Google Checkout adoption is dropping. Maybe they ought to start "searching" for ways to increase market share. Maybe a globally patented PIN debit application from HomeATM would help...
The adoption of Google Checkout by online retailers is stalling, according to a study by interactive agency Rosetta.
The report states that 37% of 100 leading online retailers surveyed currently offer alternative payment methods, a 23% increase since November 2007.
Of those, Bill Me Later is most popular at 26%, with PayPal now nearly tied at 25%. Google Checkout showed a tiny increase from 10% in 2007 to 11%. Only 7% of the retailers examined offer all three methods.
“Even though it boasts high consumer confidence, Google Checkout is struggling in retailer adoption,” said Adam Cohen, a partner at Rosetta's consumer goods and retail practice, which conducted the study last month. “Adoption of the service started out very strong last year, but has stagnated in the last 12 months."
The discontinuation of incentives for retailers during the holiday season is likely to negatively impact Google Checkout adoption on an ongoing basis, he said.
CreditCards.com has provided an interactive guide to show how merchants and banks process cards purchases. For the interactive guide click here, (or the graphic on the left)
For a printable version, click the PDF link at the bottom of this post.
How credit card transactions work Interactive guide shows how merchants, banks process card purchases
By Tyler Metzger - CreditCards.com
More than 23 billion credit cards transactions were processed in the United States in 2007, and they are projected to grow by 26 percent over the next five years, according to the Nilson Report. But have you ever wondered what exactly happens after your card is swiped? Use this guide to to find out how your credit card transactions are processed. PDF
On November 24th, I posted about Symantec's release of a detailed report called the "Internet Security Threat Report." That report is now available to anyone who wishes to download the whitepaper.
This from their website. For your convenience, I have included links to more detailed information. Click any of the graphics to enlarge.
The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
As I previously stated, this report, is now available to the general public for free download.
Symantec Weblog: Postings on the Underground Economy Learn more
Report Highlights
"The underground economy has matured into a global market with the same supply and demand pressures and responses of any other economy. There are a great many servers and channels available to advertisers to market their wares, which they do, and often. Most people associate identity theft with money because most reported cases involve criminals using the identity for activities such as obtaining credit cards, applying for loans, obtaining expensive medical or pharmaceutical treatments, or even stealing house titles. Symantec estimates the value of total advertised goods on underground economy servers was over $276 million between July 1, 2007 and June 30, 2008.
During the reporting period, Symantec monitored 44,752 unique samples of sensitive information publicly posted on underground economy servers, which accounted for 10 percent of the total distinct messages. Sellers often publicly post samples of their goods in the channels on underground economy servers. These samples serve several purposes: to prove that sellers actually have the goods in their possession; to show potential buyers the quality of goods they can expect; to enhance their credibility, and; to allow users to validate the information. The table (above left) identities the top samples of information posted:
Credit card information may rank high because there are many ways it can be obtained and used forfraud. This includes phishing schemes, monitoring merchant card authorizations, the use of magnetic stripe skimming devices, or breaking into databases and other data breaches that expose sensitive information.
Another explanation may simply be that there is a high frequency use of credit cards.
For example, the 22 billion credit card transactions in the United States in 2006 represent a growth of eight percent over the previous year. High frequency use and the range of available methods for capturing credit card data would generate more opportunities for theft and compromise and, thus, lead to an increased supply on underground economy servers.
Credit card information may be in such demand because using fraudulent credit card data for activities such as making online purchases is relatively easy. Online shopping can be easy and fast, and a final sale often requires just credit card information. Someone knowledgeable enough could potentially make many transactions with a stolen card before the suspicious activity is detected and the card is suspended.
The second most common category of goods and services advertised was financial accounts, with 20 percent of the total. This category includes bank account credentials, magnetic stripe skimming devices, online payment services, online currency accounts, and online stock trading accounts. This category ranked third for advertised requests, with 18 percent of the total. By far the major contributor to the popularity of the financial accounts category was bank account credentials, which accounted for 18 percent of all goods and services advertised for sale.
Financial accounts are attractive targets because of the opportunity to withdraw currency directly. Although this may involve more steps than using stolen credit card data to make online purchases, the process of cashing out financial accounts can be easier than retrieving cash from credit cards because criminals would require a PIN for the card. Also, most ATMs have security cameras, which may deter criminals from using this medium. In addition, withdrawing currency from a bank account has the advantage of a more immediate financial reward than with online purchases, which would need to be sold to realize a purely financial reward.
Credit card information includes credit card numbers, credit cards with CVV2, and credit card dumps; financial accounts includes bank account numbers, magnetic stripe skimming devices, online payment services, online currency accounts, and online stock accounts; spam and phishing information includes email addresses, email passwords, scams, and mailers; withdrawal services include cash outs and drops that are used to withdraw money and items from purchases; identity theft includes full identities and Social Security numbers; server accounts are for file transfers and virtual networks; compromised computers includes hacked computers, bot-infected computers, and shells; website accounts include online accounts for access to specific websites such as social networking sites; malicious tools includesWeb-based attack tools and malicious code; and retail accounts includes gift cards for online stores and online auction accounts.
Magnetic stripe skimming devices are small machines designed to scan and retain data contained in the magnetic stripes on credit and debit cards. To cash out bank accounts, individuals can either use a reliable cashier or can assume the identity of the bank account owner to withdraw funds. Since many bank accounts can only be cashed out from within the issuing country, criminals may prefer the use of cashiers that specialize in extracting currency from these accounts. Such cashiers use a variety of methods to convert the information into true currency, transferring money either through wire transfers or to online currency exchange accounts. They can also hire an intermediary to receive the transfer in person using a fake identity. Symantec observed requests on underground economy servers for cashiers in specific locations and of a particular gender (as matchingthe cashier’s gender to the identity of the bank account holder is essential to not raise suspicion when withdrawing funds).
US financial institutions were hit by 78 reported data breaches last year, a 47% increase and now own a 70% larger piece of the pie.
Reported data breaches in the US during 2008 were up 47% on the previous year, to 656, of which 78 affected financial institutions, according to a study from the Identity Theft Resource Center (ITRC).
Financial services accounted for 78 breaches, which is 11.9% of the total. Whereas last year, Financial services accounted for 7% of the total in 2007 it's 11.9% total this year represents a 70% bigger piece of the pie than they had last year. According to Finextra, ...
"The ITRC says at least 35.7 million records were potentially breached but the true figure is likely to be far higher because 41.9% of cases went unreported or undisclosed.
Financial services accounted for over 18.1 million compromised records, 52.5% of the total.
This is largely down to the biggest single breach last year, which saw BNY Mellon Shareowner Services losing around 12.5 million records - including social security numbers, names and addresses - when a box containing unencrypted customer data tapes went missing in transit in February.
In addition, RBS WorldPay was hit by a breach affecting 1.5 million records and Countrywide had two million compromised last year.
Most of the financial sector breaches were the result of hacking, followed by insider theft. Of all breaches across all sectors, 3.5% are attributable to hacking at financial firms, 2.4% to insider theft, 1.7% to data on the move, 0.8% to accidental exposure and 0.8% to subcontractors.
Electronic breaches account for 82.3% of the total, compared to 17.7% for paper. Despite this, just 2.4% of all breaches had encryption or other strong security methods in use and only 8.5% even had password protection." - Finextra
For those interested, I have included links to the following 2008 Year End Reports from the ITRC website:
BANGKOK: A Malaysian man wanted in the United States for credit card fraud amounting to US$150mil (RM540mil) was arrested by Thai authorities and US Secret Service agents in Nonthaburi on the outskirts of Bangkok on Tuesday. Local media reported that the 43-year-old man had a warrant of arrest issued for him by a US court for illegal possession of data access device, hacking into computers and stealing data.
Crime Suppression Division police chief Supisal Pakdinaruenar said the man was a prominent member of a credit card fraud gang operating in the United States for the past three years and was believed to have fled to Thailand to evade arrest. He was arrested in a house in the Pak Kret district where he was staying with his Thai wife.
The group is believed to be involved in stealing credit card transaction data from people patronizing major restaurants and retail outlets like TJX, WalMart and Office Depot, and selling the information to other groups making counterfeit cards.
According to Supisai, the man had denied all the charges and was currently facing extradition to the United States. - Bernama
Macy's Own Software Caused Its Holiday Debit Card Glitch
In a follow up story written by Fred Aun and Evan Schuman at StoreFrontBackTalk.com, they report that Macy's has determined an internal glitch caused some 8000 debit cards to be double and triple charged. He's an excerpt:
"After initially suspecting that one of its third-party payment card processors had caused a December 20 mess where some 8,000 Macy's customers had their debit cards charged as many as three times for one transaction, the chain's payment management has now concluded that the fault lied solely within their internal software.
"We were looking at the processor and the bank networks, trying to determine whether this was an issue with specific banks," Mike Gatio, president of Macy's credit and customer services division, said in a Wednesday (Jan. 14) interview. "We've now narrowed it down to our own gateway. We deal with a number of processors, but it's not their issue. It's ours."...
So, if you're like me, you're probably starting to get the "pheeling" that browsers are an extremely unreliable platform for ecommerce.
That said...let me put it another way.
I'm sure that you would agree that most of the time browser's are not even safe for browsing, let alone typing in our PAN or PIN's...
It seems like almost everyday, we read about how hackers are getting more sophisticated in the ways they try to obtain your personal information from financial sites:
Now, comes a story from Kelly J. Higgins published by Dark Reading which explains how the next generation of phishing attacks are so-phisticated that it targets users in real time . (they call it "In Session Phishing," because it targets online banking sessions with phony popups...but I'll call it PAN Fried - Phishing 2.0)
Here's a portion of the story from Dark Reading. Click the link below to read it in it's entirety...
'In-session phishing' the latest Web-based method for phishers to steal users' banking credentials
Researchers have discovered a sophisticated, new method of phishing that targets users while they are banking (thus making payments) online -- sending phony "pop-up "messages pretending to be from their banks/payment providers. (So I guess the only thing "that's safe"to say about pop-ups is that they're "not safe"...and I'll bet you're glad I didn't say there's something fishy about them...were you not?)
The so-called "in-session phishing" attack prompts the victim to retype his username and password for the banking site because the online banking session "has expired," for instance, via a pop-up that purports to be from the victim's bank site, according to researchers at Trusteer, which today published an advisory (PDF) on their findings about the potential for such a phishing attack.
From Trusteer's PDF:
"This is the next generation of sophisticated phishing attack," Klein says. "It combines an online vector -- the attacker waits for user to come to a genuine site that's hacked -- and browser shortcomings to detect which site the user is logged into in a different window or tab. This provides a very powerful avenue to conduct a sophisticated attack."
The popup message could take other forms according to the researchers (such as a Graphical User Interface I have to wonder out loud?) -- anything that could dupe the user into handing over credentials. In order for in-Session phishing attacks to succeed the following conditions are required:
1. A base website must be compromised from which the attack can be launched
2. The malware (injected on the compromised website) must be able to identify which website the victim user is currently logged on to.
The first condition is easily achieved, since more than two million legitimate websites are known to be compromised by criminals, and hundreds more are being compromised every day. Each one of them can be used as a base for this attack.
Once the website is compromised, the attacker injects code into the website. This code does not change the appearance of the website and does not download malware to the user’s PC.
Therefore it is very hard to detect. This code is designed to search for online banking websites that visitors are currently logged onto, and present them with a pop-up that claims to be from the banking website they are logged on to. These pop ups ask for log-in and personal information.
Therefore once again, I state for the record: "NEVER type your PAN or your PIN into a web browser...
The 4th Annual Underbanked Financial Services Forum presented with the Center for Financial Services Innovation will be held this year June 1-3 in Dallas, TX at The Westin Galleria.
This year's forum will be exploring multiple perspectives on serving the underbanked in today's climate. As awareness of the potential value and demographic diversity of the underbanked market continues to grow, the Underbanked Financial Services Forum remains the best single place to learn from and connect with the people transforming the financial services landscape.
Since its inception in 2006, this annual gathering has become the premier event for players across the financial services spectrum:
* Financial institutions and credit unions * Technology and service companies * Retailers and other providers * Nonprofit organizations * Government agencies
Back by popular demand...
Underbanked Xtreme Networking is back by popular demand! Borrowed from the idea of speed dating, this networking event delivers an accelerated meet and exchange between industry leaders and innovators. Pre-register before the event to receive an optimized schedule tailored to fit your specific networking needs.
Who are the underbanked?
Get the latest information from industry experts and case studies from on the ground and across the globe on the best strategies and offerings to achieve profitable growth and long-term success.
New Javelin Report on Evolving Prepaid Card Market, Consumer Usage and How Financial Institutions Benefit
(Click Pic to Enlarge)
SAN FRANCISCO, January 13, 2009 – Javelin Strategy & Research (www.javelinstrategy.com), today announced availability of a new report about the prepaid card market, which highlights consumer usage and what financial institutions can gain through a prepaid program—more specifically, how a prepaid card issuer should assess and choose a processing partner in order to obtain the greatest success and return on investment from their prepaid card programs.
According to Javelin, the processor choice is often overlooked and undervalued by prepaid program managers. But growth in the complexity of prepaid products, as well as year-over-year transaction volume growth underscores the criticality of selecting the right processor to keep pace and optimize investments long-term. Javelin delves into four key components of an effective prepaid processing program, including managing the card, serving the cardholder, executing the transaction and, getting the most from the platform. A detailed discussion of each component provides decision-making guidance to prepaid issuers chartered with managing a program. The study also takes on several of the common misconceptions about the processor selection criteria, dispelling myths and setting the record straight based on perspectives from practitioners and current market trends.
“Consumers are becoming more reliant on prepaid cards as a primary payment method as the variety of prepaid products expands,” said Javelin President and Founder, James Van Dyke. “This behavioral shift offers financial institutions and other prepaid issuers an opportunity to not only establish longer-term relationships with account holders, but create additional revenue.”
A Wide Array of Prepaid Card Products Make This Payment Method Attractive
Prepaid card applications span a wide range of consumer needs, including teen financial management, gifts, travel, online and in-store shopping, payroll and healthcare benefits. According to the report, with multiple loading and reloading mechanisms available today, prepaid cards have longer-term usage and are less disposable in nature—making prepaid programs attractive to financial institutions as a versatile method to increase revenue. Prepaid is Not Just for Lower Income and Younger Consumers
According to the study, consumer usage of prepaid card products is growing and extends well beyond the commonly assumed demographics of lower income and younger consumers. Bruce Cundiff, the report author and Javelin’s Director of Payments Research and Consulting, said, “Consumer usage has spread relatively evenly among most income groups, with middle income Americans demonstrating the highest usage of prepaid products both online and offline. What is interesting to note, the multi-channel nature of the prepaid relationship with middle-to-higher income consumers demonstrates and validates the revenue stream capabilities that prepaid issuance provides.” Security, Risk Mitigation and Regulatory Compliance
Javelin finds that security is paramount in prepaid card issuance, not only in terms of fraud mitigation but also in the scrutiny that issuers face to comply with regulatory Homeland Security standards—anti-money-laundering (AML) and know your customer (KYC) initiatives. Because security matters, prepaid card issuers may be increasingly held accountable for the actions of not only their immediate constituents and customers, but also the indirect usage of their products. Learn More About Javelin’s New Report
For financial institutions, payment companies and other third parties in the prepaid market, this report delves into the primary components of a prepaid platform and processor relationship. It challenges common myths and describes important risks surrounding prepaid processing. Javelin’s Prepaid Product Evolution Report helps prepaid program mangers better understand how to navigate creation of a prepaid program or expansion of an existing one in order to increase revenue. Javelin provides an overview about the study at : www.javelinstrategy.com/prepaidproductevolution.html
eMarkerter published an article this morning regarding which payment methods online shoppers use. and projections until 2013. While credit cards usage is expected to drop 32%, from it's 59% level in 2007 to 40% in 2013, debit usage is expected to grow 15% during the same time period. (see chart on left)
eMarketer also talked about "why" consumers use "payments services" (e.g. PayPal) and the number one reason, was "most secure...don't have to enter credit card information online." (they must mean everytime, because when I chose PayPal to make a purchase on eBay, {see number two reason in chart below right} I had to enter my credit card/debit card information)
With our personal swiping device, you "never" had to enter your credit card information online...just swipe (more convenient and faster) and enter PIN (outside browser space) making for a more secure online payment. No skimming worries, no tampering worries, just you and your own private swiping device, in the privacy of your home... Here's the article from eMarketer.
How Do Online Buyers Pay?
JANUARY 14, 2009
Mostly by credit card, but other payment methods are gaining ground. Most online buyers pay with credit cards. But the online credit card retail purchase volume growth rate is falling, and not just because of the recession.
Data from a January 2009 Javelin Strategy and Research study reveals that credit card purchase volume will continue to grow online and command the largest market share among payment types, reaching $107 billion by 2013, up from $81 billion in 2008.
Yet that is less than a 6% compound annual growth rate (CAGR), and the percentage of online purchases made with credit cards is set to fall to 40% in 2013, down from 59% in 2007. Javelin said that the share of online purchases made with private-label and prepaid cards would increase during that time.
The increased usage of other payment types is not an outright rejection of cards; Javelin estimated that e-mail payments such as PayPal would still account for only 10% of online purchases in 2013, up from 7% in 2007.
Rather, prepaid and debit cards may be viewed as ways to avoid interest charges, and private-label cards frequently have loyalty or rewards programs that give users cash or products back.
Some online buyers are still concerned about credit card fraud as well. In 2007, JupiterResearch and Ipsos Insight asked users of alternative payment methods including PayPal why they did not use credit cards, and the findings are worth remembering.
More security was the top reason given by online buyers for using payment services instead of credit cards. Respondents also said they used such services because of restricted options on credit cards, and greater flexibility, more convenience and easier dispute resolution than when they used credit cards.
Advertisement: Agencies and brands from all verticals rely on eMarketer Total Access for analysis and data. Daily articles are just the tip of the iceberg. Find out what you are missing. Learn more about Total Access today.
Secaucus, New Jersey (PRWEB) January 13, 2009 -- Cred-Ex (www.Cred-Ex.com) prepares to launch its new alternative payment solution. Cred-Ex helps combat identity theft through its patented process.
Cred-Ex will grant instantaneous credit to consumers online on its website or at its participating merchants' shopping cart screens. Merchants will feature the Cred-Ex icon next to Visa, MasterCard, American Express and Discover. Security-conscious consumers that don't want to use their credit cards online will be able to make online purchases with Cred-Ex. Online research firm comScore, Inc. reported that online shopping is increasing at approximately 15% per year, as more and more consumers shop on the Internet. Further, according to Rosetta, retail adoption of Alternative Payments Soared 23 Percent in 2008.
While composed of complex algorithms, Cred-Ex's patented process is easy for merchants and consumers to use. Unlike its competitors, Cred-Ex's platform does not require consumers to input harmful personal data such as their credit card, bank account or Social Security numbers. As a result, Cred-Ex does not store consumers' sensitive data on its servers. This will protect the consumer's identity. Cred-Ex typically approves a new application in 5 to 10 seconds.
Cred-Ex's patent also applies to its new m-Commerce solution. Consumers who have a Cred-Ex account will be able to use their cell phones to make purchases at the point-of-sale at participating merchants' brick and mortar locations. The Company expects their m-Commerce solution to increase consumer loyalty and combat consumers' rotating their credit cards. m-Commerce is already prevalent in Europe and Asia and is just starting to take hold in the US. The Company has satisfactorily concluded testing its m-commerce solution.
Coleen Barbiere, Chief Operating Officer, says, "Merchants welcome new ways to increase webstore sales and profits by increasing conversion ratios. And our Cred-Ex payment option, coupled with our new m-Commerce solution, will revolutionize alternative payment solutions in the US."
Merchants benefit from alternative payment solutions because they increase webstore profits. CyberSource recently reported that additional payment choices can increase merchants' sales conversion rates by up to 14%. Plus, Jupiter Research found that alternative payment solutions increase average order size by 13.3%. In today's challenging economy, alternative payment solutions can improve a much needed increase in the bottom line.
About Cred-Ex: Cred-Ex is the main brand of Emerging Payments Technologies, Inc. that has been a leader in alternative billing for over 10 years. Emerging Payments Technologies, Inc. began developing the Cred-Ex platform and brand in 2004 to lead the trend in online billing, e-Commerce, and now m-Commerce. Cred-Ex's owners have built several major companies in Europe that include Nocreditcard.com (www.nocreditcard.com), the European pioneer in alternative billing; Fluendo (www.fluendo.com) that specializes in delivering products and consulting services focusing on UNIX and GNU/Linux; Fluendo comes out ahead by combining best-of-breed systems from the Open Source world with a strong team of highly knowledgeable software engineers; and Aedgency (www.aedgency.com ), a leading interactive advertising agency, performance-based only, that specializes in Search Engine Marketing (SEM), and contextual advertising. Aedgency was responsible for generating over €200 million in online traffic arbitrage from network end users in 2008.
Contact: Eric Gelb Business Development Cred-Ex T: 201-865-7600 x 102
Creative Mobile Technologies (CMT), the nation's largest comprehensive taxi technology services provider, has inked a deal with Boston Cab Dispatch, Boston's premier radio affiliation service with almost 500 member taxis comprising over 25% of the Boston taxi industry. The deal will bring Boston taxi passengers a quick and easy rear-seat, self-swipe credit card payment system as well as multi-channel, interactive media screens and additional technologies designed to enhance the passenger experience and drive new efficiencies into taxi service offerings. The technology will also bring Boston Cab members into compliance with the City of Boston's mandate, that by April 2009, all taxis must provide rear-seat credit card acceptance capability.
This is the second major American taxi company in less than three months to announce the implementation of CMT's state-of-the-art taxi technology. In October 2008, CMT struck a similar deal with Chicago's Yellow, Checker and Blue Diamond family of 2,600 taxicabs. CMT is currently operating in more than 5,500 New York City taxicabs.
These new service offerings are based on CMT's "FREEdom Solution," developed in New York City by leading technology professionals and recognized leaders of the taxi industry. CMT's signature Passenger Information Monitors (PIMs) feature credit card acceptance functionality enabling passengers to securely swipe their own credit card and complete wireless transactions in seconds. The CMT PIM, which features a uniquely tailored news and entertainment network as well as GPS-powered maps that passengers can control with state-of-the-art touch-screen technology, has revolutionized and redefined the modern rider's taxicab experience.
"CMT is very excited about bringing our award-winning product to the great City of Boston whose exceptional taxi system is exemplified by Boston Cab Dispatch and its forward-thinking CEO, Brett Barenholtz," said Ron Sherman, CEO of Creative Mobile Technologies.
Jason Poliner, CMT's Chief Operating Officer, said "Boston taxi passengers will now have the quickest, safest, and most reliable credit card payment process available while the Boston taxi industry will benefit from higher passenger volumes and larger tips. Our completely re-engineered, state-of-the-art touch screens feature entertaining media content and important local information that will provide a value-added service previously unavailable to Boston riders."
Boston Cab Dispatch is a well-respected innovator in the Boston taxi industry. The company has remained ahead of the curve, having implemented the first computerized dispatch system in Boston -- 12 years before any other taxi company. Boston Cab currently has the greenest taxi service in New England.
"While our mandate is simply to provide credit card access in the back seat, we have chosen to go a step further and embrace the latest technology available to the taxi industry," said Brett Barenholtz, CEO of Boston Cab Dispatch. "After an exhaustive and thorough research process, we are convinced that CMT's excellent record of safe, reliable credit card processing, coupled with its superior media screen product, provides a perfect match for Boston Cab which always strives to provide our members and customers with the best possible service."
Boston Cab Dispatch's drivers will also benefit from the implementation of CMT's advanced solution. The technology will vastly improve credit card transaction reliability, efficiency, and ease-of-use in both the driver and passenger components of the transaction process, and the seamless integration with Boston Cab Dispatch's existing host dispatch technology will increase the fleet's geographic coverage capabilities and eliminate the need for redundant in-vehicle data communications appliances.
About CMT:
Creative Mobile Technologies (CMT) began providing New York City taxicabs with credit and debit card processing, media and advertising content, text messaging, interactive passengers maps, GPS, and electronic trip sheets in 2007. In New York, CMT, which gained a reputation as the "by the industry, for the industry" taxi technology solution, partnered with Bank of America, World Line Communications, Feeney Wireless and Mobile Knowledge. CMT's media partner, Clear Channel Taxi Media developed the exclusive NY10 Taxi Entertainment Network with content by NBC Universal. CMT is now the nation's leading provider of total taxi technology solutions, operating in over 5,500 New York City taxicabs and soon to be in over 2,600 Chicago taxicabs. CMT's "FREEdom Solution" received one of VISA's highest honors for its commitment to credit card security and privacy protection. To learn more, visit www.cmtnyc.com .
About Boston Cab Dispatch, Inc.:
Boston Cab Dispatch has been the taxi industry leader in Boston for the last 50 years, relying on its four generations of experience. Boston Cab's premier radio association boasts almost 500 taxis as members. For over a decade, the company has featured computerized dispatching and continues its commitment to update, improve, and advance its dispatch system to meet the evolving needs of the industry.
Howard Riell, in an article written for Convenience Store Decisions, writes about PCI compliance. As you'll undoubtedly notice while reading the article, PIN entry devices, or PED's are an integral part of PCI certification. The long and the short of it is that all PED's must be certified by PCI-approved laboratories and encrypt PIN's with Triple DES. I know how that's done with a hardware device...(we're in the midst of getting our personal swiping device tested and approved for PCI compliance) but I'm not quite sure how it would/could/should be done with a software application. (See "Software Breach 92 Times More Likely Than Hardware")
Here's some snippets from from the CSN story, entitled: "The High Stakes Of Compliance:"
It was in September 2006 that the credit card companies formed the PCI Security Standards Council in the hopes of battling fraud. Today, all merchants who accept payment card transactions must comply with the PCI Data Security Standard or face sizable penalties. Indeed, the passing grade for PCI is 100%, which means failing even one of the criteria will bring consequences...
Editor's Note: So, it's obvious that these Triple DES mandates are an integral element of PCI compliance and in 5+ months TDES is required on "all debit transactions." Since Jan. 1, 2008, all newly manufactured debit card processing terminals must incorporate PIN entry devices that have been certified by PCI approved laboratories
Manufacturers have to begin installing key pads capable of implementing a new Triple Data Encryption Standard (TDES), which requires that data be encoded several times through an encrypted PIN pad.
By July 1, 2009, TDES will be required for all debit transactions and by
June 30, 2010, all fuel dispensers will need to be able to encrypt PINs according to the TDES.
The very next day, July 1st 2010, pumps that process debit transactions must be upgraded with encrypted PIN pads, and in-store POS terminals have to be certified as PCI-compliant. The devices must also process all debit transactions using TDES.
One of my favorite lines from the article comes from Bruce Snyder, manager of IP retail systems for 395-store Kwik Trip based in La Crosse, Wis“ who instead, sounds like a spokesman for Gemalto. (see: Gemalto Wants EMV in US) Apparently he doesn't like the implementation costs (retailers will need to replace outdated hardware) and thinks that as long as they have to get new equipment anyway, then V/MC and the banks should spend billions to implement EMV and when they're done, he'll replace Kwik Trip 'sexisting equipment with Chip and PIN readers. Problem is, it won't be Kwik...it'll be years, if they started today. (don't hold your breath)
"We have this silly little mag stripe that is so vulnerable and penetrable and we are building an infrastructure around it to protect the information, and a lot of people are making good money on that,” Snyder said. “With the new rulings on EPPs, if I want to continue to do debit we have to replace all of our dispenser doors and PIN pads at a huge expense to us to remain compliant. What we have to do is put in an encrypted PIN pad at the dispenser if we want to continue to do debit there.” But the new door and PIN pad will cost $1,500 per dispenser. (Ouch! Consumers can get our SwipePIN device for merely the cost of shipping and handling, which in the face of $1500...makes for a rather compelling value proposition)
“Start doing the math on that and now you have to make a decision: can we afford to do this? And what happens if we don’t?” Snyder said. “We need to change that method of presenting ourselves for a credit transaction and make it more secure so that we don’t have to build all of this stuff around it to try to protect a very flawed method...”
If you "wanna get away" and you live in the UK, make sure your bank nose..otherwise you'll have "slim pickin's" when it comes to payment options...
Travelers have been told that they need to inform their banks about their travel destinations, when they go away, according to a recent report in the newspaper The Times.
This is in the aim of combating credit card fraud, where several holiday goers found their debit or credit cards frozen, when they are abroad. Banks monitor card usage and often freeze them if they begin showing unusual behavior.
The banks claim that if customers inform them of their travel plans, then it means they can make a proper assessment of the information. HBOS told the newspaper, saying: “If people are going to Africa, South America, we like to know. Also, we like to know about people going to Eastern Europe.” This is due to the increase of credit card fraud taking place in these locations.
However, locations in the United States are said to be the most likely places that involve fraud with British cards. Around £24.6 million was taken from UK cardholders in the country in 2008, marking an increase of 118 percent in the last three years. Much of this fraud is conducted by criminals who copy the information on the card's magnetic strip when it is used. They can then use this information to create fake cards for their own use. Credit card fraud has become less likely in the UK, due to the introduction of Chip and PIN.
Attend a Javelin Strategy & Research Webinar on January 28, 2009 at 10:00 AM PST to learn about the latest developments in data breach risk management for financial services and other industries.
Senior Javelin Analyst, Tom Wills, will share updates and insights based on recent Javelin primary market research about:
(1) The data breach risk landscape in 2009 - Insider fraud, Web application attacks, and other emerging threats - The impact of a down economy on identity theft
(2) The impact of data breaches on customer relationships and corporate reputation a. Customer attrition statistics b. How consumers view financial institutions as responsible for data breach incidents – even when the institution is not directly involved c. What actions customers expect of organizations that have suffered a breach
(3) US regulatory update - New State laws requiring specific preventative steps - The Federal Trade Commission’s Red Flag rules
(4) Best practices for Prevention, Detection, and Resolution™ a. Securing sensitive information b. How to recognize when a data breach has taken place c. How a careful, high-touch and cross-functional data breach response can mitigate the risks of customer loss and litigation
(5) Vendor Spotlight: ID Experts – led by ID Experts President Rick Kam
Javelin Speaker: Tom Wills, Senior Analyst – Security, Fraud, and Compliance Title: Data Breach Defense 2009: Prevention, Detection and Resolution Strategies to Protect Your Reputation and Stay Compliant with Regulations Date: Wednesday, January 28, 2009 Time: 10:00 AM PST
Additional fraud protection adds value for Canadian small businesses
Visa Inc. (NYSE: V) announced today in Canada an important expansion of its Zero Liability program, which will now include Visa Business cards issued by Canadian financial institutions. The move can help better protect Visa Business cardholders from losses due to fraudulent transactions.
In a consumer survey(i) of more than one thousand Canadian Visa cardholders, 80 percent of respondents indicated they were extremely or very interested in having Zero Liability protection on their Visa card, with 30 percent ranking Zero Liability as the most appealing feature.
"Visa Business cards offer many benefits to small business owners in Canada and the addition of Zero Liability is another reason for them to use a Visa card with confidence," said Kareem Chouli, Head of Commercial Solutions in Canada, Visa Inc. "Security is a priority for Visa, and the Zero Liability policy is an important layer of our fraud prevention efforts."
Visa's Zero Liability policy protects business cardholders against fraud exactly the same way as it protects personal cardholders. Zero Liability means that business cardholders who have been victims of credit card fraud, including unauthorized transactions made via telephone or on the internet, do not pay for fraudulent transactions. Zero Liability does not apply to transactions with Visa Corporate or Visa Purchasing cards.
Personal Visa cardholders, including those who have been issued a Visa chip and PIN card, from Canadian-issued financial institutions will continue to be protected by the Zero Liability policy. All Visa cardholders must comply with the terms of their cardholder agreement including protecting their PIN where applicable.
With Visa Business cards, small businesses can conveniently manage their finances by separating business and personal spending, and tracking and analyzing expenses online. Online resources at visa.ca/smallbusiness include free business tools and guides, articles, as well as information about the Visa Savings for Business program - offering exclusive discounts to Canadian Visa Business cardholders.
Last week, in a post entitled "ChipPin In" I covered a story from the Nigerian Punch regarding that country's transition from magstripe to Chip and PIN. Interswitch is Nigeria's premier transaction switching platform and evidently, they have their hands full when it comes to dealing with fraudsters. From "phishing" to "phake" websites, it's no wonder they have decided to implement Chip & PIN...
Internet fraudsters are at work again. They are trying once again to defraud Automated Teller Machine (ATM) card users by sending fraudulent mail purportedly in the name of Interswitch Nigeria Limited, the switching company which drives the ATM and debit card network of Nigeria’s 24 banks.
Mitchell Alegbe, managing director of Interswitch assures card users however that his company is on top of the situation and that the card users will have no problems as long as they do not disclose their PIN numbers to anyone. Alegbe says Interswitch is the nation's foremost transactions and switching company, with all the 24 banks connected to its network to provide electronic banking services through debit and credit cards, ATM and point of sale terminals (POS) and that it is constantly deploying new technologies to address the issue.
In a recent attempt, the fraudsters sent out e-mail to random addresses attempting to get ATM and debit card users to disclose their PIN numbers. The said mail read”:This is to notify you that our services are being upgraded to a new, better and more secured system . You are now required to click here and register all your debit cards, X-change cards, and cash cards online immdiately so as to enable your card to work on our new servers. Only registered cards will work with the ATM machines.”
Interswitch says this message is not from it and that card holders should ignore it.The company adds that on no account should any card holder disclose his or her PIN number to any third party.
In a previous attempt, fraudsters allegedly set up a fake website which attempted to replicate the Interswitch website and the company promptly moved to get the site shut down. Officials of the company told Business Day that the company has put in place a technology that enables it detect and shut down any fake Interswitch website immediately it appears on the internet and it has shut down such websites since the technology was installed.
In addition to this, the company in collaboration with participating banks embarked on a massive enlightenment campaign to inform cardholders on the activities and operations of the company and means of detecting fraud attempts and protecting their card information from getting into wrong hands.
Google Checkout adoption is dropping. Maybe they ought to start "searching" for ways to increase market share. Maybe a globally patented PIN debit application from HomeATM would help...
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u5IY0b1q9FgQi4EESE6WHVkvmq-2k5cnw5XREKPsw87e8wP3C_x0ASY7AnAakEgoZScT5xJQSccOMePB8IXvB4qiQPu78mvLFXR1dXzm7Dx0dYYlUuoanmM3iPHE2cJJz91QQ1lnijSmIcSO31KGE=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sL_porT6pY_a1jsmJcJxMjWfbCzo2g0WOfhGO8a0xHjyYhLfzPZrWQ0IBfcQkY8NdNDQOLBX2s-0x3Eefn4c9zlP-ClCJG8ZJpOdFUHRcM-bX-jVCKdRF8QuYZ-UzvZBpyIjUW1HBty-s97h0hNzQ=s0-d)
Reported data breaches in the US during 2008 were up 47% on the previous year, to 656, of which 78 affected financial institutions, according to a study from the 
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uyHmygMjhygPaZakzOVKqlLwGZ6Bc19X7djaGC4Xz6XSTaqm6iPowmoxVTjNfvzLK2m9urjMTq2WHeJvGfIb_s2Rv9MoqEYLpX6R1maNS9LvyinOMupgHKK_yaS4BZhf07biSoGvF-xLJlsGX5UE2X=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sI-3zD0ZBnnKFF1NCRSoagBLsdd8-zvr4ysL_0D2S8JgTsR2n3dOeelCf-QETE676_TdEedUJM-7h9XXOSaF-faUQOieniHGusMRuFyYIEo3J_WdRlsqWg2MHE5qlPNXtMi0edAn0Jl-Dp079D9qY=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uWEhIigSZRx8LSHAY9d8YkkyZoNZcvGESaHuWAztixQ1djnXCwayR3ux0B3hExIAQcRD8x0dC12kB49HOpnOFDhZ4kfYjKEHRW59WhBs3WWI0jK4b8hTiPjvSMrik16OWM0OIqqysCbydwPATsRg8=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uzKSYPt4Bb32_SzIrhrNkCz_ymoFH17QXkuiXlCWeIaEk7vbN8KrF77s_MXSxoGt5PxID_dcNKP-NYKWCQ6vRw1Sd5HhcmkYhztX3XZOaLw2LQ2odZ_hnhzPlFLxztyQVuU-V2rANebGDe9wsDNirG=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_txpOeio7PMKJiahvv3LMvS_HGetifGcTXKVAltBAi5dAyRk3BEapaB5V2elpEfm58fEcKitKgQ4evOik8Rs4zW6YG5xm20T2ebdDZnHDxvUn4zAlCCzEmUhDj_TNqBNYE7Wrqst2tRqL8Sk5ixRWc=s0-d)
eMarkerter published an article this morning regarding which payment methods online shoppers use. and projections until 2013. While credit cards usage is expected to drop 32%, from it's 59% level in 2007 to 40% in 2013, debit usage is expected to grow 15% during the same time period. (see chart on left) 
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uuRqiOiix8kEzpaW5qXe9-GKP_LhHngTqVXLEKpyuP2t_IvMiz8jp0sk9euywKcKm6_rSUujPrYPP057WvSYtq6hdbU1o2gfPiGkkkHanGwXHkl4UMBXdBmlTFUusAKUXYFpdz_kWCOe1kfN8Uf5w_=s0-d)
Secaucus, New Jersey (PRWEB) January 13, 2009 -- Cred-Ex (www.Cred-Ex.com) prepares to launch its new alternative payment solution. Cred-Ex helps combat identity theft through its patented process.![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tgoa_ZimYzJ5cw1JPUmV7tMlbEKiCrHKmES02z5H_cEk59wIuFnBbSzkw0htcvaQwxX5TzlzGj0Q4yWIwGyDaQO4XDLyjwrmShKgBiL-oCwn5OiV6qvz8k817a7N-4m30iLrn2snn7HqweR3N67eA=s0-d)
Creative Mobile Technologies (CMT), the nation's largest comprehensive taxi technology services provider, has inked a deal with Boston Cab Dispatch, Boston's premier radio affiliation service with almost 500 member taxis comprising over 25% of the Boston taxi industry. The deal will bring Boston taxi passengers a quick and easy rear-seat, self-swipe credit card payment system as well as multi-channel, interactive media screens and additional technologies designed to enhance the passenger experience and drive new efficiencies into taxi service offerings. The technology will also bring Boston Cab members into compliance with the City of Boston's mandate, that by April 2009, all taxis must provide rear-seat credit card acceptance capability.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ud02XiaA2pK0sf8zBAt03KqJSz2c8ZElPmRsllYI2h4fHfgQruvC5EkiVKwKWw_6UxNYlxKV6zkSuINC0Q3MK2FAQHfccfH_3VIsvun2ifXC0hmbmaohLHsTRnrLhX9IUrZ_e8OgMntx5zEgWPSHY=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tzOR12524V_wVsPxvNRXvrCjXm8JrLC4m7B1lRSdO34ypedraEUat350Zb_gMppiNs3NWGXHdXX_l3UpvKaTorRnT1lJvG37FT9Nsunu7ED5jhzJ7YunxJHBtnqTacMC0o-YuYu7m6fztriFQ25bCP=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t2_16dxjJiNANPk3uWdKfUgYImgQu46unrSrLNm_LKdf-LhAUZ2NHc5WlDXNAxVMoaYaI4rXb_rVb743UQM1x11E2WTzZuOsQPagVHvISqUkQXkKzfhixFH6mwFKh9DHW0mKcFO57Z3rNPbMCdcJIX=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vuzu0BQqa6tWLQHjmpKiEczEokEyT43bHoRh3wTBEFG1oXBrPD6IxCE6SSi8XlQRCqiJU3TExiwm-k3Q18u9dhezjcib6XTbZICRx-ougyBdbQCcJSjsZ7J4XygUGmWpN0yfQXaI_ZZGFINuBttSkb=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tuZ3a0UjV-fesPDnugD-wKx-erOuwsJ7haCYMwpwFcZ7BA3OMwbmYRpmcJfvL8uak5ynj3BSpee38W5C_qrlbF7H_8_u_DMM_MpETqsHK36E-3V-6959Dp3nyRf1W2-JepyxwRwzcxofR8NFx674XV=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s_mSy203c_iF7XjNOrOJX_3SKTfV5ITXix-wCW5nLBc2zFLBEN9CPciuaJxicbDBECNFRf5M64xjONv8iQm1BTYIY5U-Pa6CcbpYbiDsw6GNZgUzebSo7buBrdw1rMERTB6BkewsojtpXYtMGhV3Sd=s0-d)