Wednesday, October 14, 2009

CHARGE Anywhere NFC Enabled by Nokia

South Plainfield, N.J., Oct. 13, 2009 -- CHARGE Anywhere® LLC, a leading provider of secure payment gateway and mobile payment solutions, and a Forum Nokia® member has enabled NFC (Near Field Communications) for credit and debit card processing on its PA DSS validated mobile payment software, CHARGE Anywhere v 2.0.0. Merchants with CHARGE Anywhere software can now accept payment from a NFC card with their mobile phones by simply tapping their customer's NFC enabled card against their Nokia phone!

Dr. Thami Smires, Chief Technology Officer at CHARGE Anywhere, will introduce the solution in a joint presentation with Nokia at the Electronic Transaction Association Strategic Leadership Forum in New York City on October 13, 2009. "With the completed integration and implementation of NFC card payment acceptance into our validated payment applications we have further enhanced the security and capability of mobile card processing for acquirers and merchants. With this technology a merchant can accept PayPass® and Paywave® NFC contactless card payments with their Nokia phone," said Dr. Smires.

"CHARGE Anywhere has distinguished itself by PA DSS validating and enabling mobile payments on a wide variety of innovative platforms: from BlackBerry®, Windows Mobile® and J2ME™ smart phones, POS terminals, Netbooks and PCs. This latest NFC implementation is a valuable addition to our technology portfolio giving merchants the choice to process any kind of payment, from any location, while utilizing PCI secure technology that is readily available," said Paul Sabella, President and CEO of CHARGE Anywhere.

CHARGE Anywhere's solutions are the winner of the 2009 Best of Interop - PCI Security Solution and 2009 ETA Technology Innovation Awards

About CHARGE Anywhere

CHARGE Anywhere is a leading provider of secure Point of Sale (POS) solutions and electronic payment services. Our proprietary Payment Card Industry (PCI) PA DSS Certified CHARGE Anywhere v2.0.0 Mobile Payment and POS software solution designed for QuickBooks®, Smartphones and e-commerce environments, and the Web Terminal Payment Solution - ensures PCI Level 1 compliance via ComsGate® Payment Gateway. CHARGE Anywhere offers business partners and customers the most secure and robust selection of industry specific and customized POS solutions and services, including; IP/Wireless Payment Gateway, POS software, Encryption and Data Security Services, Custom Card Issuance, and Merchant Billing Services. For more information contact them at www.chargeanywheredirect.com , or (800) 404 2014.

Source: Company press release.

MagTek MagneSafe Press Release

Seal Beach, Calif., Oct. 14, 2009 -- MagTek Inc., a global leader in secure electronic payment technology, today announced that its MagneSafe technology, the industry’s standard for Secure Card Reader Authenticators (SCRAs), meets and exceeds Visa’s recently published best practices for data field encryption, also referred to as "end-to-end encryption" and is the only technology to combine all five of the "emerging technologies" identified by PricewaterhouseCoopers (PWC) in its report to PCI entitled: Emerging Technology Research.

PWC conducted 150 interviews with payment community participants and ultimately identified the following 5 emerging technologies: The first was Dynamic Payment Card Data. The second, Magnetic Stripe Imaging was described as an "Innovative solution…used for fraud reduction." The third was End-to-End encryption. The fourth, Tokenization, was described by PWC as a "robust technology" …of substituting sensitive cardholder data with a unique, non-PCI relevant surrogate value." And fifth, Virtual terminals: an "online service that allows merchants to accept payment cards without a dedicated hardware terminal or point of sale system."

MagTek’s MagneSafe is the only technology solution, which combines the best of all the noteworthy emerging technologies offering a complete solution not only to protect cardholder data, but also to stop the use of counterfeit cards.

The first of two powerful features of MagneSafe technology is strong encryption of magnetic stripe data for tracks 1, 2 and 3 using Triple DES encryption with DUKPT key management. This powerful encryption, based on open standards, along with its hassle-free yet highly secure key management process, protects cardholder data right from the moment of swipe such that the card data is never in the clear.

This encryption scheme and its process for key management removes all need for merchants to manage keys, and it meets all of the 14 requirements recently cited by Visa providing merchants with an easy to implement and cost-effective alternative to other more proprietary products.

The second and possibly more important feature is MagneSafe’s ability to use the existing magnetic stripe card, issued around the world, to generate Dynamic Payment Card Data with every swipe. This dynamic data is generated with no change to the card, the consumer and merchant’s use of the card, and fits neatly in an ISO 8583 message packet.

In its presentation, PricewaterhouseCoopers stated that Dynamic Payment Card Data "has potential to eliminate the need for PCI DSS."

By introducing dynamic data to the transaction, MagneSafe arms merchants and processors with the ultimate fraud-fighting tool. It is static data that is so valuable to the criminals attacking our payment systems and it is this data MagTek is working so hard to protect. Dynamic data removes the future redemption value of stolen information and eliminates the criminal’s incentive to steal it in the first place.

Furthermore, the dynamic data can be used to identify the authenticity of a card in real-time, thereby stopping sniffed or skimmed cards from being accepted. "We have delivered tens of thousands of MagneSafe SCRAs to leading merchants in need of PCI compliance", said Annmarie D. (Mimi) Hart President/CEO of MagTek, "but the heart of our work is consumer protection and fraud elimination. That’s the ultimate remedy. It will negate the need for compliance and give us back exceptional payment card security and convenience."

MagneSafe SCRAs are characterized by their ability to read and encrypt cardholder data at the earliest possible point, using industry standard algorithms and a distinct key per swipe, to mutually authenticate the reader and a legitimate host, to manage time bound sessions, to capture and transmit the dynamic digital identifiers of the card and the cardholder data, and to leave behind a unique token of the transaction. Look for the MagneSafe logo at the point of swipe. There is no stronger, more practical solution available today for consumer protection.

More information about MagTek’s SCRAs can be found by visiting: http://www.magtek.com/products/card_readers/magnesafe.asp .

About MagTek

Since 1972, MagTek has been a leading manufacturer of electronic devices and systems for the reliable issuance, reading, transmission and security of cards, checks, PINs and other identification documents. Leading with innovation and engineering excellence, MagTek is known for quality and dependability. Its products include secure card readers, check scanners, PIN Pads and distributed credential issuing systems. These products are used worldwide by financial institutions, retailers, hotels, law enforcement agencies and other organizations to provide secure and efficient electronic payment and identification transactions.

Today, MagTek continues to innovate with the development of a new generation of security centric products secured by MagneSafe™. By leveraging strong encryption, secure tokenization and real time authentication, MagneSafe products enable users to assess and validate the trustworthiness of credentials used for online identification, payment processing, and other high-value electronic transactions.

MagTek is based in Seal Beach, California and has sales offices throughout the United States, Europe, and Asia, with independent distributors in over 40 countries. For more information, please visit www.magtek.com .Source: Company press release

TowerGroup Acquired

ARLINGTON, Va.--(BUSINESS WIRE)--The Corporate Executive Board (NASDAQ: EXBD - News) today announced the acquisition of TowerGroup, a leading financial services industry research and advisory firm. The combined organization will deepen the Corporate Executive Board’s financial services footprint in several of its target domain areas – most notably in technology and sales and marketing.

“Our firm’s heritage springs from understanding the unique needs of sales and marketing executives in the financial services industry,” said Thomas L. Monahan III, Chairman and CEO of the Corporate Executive Board. “Combining two complementary product sets on a common business platform enhances our ability to cover a wider set of executive workflows and strengthens our ability to meet client needs.”

“The combined organization will provide a wealth of intellectual capital to operating executives within and serving the financial services industry,” said Karen T. Cone, departing CEO of TowerGroup. Bob Egan, Global Head of Research for TowerGroup, added, “We are excited to join the Corporate Executive Board and leverage its infrastructure along with our combined research methodologies, experience and market influence to serve the world’s top financial services companies.”

TowerGroup delivers an analyst-driven research model with in-depth expertise and first-hand experience to advise on the business and technological issues that impact the financial services industry. The firm was founded in 1993, is headquartered in Needham, Massachusetts and serves clients in the securities and investments, banking, payments and insurance financial business sectors.

About The Corporate Executive Board Company

The Corporate Executive Board drives faster, more effective decision making among the world’s leading executives and business professionals. As the premier, network-based knowledge resource, The Corporate Executive Board provides them with the authoritative and timely guidance needed to excel in their roles, take decisive action and improve company performance. Powered by an executive network that spans more than 50 countries and represents more than 80% of the world’s Fortune 500 companies, The Corporate Executive Board offers the unique research insights along with an integrated suite of exclusive tools and resources that enable the world’s most successful organizations to deliver superior business outcomes. For more information, visit www.exbd.com .

About TowerGroup

TowerGroup is the leading research and advisory services firm focused exclusively on the financial services industry. A respected source for trusted information and advice, TowerGroup brings many of the world’s leading financial institutions, technology companies, and professional services firms a deeper understanding of the business and technology issues impacting their organizations. Headquartered near Boston in Needham, Massachusetts, and with offices in North America and Europe, TowerGroup serves a global client base. Visit www.towergroup.com for more information.

Source: Company press release.

Transactiv Secures $1.2 Million Series A Investment

Cincinnati, Ohio, Oct. 14, 2009 -- Transactiv, an Ohio-based startup that is developing a new transactional platform for online commerce, today announced that it has closed a $1.2 million Series A round of financing with Blue Chip Venture Capital, CincyTech, Neyer Holdings, Queen City Angels, and supporting participation from Cincinnati's most prominent private investors. The capital will be used to fund the company's development of its next-generation commerce platform, intellectual property portfolio, and technology leadership.

"Transactiv is a highly innovative organization, poised for tremendous growth,"

said Stephen Boord, Managing Director, at Neyer Holdings. "Transactiv's

combination of ground-breaking technology, a highly experienced management team,

and its unique and compelling value proposition creates the opportunity for it

to be one of Cincinnati's most promising startups."

"We are pleased by this vote of confidence from our investors and share their

enthusiasm for building successful new technology startups in Ohio," said Karl

Perron, Transactiv President and Chief Executive Officer. "Our investors have an

impressive track record of funding the region's most successful companies, and

we look forward to joining their ranks when we launch our innovative platform in

2010."

About Transactiv

Transactiv is a new Cincinnati-based startup dedicated to enabling online

commerce for businesses of all sizes. Founded by a team of experienced

professionals from SAP, Microsoft, and i2, Transactiv addresses a fundamental

need in online commerce to effectively connect millions of products and

businesses online. For more information please visit www.transactiv.com .

Source: Company press release.

93% of Internet Users Shoud Ditch Online Banking

Looks like the Sun is starting to set on online banking...will it go completely dark? No...because HomeATM provides the light (weight) SLIM!

DON'T USE MICROSOFT WINDOWS for Internet banking, according to two security experts.

No biggie. How many people use Windows anyway? Let me check...Whoops! Biggie!

As of July 2009, Windows had approximately 93% of the market share of the client operating systems for usage on the Internet.

Source: Wikipedia

93%. So I guess it would be fair to translate the title into the following: Online Banking Dangerous for 93% of Internet Users. That fair? If so, then...as predicted...it's getting worse before it got better.

Let me forewarn you. The story by "The Inquirer" below targets Windows., but Windows isn't the real problem. The real problem is/are the online banking Trojans. Windows was targeted by the bad guys (and now the media) because they have a 93% market share.

At the end of the day...(see graphic above left) it is simply: "Cause and Effect and Affect and Infect."

The "Cause" is TYPING/Entering data on a keyboard.

The "Effect" is online banking Trojans (which steal what you type)

The "Affect" is the Windows Operating System

The "Infect" is PC's (almost 60% infected in U.S. - PandaLabs

Let's "Reflect" for a moment. If consumers were provided with the means to swipe vs. type we would eliminate the "cause" and the effect would be that consumers would be doing the swiping instead of the bad guys.

HomeATM has stated this case since day one. But...it's a new day and at least we've reached the point whereby there is an admission that there is a problem...even if it's only 93% of the marketplace that is affected.

Industry experts started warning us about two months ago that we need two separate machines for online banking...

"The best strategy to defend against Online Banking Trojans is to use separate machines for Web surfing and funds transfer" "Using Windows, it's too dangerous to do transactions on the same machine you do for Web surfing," he says. "You can't have any crossover between them." SecureWorks Joe Stewart, one of the world's foremost authorities on botnets and targeted attacks

Again, HomeATM was aware of that from day one. Which is why HomeATM created a separate machine for online banking...it's called the SLIM and it plugs into the USB port.

It's PCI 2.x Certified. It's TG-3 Certified. It uses existing bank rails. It uses existing cards. It uses existing PINs. It uses existing PC's.

It is impervious to malware, eliminates phishing and doesn't care which operating system you use, nor does it matter what browser you use.

Why? Because our SLIM authenticates the user "outside the browser" by having them Swipe their Card and Enter their PIN.

Sound familiar? Yup. Same way you access an ATM. So there would be no learning curve and a seamless transition. The only difference between ATM access and Online Banking Access is that it is done inside the safety and privacy of the consumer's "own home" instead of a public place.

Benefit? There is no threat from shoulder surfers, skimming devices or hidden camera's designed to record your PIN number. Again...

Editor's Advice: If the "only way to defend" against online Trojans is to use separate machines, I suppose banks could give away free computers in order to make consumers feel safe about online banking. Nah...I think giving away our Device is the better move.

Three Words, Don't Type, Swipe.
Three Issues (two are done) Bank Issues Card, Bank Issues PIN, Bank Issues Separate Machine (HomeATM SLIM)
Three Simple Steps (two are done for you)...Swipe, Encrypt, Transmit (via Internet not browser)

DON'T USE MICROSOFT WINDOWS for Internet banking,

according to two security experts.

Australia's Computer Crime Investigation Unit and the Washington Post have both warned against using Windows when accessing your bank account online. They say this is because cyber criminals build malware to attack Windows systems, which will simply fail to run on non-Windows computers.

Speaking on behalf of the New South Wales Government at the public hearing into cybercrime in Sydney, detective inspector Bruce van der Graaf urged listeners to avoid Microsoft Windows. "Use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly," he advised.

Writing at the Washington Post, Brian Krebs "Interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. They succeeded because the bad guys were able to plant malicious software that gave them complete control over the victim's Windows computer.

Krebs also advocates using a different operating system instead of Windows, and suggests using a Linux Live CD. He believes that most of the malware in circulation today is built to attack Windows and will simply not work when it tries to run on non-Windows computers.

Krebs also pointed out that banks often can't tell the difference between legitimate bank transactions and funds transfers from hijacked Windows PCs.

Audio Recordings of Card Numbers Stored by Call Centers

UK call centers putting customer card details at risk - survey

The overwhelming majority of UK contact centres are storing audio recordings of calls that contain customer credit card details - in direct breach of PCI DSS guidelines, according to a poll from Veritape.

The call recording vendor, which polled 133 contact center managers, says the centers are creating a vast reservoir of sensitive data that could be exploited by hackers.

More than nineteen in twenty of the centers which store recordings of transactional conversations with their customers do not delete or mask the credit card details.

Continue Reading at Finextra

Brussels Airlines Accepts Cash-Ticket as Payment Method

Belgium’s leading airline group Brussels Airlines and the online payment method provider paysafecard group have teamed up to offer travelers a safe and easy way to pay for their flights on the Internet. Using paysafcard’s online prepaid voucher “Cash-Ticket”, Brussels Airlines’ customers no longer have to give away credit card or bank account details to fly to a destination of their choice.

Belgium’s number one airline group enables its customers to purchase air tickets online without a credit or debit card

New customers will be won through prepaid voucher Cash-Ticket

London/Vienna 14th October 2009 – PIN Payments News Blog - Brussels Airlines, Belgium’s leading airline group, and online payment provider paysafecard group have teamed up to offer travelers a safe and easy way to pay for their flights on the Internet. Using the prepaid voucher Cash-Ticket, customers no longer have to give away credit card or bank account details to fly to a destination of their choice.

As a result of the partnership, everyone can now benefit from the airlines’ online offers. “By offering Cash-Ticket as an additional payment method, we are improving the service for our existing customers whilst reaching out to completely new target groups,” Rudy Maex, VP Channel Development & Service Delivery of Brussels Airlines, explains the benefits for his company and its customers.

According to Michael Mueller, CEO of paysafecard group, the implementation of the new payment method will help Brussels Airlines to reduce the number of customers who cancel their ticket order as soon as they have to enter credit card or bank account details online: “Statistics show that a high number of online shoppers ‘drop off’ at the merchants’ check-out pages before making a transaction”, he says. “Due to its safety and ease of use, Cash-Ticket helps reducing this number.”

The Cash-Ticket voucher can be purchased at about 50.000 outlets all over Europe and provides a 16 digit pin code. By simply entering the code on websites that accept Cash-Ticket as a payment method such as Brussels Airlines, customers can buy their goods quickly and securely within seconds. Users can also keep track of their balance and transactions online. The vouchers are available in denominations of € 10, € 20, € 50, € 100 and € 150 and up to ten Cash-Tickets can be used at once for larger payments, at a maximum of € 1.000 per payment.

Brussels Airlines, founded in 2006, offers flights to more than 120 destinations all over the world. By accepting Cash-Ticket as a payment method on their website www.brusselsairlines.com, the next business trip or holiday is now only a 16 digit pin code away.

About Cash-Ticket:

Cash-Ticket is the second product from paysafecard group. The prepaid voucher allows consumers to purchase flights, ticket orders and online-shopping without having to provide personal bank details. When paying at a web-shop all that is required is the 16 digit pin code. paysafecard group already operate in more than 20 countries worldwide with offices in Vienna, London and Buenos Aires. Founded in 2000, the company is one of the leading providers of alternative payment solutions and in March 2009 was awarded by Paybefore for being the ‘Best Prepaid Company Outside the USA’.

Press contact: Ludger Voetz| ludger@braun-pr.com| +44 20 7866 54 54

About Brussels Airlines:

Brussels Airlines is the Belgian airline that offers the widest choice of flights to and from its base in Brussels Airport. The group’s 3000 employees and 51 aircraft operate some 300 punctual flights daily, connecting the Capital of Europe to some 70 premium European and African airports.

On its European routes, operated with AVRO, Airbus A319 and Boeing 737, Brussels Airlines offers the choice of a genuine business class product (b.business), a flexible travel formula offering timesaving and comfort (b.flex economy+) and a low cost product (b.light economy). On medium- and long-haul flights, the airline operates traditional business or economy class.

In addition to 20 destinations on the African continent, Brussels Airlines and its intercontinental partners also offer long-haul service to the United Arab Emirates, China, Thailand, India, Toronto and 33 North American destinations via New York or Chicago.

Brussels Airlines is owned by SN Airholding and is backed up by more than 80 years of aviation experience in Belgium. On September 15th 2008, Lufthansa Group announced an equity investment in the Belgian airline. On December 11th 2008, Brussels Airlines received an official invitation to join Star Alliance.

Press contact: Brussels Airlines Corporate Communication Department| +32 2 723 84 00

Lloyd Constantine's Book Party for "Priceless" October 20th

The New York Post's Cindy Adams writes about Lloyd Constantine, whose book party for "Priceless: The Case That Brought Down the Visa/MasterCard Bank Cartel." is October 20th.

Tuesday, October 20 at 6:30 PM

Talk/Signing at Barnes and Noble

555 12th Street NW

Washington, DC 20004

Contact: Angela Corpus

202-347-0176

Lloyd Constantine, in whose office young law school grad Eliot Spitzer interned and who became mentor/ adviser/consigliere throughout the man's historic leap into and out of New York's governorship, has a book party tonight. His vivisection of Spitzer's downfall comes out shortly. The one he's partying tonight, also about a downfall, is "Priceless: The Case That Brought Down the Visa/MasterCard Bank Cartel." It's also the landmark class action suit his law firm won, which made him personally such a bunch of millions that he need never never ever work again.

"This seminal Visa/Mastercard case was a David and Goliath battle, and this country's largest antitrust case ever," he told me. "Competition is the heart of America, and our win protected America's economic system by ending a giant anti-consumer conspiracy.

"In 2003 dollars, the settlement was $3.4 billion. The court estimated in 10 years alone this would save stores and shoppers $87 billion." Full Article

News on the book

Priceless: The Case That Brought Down The Visa/MasterCard Bank Cartel

In Priceless, author and lead counsel Lloyd Constantine relates the dramatic account of backroom strategizing and courtroom conniving during the high-stakes litigation. Constantine, who led the team representing the plaintiffs, vividly describes how the case pitted retailers against credit card companies, and pries the lid off dodgy debit card practices. The plaintiffs, including Wal-Mart, Sears Roebuck, The Limited, Safeway, and a class of five million stores, pitted their financial futures against Visa and Mastercard in this war between giants.

In the vein of breakout bestsellers like A Civil Action and A Confederacy of Fools, this fast-paced narrative, peppered with larger-than-life characters, tears open the case and shows readers how the more than $3-billion-dollar settlement came about. The riveting story features cameos by lawyers, judges, and businessmen, including then University of Arkansas law professor Bill Clinton and New York Attorney General Eliot Spitzer. The triumph is also a David and Goliath tale, in which a small boutique law firm beats four of the largest law firms in the world, including London-based law firm Clifford Chance.

What they're saying about Priceless...

"Constantine's brilliant but easy to read book is a David and Goliath story about his own career and the seminal Visa/MasterCard case that broke the back of a giant anticonsumer conspiracy and that reaffirmed the core pro-competition concept that lies at the heart of America and its economic system. Priceless is the story of Lloyd Constantine's grit, determination, courage, and commitment to do battle against seemingly insurmountable odds on behalf of the fundamental American concept of a free enterprise system."

–Robert Abrams, Former Attorney General of New York

* * * "At a time when class actions and plaintiffs' attorneys are under attack, this book is an essential corrective. It demonstrates that private enforcement can work-but only when dedicated counsel are willing to bet their careers on a David-versus-Goliath battle with the industry. Lloyd Constantine and his colleagues broke a cartel that robbed consumers and restrained competition-and did it with virtually no help from the Government. But they almost lost on many occasions. Big case litigation is a marathon, not a sprint, and this behind-the-scenes account paints a provocative picture of the tactics-fair and foul-that defendants can use to crush their opponents. Credit must also go to the judges, including John Gleeson and Sonia Sotomayor, who kept this class action alive in the face of endless attempts to derail it. Many will not like how they are portrayed in this "tell-all" account that is opinionated, acerbic, and pulls no punches. But, much like A Civil Action, it provides a blunt, 'warts and all,' unflattering perspective on the real world of mega-litigation."

–John Coffee, Adolf A. Berle Professor of Law, Columbia University Law School

* * * "Priceless lifts 'crusading lawyer' from the dustbin of clichés and gives the term new meaning. Lloyd Constantine tells the story of the nation's largest (by far) antitrust case with candor, clarity, and wit. Every consumer with a debit card should be grateful to him for the outcome, and every consumer advocate should read Priceless for its many reminders of how things really work."

–Nick Taylor, Award-winning Author of American Made: The Enduring Legacy of the WPA: When FDR Put the Nation to Work

* * *

"Aspiring litigators, fans of Court TV and everyone holding a VISA or MasterCard will be fascinated by this candid, often bare-knuckled account of one of the largest antitrust cases in recent years."

–ShelfTalker

* * * "Lloyd Constantine represented Wal-Mart, the Limited, Sears and others in a federal antitrust lawsuit against VISA and MasterCard filed in 1996. Dubbed the Merchants' Case for short (the matter evolved into a class action involving five million merchants), it alleged that VISA and MasterCard, a joint venture owned by U.S. banks, 'operated as a bank cartel that had monopoly power in the credit card market . . . [and] used their monopoly power to dominate the newer debit card market.' Constantine's highly informative book covers the long, tumultuous history of that landmark case with passion.

"Constantine starts with the nitty-gritty, discussing a decisive event for initiating the lawsuit. When Wal-Mart discovered it had no negotiating room with VISA and MasterCard, it was not happy that its status as the Biggest Customer cut no bargaining ice and went in search of legal counsel. Constantine, with experience in lawsuits against VISA and MasterCard for related collusive practices, developed an elegant strategy for the case and was hired. As he makes clear, once you land the clients, then you hunker down to the daily legal grind to win the case–in this instance, defending 350 depositions, analyzing 54 expert reports and attending so many hearings that judges become more familiar to you than your own family.

"Constantine is especially adept at showing that factors beyond anybody's control affect the way a case plays out. Assembled in one courtroom are a huge number of very-big egos; various parties with vastly different goals; judges making sometimes curious rulings; and expert witnesses introducing odd spins into the case. With so many unpredictable players and so much at stake, anything can happen. One moment of high drama occurs when a witness for the defense blurts out an unexpected piece of information that supports the plaintiff's claim of collusion and signals the judge that central facts have been purposely misrepresented to the court. Another bombshell drops when an expert witness admits that he didn't write the report he signed and, in fact, disagrees with many of the assertions made in it.

"As soon as a jury is seated in 2003, another surprise happens: the parties settle the case. Constantine's team prevailed in most of its claims; the settlement agreement broke up the cartel, committed a $3.05 billion cash payment to merchants and required redesign of debit and credit cards. Yet Constantine is frank about what he hoped for but didn't get. And in his eloquent argument on the importance of antitrust law, it turns out it's not always about the money."

–John McFarland

Patch Tuesday is Microsoft's Biggest Ever

Thirteen security bulletins address 34 vulnerabilities -- 22 of them critical

Oct 13, 2009 | 05:38 PM By Tim Wilson

DarkReading

Microsoft today put security professionals on overtime with its largest-ever release of security patches -- 13 new updates that address some 34 vulnerabilities in Windows applications.

In its October security bulletin, Microsoft disclosed 22 critical vulnerabilities and 12 that were rated less threatening. The previous record was 31, which was set in June, researchers said.

http://technet.microsoft.com/en-us/security/bb986181.aspx

Tuesday, October 13, 2009

FBI Director Swears Off Online Banking after Nearly Getting Phried

You Can Fool Some of the People Some of the Time...but the FBI Director?

In an article from eWeek, FBI Director Robert Mueller states he has "given up"...in fact, "sworn off" online banking after nearly falling victim to a phishing attack.

I counter with this: Phishing remains an extensive threat, but even if you were to throw that threat out of the window, the real bad-boys here are online banking Trojans. Especially ones like Zeus and Clampi which bypass up-to-date anti-virus programs and sit in the wings waiting for you to visit one of 4500 financial institution website's where they kick into gear, steal your online banking authentication credentials, steal money and, in the case of the Trojan urlZone, change online banking statements to reflect your money is still in the bank. Now that's scary!

Question: When the FBI director "swears off" online banking, it's not exactly a ringing endorsement for the security being provided by the online banking industry, is it?

Thank goodness there's a better way. HomeATM Eliminates Phishing by Eliminating Typing. What's there to phish for if there's no phish to see? We create an empty net by encrypting the data inside the box. Same with online banking Trojans. If there's no data to mine, what good would data-mining do? Swipe, Encrypt, Transmit.

FBI Director Nearly Hooked in Phishing Scam, Swears Off Online Banking

In a speech in San Francisco, FBI Director Robert Mueller confessed he has given up online banking after nearly falling victim to a phishing attack. His remarks came the same day authorities in Egypt and the U.S. charged 100 people in an international phishing ring that was targeting American banks.

FBI Director Robert Mueller has apparently sworn off online banking after nearly falling victim to a phishing attack.

During a speech Oct. 7 at the Commonwealth Club of California in San Francisco, Mueller recounted being “just a few clicks away from falling into a classic Internet phishing scheme.”

A transcript of the speech is posted here. In it, Mueller notes that the phishing e-mail that almost tricked him looked “pretty legitimate.”

"They had mimicked the e-mails that the bank would ordinarily send out to its customers; they'd mimicked them very well,” he said.

Continue Reading a eWeek

Looks Like Visa/MC Will Win the Interchange Fight...

In a Reuter's article Juan Lagoria connects the dots and says the writing on the wall favors Visa and MasterCard when it comes to legislating for the merchants and against them.

"Interchange is really a business-to-business issue rather than a consumer issue" wrote one analyst. One Republican Representative said "interchange is a cost of doing business."

I have to agree. Keep the legislators out of this one. It's not their issue. (yes, as always, the pun is intended) This is between V/MC and the Retailers....not the consumers. Here's a couple excerpts:

By Juan Lagorio - Analysis NEW YORK (Reuters) - U.S. lawmakers rushed to limit credit card fees and interest rates on behalf of consumers a few months ago, but merchants may not be that lucky. Earlier this year, when Congress passed a law limiting increases in credit card fees and interest rates to consumers, merchants initiated a campaign to curb the fees that retailers such as supermarkets and convenience stores pay to banks every time a customer uses a credit card, called interchange fees.

Two initiatives are being discussed in Congress to limit interchange fees, which are set by credit card networks Visa Inc (V.N) and MasterCard Inc (MA.N), but are collected from retailers by credit card issuers such as Citigroup Inc (C.N) or Bank of America Corp (BAC.N).

But the proposals could founder as legislators' attention is divided among healthcare, regulatory reform and other priorities. Doubts about the proposed legislation's benefit to consumers could also torpedo the plan.

Merchants contend the fees, which range from about 1.6 percent to 2.5 percent, unfairly cut into their margins and drive up prices for consumers. Financial services companies argue that the payments system is based on a pricing system that benefits businesses and their customers. Banks also said that in Australia, where interchange fees were limited a few years ago, consumers did not benefit and credit card fees rose.

Both groups have been lobbying intensively in recent months, but most observers believe the credit card companies have the upper hand. Representative Jeb Hensarling, a Republican from Texas whose views are considered typical of Republicans' thinking on the issue, dismissed the interchange fee issue as "the cost of doing business."

The discussion in Congress points to the conclusion that "interchange is really a business-to-business issue (between merchants and banks) rather than a consumer issue (making broad political support difficult)," UBS analysts wrote.

Continued...

Visa Updates 3DES Requirements for POS and Kiosks

Visa hosted a webinar to clarify its PIN pad data encryption policy on Sept 9 led by Ross Snailer and Stoddard Lambertson of Visa's Payment Risk team, NACS reported.

According to Visa, all attended POS and kiosks must be Triple DES (TDES) (known on this blog as 3DES) compliant by July 1, 2010, but that fines to acquirers would not occur until Aug. 1, 2012. See: 3DES, DUKPT & E2EE Explained | PIN Debit Payments Blog
This announcement provides retailers more time to adapt to the TDES POS mandates. Still, if retailers want to continue accepting PIN debit inside, they still must upgrade POS terminals, and the sooner they get started, the better.  

"If a retailer was looking for the 'drop dead' date for upgrading POS to TDES, Aug. 2012 is it -but I recommend taking a sooner, rather than later approach," said Michael Davis, NACS vice president of member services. "The popularity of PIN debit with consumers looking to protect their data and get away from living on credit makes upgrading POS a no-brainer. It's usually less than $500 per POS to serve this consumer segment".    (I know where they can get it for a lot less!)

In addition, Visa reiterated that fuel dispenser terminal PIN pads will not have to be TDES compliant by the July 2010 date, but must be at least Single DES (SDES) Derived Unique Key per Transaction (DUKPT) by that date.

Additionally, Visa stated that there is no "lights on" mandated date for TDES beyond the July 2010 date for SDES DUKPT or TDES, but noted that retailers would be liable for any breach related to using non-TDES technology after this date.

Visa will be monitoring the deployment of TDES during the next few quarters before it sets a TDES-only date.   

"This is huge for our retailers, as many have expressed their inability to financially swallow PCI compliance, which costs an average location $20,000, and upgrading dispensers to TDES at an average cost of $3,000 per dispenser," Davis said. "Our average site operator made $40,000 pre-tax last year. For them to invest in all mandates this year means operating at break-even. This allows retailers to take the more cost effective approach of installing TDES capable PIN pads during pump upgrade cycles, rather than a blitz."   

According to NACS surveys of retailers, many retailers were planning to shut off PIN debit at the fuel island and process debit transactions as "signature" debit transactions if forced to choose between upgrading or not.  

"Our analysis of card costs has shown that signature debit, while much less secure for our customers, is now the same cost as PIN debit; but without the cost of having to upgrade PIN pads", said Gray Taylor, payments consultant to NACS. "We are concerned that PIN debit interchange - which has risen an average of 15% on a compounded basis since 1996 - will price itself out of our market, and shift significant transaction share to Visa and MasterCard while eliminating access to new payment card concepts that bring competition to the card payment market. Of course, if the latest Maestro PIN debit interchange hike (78%) is any indication, EFT networks will price themselves out of our market without the TDES mandate."  

Beginning early this decade, Visa has published data security standards in order for PIN pad manufacturers to design and manufacture PIN pads with at least a minimum standard of security. The requirements for these standards have evolved to where Visa will be certifying PIN pads in the future for operation on all Visa networks (VisaNet and Interlink). 

Visa noted that globally, standards bodies no longer recognize older PIN entry encryption standards such as Master/Session and, more recently, single DES (SDES) as sufficiently secure. Global bodies such as the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI) have adopted triple DES (TDES) pin pads as the new data standard.

SOURCE: NACS

Credit card fraud to cost UAE banks $54 mln

Oct 12, 2009 at 23:22

Fears $545 mln UAE credit card debt now toxic

DUBAI - Credit card fraud in the UAE is expected to cost banks $54 million this year, a rise of 20 percent over the previous year, local daily Emirates Business reported citing Abu Dhabi-based financial services firm, Dunia Finance, on Tuesday.

The increase in fraud is mainly due to economic crisis, the newspaper said.

“As far as the UAE is concerned, we've been observing a year-on-year loss of $45 million and because of crisis it is expected to increase by 20 per cent,” Asanka Amarasekara, head of fraud control at Dunia Finance, told the newspaper.

The trend is similar in other Gulf countries because of the presence of a large number of expatriate workers, he added.

Banks in the UAE have been hit by a wave of corporate and personal loan defaults as many businesses have gone bust and individuals have lost jobs.

Schneider Foreign Exchange selects SMA Financial’s Service Bureau for outsourced SWIFT connectivity

London, Oct. 13, 2009 – SMA Financial (www.sma.co.uk ), SWIFT Regional partner for UK, Eire, Channel Islands and the Nordics today announced that Schneider Foreign Exchange (SFE), the leading foreign exchange broker has outsourced SWIFT connectivity to SMA Financial’s Service Bureau. The project will enable SFE to streamline its transaction lifecycle, increase straight-through processing (STP) and lower operational risk.

The broker had seen SWIFT becoming more accessible to corporates and set out to research the potential benefits from connecting to the ultra-secure and resilient network. Neil Burns, Director, Schneider Foreign Exchange explained, “An endorsement of SMA Financial by SFE’s main banking relationship provider Barclays reinforced our own findings that SMA’s expertise in outsourced SWIFT connectivity and proven Service Bureau was the best option. SMA’s approach from day one has been open and transparent and we anticipate the Bureau will enable us to minimise the number of exceptions that occur, reduce investigation time and help mitigate our operational risk.”

SFE services a predominantly UK customer base and has a number of different banking relationships each of which required the broker to logon to separate ebanking platforms to make payments and check balances. Any queries had to be addressed to the relevant relationship manager which could be time consuming. The payment lifecycle from initiation to confirmation and settlement was a highly manual process and thus well suited to an automation project.

SFE is currently testing connectivity to its first banking relationship provider via SWIFT. Other banks will then be connected to the Bureau in turn. This will allow SFE to initiate a payment from its back office system which is sent to the SMA Service Bureau where the message is automatically formatted for transmission over the SWIFT network and transmitted to the relevant bank. Confirmations are received back via the Bureau and these can be sent to clients in real-time if required to confirm that the transaction has taken place thus enhancing the service SFE provides.

Burns concluded, “By outsourcing SWIFT connectivity to the SMA Service Bureau we will shield ourselves from any complexity, and minimise the on-going maintenance, typically associated with SWIFT. Additionally, we can ensure that internal IT resources are kept fully focused on supporting our core business.”

Simon Murby, Managing Director, SMA Financial said, “Working with a specialist SWIFT partner allows corporates such as SFE to benefit from the full range of SWIFT services. With its own SWIFT connection, the broker has enhanced its ability to provide efficient services to larger corporate clients that are not already SWIFT enabled.”

About SMA Financial

Founded in 1995, SMA Financial has established its leadership as a source of specialist knowledge and expertise in the financial services industry providing SWIFT services, product and support. SMA Financial is the SWIFT Regional Partner for UK, Ireland, Channel Islands and the Nordics. It is the most extensively SWIFT accredited partner with over 300 successful implementations with banks, corporates and other financial institutions including more than 100 active SWIFT Service Bureau users. The company provides SWIFT Service Bureau, AML and SystemCare solutions as well as experienced consultancy services. For further information please visit www.sma.co.uk

About Schneider Foreign Exchange Limited (SFE)

Founded in November 2006, SFE has established itself as one of the premier commercial and deliverable foreign exchange providers in UK. With a currency turnover of GBP equivalent 2.8 billion per annum (and growing) SFE's client-base ranges from SMEs to FTSE-listed companies. SFE works with several broking and banking counterparties and can offer diverse services by trading 'Same Day', 'Next Day', 'Spot' and up to '2 years Forward'. SFE is developing joint-venture relationships with Introducers and Dynamic Currency Conversion (DCC) providers and is launching its state-of-the-art multi-broker trading platform in November. For further information please visit www.schneiderfx.com "

Source: Company press release.

More Banks Go with Authentication Devices

Georgian banks to deploy online banking authentication products from Todos

Tuesday 13 October 2009

Todos brings advanced trust and security to Georgia’s banks

Two Georgian banks - TBC Bank and BTA Bank - have selected Todos to provide eBanking authentication devices and back-end servers to improve security, usability and trust for their online customers.

GÖTEBORG, SWEDEN AND T’BILISI, GEORGIA - OCTOBER 13, 2009 - Todos continues its mission to make online banking more secure and more trustworthy with two sales in Georgia. Both banks selected Todos because it offered high levels of security, flexibility, future-proofing and lower costs with the benefit of local support.

Georgia is a country on the Eastern shore of the Black Sea. It has a population of 4.6m with an economy that has been growing fast and liberalising quickly. In 2007, GDP grew by 12 percent and the World Bank called the country the “number one economic reformer in the world.” Services now account for 65 percent of economic output.

TBC Bank (http://www.tbcbank.ge) had been using a competitor’s system but swapped to Todos, buying the company’s ezToken device. The token’s lower total cost of ownership was a significant factor. Not only was it cheaper to buy in the first place but the longer battery life means fewer replacements over time.

BTA Bank (http://www.bta.ge) also chose the ezToken over rival devices for most users but also selected the enhanced ezToken PIN. The Todos VAS Server’s ability to support different devices and multiple devices per user means that BTA can deploy both and give its customers an upgrade path if they require additional security.

In both cases, the presence of local partner NGT to provide support, consulting and integration was important.

“We’re very excited about these deals and what they represent. Smaller countries and growing banks have a huge opportunity in today’s digital market,” says Bo Emanuelsson, Sales Director EMEA at Todos AB. “Quite simply, they can move faster than their larger competitors. Here we see two important banks in a fast-moving national economy choose trust, security and progress.”

For further information please contact:

John Ahlberg, Communications Director

Todos AB

john.ahlberg@todos.se

http://www.todos.se

+46 31 775 88 00

Consumers DO WANT Security over Convenience...How About Both?

James Van Dyke, the founder and principal of Javelin Strategy and Research wrote a "Perspective" for Bank Technology News which essentially states that consumers are looking to their financial institutions for advice on how to better authenticate themselves.

I have an idea. Instead of giving away $35 to try online bill pay, save $10.00 and give away our SLIM in order to provide online banking customers with the same security entrusted to dispense cash at ATM's. Swipe Card, Enter PIN.

We 100% replicate the process used by consumers to access cash in real-time at an ATM...EXCEPT...since it's done in the privacy of your own home, there's little threat from a skimmer or hidden camera recording your PIN entry.

I honestly believe that consumers would run towards a bank offering this type of online banking authentication faster than those non-star belly Sneetches ran to Sylvester McMonkey's STAR inscription device. Besides, I find it immensely more convenient to swipe my card and enter my PIN than enter a username, password, answer a question and then put in a code I have a hard time reading anyway...

Perspectives

Consumers Do Want to Be Partners in Security

Bank Technology News | October 2009

While many bankers and technology professionals profess a belief that individuals can't be motivated to protect themselves, new Javelin research shows that more than eight in 10 online bankers view security as a shared responsibility.

Nearly four in 10 consumers turn off paper statements out of concern that someone will steal their personal information, indicating that customer-empowerment strategies go hand-in-hand with the sense of shared-responsibility necessary to fight crimes that harm both consumers and companies. This, and myriad other data, disproves the theory that consumers need to feel the pain of financial loss in order to monitor their accounts against fraud and shows that consumers are willing to mitigate against fraud.

More evidence: Even when presented with zero-liability protection, consumers continued to express interest in partnering with financial institutions on additional security methods. When surveyed, consumers that most strongly preferred zero-liability protection had an even higher interest in additional authentication security capabilities, many of which would reduce consumer convenience. By analyzing rigorous data comparing latest behaviors and preferences toward banking security and technologies with nationwide trends on actual fraud patterns, we are able to identify steps bankers can take to not only cut losses but strengthen profitable customer relationships.

Specific methods for creating the shared account security responsibility preferred by consumers include better authentication, alerts, user-defined limits and prohibitions (UDLAPs), extended validation SSL, and discounted third party services such as PC protection software, credit monitoring and fraud prevention services.

Partnering with consumers on security decreases the length of time fraud can take place and therefore lowers the mean dollar value of the fraud losses for consumer and the total expenses for all parties involved. A study partially sponsored by Intersections, Inc. and Wells Fargo Bank found that banks and merchants absorb the great majority of financial losses in the average $4,840 case of identity fraud, yet consumers are now spending 30 hours resolving such crimes with nearly $500 in out-of-pocket expense. Friendly frauds are even worse, requiring 50 hours for resolution compared with the average of 30 hours, and double the average consumer costs. Given this, and with half of fraudulent activity first detected by consumers, consumers' willingness to get involved is in both parties' bottom-line interest.

Safety not only prevents fraud losses, it also creates more profitable relationships. When consumers are either selecting a new credit card company or one of the several existing payment cards for their next transaction, current Javelin research shows they rank security against identity fraud as their paramount concern, overtaking interest rates, rewards, customer service, and other costly offerings. Increased security and privacy protection also make a consumer spend more online; and credit cards that are perceived as more secure will generate more transaction income for the issuer as well.

Finally, banks' bottomline interest in security partnership may also be enhanced with revenue opportunities. Consumers are already participating in identity theft programs outside financial institutions. Over half of consumers use anti-virus protection, eliminating or at least cutting down on malware infections; and one in four subscribes to services that offer credit monitoring, fraud alerts, and transaction alerts. Consumers that shop online go to great lengths to feel safe while doing so. More than eight in ten consumers use firewalls, update their antivirus software regularly, and monitor their bank accounts more often, even though these activities require additional efforts. Since consumers are often paying for protection services elsewhere, why shouldn't banks sell bank-branded versions of white-label products?

Identity crimes uniquely target both identity-holding consumers and the companies that serve them, and therefore all parties will be most effective when working together for the prevention, detection, and resolution of a crime that totaled some $48 billion in 2008 in the United States alone. While the financial industry has excelled in behind-the-scenes fraud mitigation solutions and after-the-fact customer fraud resolution capabilities, Javelin sees an opportunity for banks and card issuers to build on the important zero liability guarantees from the card industry while providing additional security options to safeguard consumer accounts against emerging threats. Even the largest U.S. credit card issuers have many opportunities to strengthen customer-partnered prevention and detection capabilities.

With consumers seeking greater participation in their security, banks, issuers, merchants, and vendors can take advantage of the tremendous growth opportunities in the financial security sector. Security professionals can improve their ability to fund strategic investments in customer-partnered security methods, using factual research data to bolster business cases with benefits such as increased customer acquisition, cross-selling, loyalty, and increased preference at point-of purchase.

James Van Dyke is founder and principal of Javelin Strategy & Research.