Symantec Report on Internet Underground Economy

Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.

That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.


Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.

Credit card numbers were the most popular item on sale and made up 31% of all the goods on offer. Coming in second were bank details which made up 20% of the items being offered on criminal chat channels.

The $5.3 billion figure was reached by multiplying the average amount of fraud perpetrated on a stolen card, $350, by the many millions Symantec observed being offered for sale. Similarly, the report said, if hi-tech thieves plundered all the bank accounts offered for sale they could net up to $1.7bn.

MOST POPULAR ITEMS
1)  Credit card information - 31%
2)  Financial accounts - 20%
3)  Spam and phishing information - 19%
4)  Withdrawal service - 7%
5)  Identity theft information - 7%
6)  Server accounts - 5%
7)  Compromised computers - 4%
8)  Website accounts - 3%
9)  Malicious applications - 2%
10) Retail accounts - 1%

Credit card numbers have proved so popular among hi-tech thieves because they are easy to obtain and use for fraudulent purposes.  Many of the methods favored by cyber criminals, such as phishing schemes, database attacks and magnetic strip skimmers, are designed to steal credit card information, it said.

The existence of a ready market for any stolen data and the growing use of credit cards also helped maintain their popularity, it said.  "High frequency use and the range of available methods for capturing credit card data would generate more opportunities for theft and compromise and, thus, lead to an increased supply on underground economy servers," said the report.

The price card thieves can expect for the numbers they offer for sale also varied by the country of origin. US card numbers were the cheapest because they were so ubiquitous - 74% of all cards offered for sale were from the US.

By contrast numbers from cards issued in Europe and the Middle East commanded a premium because they were relatively rare. 

Related articles by Zemanta

• Online fraudsters 'steal £3.3bn'
• Symantec says Internet underground economy is organized and rich
• Bank account details sold online for as little as £5
• Compromised legit sites power hack attacks
• How much is my credit card number worth on the black market?

UATP to Expand Network to Hotels and Car Rentals?

According to Commercial Payments International,  "This week, the payment network Universal Air Travel Plan indicated that it is considering expanding its existing merchant network in 2009 to both hotels and car rental vendors. (At present, over 240 airlines and travel agencies accept UATP for air travel, service fees, management fees and net fares payment.)

It believes the time may be right to make such a move as so many companies are looking for ways to cut costs. Merchants are usually charged lower service fees by UATP than by other corporate card networks.

If UATP proceeds with this strategy, it would represent more competition for the existing dominant payment networks such as MasterCard and Visa. UATP is already a significant payment network as far as airline payments go – the organization is expecting its charge volume to reach $12 billion in 2008, with further growth predicted for next year."

In related news, UATP announced yet another partnership...this time with Atlanta based Moneta.  Here's the press release:

UATP and Moneta Partnership Broadens Airline Payment Options - MarketWatch

Universal Air Travel Program (UATP), the low cost payment network privately owned by the world's airlines, announced it has partnered with Moneta to support Moneta's online payment wallet for the 250 airlines utilizing UATP payment gateway services. Moneta offers consumers, airline and merchants a convenient, safe and affordable payment method which is distributed and marketed through the consumer's bank. Airlines using the UATP payment gateway connection can activate Moneta on their retail checkout site with no infrastructure investment and minimal configuration.

"The Moneta-UATP partnership provides a low-cost payment option for airlines while enhancing consumer confidence and loyalty for both airlines and banks," said Ralph Kaiser, president and chief executive officer, UATP. "As our network of airlines continues to grow, we look forward to assisting Moneta in expanding their airline distribution."

Initially, Moneta transactions will use the U.S. ACH debit network, enabling consumers to pay directly from their checking or money market accounts. In 2009, Moneta plans to offer additional payment options including international debit payments, credit cards, pay later and pay early functionality. The Moneta service is free to consumers and is available to customers in the United States, Puerto Rico and U.S. Virgin Islands.

"Partnering with UATP underscores the ease of implementing Moneta's online wallet for airlines," said Guido Sacchi, CEO of Moneta. "By integrating into the UATP gateway service, airlines can take immediate advantage of lower online transaction costs. Additionally, airlines offering Moneta will enjoy the ability to reach new customers through our bank partner network. Airlines selecting the UATP-Moneta solution will realize not only cost savings, but the ability to market their airlines through online banking customers either on a per-market basis or around the country."

About Moneta Corporation

Moneta Corporation is a leading payments company offering secure, convenient methods for consumers to pay online merchants directly from their checking or money market accounts. Moneta partners with online merchants to accept and process payments, while providing financial institutions branding opportunities during the transaction process. Moneta's rapidly growing partner network enables online retailers and travel providers to attract valuable customers with a preference for paying directly from their well-established bank accounts. Moneta is a privately-held company headquartered in Atlanta, Ga. For more information visit www.monetacorp.com

Related articles by Zemanta

• Innovative Payment Methods for Network Marketers
• Online Money Transfer Service iKobo Calls It Quits
• Online fraudsters 'steal £3.3bn'
• Interchangeable - Antitrust and Visa

US Bails Out Citi

Government plans massive Citigroup rescue effort

Rushing to rescue Citigroup, the government agreed to shoulder hundreds of billions of dollars in possible losses at the stricken bank and to plow a fresh $20 billion into the company.

Regulators hope the dramatic action will bolster badly shaken confidence in the once-mighty banking giant as well as the nation's financial system, a goal that so far has been elusive despite a flurry of government interventions to battle the worst global crisis since the 1930s.

Wall Street appeared encouraged as stock futures moved higher ahead of the market opening in New York. Dow Jones industrial average futures rose almost 2 percent. Stock markets in Britain and Germany gained more than 4 percent in afternoon trading. Citigroup shares themselves climbed 44 percent to $5.64 in premarket trading.

"If they didn't help, the damage would be beyond imagination," said Teck-Kin Suan, economist at United Overseas Bank in Singapore.

The action, announced late Sunday by the Treasury Department, the Federal Reserve and the Federal Deposit Insurance Corp., is aimed at shoring up a huge financial institution whose collapse would wreak havoc on the already fragile financial system and the U.S. economy.   - continue reading

Related articles by Zemanta

• Citigroup, Under Siege, Holds Talks With U.S.
• Citi rescue plan in the works
• Sources: Government Working Citigroup Rescue Plan
• $20 Billion Rescue For Citigroup
• Plan to Rescue Citigroup Begins to Emerge

IBM - Holiday Blizzard of New Attacks

IBM Warning: Holidays To Bring Blizzard Of New Attacks on Consumers - DarkReading

ATLANTA - Based on both current and historical security trends, IBM Internet Security Systems (ISS) today announced five major areas of holiday security risk for consumers and businesses, along with four suggestions for avoiding these risks during the holiday season.



These risks include but are not limited to:



* A new wave of malcode-carrying spam - Throughout the year, the IBM ISS X-Force security research team has observed a growing wave of "parasitic" malcode. These are malicious email payloads that bypass end-user security software (anti-virus, personal firewalls, etc.) and compromise the target computer. Once compromised, the computer comes under the remote control of criminals. This holiday shopping season, the X-Force team expects a wave of socially engineered "holiday cheer" emails that pack a malicious punch.  (Editor's Note:  Bypass end user security...Computer under Remote Control?  Hmmmm....) 



* New phishing theme: Bank merger mania - As banks continue to struggle and merge, the X-Force believes criminals will exploit shaky consumer confidence in the banking industry with a wave of phishing attacks designed to fool banking customers into revealing personal information such as account numbers and passwords.



* Spoofed online portals - As Black Friday approaches, IBM ISS expects to see phishing gangs launch a new generation of fake online shopping portals that spoof well-known brands, in an effort to steal credit card information. They also will likely promote these counterfeit sites with emails, offering steep discounts or "special sales."  (Editor's Note:  Steal credit card information?  Can they do that?)



* Tainted toys and gadgets - Every Christmas brings an abundance of electronic gadgets, smart-phones and auto-play DVDs. Past X-Force research has shown that some of these toys are loaded with malware and can be used by cybercriminals as a backdoor for entry into corporate networks.

• Web Browsers- Browsing is risky business.  In the past year, cybercriminals have increased their efforts to deface public Web sites by hiding malicious links on legitimate Web sites. When people visit these tainted sites, the hidden links automatically exploit vulnerabilities within their Web browsers and install malware that siphons off confidential end user information.

Editor's Note:  Wait a minute here...you mean to tell me that there's vulnerabilities within Web browsers that can allow our "confidential" end user info  such as credit/debit card information... to be siphoned off?  And now it's possible to "hide" a malicious link on a "legitimate" site?  You've got to be kidding right? 



This certainly couldn't be true could it? ...otherwise we'd have to equip online shoppers with their own personal card swiping device to ensure their card information remains secure! 



Continue Reading the Story at Dark Reading Here:  (will open in a new window)

Enjoy your weekend!

Related articles by Zemanta

• Consumers Safer When Left To Their Own Devices


• [Sponsored] How vulnerable are software applications?


• Study: Online threats emerging faster


• New tool creates fake YouTube pages for spreading malware


• Security industry falling behind hacking technology


• Apple, Microsoft, and PHP headline IBM's list of most vulnerable software

Interchangeable...Antitrust and Visa

Visa Says U.S. Antitrust Agency Starts "Fourth Probe"

I trust that this won't be the last time either! Visa made their bed and now they've got to sleep in it. You reap what you sow...and now it seems that the words Visa and Antitrust go hand in hand...

Visa Inc., the world's largest credit-card company, said the U.S. Justice Department has opened its fourth investigation into a credit-card fee paid by retailers.

The Justice Department's document requests ``focus on certain Visa U.S.A. policies relating to merchant acceptance practices, including Visa U.S.A.'s policies regarding merchant surcharging and merchants' ability to steer customers to other forms of payment,'' Visa said in a filing today with the Securities and Exchange Commission. Visa said it's cooperating with the investigation.

Just last month, I posted that Visa and rival MasterCard Inc. settled with Discover Financial Services over a lawsuit accusing them of blocking banks from issuing their cards. A U.S. district judge ordered Visa and MasterCard in 2001 to stop forcing banks to choose between their cards and ones from Discover and American Express Co. Her order followed a Justice Department suit against the credit-card groups for antitrust violations. Visa sued in 2004, after the U.S. Supreme Court refused to hear the case.

Related articles by Zemanta

• Visa and MasterCard under DOJ Investigation
• Discover To Make a Killing and I'm Lovin' It!
• Discover Gets $2.75 Billion Antitrust Settlement from V/MC
• Discover Seeks $6 Billion in Damages from V/MC
• Interchangeable...Antitrust and Visa

Citi Going Down Too?

Wow...what a year.  Not to put PBT into the same category, but when they went down I was shocked, based on the amount of money they had raised.  Then Lehmann, Bear Stearns, etc.  Now it looks like Citi, with whom Pay By Touch partnered with in Singapore isn't going to make it.  They pre-date Lehmann, which came about during the Civil War era.  Unbelievable.  This from today's Wall Street Journal...

With roots stretching back to 1812 and more than 200 million customer accounts in 106 countries, Citigroup is an icon of global capitalism.

It is getting battered by the same financial storm that has already remade the face of Wall Street, forcing the sale of Bear Stearns Cos. and Merrill Lynch & Co. earlier this year, and triggering the bankruptcy filing of Lehman Brothers Holdings Inc.

Mr. Pandit and other Citigroup executives have told colleagues they are frustrated and befuddled by this week's 50% stock decline. Investors have dumped bank stocks en masse on fears that economic woes will batter financial companies worse than previously expected.

Weighing down the shares has been the Treasury Department's decision last week not to buy troubled assets from banks. Citigroup's balance sheet includes battered securities and loans that many investors hoped could be offloaded to the government.  Click to read the full report at The Wall Street Journal

Here's more on the story from various news wires:

Executives at Citigroup Inc., faced with a plunging stock price, began weighing the possibility of auctioning off pieces of the financial giant or even selling the company outright, according to people familiar with the matter.

The internal discussions are at a preliminary stage and don't signal that Citigroup's board and management are backing down from their insistence that the New York company has ample capital, funding and strategic direction, these people said. But with the stock down another 26% Thursday, its worst one-day percentage decline ever, Citigroup officials have decided they need to reckon with a range of scenarios
that were unthinkable only weeks ago.

Citigroup's board of directors is scheduled to have a formal meeting Friday to discuss the options, according to people familiar with the situation. Directors also have been talking by phone about what could be done to reverse the stock's slide.

Top executives were locked in meetings Thursday to hash out a stabilization strategy. Chief Executive Vikram Pandit scheduled a conference call for 8 a.m. Friday to discuss the situation with senior managers.

A Citigroup spokeswoman said in a statement Thursday evening: "Citi has a very strong capital and liquidity position" and is "focused on executing our strategy," which includes cutting expenses and selling assets. "We believe the benefits will be seen over time."

Free Shipping Motivates Online Shoppers Most

While half of U.S. online consumers say they shop online to find the best value during the holiday shopping season, more than three-quarters of online consumers say free shipping makes them more likely to buy from any particular online merchant, Forrester Research Inc. says in the report “Outlook for U.S. Online Holiday Sales, 2008.”

The report, authored by Forrester Research principal retail analyst Sucharita Mulpuru with analysts Carrie Johnson and Peter Hult, also notes that shipping can be a detriment to online shopping. 58% of consumers say shipping prices often deter them from buying online, and 55% complain it’s a hassle to return items ordered online.

The study also provides a look into consumers’ expectations of shipping policies, and how well online retailers delivered during the holiday shopping season last year. It notes that 24% of survey respondents said they experienced late holiday deliveries last year, and that the largest group of respondents, or 67%, expect standard shipping to deliver within 3-5 days. 27% expect standard shipping to deliver within 6-7 days; 3% within two days. 1% of consumers expect standard shipping to deliver the day after placing an order, but another 1% expect delivery within 10 days.

So, with that said, it's not surprise that...

More top 100 online retailers offer free shipping

Free shipping offers were more common this week than last week among the top 100 online retailers, as nine more introduced the offers while four discontinued them, a survey by Internet Retailer finds. In all, 67 offered free shipping on the web sites this week, up from 62 last week.

The survey compiled the number of free shipping offers presented on the web sites of the top 100 online retailers as listed in the Internet Retailer Top 500 Guide, 2008 Edition. It did not include any free-shipping offers that may have appeared only outside of the web sites, such as in e-mail marketing campaigns.

Retailers joining the free-shipping bandwagon this week include J.C. Penney, Overstock.com, Buy.com, PC Connection, Cabela’s, Foot Locker, J.Crew and American Girl.

Those no longer showing free-shipping offers that appeared on their sites last week were Spiegel Brands, American Eagle Outfitters and TogShop.com and Orchard Brands Corp.’s Blair.com.

Some free-shipping promotions this week were noticeably more elaborate than the crop offered last week. Newegg.com, for instance, noted that it was offering free-shipping on a more extensive range of products. Best Buy extended its free-shipping offer to cover orders of $75 and more for electronic games and accessories, then also offered free shipping on all orders of $99 or more Nov. 20-22. OfficeMax noted this week that it was offering free shipping on orders of $50 or more to addresses within 20 miles of an OfficeMax store.

Buy.com went from offering no free shipping last week to offering it on orders of $75 or more for sports and games products and on orders of $25 or more on books, music and video products.

Many retailers clarified that their free-shipping offers were only good for orders shipped to addresses within the 48 contiguous states, and several retailers put a time limit on their offers. J.C. Penney launched a free-shipping offer this week on all orders of $49 or more through Nov. 25. Saks Fifth Avenue extended its free-shipping offer on orders of $200 more through Nov. 23. Disney extended its offer on orders of $89 or more through Nov. 21. J. Crew introduced a free-shipping offer this week on orders of $150 or more through Nov. 20.

Related articles by Zemanta

• To Save Gas, Shoppers Stay Home and Click
• Retailers slash prices, but at what cost?

PIN-Flight Payments Processed by Handheld

Windows handheld collects in-flight payments

GuestLogix announced a Windows CE handheld computer that lets airline flight attendants accept payments via credit or debit cards. The "OnBoard PowerSeller 2" includes a PIN entry keypad, an MSR (magnetic strip reader), a Smart Card reader, an imager/barcode scanner, and a thermal printer, says GuestLogix.

No mention was given as to whether it is PCI certified.

GuestLogix calls the new PowerSeller 2 its "next generation" mobile payment handheld, apparently because the company's previous such product did not have a keypad allowing customers to enter their own PINs. The PED (pin entry device) subsystem is said to comply with ECBS (European Committee for Banking Standards) and a variety of other certifications. For high security, the PED hardware does its work independently, supplying output to applications running on the device but not requiring any assistance from them, the company says.

Thanks to the new PED, airline customers can now use both debit cards and credit cards to pay for duty-free goods, in-flight entertainment, and other items. The PowerSeller 2 reads cards via an onboard Smart Card reader or MSR, and can print receipts via its integral 2.3-inch thermal printer, GuestLogix says.

GuestLogix did not release pricing or availability information for the PowerSeller 2. More information may be available from the company's website, here.

Related articles by Zemanta

• It's PIN...It's Smart...It's Embedded into the Future of Payments
• Convenience and Security Boost Payment Card Industry
• U.K. Blames Abroad for Increased Fraud in Broad Campaign

Skimming Devices Thwarted by Using PIN Debit

I've posted quite a few times on gas station skimming.  (See related articles at the end of this post)

In fact, just yesterday, (previous post) I posted about an Illinois Credit Union that revoked "pay at the pump" privileges for it's card holders entirely. 

They even took the exorbitantly tell-tale steps of temporarily "barring" signature debit, use entirely...requiring their card holders to exclusively use PIN debit.  (for what I mean about "tell-tale" see: Bank Temporarily Bans Signature Debit, Mandates PIN to Reduce Threat!)

For those unfamiliar with the gas pump skimming technique, here's an overview:  A criminal can break into the gas pump, attach a tiny device to the computer that reads credit card information, fix the pump and walk away without any visible sign of the skimmer in inside

 “There’s an electronic skimming device inside the computer part (of the pump) and it passively collects data.”

The thief would then return to the pump at a later date, break back into it, remove the device, and then usually sell all the personal information to a third party, he added. Criminals will use the information online or to make counterfeit credit cards.

Trailing the stolen information is difficult, especially since victims usually don’t immediately realize their information has been stolen.

“If they go and use the card in elsewhere, say NY, Chicago, L.A. or somewhere or outside the county, it's almost impossible to catch them.  It is also nearly impossible for local agencies to track all the information.

The best way to protect against gas station skimmers, is by paying with cash, or go inside the gas station to use your card and use a debit card with a PIN number.

Related articles

• Sexiest or Best Looking..What's More Attractive?
• Bank Temporarily Bans Signature Debit, Mandates PIN to Reduce Threat!
• Use PIN Debit to Buy Gas and Save Big!!!
• What you risk by using debit card at the pump
• Pumping Gas Just Got Much Riskier - MSNBC
• ConsumerMan: Beware of debit card skimmers
• Credit, Debit Card Fraud and Skimming Cases Rise

Bank Temporarily Bans Signature Debit, Mandates PIN to Reduce Threat!

It's true!  Without even realizing what they're saying, a financial institution in Illinois, has "eliminated" pay at the pump privileges for their cardholders and has temporarily barred it's card holders from using signature debit, requiring them to use the safer and more secure PIN based technology. 



What the bank has essentially done is openly admitted that  even though they "push" signature debit, when "push" comes to "shove", even they PREFER PIN debit.  (only in self-interest...to protect themselves against further losses incurred by having their cardholders continue to use signature debit) 



Interesting, to say the least, and maybe even part of the paradigm shift!  Wonder if the card users will continue to "earn rewards" since the bank is "forcing" them to use their PIN?

 

Credit Card Scam Striking Across Stateline & Country

Financial institutions already suffering from our weak economy have another worry on their plates: fraud. A scam targeting banks and credit unions could drain our accounts in days, if we're not vigilant.

"To combat the problem, Illinois Community Credit Union eliminated pay at-the-pump privileges for card holders and temporarily barred signature debit card transactions. Customers have to use a PIN instead."

Editor's Note:  Consider that all debit transactions done on the Internet are classified as  Signature Debit "without the signature", so feel free to draw your own conclusions as to the risk factors involved.  If combating the problem includes banks temporarily "barring signature debit" transactions, (and "signature debit" is far less risky than the "card not present" debit model used for online shopping),  what conclusions can you make about  how the "bank feels" regarding inherent risks of accepting this payment methodology?  



The fact that the bank/credit union puts forth the mandate:  "Customers have to use a PIN instead" is a blatant admission by this particular financial institution that PIN Debit is more secure...which is a fact that we at HomeATM have been stating all along. 



The story continues...



A little lighter in the wallet," says Daniel Matuszewski. He had an unwelcome surprise while checking his account balance at Illinois Community Credit Union in Sycamore. He noticed a series of unfamiliar charges that added up quickly.

"It was quite a schock because I mean 900 dollars is quite a bit of money just to be missing," says Matuszewski.  He fell victim to a fraud scheme catching on across the Stateline and the country.

"They're moving from state to state and they're going to different financial institutions and if you're not doing your homework then you have the potential of really getting stung bad on this one," says Bob Schroeder, President of Illinois Community Credit Union.



Law enforcement agencies are working with Visa International to trace the fraud. They believe the suspects are mass-producing credit and debit cards, then testing them at pay-at-the-pump gas stations, until they find one that matches an existing account.



But Schroeder says the most important tool is to constantly monitor transactions to check for suspicious activity. Illinois Community caught the trend early enough that just 30 of 5,000 card holders were impacted.  The credit union is repaying customers for all fraudulent charges, adding up to a $30,000 loss for the company.  Schroeder feels lucky it wasn't worse:



"With earnings of financial institutions down it's gonna cause some problems." Investigators also believe the individuals committing the fraud may be people laid off from the financial sector, who know how the system works and no longer have a paycheck.



He adds Illinois Community Credit Union is working with law enforcement to find the people behind the scheme. He says security cameras recently caught some suspects on tape in a Chicago suburb and he hopes for resolution soon.

Related articles by Zemanta

• PIN vs. Signature Networks


• Use a PIN to "Stop Sticking It To Us"...


• Interchange, Duopoly's and Politics...Oh My!


• All's Not OK in OK


• Cost Plus World Breach Spreads to Arizona

Sexiest or Best Looking..What's More Attractive?

Editor's Note:  This article from CPIFinancial, provides some good insight as to why a software based solution for online payments is not a good idea. 

It repeatedly hits the nail on the head enough times to drive home the importance of consumers "taking matters into their own hands" when it comes to protecting their card data, especially debit.  Of course, one way is to swipe their own card in the privacy of their own home... instead of having it swiped by would be cyber-criminals.

I have emboldened parts of the article in an effort to embolden you with the knowledge that, plain and simple, HomeATM's personal swiping device (albeit, maybe not the sexiest) is the best looking approach when it comes to protecting consumers and their card data.

A "peripheraless" approach may be more attractive to retailers or EFT networks, but, unfortunately, it also is more attractive to fraudsters... (in fact,  it will attract them like flies.) 

As the article states, the biggest weakness is the PC, and if that is compromised, it doesn't matter what ANYBODY does...end of story.  Actually here's the beginning...

By: Mike Gallagher


Martin Dolan is CR2’s Chief Executive Officer. Dolan has over 20 years of experience in the banking software industry. During his three years as Director of Global Services at Kindle, he significantly expanded the Professional Services organization. In 1995, he became Director of Corporate Accounts where he was responsible fordeveloping business with existing large corporate clients.

There was a big scandal recently when it turned out that a lot of ATM cards and machines had their security compromised. Given that we are in an emerging market; it wasn’t entirely unexpected, was it?

Card fraud is highly lucrative, but what everybody forgets is that banks focus on fraud part time, but criminals focus on fraud full time. Criminals go after cards because it gives instant access to cash.

So where is the weakness in the banks?

The weakness is not in the banks. If you look at the internet banking side of it, the biggest weakness is your PC. If the PC is compromised, it doesn’t matter what the banks do to a large extent.

(Editor's Note:  Which is why I have, since day one, stated that a software based solution to PIN debit is NO SOLUTION, it is a marketing ploy, plain and simple.  It's giving people what they want, not what they need to solve the fact that online transactions are not secure and fraud will continue to grow.  Fraudsters ability to be constantly "swiping" consumers card data is solved by consumers "Swiping their own card" into their own personal secure SwipePIN device.

When we come to cards it is a different issue. If you look at the statistics you will learn a lot. The fraud rate on cards is around less than one per cent. It is 4.7 cents per $100. The macro economics for banks is that fraud doesn’t matter because they are hit by less than one per cent and their transaction fee and share of their revenue is phenomenal. Debit card revenue is worth around $9 billion a year. Fraud is a much smaller fraction of that.

Why is that important?

It is important because you can get some sense of it when you look at the economics. There are two types of debit cards. One is where you put in a card and add your PIN and the PIN is verified; and the other is where you simply sign a receipt. The key factor when you sign is that they normally don’t check online to make sure that you have the money in your account.

Fraud on a signature-based card is thought to be two-and-a-half-times that of PIN-based debit cards.

Yet, if you look at the revenue side for the bank, the profits that you get for a signature-based transaction for a bank is much higher than the revenue it gets from a PIN-based one. If you look at the reward schemes and incentives for the banks, then the banks are actually being given an incentive to get you to use signature-based cards over PIN-based cards because they make more money.

But the fraud is higher.

Exactly, there is an imbalance in the system. What the banks don’t seem to realize (Editor's Note: oh they realize it)  is that while they are exposed to less than one per cent of fraud, the customer is exposed to 100 per cent.

If I have a fraudulent transaction on my debit card as opposed to my credit card, it is interesting to look at the difference. They clean out my debit card account - 100 per cent of my wealth could be taken through a debt card fraud. In this part of the world that is grievous. If I wrote a check for my rent and it bounced, I could end up in prison. The banks will inevitably take so long trying to sort it out and figure out whose fault it was, that you can imagine the rest.

It is different on a credit card because the credit card company pays up the money. They will send me the bill and I will look at it and say “I didn’t do those transactions” and I will send the bill back to them.

"So credit card fraud is much less important to customers than debit card fraud. Debit card fraud is crucial to customers." Editor's Note:  (and why they should be swiping their card data themselves instead of providing their personal account numbers to anyone lurking around waiting to "swipe" them.)

Most people eventually have their problems settled, although it could take anywhere between six weeks to six months. Try to think of all the stress and strain that you will go through over that period.

So there is a liability shift?

Absolutely. The bank reckoned that the liability shift, the cost of fraud by not checking the PIN, was a good equation for them.  The whole issue is that fraud is based on economics and some of the economics are skewed.

Banks are being given an incentive by the fee system to get customers to use a less secure mechanism on cards.

The fee structure on a PIN-based card is less advantageous to the bank. There is another side to signature-based cards, and if you look at the US it is called NSF revenues. That means Non Sufficient Funds from revenues. If you swipe your card, you pay. The bank gets the transaction fee and when it comes in, your account goes into overdraft and they absolutely fleece you for fees, so they get more revenue.  That means the signature-based method can have even more financially edged advantages than just the interchange-based method.

So what happens to all this money? Where does it go?

There is thought to be something like $6 billion in fraud annually through cards and it ends up funding fraudsters and terrorists. No one is looking at the equation...



(continue reading, will open in a new window) 

Related articles by Zemanta

• PIN Debit White Paper on Improving Merchant Profitability
• Russian Hack Creates "Rush On" Changing PIN's in Dubai
• Optimized Payments Consulting Helps Retail Merchants Lower Credit Card Processing Costs With New Research Paper
• Credit Card Useless Overseas? PIN it with HomeATM
• HomeATM's Swipe Devices Are All Good!
• The Benefits of Debit Cards by Bruce Cundiff via DebitFacts.org

Online Sales Grow 5.7% Reports Commerce Department

To further the notion that we are in the midst of a paradigm shift when it comes to consumer's shopping habits, web sales gained even more ground on slumping bricks and mortar sales. 

Q3 online sales grow at 5.7%, reports the Commerce Department

Online retail sales in the third quarter grew 5.7% on an adjusted basis over the third quarter of 2007, reaching $34.4 billion, the Census Bureau of the U.S. Department of Commerce announced today.

By contrast, total retail sales in the third quarter increased 0.3% to $102 billion. The total retail sales numbers, however, are skewed by the high cost of gasoline and food.

Sales in those categories were up 17.8% and 5.1%, respectively, in the quarter over the year-earlier quarter.

Gasoline and food and beverage sales represent about 30% of retail sales, (so if you throw out the two entities that are not normally purchased online, and adjust $102b by 30% the figure becomes $71.4 billion for bricks vs. eCommerce numbers of $34.4 billion ).

The Commerce Department’s report of e-commerce sales growth is supported by Internet usage measurement company comScore Inc., which reported last week that Q3 sales were up 6%.

For additional information about Census Bureau e-business measurement programs and plans visit http://www.census.gov/estats.  Here's a snippet... 

 

The Census Bureau of the Department of Commerce announced today that the estimate of U.S. retail e-commerce sales for the third quarter of 2008, adjusted for seasonal variation, but not for price changes, was $34.4 billion, an increase of 0.3 percent (±1.3%)* from the second quarter of 2008. Total retail sales for the third quarter of 2008 were estimated at $1,018.8 billion, a decrease of 1.4 percent (±0.2%) from the second quarter of 2008. The third quarter 2008 e-commerce estimate increased 5.7 percent (±1.5%) from the third quarter of 2007 while total retail sales increased 0.3 percent (±0.5%) in the same period. E-commerce sales in the third quarter of 2008 accounted for 3.4 percent of total sales. 

On a not adjusted basis, the estimate of U.S. retail e-commerce sales for the third quarter of 2008 totaled $31.6 billion, a decrease of 2.8 percent (±1.3%) from the second quarter of 2008. The third quarter 2008 e-commerce estimate increased 4.6 percent (±1.5%) from the third quarter of 2007 while total retail sales increased 0.9 (±0.5%) in the same period. E-commerce sales in the third quarter of 2008 accounted for 3.1 percent of total sales.

FYI: The Quarterly Retail E-Commerce sales estimate for the fourth quarter of 2008 is scheduled for release on February 17, 2009 at 10:00 A.M. EST.

In related news, the web gave Nordstrom Inc. it's only good news in an otherwise bleak third quarter.

For third quarter ended Nov. 1, Nordstrom GREW web sales by 8.5% to $163.8 million from $151 million in the prior year. Comparable store sales declined 11.1%.

Overall total sales dropped by 8.4% as Nordstrom, posted net earnings of $71 million on sales of $1.80 billion, compared with net earnings of $166 million on total revenue of $1.97 billion in Q3 of 2007. For the first three quarters of the year, Nordstrom grew web sales by about 10.1%

 

Related articles by Zemanta

• Sour E-conomy Doesn't E-qual Sour Grapes for E-Commerce
• Costco Web E-Commerce Sales Increase 41.7%
• Nordstrom begins 'buy online, pick up in-store' program
• Neiman Marcus Sees eCommerce Drive it's Growth

65% of Irish Websites Put Cardholder Data at Risk

65pc of Irish websites put consumers at risk

According to an analysis from Enterprise Risk Services at Deloitte, some 65pc of Irish websites put consumers at risk of fraud.


Consumers have been warned about identity theft and fraud today in the run-up to Christmas after a study found that online payment security is not fully enforced on 65 per cent of Irish websites.
According to a study done by Deloitte Enterprise Risk Services, which analysed over 100 Irish based e-commerce websites, "a significant proportion of websites" are not compliant with the payment card industry security standards.

Deloitte examined over 100 Irish e-commerce sites and checked for the kind of security measures in place to ensure safe online transactions for the shopper and found that "a significant proportion of websites" are not compliant with payment card industry security standards.

The good news, Deloitte said, is that the situation with regard to compliance with the Payment Card Industry Data Security Standards (PCI DSS) has improved since its last analysis.

A breakdown of figures showed that 100-plus companies had weak encryption for online transactions, meaning that customers entrusting their MasterCard or Visa across these sites were putting their card and personal data at risk of fraud or identity theft.

Moreover, 53 per cent of companies supported weak or legacy encryption, with 2 per cent of sites not encrypting cardholder data entry sessions at all. This means that the information that visitors to the site submit such as name, address and credit card details can potentially be compromised and accessed by fraudsters.

There were no details from the report with a breakdown of how the payments were managed, ie whether the online merchant was privy to those details, or whether they were passed on to a trusted third-party payments processor such as Realex or PayPal, both of which would automatically have extremely secure methods of encryption and data protection.

Most sites will ask you to verify your credit-card details with the three-digit CVV2 code on the back of your credit card, which is another protection against fraud, but the Deloitte analysis found that 7pc of Irish e-commerce sites did have this.

A further 3 percent had expired SSL certificates, which are certificates displayed to ensure that the site you are dealing with is actually that site – another method of protection against phishing attempts whereby a fraudster could put a false web front in place in order to steal your details.

“The results of the survey show that many websites do not have adequate levels of security for processing online transactions, which many consumers carry out on a very regular basis,” said Colm McDonnell, partner, Enterprise Risk Services, Deloitte.

“Identity theft and credit-card fraud is a growing problem here in Ireland, and inadequate levels of security must be addressed by merchants as a matter of priority.”

By Marie Boran

Related articles by Zemanta

• How Pci Protects Credit Card Transactions
• Merchants call credit card industry's bluff on compliance
• New PCI DSS details released

When Gift Cards Short Circuit - Part Two

Last week I talked about the Circuit City Bankruptcy and how it may affect the redemption of their gift cards. "Short Circuit in Gift Cards"? 

Here's some very good information from BankRate.com on how gift cards from retailers who file for bankruptcy protection are affected...

"Gift cards can become worthless when their issuers fail. Yet many people don't realize that gift card funds aren't guaranteed. A recent survey from Archstone Consulting found that 70 percent of respondents did not recognize that bankrupt retailers not honoring gift cards is a problem.

When made aware of the issue, "they still weren't that concerned," says Mike Unger, principal at Archstone Consulting.

The finding, he says, upsets him. "Frankly, given what's going on right now in this environment and with retailers struggling, I personally would not buy a gift card from a company that I thought might see bankruptcy days ahead of it because you don't need a bankruptcy judge telling you they're not going to honor your gift card," he says.

Here's what can happen if your gift card issuer goes under.

Retailer-issued cards

When a retailer files for bankruptcy -- either Chapter 11 for reorganization or Chapter 7 for liquidation -- its gift cards may or may not prove worthless.

First of all, it's not a given that the card will become unredeemable (sic)  when the merchant files for Chapter 11. "It's up to the retailer. They ask permission to the court whether or not they may continue to accept the gift cards," says Michelle Jun, staff attorney for Consumers Union, the publisher of Consumer Reports.

For example, when Sharper Image filed for Chapter 11 bankruptcy protection in February 2008, it first told the court it would no longer honor its own gift cards. Later on, the company asked if it could accept them in cases where cardholders spent at least twice the value of the card in one transaction.  "The problem is that consumers are unaware of the status of whether or not their gift cards will continue to be accepted," says Jun.

If the retailer cannot accept gift cards or files for Chapter 7, your only hope of getting any money out of the card is to file as an unsecured creditor in the bankruptcy proceeding. Contact the retailers customer service department for instructions on how to file.

Gift cardholders don't get paid first when assets are distributed in bankruptcy. Secured creditors collect first, administrative costs come out and then "whatever's left is left for this pro-rata distribution to the holders of unsecured claims," says Sarah Jane Hughes, a university scholar and fellow in commercial law at the Indiana University School of Law.

A "pro-rata" distribution is a percentage arrived at by dividing the assets available for distribution to unsecured creditors by the amount owed to them. The unsecured creditor would get that fraction times the amount of his or her claim. "So that if you had a $1,000 gift card and the pro-rata percentage was 5 percent, at the end when they distributed assets, you'd get $50."

Bank-issued cards

The rules are different for bank-issued prepaid debit cards, or "open-loop" cards with an American Express, Discover, MasterCard or Visa logo. When the issuing bank fails, whether or not the gift card is covered by deposit insurance makes all the difference.

Bank-issued gift cards can have third-party distributors -- retail stores that have gift card kiosks, such as drugstores -- which makes deposit insurance coverage less than straightforward. "Depending on how the account is structured, we might recognize the retail store as the insured depositor or we might recognize the various cardholders as the depositors," says Christopher Hencke, staff attorney at the Federal Deposit Insurance Corp.

The store would only receive coverage for up to $250,000, but if the cardholders were insured, they would each be covered for up to $250,000, in combination with any other accounts they had at that financial institution.

Check the gift card agreement to see if it states whether the card has deposit insurance. Hencke says if it offers no explanation, "and you haven't been asked to send a form to a bank explaining who you are and your identity, you can pretty much assume you're not going to be insured by the FDIC -- you personally." The FDIC must have records of who the cardholders are and how much they are owed."

Related articles by Zemanta

• Gift Cards: Things To Keep In Mind Before You Buy
• Is Your Gift Card Worthless Because the Company Went Bankrupt?
• The Gift That Just Stops Giving
• Bankruptcy Nullifies Gift Cards -Time Magazine
  
• Short Circuit in Gift Cards?

Mobile Handsets NFC Enabled by 2010?

GSMA calls for NFC as standard feature on mobile handsets

The GSMA - an international trade group of mobile operators - is calling for full near field communication (NFC) functionality to be built into handsets from mid-2009, in a bid to drive the uptake of contactless payments.

To drive development, the Association says it is backing the European Telecommunications Standards Institute's 'Single Wire Protocol' to standardize the interface between SIM cards and embedded NFC chips within handsets.

Rob Conway, CEO, GSMA, says: "We are committed to ensuring that mobile payment services are delivered as efficiently and cost effectively as possible. But this will require device manufacturers to make sure that the vast majority of commercially available handsets incorporate the Single Wire Protocol and Near Field Communications features as standard."

The GSMA's Pay-Buy-Mobile initiative has already seen trials get underway across eight countries - including Australia, Korea and the US - involving nine mobile operators, with further pilots planned in another 14 countries by 15 operators.

The Association says the positive results of several recent mobile payments trials demonstrate growing consumer demand.

An m-payments pilot launched by a consortium of French banks, telcos and technology vendors last year recently reported customer satisfaction rates of above 90%.

In London a similar trial that allowed people to use their mobile phones to pay for tube journeys and make small value purchases was also hailed as a success, with nine out of ten participants happy using NFC technology on a handset and 78% interested in using contactless services if available.

Mung-Ki Woo, VP, payment and contactless, Orange, says the operator has now run successful trials in France, Spain and the UK.  "For Orange, mass deployment is now mainly dependent on handset manufacturers providing a large range of adequate handsets," says Woo.

Related articles by Zemanta

• Money Transfers to Account for 50% of Mobile Payments by 2013
• Panel: Mobile payments misunderstood in U.S.
• Mobile phones will 'cut of'f Al Qaeda

Pulse Site Redesigned and Debit Re-Defined

PULSE, a Discover Financial Services company and operator of the PULSE(R) ATM/debit network, has launched a redesigned Web site at a new Web address, www.pulsenetwork.com.

Upon entering the site, users will encounter a fresh new look. The sleek design includes enhanced graphics, reduced click-throughs and interactive tools. The PULSE home page features Spotlight and PULSE News sections for dynamic content, as well as Quick Links, which makes frequently viewed items readily available with one click. These new elements streamline access to areas of significant interest.

Along with the new Web address, PULSE e-mail addresses are changing to reflect the new pulsenetwork.com domain name. For more information, visit www.pulsenetwork.com. 

In other news from Pulse, they also announced their Debit ReDefined 2009 Conference, to be held May 6th, 7th and 8th in Austin. 

This, from their new website:

"Debit is the most frequently used and fastest growing form of electronic payment among consumers, and its impact on the financial services industry has never been greater. Given debit's importance, the industry must continually redefine debit to keep it at the forefront of payments.

The 2009 PULSE Conference will help recharge your debit card program by focusing on trends, technologies and best-in-class issuing strategies shaping the future of debit. And, that is just the beginning. DebitRedefined will also feature sessions on emerging debit products, enhancing customer relationships, preventing fraud and marketing to Generation Y. Don't miss this unique opportunity to redefine y our debit future. Additional information about speakers and activities coming soon."

When: May 6-8, 2009
Where:Hilton Austin Hotel

• Nationally Recognized Keynote Speakers
• General Sessions with Payments Industry Leaders
• Debit-Focused Concurrent Sessions
• Conference Workshop
• Golf Tournament
• Live Music with Jim Belushi and the Sacred Hearts
  

About PULSE
PULSE is one of the nation's leading ATM/debit networks, currently serving more than 4,500 banks, credit unions and savings institutions across the country. PULSE is owned by Discover Financial Services. The network links cardholders with more than 265,000 ATMs, as well as POS terminals at retail locations nationwide. The company is also a valued resource for industry research related to electronic payments and is committed to providing its participants with education on evolving products, services and trends in the payments industry. For more information, visit www.pulsenetwork.com.
SOURCE: PULSE

Related articles by Zemanta

• DebitFacts.org Launches Today
• PULSE Releases ATM Safety Tips for Summer Travelers
• Is There A Perfect Storm Brewing in Credit Card Industry?
• Debit Talks and Credit Walks
• Discover Gets $2.75 Billion Antitrust Settlement from V/MC