Frontier Airlines Blames Credit Card Processor for Bankruptcy Filing

The Airline Industry, thanks to First Data may now consider HomeATM's PIN Based Platform as their primary payment choice

HomeATM recently signed a deal with Universal Air Travel Plan (UATP) and if anyone was wondering why the Airline Industry is interested in HomeATM's platform, you need to look no further than this mornings announcement that Frontier filed for Chapter 11.

Many will blame the high cost of gasoline, but in fact, the majority of the blame (according to Frontier themselves) is their credit card processor, First Data.

Follow this link to read the letter sent by Frontier's CEO, Sean Menke to it's employees in it's entirety. Otherwise, here's a pertinent excerpt of that letter:

This week, I was notified by our credit card processor that, as of Friday, April 11, due to "current economic conditions, the rise in fuel costs and the other bankruptcies around the industry," they intended to start withholding 50 percent of the credit card funds received from the sale of Frontier tickets.

If they went ahead and did this, tens of millions of dollars owed to us by our customers would have been withheld by the credit card processor, First Data. This would have drained our available cash almost immediately and would have made it impossible for us to continue normal operations.

Therefore, we decided to file Chapter 11 in an effort to fight this unwarranted step by the credit card processor so that we can continue to position the Company for long term success.I want to emphasize to each of you that this was very sudden and unexpected. We are the victims of a credit market that is very fragile and the tolerance for risk is extremely low. As I have stated many times recently, our executive management team has been working diligently and tirelessly to extend our runway by securing additional cash to bolster our balance sheet. We were successfully making progress on a number of fronts that would position us well for the future and with the protection of the bankruptcy court, we plan to continue to pursue those opportunities.

It's simply amazing to me that a card processor, in order to mitigate "their" risk, instills immediate danger into a company's "very existence" by having control over funds that were not theirs to begin with. The time has apparently come for airlines to position PIN Debit, (not as an alternative payment), but as their primary payment mechanism. Here's more from Bloomberg...

Frontier took the step after its credit-card processor, First Data Corp., began withholding proceeds from ticket sales, the Denver-based carrier said in a statement today. First Data told Frontier April 8 it would retain half the proceeds of bankcard sales and increase collateral to $130 million from $54.5 million, according to a statement by Frontier Vice President Edward Christie filed with the U.S. Bankruptcy Court in Manhattan. If First Data's hold on proceeds went unchecked, ``it would have put severe restraints on Frontier's liquidity and would have made it impossible for us to continue normal operations.'' Menke said. First Data is based in Greenwood Village, Colorado.

I'll include more detail in next week's blog posting(s) but suffice it to say that PIN Based Transactions not only "eliminate the reserve" instituted by credit card processors, but also "lowers the transaction rate" (Interchange Fees) significantly.

Airlines are on the very brink and the issue of credit card reserves is going to explode in this space (if not in their face, as it has for Frontier) if the airlines industry doesn't start taking the necessary steps required to switch their payment choice over to the lower cost, more secure PIN Based transactional methodology that "their partner" HomeATM offers.

First Data actions today could not have driven this point home (or should I say HomeATM) any more clearly.

PCI Standards Again Questioned in Wake of New Breach

Interestingly, the brick and mortar world, (the one chock full of PCI Standard compliance demands), seems less secure than the Online world. Yet online retailers pay exhorbitantly higher fees than brick and mortar retailers. Card Not Present transactions are certainly higher risk transactions, but HomeATM's Internet PIN Debit platform, combined with their PIN Entry Device (PED) could cut risk significantly and thus save online retailers 100 basis points off their Interchange fees.

In yet another breach, this one from Advanced Auto Parts, Retail Wire questions whether or not we should move to Chip and PIN based transactions.

Here's the discussion in today's Retail Wire...

And yet again, an American retailer and its customers go down the road of data theft. In this case, the retailer is Advance Auto Parts and the most recent hack affected 56,000 of its shoppers in eight states - Georgia, Indiana, Louisiana, Mississippi, New York, Ohio, Tennessee and Virginia. Luckily, the customers from the stores in question represent a small portion of the total shoppers that frequent the chain's 3,261 stores across the country.

The discovery of the breach, as with those at other retailers, has prompted Advance to reassess its security measures. Others, at the same time, are once again questioning if Payment Card Industry (PCI) compliance standards are either fair or effective.

In a recent interview with RIS News, Dave Hogan, senior vice president and chief information officer with the National Retail Federation (NRF), expressed the view that more secure forms of payment such as "Chip & Pin" were available and proven in reducing fraud. He suggested that card associations should "provide (at no cost to the merchant) card readers that can accept these new types of cards."

Mr. Hogan also took issue with the amount of data that merchants are required to keep by banks. He called on financial institutions to "state that 'Retailers have the option to no longer store credit card data and they will not be penalized for not keeping credit card data."

To read the Retail Wire discussion, click here. I'm sure it will garner a lot of responses. Here is one from Evan Shuman, former eWeek contributor and StoreFrontBackTalk Editor:

To answer your question, yes, Hogan's concerns are quite reasonable. Much of this, though, is a lot of agreement on the easy issues. There are few who truly argue with the following:

1) PCI is not perfect and retailers who are fully compliant are still fully vulnerable. Even PCI's backers agree with this. PCI was never intended to be perfect security. PCI was never intended to be anything beyond a good starting point.

2) PCI has absolutely improved retail security today. Again, this is pretty much done unanimous. It's not gone nearly far enough, but any movement forward is good.

3) Banks are, for the most part, much better choices than retailers to store sensitive payment data. Again, no one ultimately quarrels with this. The issue involves infrastructure, politics and business costs. To make this transition would require tons of agreement from people who are not motivated to make such agreements. So arguing that it's better doesn't help much if it can't be done given the powers that be.

4) Chip and PIN is more secure than what much of the U.S. is doing. True. But Chip and PIN--as it's deployed in the U.K.--also has many issues. Making the transition would be costly, would meet with substantial infrastructure resistance AND it would still retailers far more exposed than is desirable. For the same extreme effort and cost, we could probably come up with a more secure approach.

It's also true that if all retailers strictly adhered to the common-sense rules (no default passwords, examine traffic logs routinely and seriously, strictly enforce procedures, etc.), we'd also be far better off.

This, however, doesn't address the Hannaford scenario where--based on currently available information--we have a retailer that indeed appeared to abide by all of the rules and still got burned by some aggressive cyber thieves. That's the more rare but far more frightening scenario.

Evan Schuman, Editor, StorefrontBacktalk.com

HomeATM Officially Invites ATMDirect to a "PIN Off"

I was speaking with Ken Mages, the founder and CEO of HomeATM and George Gendron, HomeATM's President regarding ATMDirect's questionable press release (Smoke, Mirrors and Patents) last Sunday, and the notion of calling them on their bluff came up.

Additionaly, we discussed an article written by Digital Transaction News, whereby Rajiv Grover, an investor in ATMDirect said. “Our intention is to own Internet PIN debit transactions.”

Remember...I took at close look at ATMDirect when it went up for auction and when I began digging into ATMDirect's business my conclusion was that the asset value of the associated personal property (i.e. servers, networking equipment, computers and office equipment) was worth (in an eBay resale) between $500,000 and $750,000.

Freshly armed with this information I decidedly looked at their associated, and I use this term very loosely here, "intellectual property" which solely consisted of a single patent. (not 25 global patents as stated in ATMDirect's recent press release)

In what I consider to be a "more than bold" statement, the new owners of ATMDirect went on to say: "Over the course of the next 90 to 120 days, ATM Direct is set to contract with a major, publicly held acquirer to sign merchants, receive certifications from a couple of major electronic-funds transfer networks, and sign a number of large merchants...

This leads me to my point. I have a "common sense" question that I'd like to pose here. By the way, it's the same question I posed to myself when I decided not to move forward in my attempt to acquire ATMDirect.

But before posing the question, I would ask that you first take a look at the numbers shown in the graphic on the left. (to get a bigger picture of my point, click the picture and focus on the "debit". Okay, now on with my ponderings...

For a measly $600k, wouldn't one, or even you, think that PayPal, BillMeLater, Amazon, First Data, Heartland, CyberSource, (the list goes on forever) would have been interested in acquiring the assets of ATMDirect? If any of those aforementioned companies could have "Owned PIN Debit on the Internet," a $94 BILLION dollar market for only $600k, doesn't your common sense dictate that they would have been involved?

For obvious reasons ALL were glaringly absent.

Thus the only logical assumption that a pragmatic person can make is that there's nothing there. Which brings me back to the beginning of this post.

I was talking with both the CEO/Founder and President of HomeATM, and the notion of calling them on their bluff (Myth'd it By That Much...) came up.

The fairest and most arbitrary way would be to challenge them to an old-fashioned showdown which was dubbed during the course of our conversation, a "PIN-OFF."

HomeATM would be willing to have the "PIN Off" supervised by a knowledgeable, non-partisan entity. One suggestion among many as a "fair and balanced" arbitrator was John Stewart" the Editor in Chief of Digital Transactions Magazine.

Will you, ATMDirect accept? I think the real question is: Will ATMDirect even "be able" to accept? If so, will ATMDirect be able to do so "securely" without any glitches? That is the gist of the challenge.

My take is they won't. It's too "Rocky" a road for them to travel. They know that it's simply a case of the Contender vs. the Pretender...

...Everlast versus Never...mind...I think you get the picture!

However, I've been known to be wrong before, so...ATMDirect, prove me wrong! If you don't think that HomeATM would "PIN U" into the proverbial corner, feel free to accept the invitation to an offical PIN Off by emailing me at: ATMDirect Hereby Accepts

Study Reveals PIN Debit Provides Lowest Fraud Rate

A study shows that in 2007 organizations were much less likely to be subject to fraud from electronic payments than from checks, including ACH debit (26 percent), corporate cards (13 percent), ACH credit (4 percent) and wire transfer (3 percent). Most fraud is caused by thieves using credit cards. 89 percent of organizations that experienced consumer electronic payments fraud claim that credit cards were used.

More than one-third experienced ACH fraud and one-quarter claim they were subject of signature debit card fraud. PIN debit cards were not frequently used to commit fraud.

Two-thirds of organizations that experienced ACH and/or card payments fraud registered financial losses and 71 percent of these organizations state that the loss was caused by online commerce.

63 percent reported financial losses from in-person transactions, while 46 percent were subject to fraud because they accepted fraudulent ACH and/or card payments over the phone.

Data was published by the Association for Financial Professionals

In a related story, SEPA stated it's concern regarding the potential of fraudulent activity as it moves forward...

Sepa fraud risk warning for businesses
Laissez-faire attitude adds to confusion over payments...

As Europe starts to adopt pan-continental payments systems, UK payments takers are ill-equipped to deal with the exposure to fraud this change might bring. The Single Euro Payments Area (Sepa) directive came into operation at the beginning of the year and Faster Payments protocols are due to go live in May.

But UK organizations in the utilities, telecoms and insurance sectors are not anticipating any change in processes or systems to introduce fraud countermeasures following the introduction of Sepa Sepa allows organizations to offer services easily across the Euro area - but this also means fraudsters can bury their trails across a number of countries. A survey of 43 companies in the utilities, telecoms and insurance sectors, from newly rebranded Experian Payments (formerly Eiger Systems), found 98 per cent are not planning to change their security policies, even though three-quarters have some business overseas.

These sectors were chosen as a sample because they rely heavily on the automated direct debit payments Sepa seeks to streamline. A significant majority (86 per cent) said they had yet to even assess the payment fraud risk of Sepa, while 15 per cent of the insurance companies questioned believed there was a negligible risk.

Gartner research VP of banking and investment services Alistair Newton said: "There is often a difficulty in assessing the value of data on payment fraud, because of the disparity in how it is measured from organisation to organisation. The important angle here is that there is clearly a lack of visibility around payment fraud at a corporate level."

Cheat Sheet: Sepa

Back in 2000, European political big wigs got together in Lisbon. By the end of their jaunt in the sun, they decided the EU would be one of the world's leading knowledge-based economies by 2010 - a plan that has become known as the Lisbon Agenda.

Out of this stemmed the idea to support innovation and the idea of a single market by making it easier and cheaper to move money around the EU.

The EC decided that cross-border payments should cost no more than domestic payments and in 2002 the European Payments Council (a group of banks) sketched plans for how this would be done.

Thus the Single European Payments Area (Sepa) was born.

What will it mean?
Basically it means fewer charges on transactions and purchases. On the consumer side of things, if Sepa comes into being by 2010, it could mean you'll be able to buy things on your card in another European country and pay nothing more than you would domestically.

On the business side, it'll basically mean the same thing but moving money around should be as cheap as it is domestically. This means banks will have to sharpen up their IT systems, to replace manual processes with automatic ones in order to bring down costs.

Sepa will also mean that European-wide card issuers can compete with domestic card firms. Sepa is probably going to be built around EuroPay MasterCard Visa (EMV) card technology to ensure security and interoperability at the acceptance point. How will it happen?

Aye, there's the rub. The thing is the banks don't really know what they should do as wise men at the EC in Brussels haven't issued any strict guidelines. A lot has been left to interpretation.

Saying that, Voca, the payments organisation formally known as Bacs, is already revamping its infrastructure to accommodate future demands of Sepa. Analysts have also predicted banks will have to spend money quite fast to hit the 2010 deadline.

After all, making all European businesses and all banks sing from the same song sheet isn't going to be easy.

What should I do to be to prepare for Sepa?
Basically, get ready to buy technology and think Europe-wide.

Is it all smooth sailing?
As mentioned, it could cost a lot for banks to get up to scratch but the benefits will be that banks can compete for customers anywhere in Europe.

New Feature on HomeATM Blog

On the right sidebar you'll find a "search this blog" option. Simply type in your request and it will search not only this blog, but give you additional options for the search parameters. For example...type in ATMDirect and4 the results will appear on the top of the most recent post.

Smoke, Mirrors and Patents

The many people who subscribed to my Pay By Touch Blog over the past couple years know that I was a big advocate for ATMDirect, more specifically, a methodology designed to offer Internet Retailers a lower cost, more secure PIN Debit payment solution.

In fact, in one specific post I did in June of '06 I mentioned that I really believed that ATMDirect might have been a Pay By Touch Cash Cow.

That is why, when Pay By Touch announced they were selling their non-core assets, including ATMDirect, I decided to take a close look at it. Thus, I signed the requisite non-disclosure and PBT forwarded me the confidential information that they forwarded to others who may have been interested in procuring ATMDirect's assets.

I also spoke to former Pay By Touch executives who informed me that some of the claims made by the former owner of ATMDirect regarding their patents were, "misleading" or at least "overblown." So I looked at their patents, no...let's make that "patent" since only one is issued (the rest are only applied for,) as well as other key ingredients and, frankly, came away rather unimpressed.

How unimpressed? Let's just say that my vision of ATMDirect as a "cash cow" took on a new form...(which I graphically illustrate on the right)

I knew that Pay By Touch had (been duped?) paid $30.5 million only two years previously, and that now it could be had for somewhere around $500k-$750k. Even though there were several IBM Blade Servers worth about $1.5 million, I decided to pass as I wasn't in the used blade server resale business.

On Friday, I mentioned that I was going to do a post discussing how ATMDirect is bluffing their way through the PIN Debit Card game. They sure made it easy for me. as yesterday, while I was watching the Cubs game, I got an e-mail alert regarding a press release from ATMDirect.

Here's the link, followed by the portion of the press release that, in my view, is blatantly misleading. Bluffs only work when you don't have to show your cards, but when you say you have a Four Aces, you better have four and not one.

As you read the following, keep in mind that ATMDirect (or should I say ATM-Indirect.) has been issued ONE patent...and that I saw everything that ATMD had to offer and was simply not interested.

Frankly, one word sums up this press release...Unbelievable!

###

Accullink, LLC Acquires Pay by Touch Internet PIN Debit "Patents"

Accullink, LLC is pleased to announce the acquisition of Pay By Touch's "suite of 25 global Internet PIN Debit patents".

These "patents" enable, for the first time, a software-only solution for PIN based payment transactions on the Internet. "The patents" are being commercialized through Accullink, LLC subsidiary ATM Direct. Their solution provides a compelling alternative payment method for consumers and merchants.

Atlanta, GA, April 06, 2008 --(PR.com)-- Accullink, LLC, an Atlanta based investor group, has acquired Pay by Touch's suite of 25 global patents that enable a software-only solution for PIN based payment transactions on the Internet. Accullink, LLC is commercializing the patent suite through its subsidiary ATM Direct, a leading alternative payment provider.

I'll have more to say on this subject later on. By the way...if anyone from ATMDirect disputes anything I've stated in this post, I would invite them to feel free to contact me and set the record straight. johnbfrank@gmail.com

Coming Monday...Myth'd It By That Much...

PIN Debit for the Internet...which Avenue should Online Retailers Take?


VERSUS

Consumers Prefer PIN Debit - Gartner Research

Consumers believe it's more secure than signature credit and debit transactions and Online Retailers would love to eliminate chargebacks, let alone, reduce their Interchange Fees by 100 basis points.

So it appears that bringing PIN Debit and PIN Credit transactions to the web is just going to be the natural order of things.

HomeATM is positioned to help consumers and online retailers do just that with their patented browser space PIN debit application, which includes being able to assign PIN's to previous Non-PIN'd existing credit and signature debit cards.

Here's the report from Gartner:

U.S banks have put significant efforts into marketing contactless and signature-based debit card payments, but they have failed to win over consumers, according to market research firm Gartner.

According to a survey of 4,500 online U.S. adults in August 2007, consumers prefer PIN debit over other payment methods such as credit cards, contactless cards and signature-based debit.

PIN debit is popular with cardholders, as they believe it is more secure than signature based transactions, Gartner says.

“Despite significant marketing campaigns by banks and issuers to steer consumers towards using debit cards with a signature, consumers prefer entering their PIN to pay for groceries with their debit card over all types of signature-based card payments, whether credit or debit,” says Avivah Litan, vice president and distinguished analyst at Gartner.

Consumers’ least-favorite payment method when shopping for groceries is contactless cards, and there is similarly little interest in using cellphones for making payments, Gartner says.

According to Litan, banks promote signature-based debit payments as they earn more interchange fee revenue from card-accepting merchants. “The reason is that signature-based debit is riskier and more prone to theft, so banks need to earn higher interchange fees to compensate,” Litan says.

Fraud rates on signature-based debit card payments are at least 10 times higher than on PIN debit.

Gartner adds that contactless debit and credit card transactions earn issuers higher interchange fees than contact-based transactions. The Gartner survey found that, when shopping at grocery stories, consumers prefer PIN-debit card payments, even though only card payments with physically signed receipts typically earn them reward points. “Brick-and-mortar businesses which accept electronic consumer payments should promote use of PIN-based debit card payments through payment terminal programs and by offering store-based incentive campaigns,” Litan says.

“Businesses pay less to banks for PIN-based payments, and, since consumers prefer them anyway, this is a win-win strategy for all parties except card issuers and banks.” Related Links:

www.gartner.com
Why Aren’t More Merchants Prompting for PIN - Digital Transaction News
U.S. Consumer Secure Payment Preferences Create Opportunities for Nonbanks
Another U.S. Alternative Payment Service Debuts
U.S. E-Shoppers Turning to Alternative Payments
Surge Seen In U.S. Alternative Payments

HomeATM Card Present Solution

Card Present Solution for Online e-commerce Retailers

Traditional e-commerce is based on Card Not Present (CNP) transactions; i.e. the cardholder enters credit / debit card data using an online form. There is no way to prove that the user entering the card information is in fact the actual cardholder. To truly identify the cardholder the card needs to be processed via some form of hardware device that interrogates the card in order to match the data entered by the user with data phyiscally stored on the card.

Enter Home ATM. The HomeATM solution is based on an Internet consumer connecting the HomeATM device to their PC via a USB port. Once installed and configured the HomeATM Scanpad may used to process card present credit card and PIN debit card transactions via the Internet, resulting in less risk for all parties.

Payment for goods using PIN based Debit Cards as the settlement instrument of choice is the fastest growing card sector in the world at present. PIN based Debit Card settlement offers merchants a number of benefits such as Zero Chargeback and NO Risk.

Traditionally the ability to accept PIN based debit cards has been reliant on the card issuer. Home ATM removes this reliance - any debit card, issued by any issuer can be processed by merchants. Technically it's exactly the same transaction type as a user using a POS device or an ATM device.

Would HomeATM's "PIN My Card" Technology Remove 75%-90% of Fraud?

In the wake of Hannaford's recent "PCI Compliant" breach of over 4 million cardholders data, there has been much written on the subject. Below is a rather interesting comment from Gartner, Inc.

Avivah Litan, a security analyst at Gartner Inc. argues that the biggest lesson is that the banking industry needs to make it harder for thieves to put stolen credit card data to use.

Requiring PINs on credit card transactions, she said, "would remove 75 to 90 percent of the fraud in the system."

HomeATM's PIN My Card technology assigns PIN's to existing cardholders Credit Cards.

Hmmm...sounds like HomeATM is on to something. Look for more on HomeATM's PIN my Card technology later....

New Credit Card Breach Will Test PCI

In a follow up to yesterday's post regarding whether or not current PCI Standards are flawed, I include this related article from Information Week.

Does Hannaford Hack Suggest PCI Standards are Flawed?

A security breach of one of our nation's grocery chains computer system may have exposed 4.2 million debit and credit card numbers to theft, making it one of the largest such cases in the nation. Hannaford Bros. says it has secured its credit and debit card transaction system to block future unauthorized access and the Secret Service is investigating. So far, 1,800 cases of fraud are linked to the breach.

Kevin Mandia, president of Alexandria, Va.-based computer security firm Mandiant Corp., said retailers are most vulnerable during the processing of the credit or debit transaction. Hackers can create a type of software called a "sniffer" that acts like a wiretap and can intercept credit and debit card data as it travels between the retailer's point of sale and the credit card processing company. It can be very difficult to detect sniffers.

While the banks appear all but ready to blame Hannaford for failing to follow payment card industry standards on security, there are signs that this may be the first of many cases to surface this year wherein the affected retailer was hacked even though it appeared to be following all of the security rules laid out by the credit card associations.

Editor's Note: What does this have to do with HomeATM you ask? The highlighted sections below underline deficiencies (in the brick and mortar world) where deficiencies should NOT exist and where HomeATM has already taken precautions designed to alleviate these new concerns.


The Boston Globe's Ross Kerber today writes that Hannaford is still investigating the specifics of how the data was taken, but that the company's chief executive said the data "was illegally accessed from our computer systems during transmission of card authorization." Translation: The hackers snatched the credit/debit card data sometime between when the customer swiped their card in the reader at the register and when that transaction was approved.

Editor's Note: If the passage in the second highlighted area is correct, then the revised PCI-DSS standard is flawed.

The Globe story continues: "What could make the Hannaford case unusual is that since last spring its stores have met industry standards regarding how customer data is stored and maintained, Eleazer said. Many other retailers victimized by breaches, including TJX, had been faulted for lax security. It's too soon to know whether Hannaford's case will warrant the consideration of further security reforms, said Ted Julian, vice president of strategy at Application Security Inc., a New York database services company."

Brian Sartin, vice president of investigative response for Cybertrust, a division of Verizon said a great many retailers have taken extra precautions to ensure that any credit or debit card data they store is properly encrypted and secured.

Sartin said his team is currently responding to a number of data breaches in which hackers have targeted financial data as it is being transferred from the retailer to the credit card processor and back.

While the payment card industry standards require retailers to encrypt payment data when it traverses public networks, that requirement does not necessarily apply to a company's own internal, non-public networks, Sartin said.

"I would say a trend we're seeing hitting a lot of retailers right now is that these organizations can be [compliant with the credit card industry security standards] and still have customer data stolen," Sartin said. "The data in transit is allowed to traverse private links and internal infrastructure without being encrypted, and the attackers are taking advantage of that."

Editor's Note: According to George Gendron, President of HomeATM, "Contrary to current practices – and a function that HomeATM has presented a patent application on – HomeATM decreases the chance of hacking during transmission by not only encrypting the PIN, but also the PAN prior to transmitting."

Sartin declined to say whether this dynamic was at work in the Hannaford case (his company had been retained by a party involved in the breach). But he noted that Cybertrust has found with a number of very recent compromises that attackers have seized control over the very terminals that control cash registers or point-of-sale systems within a retail store, or the server through which all registers connect to pass transaction data out across the Internet to the store's payment processor. Once these systems have been compromised, Sartin said, the attackers typically eavesdrop on the network using "sniffer" programs that can extract credit and debit card data as it moves across the wire, before it even leaves the store's network.

Indeed, attackers appear to be exploiting the letter - if not the spirit - of the payment card industry standards, said Tom Kellerman, vice president of security awareness at Core Security.

Kellerman said many retailers not only fail to encrypt financial data while it is being moved around inside the stores, but they also fail to understand that encrypting data is meaningless if the merchant doesn't also harden the security of the computers that power the point of sale systems.

Already, there are signs that 2008 may turn out to be a record-breaking year for retailer and card processor data breach disclosures. Kevin Mandia, president of Mandiant Corp., an Alexandria, Va.-based company that specializes in investigating data breaches, said his firm responded to more credit card losses in the past year than in any prior 12-month period. "It's early in the year, but the tempo [of data breaches] has been very heightened since the summer of 2007 and maintained the same barrage," Mandia said. "We're seeing at least two new companies a week discovering that they've lost credit card numbers, and at the rate we're going [the criminals] are going to exhaust U.S. retailers as targets.

HomeATM's New Flash Website is Up

HomeATM's new Flash Website is up and running. Although there's still a lot of work to be done before it's complete, it is currently available for viewing. I expect that it will be up and down over the course of the next few weeks/month as ongoing work is being done to complete it. But take a look. FYI: To turn off the music, look for an icon on the bottom middle right and click it.

On the right is a screen capture of the Introduction and Benefits to Merchants...

Click the picture to enlarge or vist HomeATM's website at:

www.homeatm.net

Fraud Still a Problem in 2007

From Digital Transaction News on March 13th, 2008

Companies that accept checks and electronic payments were victimized by fraud at virtually the same rate in 2007 as in 2006, but those that experienced fraud saw more incidents of it, according to a survey by the Association for Financial Professionals released this week. The Bethesda, Md.-based AFP is a trade group made up of treasury professionals from retailing, manufacturing, and other sectors.

While the AFP reports 71% of respondent organizations reported actual or attempted fraud last year, virtually unchanged from 72% in 2006, some 30% of those companies said the number of incidents increased; 18% reported fewer incidents, while 52% said the number was unchanged.

Much of this fraud resulted from paper check payments, with fully 94% of victimized organizations reporting this type of fraud. Of those companies that receive electronic payments from consumers in the form of cards or through the automated clearing house, just 10% said they were hit last year by actual or attempted fraud. And incidents of consumer-based fraud appear to be moderating. Among these companies, 61% said they had experienced the same number of incidents as in 2006. Thirty-seven percent reported more incidents, and 2% said there had been fewer.

Altogether, 43% of the respondents reported accepting consumer-based ACH and card payments.

Among companies reporting consumer-based fraud, credit cards were responsible for most of the incidents, with 89% of organizations reporting this type of fraud, followed by ACH (38%), and signature debit cards (24%).

Interestingly, 11% reported attempted or actual fraud on PIN debit cards, often seen as safer than either signature debit cards or credit cards because of their PIN authentication.

But consumer fraud often results in actual losses for these businesses, largely because of online commerce. The AFP report says two-thirds of organizations reporting consumer ACH or card fraud sustained losses, compared to 37% for all companies reporting fraudulent incidents of all types. Again, credit cards were responsible for most of the consumer-fraud losses, with 92% of those reporting such losses citing this as the source. ACH fraud caused losses for 36% of these companies, followed by signature debit cards (28%) and PIN debit cards (20%).

Some 71% of those suffering losses said the loss came from Web sales, followed by card-present sales (63%) and phone-based transactions (46%).

Taking into account all payment instruments, including checks, and business-to-business payments as well as consumer transactions, some 63% of organizations reporting actual or attempted fraud suffered no losses at all. Among those that did, the median loss came to $13,900, a number the AFP report characterizes as “relatively small.” Though check fraud seems pandemic, with nearly all companies reporting fraud citing checks as a source, only 17% of these organizations sustained losses.

The AFP survey is the fourth annual poll the organization has conducted and was underwritten by the Electronic Payments Network, a unit of The Clearing House Payments Co. LLC, New York. It was fielded in January and went to 3,950 members, with 488 responses. Surveys sent to non-member companies yielded another 64 responses. Manufacturers and retailers made up nearly one-third of respondents.

Online Retailers Need Online PIN Debit

Question: What do the Top 500 Internet Retailers All Have in Common?

Answer: They are all being charged Interchange Fees that are 100 basis points higher than they would pay with a web based PIN debit payment platform. HomeATM can bring PIN Debit to your website today. Call John B. Frank at 612-432-6980 to find out how....



Smaller niche retailers pace the 2007 Top 500

America’s 500 largest web retailers accounted for 61% of all e-commerce sales in 2006, but the fastest-growing merchants are smaller niche retailers who specialize and know what makes their customers tick, according to Internet Retailer’s forthcoming 2007 Top 500 Guide.

While the Top 500 was the engine that powered online sales growth for several years, in 2006 sales at the Top 500 companies grew 21.3% compared to 25.9% for the entire market. Top 500 sales totaled $83.6 billion, up from $68.9 billion a year earlier. The rest of the market, including an estimated $34 billion in eBay Inc.-originated sales that could be considered retail sales, accounted for $52.6 billion in sales, up 29.9% from $40.5 billion a year earlier.

Within the Top 500, the split between slower growing large sites and faster growing smaller sites was apparent. In 2006, combined revenue of the Top 500’s 100 smallest merchants—with annual sales of about $5.5 million to $10.9 million—rose by 23% to $836.3 million from $682.6 million in 2005. Sales at the Top 100 grew 19% to $71.6 billion in 2006 from $60.2 billion in 2005.

In 2006, the Top 500 accounted for 61.3% of all online retail sales of $136.2 billion, down from 62.9% a year earlier. Among the Top 500, the Top 100 account for 86% of all sales, down slightly from 87% a year earlier.

But smaller and more nimble merchants continue to grow faster than their established competitors. For instance, the Top 25 retailers grew their combined sales in 2006 to $52.9 billion from $44.8 billion, an increase of 18%. But the total sales for all start-up retailers in the Top 500 Guide—companies only in business since 2004—grew by 55% to $494 million last year from $319 million in 2005.

The Top 500 Guide ranks America’s 500 largest web retailing organizations based on annual sales. Each retailer’s listing also includes: site traffic, conversion rate, average ticket, senior management, key vendors and where each retailer ranks in the market they serve. New this year are a list of web features and functions for each retailer, the percent of traffic from search engines for 2005 and 2006 for each merchant, and a browser satisfaction score and the ForeSee Results/Internet Retailer Purchase Intent Index for each top 100 e-retailer.

The Top 500 Guide includes 145 e-retail businesses that are owned or operated by store-based retail chains, 89 by catalog and direct-marketing firms, 42 by consumer branded manufacturers and 224 by the so-called pure plays or web-only retailers.

As e-retailing becomes more established, the Top 500 Guide finds that more online merchants are freely revealing their online sales numbers. This year, 256 companies reported their online sales data, compared with 240 last year and 150 the year before. The Top 500 Guide sells for $59 for a single copy plus $9.95 for shipping and handling. To order, click here.

There's No Place Like Home...ATM

Costco Wholesale Corp. is investigating two technologies that would allow the retailing giant to accept PIN debit cards for payment on its Web site, according to sources familiar with the matter.

At a meeting arranged by Chase Paymentech Solutions LLC, a senior Costco official met with representatives of ATM Direct (which has since gone bankrupt), HomeATM and Intel Corp. to discuss methods for processing PIN debit transactions online, these sources say.

Irving, Texas-based ATM Direct and HomeATM, a Montreal company, market products that give consumers the ability to enter PINs on PCs.

HomeATM uses, depending on the application, either an external PIN pad combined with a mouse clicks on a floating screen based PIN Pad. They also have the ability to transact without the external PIN Pad.

ATM Direct relied only on a PIN entry via mouse clicks although now that it's bankrupt, dismantled, and it's website gone (www.atmdirect.com) , it seems irrelevant what they did or could have done. ATM Direct WAS a unit of San Francisco-based Pay By Touch, a provider of biometrically authenticated payment processing. They have since filed for bankruptcy and must liquidate their core and non-core assets.

ATM Direct was sold at auction and is therefore no longer considered a player.

To give you an idea of the lack of viability regarding ATM Direct's platform; according to Digital Transaction News, Pay By Touch paid $30.5 million dollars for ATM Direct, yet it fetched only $600,000 at auction. Therefore, one would have to logically assume that it's intellectual property was not very strong in the face of HomeATM's and thus it was purchased for the purpose of it's inventory, which consisted of 25+ IBM Blade Servers.

Therefore, it is my guess that it will never be heard from again, which although it probably wouldn't have mattered anyway, still bodes well for HomeATM.

HomeATM relies at least in part on technology acquired from InstaPay Systems Inc., whose Kryptosima unit developed external PIN pads that can be hooked up to PCs via USB connections. (Digital Transactions News, Sept. 7, 2004). However, in the last three years, they have vastly improved on this technology and hold the global patent for PIN based transactions in a web-browser space. This is the patent that probably resulted in ATM Direct becoming a Blade Server Discount Store.

Also in attendance at the meeting, held at Costco’s headquarters in Issaquah, Wash., were representatives of three of the five biggest electronic-funds transfer networks, according to one of the sources, who declined to identify them.

A spokesperson for Chase Paymentech declined to comment. Calls from Digital Transactions News to the other known participants in the meeting were not returned by late Wednesday.

While the ultimate outcome of the meeting will likely remain unclear for some time, its purpose was to provide a basis on which Costco and its processor, Chase Paymentech, can decide on which technology to use, say the sources familiar with the matter. Moreover, Chase Paymentech, a merchant-processing behemoth owned jointly by JPMorgan Chase & Co. and First Data Corp., is trying to decide how to place its bets when it comes to PIN debit for e-commerce in the face of mounting demand from merchant clients, these sources say. This is just the beginning of what could be a whirlwind decade for HomeATM.

“There’s likely to be more meetings [with other merchants] in the near future” like the one with Costco, says one source, who adds much of the demand for Web-based PIN debit is coming from multichannel retailers looking to cut the cost of online transactions.

A move by Costco, a top-25 Internet merchant, to take PIN debit on its site would lend considerable credibility...make that debibility...to the idea of taking PIN debit online.

This is a notion many EFT officials have historically shied away from, citing concerns about security and about a possible threat to the interchange income EFT network members earn from signature debit. However, according to HomeATM, their transactions would be 99.9 Sigma Secure, so it seems they have overcome those concerns and are poised to challenge some of the biggest online payment players for market share.

Because of these concerns, the EFT networks have limited PIN debit online to payments in certain biller categories regarded as safe because the billers have established relationships with consumers. These categories include utilities and insurers, though lately the networks have added more categories, such as rent payments.

PIN debit interchange rates are significantly lower than those for signature debit. Of course, signature debit doesn't really even exist on the Internet, as it's not physically possible to provide a signature, thus the rates web retailers pay are typically even higher than signature debit.

Costco’s site is the 21st largest among Web retailers with $1.22 billion in annual sales, according to Internet Retailer magazine.

Thus, according to the chart on the left, HomeATM could save Costco 100 basis points on it's Interchange Fees. That would equivocate to an annual savings of $12.2 million dollars, or $122.2 million dollars over the next whirlwind decade that HomeATM could enjoy.

Imagine that only half of the top 30 Internet Retailers, who each process $1 billion dollars per year were smart enough to save 100 basis points, reduce back office risk management costs by half (estimated to average around 4%) The sales proposition is as simple as it gets. Save More, Risk Less.

HomeATM Article from Digital Transaction News

Smart Card Marketing, HomeATM Enable PIN Debit Online and at Stores

In a move that could further the penetration of "Internet-based PIN debit", (Editors Note: I prefer PIN Authenticated Internet Debit which gives us the acronym P.A.I.D which could also stand for PIN Authenticated ID) a San Antonio-based processor of prepaid card transactions has adopted a device that will allow users of its electronic-wallet service to load their accounts online with credit cards and PIN debit cards.

Smart Card Marketing Systems Inc., which introduced its VelocityMoney.com e-wallet product just six months ago and so far has 1,000 users, will use a device from Montreal-based HomeATM that connects to PCs via a USB cable to allow users to load accounts online with card swipes. The device includes a numeric pad for entry of PINs linked to debit cards.

Also, as part of the agreement with Smart Card Marketing Systems, HomeATM will begin reaching the physical point of sale for the first time.

Working with an unnamed merchant acquirer, Smart Card Marketing Systems is signing up merchants to accept credit and debit cards through the HomeATM device.

The acquirer will process credit card transactions, while HomeATM will handle debit card payments. Smart Card Marketing has booked orders from merchants for 9,000 of the devices so far, says Bruce Baillio, president of the company. Targeting niche merchants that in many cases don’t have existing merchant accounts, Smart Card Marketing is offering the HomeATM device as a substitute for conventional point-of-sale terminals and pricing it at around $50.

Although the devices will accept credit or debit cards, Baillio says many merchants have a strong interest in PIN debit. “Our merchants are interested in the debit-loading aspects of this,” he notes. A travel agency, for example, finds the service useful to allow customers to load prepaid cards for use on trips, he says. Another client is a processor for small online merchants that wants to enable PIN debit payment, Baillio says.

The agreement with Smart Card Marketing represents the second major deal HomeATM, a small engineering company with a handful of Web merchants as clients, has struck in the past two months. In December, the company agreed to use its technology to enable online PIN debit and credit card transactions for airlines linked to the Universal Air Travel Plan transaction switch.

At the same time, it applied for a patent on a PIN-authentication system called PinMyCard, which, when paired with its device, could allow merchants to process credit card transactions online at card-present interchange rates. Company officials say this is possible by virtually eliminating the risk of fraud (Digital Transactions News, Dec. 18, 2007).

For users of Smart Card Marketing’s VelocityMoney.com service, the HomeATM device will enable cardholders to replenish the company’s prepaid MasterCard online with the swipe of a credit or PIN debit card. VelocityMoney.com, an e-wallet platform, also allows loading through the automated clearing house, wire transfers, and checks and money orders. The advantage of PIN debit card swipes, Baillio says, is that the company will get good funds the same day. “Unless you’re getting physical cash from someone, the time frame of moving money is extended, it could turn into multiple days or a week,” he says.

The agreement with Smart Card Marketing does not yet involve HomeATM’s PinMyCard system, so online credit card transactions on the devices are being assessed card-not-present interchange, according to Mitchell Cobrin, chief operating officer at HomeATM. But he says talks are under way with Smart Card Marketing to integrate the system and allow card-present rates, which do not carry the premium the card networks levy on card-not-present payments.

Universal Air Travel Plan Selects HomeATM's PIN Solution

Targets Airlines with PIN Based Alternative Form of Payment

Washington, DC – Universal Air Travel Plan, Inc. (UATP), today announced a partnership with HomeATM ePayment Solutions, a global online payment solution and web security engineering firm.

The partnership will initially offer an alternative payment option to the global commercial airline community.

“UATP continues to expand its partnerships into alternative forms of payment with HomeATM, utilizing UATP’s existing connections with the airlines to offer a new form of payment option for consumer use,” said Ralph Kaiser president and CEO, UATP.

“UATP’s goal is to maximize the usage of the network infrastructure and offer to the buying-public the options of payment that they are looking for.”

Addressing the consumer need for online debit card processing abilities, HomeATM developed a secure PIN debit and PIN credit card (as card present) transaction method via the internet; the growing preferred method of payment for consumers and merchants alike.

HomeATM’s unique system utilizes state of the art technology and the HomeATM swipe pad to allow users to conduct secure, PIN-based transactions ensuring virtually zero fraud and with significantly lower merchant processing fee costs.

“Through this partnership, airlines will be able to address the growing demand for alternative forms of payment, significantly reduce their cost and offer the buyer side 99-Sigma security”, said Mitchell Cobrin, chief operating officer, HomeATM.

“Our motivation for aligning with UATP was to extend this most timely payment process to as wide a swath of the travel sector in as short a lead time as possible. Now that it is done, HomeATM will gain speed to market by offering a quasi Plug and Play solution to commercial airlines globally. We could not be more pleased.”

Functionally, HomeATM mirrors brick and mortar POS transaction processes and is the first player in the e-payment space to bring PIN – or dually authenticated – debit to the web environment. In addition - through its PinMyCard technology and with an eye to increasing the security of sensitive buyer data and lowering merchant processing, fraud and reserve costs - HomeATM will be offering airline clients the capability of generating a PIN for use with their credit cards.

For more information, visit http://uatp.com or www.homeatm.net

About UATP

UATP accounts are accepted as a form of payment for corporate business travel by airlines and travel agencies worldwide. UATP accounts are issued by: Aer Lingus, Air New Zealand, American Airlines (NYSE: AMR), Austrian Airlines, Continental Airlines (NYSE: CAL), Delta Air Lines (NYSE:DAL), Japan Airlines (Pink sheets: JALSY.PK), Northwest Airlines (NYSE: NWA), Qantas Airways, Ltd., United Airlines (Nasdaq: UAUA), and US Airways (NYSE:LCC). AirPlus International issues the UATP-based Company Account for: British Airways (Pink sheets:Bairy.pk), Continental Airlines (NYSE: CAL), and Lufthansa German Airlines.


About HomeATM:

HomeATM is the owner of a global patent covering PIN-debit card and PIN-credit card authentication in a browser environment and of patent pending solutions for both a 2nd generation iteration aiming to turn any Internet-enabled device into a fully secured, bank “standard” transaction device as well as a PIN-based dual-authentication conversion process for traditional credit and charge cards, aspiring to be a significant player in online financial services,payment solutions and remittance.