? Oh...you are correct...I would've been done on September 17th 1815...considering the number of Web threats I would have needed to post about back then, but you get my drift)



So don't be looking for me to even start...not gonna duet..not even one. After all, it''s a hellava lot easier to surmise all 1.7 million threats with just one post, in "three simple words"...

"Don't Type...Swipe!

Here are a couple of excerpts...starting with a basic warning. By the way, I wish the media would start calling "Enter" "Type"! Don't Enter...Swipe! doesn't rhyme...

"Cybercriminals can see what you enter (type) on your screen
and steal your credit card information or bank account information."

Cybercrime: A (not so) secret underground economy

Cybercriminals are making a killing off of stolen identities, creating their own market for  buying and selling credit card and bank account information on the cheap.

Cybercrime has become a rapidly growing underground business built by savvy criminals, who buy and sell valuable stolen financial information from millions of unsuspecting Internet users every year in an on online black market.

"Most cybercriminals are very, very interested in financial gain by compromising customer accounts," said FBI special agent Austin Berglas, who supervises the Bureau's New York Internet crimes squad. "Believe it or not, there are people who fall victim to their scams, and we see it every day."

Because cybercriminals are so skilled at hacking into thousands of computers every day, the crime is potentially a billion-dollar business. If every stolen credit card and bank account had been wiped clean last year, that would have netted cybercriminals some $8 billion, according to data from Symantec, maker of the Norton antivirus software.

As a result of the lucrative payout, more and more online criminals are entering the game. In fact, the number of new Internet security threats rose nearly three-fold last year to 1.7 million.



Those cyber attacks mostly come from malware, or malicious software, that hands control of your computer, and anything on it or entered into it, over to the bad guys without you even knowing it. The most common forms of malware include keystroke logging, spyware, viruses, worms and Trojan horses.

"Credit cards and bank account information made up 51% of the goods advertised on the underground economy last year, up from 38% in 2007. Credit cards are most popular because they're the cheapest stolen commodity."



Security software also helps, but it far from solves the problem. To avoid detection, many cybercriminals will send out just a handful of viruses before modifying the code and sending it out again.


"The truth is that 'fingerprint' security technology is no longer effective," said Rowan Trollope, senior vice president of product development at Symantec. "The bad guys figured out how to get around our technology."

Editor's Side Note: Speaking of device fingerprinting, Avivah Litan, a Gartner VP and analyst who focuses on financial fraud...said "the technology has limits...it's not foolproof at all," "If a cyber criminal takes over your browser, it won't work." 



And for those of you who may believe that I've been blowing this out of proportion (the fact that the web is not safe for financial transactions unless done "outside the browser space" and "instantaneously encrypted) " I've got three things to say to you.  "Don't Type"...Swipe.  (or if you are a member of the media) "Do Not Enter!" 

I assure you I'm not blowing this out of proportion.  I'm coming from help here.  In fact, I'd give the "shirt off my back" to help people comprehend just how unsafe it is to enter/type card numbers into a box on a merchant's checkout...  

What size would you like?

Related articles by Zemanta

• Cybercrime: A secret underground economy (money.cnn.com)


• How Much Is Your Online Identity Worth? (yro.slashdot.org)

Winnipeg Party Animals Spend $900k in Credit Card Scams

They "Party Too Hard"... Now They are a "Party To HardTime"



This is not your everyday credit card scamming gang.  Out of the seven people arrested, four were women (girls) under 25.  They used the money to paint the town red (they jetted their friends into town, rented limo's, splurged on fine dining, drugs, alcohol, four star hotels, big screen TV's, electronics, etc.) and their spending spree (frenzy) lasted less than a month. 



The amount of money they spent in 28 days totaled nearly $900,000 or almost $33k per day in partying.



Now the party's over and they are going to have a hard time with this particular hangover. 



I'm sure it will be an experience they will never forget.  I've heard of partying too hard, but now it's "party to hard-time"...hope they had fun.  Wonder if their lawyer said "Take two of these and call me in the morning?" 



From the Winnipeg Sun: 

Winnipeg police have identified four more suspects in a massive credit card scam that fleeced credit card companies of nearly $900,000 in a spending frenzy.  A total of seven people are facing 152 fraud-related charges in connection with a high-living crime spree that took place between June 18 and July 16.



On Friday, police announced the arrests of Jeremy Pete, 27, and Lauren Brooks, 24, both of British Columbia, and Winnipeg residents Bethany Granholm, 25, and Kayla Munroe, 22.  In July, police arrested accused ringleader Anthony White, 33, of Richmond B.C., Kaitlin Sadie Caissie, 24, of Burnaby, B.C., and Vancouver resident Jerry Allan Byron Grimson, 31.



The Winnipeg Police Service said the group used stolen and forged credit cards to pay for a lavish spending spree that included stays in high-end downtown hotels, limousines, fine dining and electronics purchases. Police said the suspects also bought airline tickets to fly friends in and out of Winnipeg for a night on the town.

winnipeg credit card scam, spending spree, Kaitlin Sadie Caissie, Anthony White, Lauren Brooks, Jeremy Pete, Behany Granholm, Kayla Munroe, Jerry Allan Byron Grimson

"Chat in the Middle" Phishing Attack

Online Banking just became even more dangerous than it already was with new phishing attack...

"Chat-in-the-Middle" Phishing Attack Attempts to Steal Consumers' Data via Bogus Live-Chat Support

by RSA FraudAction Research Lab on 9/16/2009 12:00:00 AM

Man in The Middle | Online Fraud, Fraudsters | Phishing

A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a "Chat-in-the-Middle" phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud. The phishing attack may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.



During the live chat session, the fraudster behind the attack presents himself as a representative of the bank's fraud department and attempts to dupe customers who are online into divulging sensitive information - such as answers to secret questions that are used for online customer authentication. This attack is currently targeting a single U.S.-based financial institution.

Upon detecting the attack RSA immediately informed the affected financial institution and commenced a standard phishing attack shut-down procedure through the RSA Anti-Fraud Command Center and its RSA FraudAction service. (RSA cannot identify this bank in order to protect its security and privacy.) The attack is hosted on a well-known fast flux network for "hire" from fraudster to fraudster, which hosts a wealth of malicious websites such as phishing attacks,

Trojans infection points, mule recruitment websites, and more.



The Design of the Attack

The phishing attack starts out as a normal phishing website that prompts customers for their usernames and passwords. Usually at this point, after providing access credentials, phishing victims are redirected either to the next page (or pages) of the phishing website or to the genuine bank website. However, this attack proceeds with a new, advanced technique for obtaining additional information on victims – instead of being redirected to the next page of the phishing kit or the genuine site, a fake live-chat support window appears launched by the fraudster as part of the attack .





Continue Reading 

Related articles by Zemanta

• New phishing attack chats up victims (macworld.com)


• New phishing season (tablix.org)

53% of German Companies Victim of Breach over Last 12 Months

PGP Corporation announced the results from The Ponemon Institute's third annual study on encryption usage in the enterprise - The 2009 Annual Study: German Enterprise Encryption Trends.



This year's study surveyed 490 IT and security practitioners, 27 percent of whom hold positions at managerial level or higher, and identifies the trends in enterprise encryption planning strategies, budgeting and spending, deployment methodologies and impact on data breach incidents.



The fundamental conclusion on the basis of study participants' responses is that data protection is a significant problem in Germany.

Fifty-three percent of all companies and organisations suffered at least one instance of data loss during the past twelve months, representing an increase of over 55 percent on the figure for 2008 (click graphic on left to enlarge)

Continue Reading at Help Net Security



Click Here to Download the Report

Ebay Pushes EU to Change Competition Laws

September 17, 2009

By the ZippyCart Shopping Carts Content Team



Ebay wants to grow their market share in the European Union and, in an effort to help improve the laws to help them sell online, they had 750,000 Ebay users sign a petition. The petition handed to the European Parliament urges the government to reform the laws to prevent companies from blocking online sales.

Companies like Ebay and Amazon really want to expand their business operations into the European market, but these laws are preventing them from selling many brands via their online ecommerce stores.

The law in question, which Ebay feels is unjust, allows luxury goods manufacturers to decide who they want to sell their products online. The petition Ebay submitted says manufacturers should not be able to "insist that Internet retailers must have an offline retail store before they can sell online".



Continue Reading

Splash and MoreMagic Solutions Offer Mobile Money Transfer in Sierra Leone

	Available for Zain and Africell Mobile Phones; First Mobile Money Service in Sierra Leone Freetown, Sierra Leone; Newton, MA, US, September 18, 2009 - PIN Payments News Blog: Splash Mobile Money Limited ("Splash"), a leading mobile payment system provider, and MoreMagic Solutions, a leading mobile transactions provider, announced today the availability of Sierra Leone’s first mobile money transfer system, enabled by MoreMagic Solutions industry-leading MWallet platform. Splash customers in Sierra Leone can now send money using just the mobile phone, quickly, easily, cheaply and without any requirement to have a bank account. Splash customers use the service by visiting a Splash agent location, including branches of GT Bank. Customers transfer money by completing a free registration, purchasing SplashCash™ and sending it by text to any Zain or Africell mobile phone. The recipient then exchanges the SplashCash™ for cash at any agent location. Agents are currently concentrated in Freetown, Bo, and Makeni, with many more locations due to open throughout Sierra Leone before the end of the year. "Splash promises to provide access to basic financial services to many Sierra Leoneans for the first time," said Ben Farren, Director of Splash. "Unbanked customers can now send money across the Country at the touch of a button." "In Sierra Leone, mobile phone customers often travel far from home to support their families, and managing salaries in a secure way can be a challenge," said Pankaj Gulati, chairman and CEO, MoreMagic Solutions. "MoreMagic Solutions is pleased to support Splash in delivering SplashCash™, a truly innovative way for customers to manage their household money using the mobile phone." Splash Launched in early 2008, Splash Mobile Money Limited, designs and delivers mobile payment solutions in West Africa. www.splash-cash.com MoreMagic Solutions With deployments in more than 50 countries worldwide, MoreMagic Solutions offers transaction platforms for mobile operators, financial institutions, content providers, and distributors, enabling consumers to purchase goods and services on demand using a mobile phone, POS, or web.  The MoreMagic Solutions high-throughput payment engine and pre-packaged applications enable revenue-generating services, including mobile recharge and mobile money transfer, both domestic and international; mobile banking; bill payment; and mobile commerce; with integration into diverse network environments, languages, and currencies. Through MoreMagic Solutions worldwide distribution, MNO-branded services are available for out-of-country customers, enabling communications with relatives back home, and increased usage on mobile networks worldwide. Contacts Ben Farron Splash benfarren@mac.com www.splash-cash.com Carol J. Meier MoreMagic Solutions cjmeier@moremagic.com www.moremagic.com