More on Doctored POS Machines Made in China

Fraud Ring Funnels Data From Cards to Pakistan - WSJ.com

European law enforcement officials uncovered a highly sophisticated credit-card fraud ring that funnels account data to Pakistan from hundreds of grocery-store card machines across Europe, according to U.S. intelligence officials and other people familiar with the case.



Specialists say the theft technology is the most advanced they have seen, and a person close to British law enforcement said it has affected big retailers including a British unit of Wal-Mart Stores Inc. and Tesco Ltd.



The account data have been used to make repeated bank withdrawals and Internet purchases, such as airline tickets, in several countries including the U.S. Investigators haven't pinpointed the culprits. Early estimates of the losses range of $50 million to $100 million, but the figure could grow, said the person close to British law enforcement.



The scheme uses untraceable devices inserted into credit-card readers that were made in China.



The devices selectively send account data by a wireless connection to computer servers in Lahore, Pakisan, and constantly change the pattern of theft so it is hard to detect, officials say.



"Pretty small but intelligent criminal organizations are pulling off transnational, multicontinent heists that only a foreign intelligence service would have been able to do a few years ago," said Joel F. Brenner, the U.S. government's top counterintelligence officer.



U.S. intelligence officials, including senior National Security Agency officials, are monitoring the case, in part because of its ties to Pakistan, which has become home to a resurgent al Qaeda.



The scheme comes on the heels of the August indictment of a fraud ring that stole more than 40 million credit-card numbers from U.S. companies, including TJX Cos., the parent company of TJ Maxx.



In March, security officials at MasterCard Inc. saw a pattern of potential fraud in northern England. Meanwhile, a security guard at a U.K. grocery store noticed suspicious static on his cellphone and alerted authorities. Scotland Yard learned of the report and eventually connected it with the warning from MasterCard, according to the person close to British law enforcement.



Examining the store's credit-card readers, investigators discovered a high-tech bug tucked behind the motherboard. It was small card containing wireless communication technology.



The bug would read an individual's card number and the corresponding personal identification number, then package and store the data. The device would once a day call a number in Lahore to upload the data to servers there and obtain instructions on what to steal next.



A MasterCard spokesman declined to discuss details of the case but said safeguarding financial information is a top priority for the company.



There is no obvious visual indication that a machine has been altered, but those with the bugs weigh about four ounces more. For the past several months, teams of investigators have been weighing thousands of machines across Europe with a precision scale.



So far, investigators have found hundreds of machines in at least five countries: Britain, Ireland, Belgium, the Netherlands and Denmark. They have turned up at European grocery chains including Asda, which is owned by Wal-Mart; Tesco; and J Sainsbury PLC, according to the person close to British law enforcement.



A spokeswoman for Asda said, "It's subject to a police investigation, so we can't comment." A spokeswoman for Sainsbury denied its stores were hit by the scheme. A spokeswoman for Tesco said: "We're aware that this was an issue for retailers." She said Tesco tested its devices and is confident they are now secure.



The device can be told to copy certain types of transactions -- for example, five Visa platinum cards or every tenth transaction. It can also be instructed to go dormant to evade detection. On average, only five to 10 card numbers would be phoned in to Pakistan, the person close to British law enforcement said.

Creating an Advantage in the Alternative Payments Space

The Commoditization Of Alternative Payments

In the past three years, alternative payments have gained considerable market value with no loss of momentum in sight.

Alternative payments currently account for roughly 15 percent of total e-commerce volume. However, by offering a superior value proposition to buyers, alternative payments pose a threat to traditional payment methods.  This, according to a new report from Celent, LLC promoting  their  assessment that the strongest value is derived from the creation of sales lift.  


Editor's Note: You think?  The trick lies within creating an innovative way to do so. It is my strong contention that the Live Search CashBack program recently introduced by Microsoft has the potential to be sculpted into a true alternative payments masterpiece.  Here's a little backgrounder for those unfamiliar with the program...

Reward your Customers with cashback on Purchases

Live Search cashback is a new program that combines the power of Live Search with a comparison-shopping engine to bring consumers some of the best deals on the Web. The program rewards consumers with a cash back rebate for a purchase, and gives advertisers the opportunity to sell on a cost-per-acquisition (CPA) basis.

Both Microsoft and it's Online Retail Participants are providing consumers with a "cashback" loyalty program.  But what's missing is a way to provide participating online retailers with a cashback program of their own.  (to help offset the costs.)   I believe HomeATM's PIN Debit Solution  when properly placed can emerge as the missing piece to this puzzle.

HomeATM significantly reduces the cost of processing web based transactions conducted via the CashBack platform.   By simply providing a "SwipePIN" device to consumers who sign-up for the Cashback program, MS would be "enabling" them to purchase using their PIN's. (thereby significantly reducing the cost of the transaction)  Those savings, in turn, offset some of the costs of the cashback program.  It's perfect harmony. Microsoft provides cashback to consumers and HomeATM provides cashback (in the form of a significant reduction in processing costs) to Internet Retailers. 

So how do we get consumers to start swiping and entering their PIN numbers?   Offer them the SwipePIN device FREE...as a reward for signing up.  (we could charge them $2.95 shipping to offset some of our costs) 

MS creates further incentive to get consumers to participate by offering higher "cashback" percentages to those who utilize HomeATM's more secure SwipePIN device.  Think of it as a "platinum" vs. a "gold" rewards platform.  Platinum rewards go to those who use the "SwipePIN" device. 

The consumer wins because it's a more secure transaction, the Internet Retailer wins because they can save up to 100 basis points, Microsoft wins because it drives participation and, of course, HomeATM would benefit mightily as well.  More on all of this later... I just got going because I happen to agree that an alternative payment differentiation that provides an advantage over others is an alternative payment that creates a sales lift.

Back to the article:

In less than a decade, alternative payments have evolved from "dot bomb" burnouts to widely accepted, widely recognized forms of online payment, Celent notes.

Alternative players' business models once relied on their solutions' status as "something new" or the only way to pay in a particular online environment.

However, they now focus on providing greater value than payment cards. Card brands and issuers stand to forgo $345M in volume in 2010 and about $1.7 B in volume in 2015 to alternative payment.

Given cards' historical dominance over online payments, this market is the card industry's to lose, Celent says. Every time a bank account is debited via ACH rather than a card, the card industry loses roughly 1.5 - 2.4 percent or more of the transaction size.

The card industry must pay attention to alternative payments, which can be categorized as enablers, quasi-disruptors, or disruptors, in order to prevent further losses.

• Enablers offer a technological "wrap around" for payment cards that lead to increased card volume when cards are used as the source of funds, Celent found. 
  
• Quasi-disruptors are players that allow for both cards and other funds sources (e.g., bank accounts) to be used. Should bank accounts be used instead, these same players take on disruptive qualities
• Disruptors are solutions in which the card industry plays no role whatsoever.

However, the outlook is not entirely rosy for alternative payments. "Alternative payments players have already become commodities in terms of security, convenience and pricing.

The real differentiator is their ability to induce purchases and affect a corresponding sales lift. 

"The greatest threat to the card industry is a disruptive alternative payments solution that has figured out how to increase online merchants' sales."  "The spoils will go to those players who understand that their role is no longer simply making shoppers able to pay. Instead, such players realize that, going forward, they must make shoppers want to pay," he adds.

SOURCE: Celent, LLC

Related articles

• Alternative Payments Growing Threat to Cards - Bank Technology News
• Alternative Payments Entice Internet Retailers Even More in a Bad Economy
• Revisting Gartner's Report on Consumers Preference for PIN Based Transactions
• Amazon to Bill Me Later...And Your Done?
• First Data to Offer All Major Alternative Payment Brands via CardinalCommerce
• Will Amazon Ditch Bill Me Later After eBay Takes Over?
• Auction house eBay axes 1,000 jobs
• More on the Alternative Payments Threat to V/MC Duopoly
• Live Search Cashback Increases in Popularity During Economic Downturn
• Prizes for Live Search regulars
• Microsoft Adds More Perks to Live Search
• OMG! Live Search Cashback is Actually Effective!
• Hitwise: Microsoft Cashback is Working
• Secure online payments systems surge in popularity
• Microsoft Launches SearchPerks; Like Credit Card Rewards, Except for Search

World Bank Hacked

World Bank Hacked, Sensitive Data Exposed - Desktop Security News Analysis - Dark Reading

The World Bank Group has been hit by a series of hacker attacks on its network over the past few months, possibly exposing sensitive data held by the anti-poverty agency, according to a published report.

A WBG spokesperson acknowledged in the report that the agency had “repeatedly experienced hacking attacks on its computer systems,” but that no hackers had “accessed sensitive data in its treasury, procurement, anti-corruption, or human resources departments” as FoxNews.com reported Friday.

According to the FoxNews.com report, World Bank employees have been ordered to change their passwords three times in the past three months in the wake of the attacks, which spanned somewhere between 18 and 40 of its servers in multiple hacks, which began last year. The published report says there were six major break-ins in the past year, and that at least five servers containing sensitive data were exposed. FoxNews apparently obtained an internal email message and memos from the World Bank in response to the attacks that illustrate the complicated series of events and the agency’s response to them.

The revelation of breaches at the World Bank could not come at a worse time given the global financial crisis, but security experts say the hacks were coincidental and unlikely to be tied to the economic developments. The World Bank provides financial and technical assistance to developing countries, and includes 185 member nations on its board.

“We really don’t know at this moment what information was stolen,” says Graham Cluley, senior technology consultant for Sophos. “It’s just as possible that it was a bunch of college kids breaking into something they shouldn’t be as [it is for] some political or financial motivation. At the same time, economic and financial institutions basically bleed because of a [loss] in confidence and trust....

Related articles by Zemanta

• World Bank denies hackers pwned key systems
• World Bank under cyberattack?
• Hackers take aim at World Bank
• World Bank Under Cyber Siege in 'Unprecedented Crisis' (Richard Behar/Fox News)
• World Bank computers repeatedly raided for over a year [Hackers]

What Online Shoppers Research Before They Buy

What Do Shoppers Research on the Web? - eMarketer

What Do Shoppers Research on the Web?
OCTOBER 13, 2008

Examining the pricey stuff online

A growing body of market research shows the rising impact of Internet research on store spending. Many consumers prefer to shop for high-touch and expensive products in stores where they can feel items and talk in person with a sales associate.

A survey of what Internet users worldwide ages 16 to 54 research reveals several pricey items at the top of the list. Besides travel, more than one-half of respondents researched consumer electronics—and subsets such as digital music players and mobile phones—according to data released in September 2008 by Universal McCann.

Products and Services that Active* Adult Internet Users Worldwide Have Researched Online, 2008 (% of respondents)

Consumers have researched electronics online for years. In October 2007, STORES magazine published results of a study of online shoppers in the US conducted by BIGresearch and sponsored by Microsoft. Respondents named electronics at the top of the list of products they researched online before purchasing in a store.

Products that US Online Shoppers Have Researched Online before Purchasing in a Store*, 2007 (% of respondents)

The impact of online product research is greater on store sales than Web sales. In 2008, Web-influenced store sales will reach $625.2 billion, eMarketer forecasts. From 2007 to 2012, online-influenced store sales are expected to grow at a 19% average annual rate. By 2012, every $1 of online sales will equal about $4.68 in store sales influenced by the Internet.

Related articles

• 80% Buy from a Store Whose Site They Previously Visited
• Online Sales Surge as Store Sales Drop
• Despite economy, online merchants see growth
• Senior Internet Users and E-commerce
• Online retail sales in the U.S. to hit $204B in '08
• Future trends In technology
• Hispanics to Buy More Electronics than Others, More Influenced by TV & Internet
• Internet Strategy Essential Even for Offline Retail
• Online marketing results in click-to-brick purchases

Ouch! Card Swiping Devices Now Being Doctored During Manufacturing

Image via WikipediaIt's bad enough when point of sale (POS) devices are tampered with at the physical retail location, but now it's getting a little ridiculous.  Now... there's  reports that the some POS devices are being doctored (by adding circuit boards which can transmit cardholders data to 3rd parties) during the manufacturing of the devices.  They actually weigh 3 or 4 more ounces with the additional boards.  It's still unclear whether the circuit boards were added "during the manufacturing" process or "shortly after leaving the production line.

Conclusion?  This is getting downright scary and certainly supports the reasoning behind getting one of HomeATM's SwipePIN devices and shopping in the safety of your own home! 

Here's a couple stories from the U.K. newspapers on this latest development... 

Credit card scam: How it works - Telegraph

The gang is understood to have added tiny circuit boards to chip and pin machines during or shortly after the manufacturing process. Three circuits embedded in a metal card were added, enabling the machine to transmit a credit or debit card’s details to a third party.

The first circuit is designed to copy the card’s details and pin number before the device has time to encrypt the information.  The second takes that information, encrypts it and stores it in a buffer. The third circuit acts as a tiny mobile phone transmitting the stored data to a computer in Lahore, Pakistan, where it is decrypted.

The stolen data is then used to make cloned cards.  A source close to the investigation said: “In some cases it called in once a day, in others as little as once a week. It would say to the computer: here are the 50 card details I’ve stolen this week. How many and what type do you want me to steal next? 

“It would then receive new instructions and act on them. It would act like a tick: it would continually sift blood without necessarily being noticed by its host.” To remain discreet, the criminals would tailor the sums they stole to the type of store a corrupted machine was operating from. “If it ended up in a small shop that only did a few thousand pounds of business a week, they would probably keep the amount of money drained very small. Whereas if a machine ended up in a high-value electronics store, they could crank it up and make it steal more money,” said the

source.

Organized crime tampers with European card swipe devices • The Register

Customer data beamed overseas
By Austin Modine • Posted in Crime, 10th October 2008 21:21 GMT

Hundreds of card swipers used by retail stores across Europe are believed to have been tampered by organized crime syndicates in China and Pakistan, according to US National Counterintelligence Executive Joel Brenner.

Brenner told The Daily Telegraph that criminals have doctored chip and PIN machines either during manufacturing in China or shortly after leaving the production line in order to send shopper credit card account details overseas. The devices were then expertly resealed and exported to Britain, Ireland, the Netherlands, Denmark, and Belgium.

"Previously only a nation state's intelligence service would have been capable of pulling off this type of operation," Brenner told the publication. "It's scary."

Hundreds of devices have been copying credit and debit card details over the past nine months and sending the data by way of mobile phone networks to tech-savvy criminals in Lahore, Pakistan, The Telegraph reports.

MasterCard International has alerted stores in affected areas and determined doctored devices can most easily be revealed by virtue of weighing an extra three to four ounces due to the additional parts they contain. MasterCard first uncovered the plot at the start of the year after detecting suspicious charges to British and other European accounts.

The scam is believed to have resulted in the loss of tens of millions of pounds by criminals creating cloned cards, making phone or internet transactions, or withdrawing cash from the account. The Telegraph reports the thieves usually wait at least two months before using the stolen data in order to make it harder for investigators to determine what happened.

Brenner said the scam should motivate card swipe device makers to not only do more testing, but guard their supply chain in the same way jewelry suppliers do.

Related articles by Zemanta

• Organized crime tampers with European card swipe devices
• Chip and pin scam 'has netted millions from British shoppers'
• Credit Card Useless Overseas? PIN it with HomeATM
• Debit Card Growth/Preference is Global
• It's Safe to Say It's Not Safe...Skimming Runs Rampant

Credit Card Processors to Ban WEP in 2010

Credit card processors finally get clue, will ban WEP
By Jacqui Cheng

* Related: Study: stores put customer data at risk with poor WiFi security practices

Companies that accept major credit cards will be barred from using WEP for their WiFi security, but not until mid-2010. The rule is part of new security standards defined and released this week by the Payment Card Industry Security Standards Council, which is made up of companies like Visa, MasterCard, American Express, and Discover. The sad thing is that WEP—which can be cracked in as little as two minutes—is still widely used in the old and decrepit point-of-sale systems used by many retailers; the new rules should help move along the long-overdue adoption of tighter security in credit card processing.

As part of the new Data Security Standard (DSS) agreement, retailers that accept credit cards from PCI council members may not implement new wireless payment systems that use WEP after March 31, 2009. For those that already have wireless payment systems in place, they must stop using WEP for security as of June 30, 2010. The council notes that the reason for this change is "to emphasize using strong encryption technologies for wireless technologies, for both authentication and transmission."

WEP's hackability has been widely known since 2001, and has been blamed for the largest incident of consumer data theft in history. TJX, parent company of discount retailers T.J. Maxx and Marshalls, disclosed last year that hackers had stolen data covering over 45 million credit and debit cards over an 18-month period. In addition to pilfering over 45 million—and possibly as many as 200 million—credit card and debit card numbers, the hackers were also able to obtain other personal data from over 450,000 customers. This included driver's license numbers and Social Security numbers.

Although TJX has become the poster-child for consumer data theft over WiFi, it is (by far) not the only company to use insecure wireless technologies. Wireless security manufacturer AirDefense released a report in late 2007 saying that a quarter of the 4,748 retail access points it surveyed across the US had no security whatsoever, while another quarter only used WEP, "one of the weakest protocols for wireless data encryption." Just under half (49 percent) of the surveyed hotspots used WiFi Protected Access (WPA) or WPA 2—much stronger encryption protocols than WEP. The firm observed that the large majority of the stores involved in the survey maintain stronger security of their physical property than their wireless routers, showing that retailers are still slow to take data security seriously.

Banning WEP is a long overdue move, and had the industry been faster to recognize the insecure nature of WEP, the TJX incident may never have happened. It's unfortunate that laggards will have until the middle of 2010 to drop WEP, as it unnecessarily puts customer data at risk for data theft.

Further reading:

* Found via Wi-Fi Net News: New Credit Card Processing Rules Kill off WEP (in 2009)

Related articles by Zemanta

• Credit card processors finally get clue, will ban WEP
• WarDriving 101
• Ecommerce standard tightens up wireless security
• Changes to PCI standard not expected to up ante on protecting payment card data
• TJX employee fired for exposing shoddy security practices
• Credit Card Theft - Something That Happens to Someone Else ?

Shell Offers Cardholders 38 cents per Gallon Savings

Shell cardholders save money on gas

New Shell Platinum MasterCard Holders Save at the Pump and Beyond

Shell Oil Products US has launched its proven "Double Rebate" promotion for new card members of the Shell Platinum MasterCard(R) from Citi for purchases made both at the pump and everywhere MasterCard is accepted between now and January 4, 2009. Consumers who open a new Shell Platinum MasterCard account will be eligible to receive 10% rebates on Shell gasoline purchases, which can mean an average savings of 38 cents per gallon at $3.82 a gallon, and 2% rebates on all other purchases for the first 60 days after receiving their card.

"The 'double rebate' promotion is intended to demonstrate to consumers how they can lower the cost of driving without sacrificing the quality of their fuel. We believe new cardholders will agree the everyday value extends beyond the promotional period," said Carolyn Yapp, Shell US card and payments manager.

This promotion also will benefit Shell-branded wholesalers and retailers by driving more traffic to sites and increasing usage of the Shell Platinum MasterCard, which has a zero transaction fee for site operators. It will be supported with national print and online advertising, local co-op advertising and local store marketing as well as point-of-purchase (POP) materials, including pump toppers, pole signs, building signs and register toppers. In addition to the new credit card promotion, Shell retail sites will continue to feature messaging reinforcing the Shell "Passionate Experts" campaign.

The Shell Platinum MasterCard was the first gasoline rebate program of its kind and since 1992, offering the following everyday benefits to cardholders:

* 5% rebates on Shell gasoline purchases
* 1% rebates on all purchases everywhere else
* Rebates automatically credited to cardholders' statements towards future Shell gasoline purchases
* No annual fee for the first year, waived thereafter with nine or more Shell gasoline purchases a year
* Online account management
* "Lost Wallet Service" and more

Consumers can apply for the Shell Platinum MasterCard online at http://www.877myshell.com , via phone at 1-877-MY-SHELL and at Shell-branded stations nationwide. To find locations near you, go to http://www.localshell.com .

Related articles by Zemanta

• Chicago Shell stations trialing biometric payment systems
• Some credit cards help pay for life's essentials
• Cashback credit cards not all equal
• Credit Card Fees Squeezing Profits? Switch to PIN Debit

Stolen Card Info Plummets to $2.50 in Black Market

Prices for stolen information plummet > Identity > Breaches & Exposures > News > SC Magazine Australia/NZ

Prices for stolen information plummet

By Dan Raywood
Oct 10, 2008 9:48 AM

The black-market price for stolen credit and debit card details has dropped to as little as US $1.50, according to a newspaper investigation.

In an investigation by the Sydney Morning Herald, it was found that that almost anyone on the internet can buy stolen payment card details for as little as US $1.50 (for Australian details), and US $2.50 American and English cardholder information.

For credit card accounts in Britain and the United States, the cybercriminal salesmen claim to be able to bypass some of the latest anti-fraud protection, including Verified by Visa. And free samples of the stolen data are available, although key information is kept hidden to preserve its resale value.

The hackers also offer a surprising level of detail about their victims, such as a customer's bank account number, mother's maiden name, Social Security number, date of birth, driver's license number, as well as answers to security questions.

Yuval Ben-Itzhak, chief technology officer with Finjan, said: “Our research team spotted this not inconsiderable trade in stolen payment card data back in the late spring...At that time, however, the going rate was around US $15 a pop, so the rate has clearly fallen, perhaps because of the glut of this kind of data being sold on the internet.”

Related articles by Zemanta

• What Happens To E-Commerce When Credit Cards Don't Work?
• Credit card processors finally get clue, will ban WEP
• How 'carders' trade your stolen personal info
• Convenience and Security Boost Payment Card Industry
• Payment Card Reporting = Bad Idea?

Should Companies Interact with Consumers on Social Networks?

Image via CrunchBase

Consumers Await on Social Networks - eMarketer

Consumers Await on Social Networks
OCTOBER 10, 2008

Befriended and poked by companies

Nearly six out of 10 Americans who use social media interact with companies on social media Websites, according to a September 2008 study by conducted by Opinion Research Corporation for Cone.

The researchers found 85% of social media users thought companies should interact with their consumers through social media, at least when needed.

“Americans are eager to deepen their brand relationships through social media,” said Mike Hollywood, director of new media at Cone, in a statement. “It isn’t an intrusion into their lives, but rather a welcome channel for discussion.”

Extent that Companies Should Have a Presence in Social Media* According to US Adult Social Media Users, by Gender, September 2008 (% of respondents in each group)

Cone is a brand marketer that counts social networking among its capabilities, so its enthusiasm is understandable. But a growing number of retail e-commerce companies agree, judging by an August 2008 study conducted by Vovici Corporation for Internet Retailer.

Nearly four out of 10 online merchants surveyed used social networks. Of those, nearly one-third said they had a page on Facebook, and more than one-quarter said they used each of MySpace and YouTube.

Social Networking Sites on Which US Online Retailers Maintain a Page, August 2008 (% of respondents)

Related articles by Zemanta

• When retailers and consumers move into social media, news should surely follow
• Do Americans want companies to have more social (media)?
• Social Media and Shopping: A Growing Trend

Zopa Says Nopa to US Operation

Zopa to Close U.S. Operation

Zopa's U.S. social deposit/lending site will be shuttered, just 10 months after its launch The site, which delivered loan applications and CD customers to six credit union partners, apparently was closed by Zopa. At this point the exact reason is unclear, Zopa blamed the U.S. credit situation and said it wanted to concentrate its efforts in other markets.  Live long and Prosper...

This from Zopa's Blog:

Zopa blog - Zopa U.S.

You probably know that Zopa’s US operation has a very different model to that in the UK and Italy in that it works in partnership with financial institutions (the credit unions) rather than being a pure peer to peer marketplace as it is here and in Italy.

So while our model is doing very well in current market conditions, the US has been adversely affected in a way that just couldn’t have been predicted when we launched int he US and is no way the fault of our partners. For us, a real shame is that we weren’t able to launch the original model over there for regulatory reasons.

So, sadly, our US colleagues have decided to withdraw from the US marketplace. This decision will have no impact on Zopa’s other activities in the UK, Italy and Asia.

Zopa’s UK operation has experienced significant volume increases in 2008 with huge growth in new members and increasing lender returns, while continuing to maintain excellent credit quality – currently less than 0.5% of loans are affected by any kind of late payment issue, with actual losses below 0.04%.
Zopa Italy has also achieved the highest growth of any European peer-to-peer operation since its launch in January, and has recently launched the first secondary market for any peer-to-peer operation.

Zopa’s US customers’ deposit accounts continue to be insured by the NCUA up to $250,000, and servicing of those accounts as well as the loans will be assumed by the credit unions within 90 days.

Zopa looks forward to continuing to develop and expand its operation worldwide as it continues to offer investors a safe return on their investments and a better deal for borrowers, and remains optimistic that it can return to the US market when conditions permit.

We’d like to thank our US colleagues for their hard work, dedication and the oustanding service they have provided for their customers. I’m sure you’ll join us in wishing them the very best.

India ePayments to Grow 70% within 2 Years

Image via Wikipedia

The Green Sheet 2.0 :: Newswire

Bangalore, India, Oct. 8, 2008

Payments in India Going e-Way
Report Published by Celent

At a rapid pace, the Indian payments system is transforming from paper to electronic. The retail e-payments market is likely to grow nearly 70 percent in the next two years. The value of retail e-payments should reach US$150 billion to $180 billion by 2010.

Increasing awareness and adaptability of various electronic channels has resulted in 60 percent growth in Indian e-payments over the last three years. A new Celent report, Payments in India Going e-Way , examines the constant innovation, adoption, and implementation of electronic mechanisms in the Indian payments system. Although the system is still dominated by paper-based transactions, there is great potential for a transition to electronic payments. Electronic transactions currently account for just 37 percent of total payments by volume. However, over 75 percent of payment value is electronic.

"The payment system in India has seen unmatched growth since the inception of electronic payment mechanisms," says Prathima Rajan , analyst at Celent and author of the report. "The introduction of various kinds of payment mechanisms into the retail payments space has ensured more timely and efficient completion of financial transactions," she adds.

With the growth of e-payments has come the increased usage of plastic payment cards. India has been one of the fastest growing countries for payment cards in the Asia-Pacific region. The country currently has approximately 130 million cards (both debit and credit) in circulation. Celent estimates that the number of cards in circulation will hit 210 million by 2010, with 169 million coming from debit cards and about 40 million from credit cards. However, credit cards will overtake debit cards in terms of transaction value as customers continue to use credit cards for purchases and bill payments.

This report analyses the payment patterns of Indian customers and looks at the potential for growth in the number of e-payment transactions. The report highlights the value proposition of banks outsourcing payment processing to various third party vendors. It also looks at the latest electronic payment mechanisms, such as card-based payments (smart cards and contactless cards), online payments, m-payments, POS terminals, etc. The report evaluates the market share of various players, including banks, non-banks, and other third party vendors in terms of payment processing, and profiles three major third party payment vendors.

About Celent

Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally experienced analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is part of Marsh & McLennan Companies [NYSE: MMC].


Source: Company press release.

Related articles by Zemanta

• India - Debit,Credit a Hit/Scores Big - RBI
• Convenience and Security Boost Payment Card Industry
• 2008 Debit Issuer Study Released by Pulse
• HomeATM Transactions...Eminently More Secure than Bricks and Mortar
• Credit Card Fees Squeezing Profits? Switch to PIN Debit

Chinese SME Business eCommerce Adoption Grows 45%

Image via Wikipedia

200,000 Chinese small, midsize businesses to adopt e-commerce in 2008, up 45 percent

Industry analysts claim that the number of small and midsize businesses across China is to grow by over 45 percent, from 135,000 in 2007 to 200,000 by the end of 2008.  By 2010, this number is expected to hit 370,000. The analysts only take e-commerce activities executed by businesses that have offline stores as well. For companies that are entirely focused on e-commerce, they predict a growth in business by 4 percent over 2007.

The small businesses use the Internet as a marketing medium and have succeeded in incorporating e-commerce features including online shopping, e-payment gateways and web-surveys to improve customer relationship management, according to analysts at Access Markets International Partners China.

According to a Mastercard study, new markets such as China have brought a significant contribution to an increase in online shopping payments, due to the rising upper-middle income urban elite demographic.

Related articles by Zemanta

• China and the Internet
• China is Waiting - Online!

27% of Lost Online Business ReCoupable with Coupons

Online retailers in danger of losing 27 percent of online business by not offering coupons

Online stores that do not provide online coupons as a payment method for US online buyers find themselves at risk of losing 27 percent of their business.

More than half (51 percent) of US online customers have expressed their intention to change spending habits as a result of the crisis in the economical sector. Of these, 9 out of 10 have made plans to spend less on gifts during this year's holiday season, as compared with the same period of 2007. In terms of strategies to be adopted by online customers in order to spend less, 35 percent mentioned the use of coupons. 16 percent of respondents have declared that they will buy a certain product only if they can find a coupon.

The study also indicates that offering coupons can be a successful strategy to be adopted by online retailers in order to attract customers. 67 percent of those involved in the study believe that coupons can drive customer loyalty, while three out of four US online customers are inclined to visit again a store that offers coupons.

Almost 72 percent of online adults are likely to visit a new store if the latter offers them the possibility of using a coupon. In case they do not find a coupon which is available for a certain purchase for an online store, 20 percent have stated that they will choose another store that offers coupons as well as the same product, while 8 percent will prefer to wait for an available coupon to purchase that item. According to the study, the most popular items among online shoppers are books (mentioned by 71 percent of respondents). 62 percent of online shoppers have referred to music, 55 percent electronics and 53 percent gift certificates.

The Online Shopping survey was conducted by market research firm Harris Interactive and commissioned by RetailMeNot.com.

Related articles by Zemanta

• High Gas Prices to "Drive" More Shoppers Online
• Online Couponing Up 56% During Weak Economy, High Energy Prices

I Came, I Saw, I Clicked...

YouTube to enter e-commerce arena by adding 'click-to-buy' feature

In a move to monetize its popularity, the video sharing website YouTube is introducing the 'click-to-buy' option for users interested in purchasing goods and content related to the videos they are watching.

As part of this initiative, YouTube is to allow retailers to insert buttons below videos on its website which allow users to connect to Apple’s iTunes music store, Amazon’s shopping portal, or computing game publisher Electronic Arts to buy music and video games. The retail links are currently only available in the US.  YouTube plans to use this e-commerce service to sell music, films, TV shows, video games, books, concert tickets and other media-related products to generate additional revenue for both itself and companies placing videos on the website.

Industry analysts at research firm Piper Jaffray Research estimate that the video website could earn about USD 200 million in revenue in 2009, as compared with nearly USD 27 billion predicted for Google. ComScore reports that YouTube registered 330 million visitors in August 2008. In 2006, Google paid  $1.7 billion for the acquisition of YouTube. 

Related articles by Zemanta

• YouTube to sell music and games
• YouTube videos gain links to iTunes store
• YouTube wants to sell you games
• YouTube still looking for dollars: Adds ecommerce button to videos
• YouTube Unveils Click-to-Buy
• YouTube to Sell Music, Movies
• YouTube Adding Amazon, iTunes Download Links
• Click-to-buy links for songs, games added to YouTube
• YouTube Links to Online Music Stores
• Still Searching For A Video Business Model, Google Introduces The YouTubevertorial

12% of Online Buyers Have Been Victmized by Hacksters

12 percent of online buyers have fallen victim of fraud or identity theft

According to a study, one in ten shoppers (12 percent) claim their personal information has been stolen and used for online shopping in their name without their knowledge. 50 percent of respondents became aware of the situation by themselves, while 43 percent found out about the fraud from their bank or card provider and 7 percent were informed by the retailer. 93 percent of those involved in the study have succeeded in reclaiming the money.

In terms of customers' concerns regarding their online shopping experience, security is still an issue. 67 percent of customers who do not shop online have claimed that they have not made an online purchase yet because they favour a brick-and-mortar store, while 33 percent have not done so because of the fears related to the (lack of) security that online payment methods offer.

17 percent have more confidence in the safety of online shopping than they did a year ago, while 8 percent claim the contrary. When asked about whether the security measures that have already been adopted are adequate, 27 percent gave a negative answer. 25 percent consider that retailers should be held responsible for the security of online shopping, 18 percent mentioned banks, 8 percent referred to internet service providers and 7 percent the Government.

The study of 2,270 households was conducted by GfK.

Related articles by Zemanta

• 10 Tips to Secure Online Shopping
• Smarten up on Internet Shopping, Advises PMIdentity
• Baidu Launched Shopping Mall

GreenSense - Go Green on our Dime

Charter One Bank, the fourth-largest bank in Greater Cleveland, is launching a new rewards program that pays customers 10 cents for each transaction done electronically -- meaning not with paper.

The bank's GreenSense is aimed at helping the environment and attracting and retaining customers.

The initiative is similar to other banks' rewards programs and Charter One's existing program. The big difference is that GreenSense pays cash directly into customers' accounts, and it's aimed at promoting only electronic transactions. The program is voluntary.

Charter One plans to offset the expense of paying customers cash rewards by reducing paper statements it mails out, said spokeswoman Carrie Carpenter. Only about 10 percent of Charter One's customers with checking, savings or money market accounts currently receive statements electronically.

Most banks with rewards limit cash perks to debit card transactions only, or award points that can be redeemed for merchandise or gift cards.

National City, for example, in early 2006 launched a groundbreaking program that rewarded customers with points every time they wrote a check, made an online payment, used a small-business credit line or did other routine business with the bank. Citibank also awards points for having multiple types of accounts or services, such as direct deposit or online bill payment.

Charter One rolled out its first rewards program in 2000, before online banking took off, and revamped it in early 2007.  Charter One caps rewards at $10 per month, or $120 per year. The money is deposited into customer accounts monthly.

Transactions that qualify are debit card purchases, online bill payments and recurring payments scheduled through the bank.  Customers aren't rewarded for writing checks because "that's not saving the environment," Carpenter said.

Charter One estimates that a million customers will enroll. If each normally makes 10 transactions a month and does them electronically instead of with paper, that would save 700,000 pounds of paper and 7 million gallons of water in one year, Carpenter said.

Related articles by Zemanta

• 40 Billion Debit Transactions by 2010...Doubling that of 2005
• Are Wachovia Credit Card Rewards Points Safe?
• BMO cuts ABM withdrawal limit to $500 to combat debit-card fraud
• edo Baits Millennials with Prepaid 'P2P' Cash Card

Will Card Fraud Take Quantum Leap?

How quantum key technology may prevent online card fraud | Technology | The Guardian

The solace of quantum key technology

Encryption based on the fragility of quantum states could be used to protect consumers from card fraud

* Christine Evans-Pughe  * The Guardian, Thursday October 9 2008

If a fraudster copies the numbers from your bank debit or credit cards, there's little to stop them going on a shopping spree online. This kind of fraud - known as card-not-present (CNP)- exceeded £290m in the UK last year and is a growing problem. It could also be one of the first consumer applications to benefit from quantum key distribution.

Quantum key distribution - or QKD for short - exploits the quantum mechanical properties of light particles (photons) to generate secret keys (strings of random numbers) that can be shared between two parties (for example, you and your bank) and used to encrypt data to safeguard it from snoopers. Typically, QKD systems transmit a stream of differently oriented photons to represent 1s and 0s through an optical fibre or a free space link. The snooper-proofing is intrinsic due to the fragility of quantum states: if you try to measure them they collapse, which is a marker for tampering, alerting the legitimate users to the presence of an eavesdropper.

Can you keep a secret?

Using quantum keys to encrypt data is at present only of interest to banks, governments and defense organizations which might need to move lots of confidential information securely between sites. But a demonstration in Vienna this week takes the technology to a different level, by integrating quantum key distribution into a standard communications network.

The event will show VoIP, videoconferencing and web services encrypted with constantly refreshed quantum keys. It will also include a prototype solution to card-not-present fraud, developed by Professor John Rarity from the University of Bristol and Hewlett Packard Research Labs.

The idea is that we would fill up our mobile phones or similar handheld devices with secrets (random strings of digits) at a quantum ATM. During online transactions, we would gradually consume this personal stash of secrets to encrypt information, such as our PIN, or to authenticate ourselves.

"The quantum part gives you the promise that when you've topped up your secrets, only you and your service provider own this particular random digit string," says Tim Spiller of HP. "If you're doing an internet transaction, you send the merchant however many secret bits is deemed to be secure. The merchant sends them on to Visa, say, who checks they're OK and if so authenticates the transaction."

The Vienna event is the culmination of a four-year EU project called SECOQC (Secure Communication based on Quantum Cryptography) to bring QKD technology to the mainstream. The SECOQC partners - who are now defining a European technical standard - include Siemens, Toshiba, Hewlett Packard, ID Quantique, Thales and Qinetiq as well as leading quantum scientists.

For the demo, Siemens has installed seven quantum key links into a standard metropolitan fiber-optic communications network that runs around Vienna and connects several of its sites. The network has been successfully running in test mode for several weeks now, according to Wolfgang Richter of Siemens.

Quantum keys won't be able to encrypt data traffic in real-world networks until standards have been finalized. However, SECOQC project leader Christian Monyk is optimistic. " We could produce it in six months."

When (or if) consumers enter the picture is difficult to predict. Rarity and HP's technology is "on the banks' radars", according to Spiller. But the point about their system is that it's potentially very cheap. HP's vision is that mobile phones could easily include half a short-range QKD system (which they say can be built from some standard LEDS and a low-cost integrated optical circuit). "Getting that into the market would depend on demand but five years is reasonable," says Spiller.

No hiccups

Meanwhile, quantum cryptography is gaining interest. Last year, ID Quantique's simple point-to-point quantum key distribution technology was used to guarantee the security of votes cast in Geneva during the Swiss general election. This summer, the defence and security company Qinetiq has been doing trials in London with network operator AboveNet, which provides fibre-optic connections for businesses. "We've done some experiments sending polarised photons through part of their network," says Dr Brian Lowans of Qinetiq. "We didn't have any hiccups."

Related articles by Zemanta

• How quantum key technology may prevent online card fraud
• UK crypto boffins turbo-charge quantum cryptography
• 'Unbreakable' encryption unveiled
• EU scientists launch new, 'unbreakable' encryption system

More on the Alternative Payments Threat to V/MC Duopoly

Card brands, issuers to lose USD 345 million in volume in 2010 in favor of alternative payments

A study focusing on the market value gained by alternative payments indicates that these type of payments threaten to take away almost $345 million in potential transactions from card brands and issuers by 2010. This volume is expected to grow to $1.7 billion by 2015.

Presently, alternative payments represent 15 percent of the total e-commerce volume. Nevertheless, they could become a threat to traditional payment methods by making higher value proposition to buyers and they are already focusing on offering higher value than payment cards, the study suggests. Despite their dominance and wide acceptance, payment cards have serious weaknesses. The most important one is security, since 40 percent of consumers are reticent when it comes to revealing credit card information on the internet.

The study also reveals that every time a bank account is debited via ACH instead of a card, the card industry loses from 1.5 to 2.4 percent of the transaction size.

The 'Alternative Realities: The Commoditization and Allure of Alternative Payments' study was conducted by Celent.

Related articles by Zemanta

• What Happens To E-Commerce When Credit Cards Don't Work?
• Pumping Gas Just Got Much Riskier - MSNBC
• Alternative Payments Growing Threat to Cards - Bank Technology News
• Alternative Payments from Bankers?
• PayPal rival details fees for launch on eBay

Pumping Gas Just Got Much Riskier - MSNBC

I've been blogging about the dangers of paying at the pump for a long time.  The security of the card readers leave much to be desired.  Frankly, a decent hacker wouldn't even need a skimming device,..that's for the amateurs.  Even  when you're not being skimmed by hackers, the banks are putting a hold on your account for up to $100, many times resulting in overdraft charges.  ALWAYS pay inside using your PIN, it's a real-time transaction, eliminating overdraft charges and significantly reducing the likelihood of falling victim to a skimscam.  For more on the subject of skimming, take a look at "related articles" located at the bottom of this post: 

Beware of debit card skimmers - ConsumerMan - MSNBC.com

Secret Service, police warn of 'well-organized' debit card skimmers
By Herb Weisbaum
MSNBC
updated 9:37 a.m. MT, Wed., Oct. 8, 2008

Becki Turner got the call from her bank’s fraud department on Labor Day. The investigator wanted to know if she had withdrawn $500 from an ATM in California over the holiday weekend. She hadn’t. She couldn’t. Turner was home in Puyallup, Wash.

“I was just flabbergasted,” she says. “I had the card with me, the ATM was in another state, and the person using the machine had to have my security code.” Turner worried crooks had gotten into the banking system and stolen her password.

It wasn’t anything that complicated. Puyallup police say thieves snagged her account information — along with the debit card numbers and PIN codes of hundreds of other people — at two gas stations in the area.

They did it by installing their own hard-to-spot card reader, called a skimmer, on top of the card reader built into the pump. The skimmer is able to grab the account information from the card without interfering with the legitimate payment transaction.

The crooks used the stolen data to create (or clone) fake debit cards that were used at ATMs in Washington State over the Fourth of July weekend and in Northern California on Labor Day weekend. The bad guys like three-day holidays because it gives them more time to use the cards before the unauthorized withdrawals are spotted.

“We are looking at a sophisticated, very well-organized group of individuals,” says Detective Jason Visnaw with the Puyallup Police Department. When all the victims from these two incidents are identified, the total loss could reach half a million dollars.

Why steal debit card numbers? “With a credit card you have to go and buy merchandise and then you have to fence it or pawn it,” Det. Visnaw explains. “With a debit card, you’re getting cash money.”

This is not an isolated case. Gas pumps are being compromised in cities across the country. “We don’t view it as an epidemic, but there are cases open in at least a half dozen states right now,” says Ed Donovan, spokesman for the U.S. Secret Service. These investigations are underway in California, Nevada, Pennsylvania, Delaware and Washington.

Donovan tells me the Secret Service believes some of these crimes are inside jobs, involving someone at the service station.

Gas pumps are just the latest target
Skimming credit cards and debit cards is not new. Portable card readers make it possible for anyone to copy the information stored on a card’s magnetic stripe. This information is not encrypted so it’s easy to steal.

“You just run it through the skimmer and it has all the information right there in plain text,” says former White House cyber security advisor Howard Schmidt. “It’s very easy to imprint that data on another magnetic strip and use it somewhere else.”

The first skimming cases were reported at restaurants and stores where dishonest employees ran cards through their reader before ringing up the sale. As technology improved, the bad guys developed skimmers for ATMs. Now they’ve added gas pumps.

The skimmers are designed to slip over the real card reader. They can be hard to spot. And quite frankly, most of us would never look for something like this anyway. We want to pay and go.

So how do they get your PIN number? They can hide a little camera in the skimmer or on the pump. It shows your fingers as you type in the number.

There are also fake keypads that slip over the real keypad that can transmit the PIN code as you enter it.

In Las Vegas, police have discovered even more sophisticated technology – wireless transmitters installed inside the pump. “They can actually sit in the parking lot with a laptop and get real-time information as victims use their card,” explains Lt. Robert Sebby of the Las Vegas Metropolitan Police Department. Because there’s nothing on the outside of the pump, there’s no way you can tell the pump is compromised.

Not a safe way to pay
Nancy and Jim Tew no longer use their debit cards to pay at the pump — and for good reason. They both had their debit card numbers stolen at one of those gas stations in Puyallup, Wash.

Nancy Tew found out about the theft when her card was rejected at the grocery store. “To my astonishment, I had no money in the bank,” she said.

The thieves used her account number at ATMs in Hollywood, Calif., to steal $600. They got $900 from her husband’s checking account. She tells me it was “totally bizarre and really scary” to be targeted like that and not even know it.

The Tews now pay for their gas — with cash or debit card — at the register. That may sound paranoid, but other victims of this skimming attack tell me they now do the same thing.

Police in Puyallup and Las Vegas now advise residents not to use their debit card at a gas pump because there’s no way to be sure it hasn’t been tampered with.

That’s smart advice and here’s why. Debit cards do not offer the same fraud protection as credit cards. If crook armed with a skimmer snags your credit card number and uses it to buy things, you can dispute the charges with the credit card company. You won’t owe a thing while they investigate.

If the crook grabs your debit card number, he can go to a cash machine and pull money out of your checking account. It could take days for the bank to investigate and put that money back into your account. During that time checks could bounce or you might not be able to pay your bills. That’s why the only way I pay at the pump is with a credit card.

© 2008 MSNBC Interactive

URL: http://www.msnbc.msn.com/id/27085818/

Related articles 

• Credit, Debit Card Fraud and Skimming Cases Rise
• More on the "WarDriving 11" and their 40 Million Card Data Theft
• 6 Tips to Avoid Becoming a Skimming Victim
• Criminals hijack terminals to swipe Chip-and-PIN data
• What Happens To E-Commerce When Credit Cards Don't Work?
• Citibank ATM Server Allegedly Hacked, Leading to Cash Machine Crime Spree
• Cost Plus World Breach Spreads to Arizona
• Russian Hack Creates "Rush On" Changing PIN's in Dubai
• Pumping Gas Just Got Much Riskier - MSNBC