FIS Reports Strong Earnings Growth

FIS Reports Strong Earnings Growth | PIN Payments News Blog

Adjusted EPS of $0.31, up 19.2%/Adjusted EBITDA margin of 22.7%, up 100 basis points

Free cash flow increases to $119 million

JACKSONVILLE, Fla., May 1st, 2009 PIN Payments News Blog -- Fidelity National Information Services, Inc. (NYSE: FIS), a leading global provider of technology services to financial institutions, today reported financial results for the quarter ended March 31, 2009.

Consolidated revenue of $797.8 million declined 3.9% in U.S. dollars and increased 0.3% in constant currency compared to $830.3 million in the first quarter of 2008. Non-GAAP adjusted net earnings increased 19.2% to $0.31 per share in U.S. dollars, compared to $0.26 in the prior year, and increased 23.1% in constant currency. The increase is attributable to improved operating performance, lower interest expense and a lower share count, partially offset by a slightly higher tax rate. GAAP net earnings from continuing operations attributable to common stockholders totaled $34.3 million, or $0.18 per share compared to $0.06 per share in the prior period. Free cash flow (cash from operations less capital expenditures) was $119.2 million compared with $4.9 million in the prior year quarter.

"FIS's strong first quarter performance in the midst of ongoing economic uncertainty reflects the continued solid execution of our business plan and the strength of our operating model," stated William P. Foley, II, executive chairman of FIS.

"We are very pleased with the strong growth in earnings, profit margins and free cash flow," stated Lee A. Kennedy, president and chief executive officer. "Despite very difficult market conditions, our disciplined focus on improving efficiency and managing costs drove a 100 basis point improvement in our EBITDA margin, and contributed to the 19.2% increase in earnings per share. Although we expect challenging market conditions to persist throughout 2009, we remain confident in our ability to achieve solid earnings growth and strong free cash flow."

Supplemental Information

Consolidated revenue in the first quarter of 2009 was $797.8 million, compared with $830.3 in the prior year quarter, a decrease of 3.9% in U.S. dollars. Excluding a $34.9 million unfavorable impact of foreign currency resulting from a strengthening of the U.S. dollar, consolidated revenue increased 0.3% driven by strong growth in International.

• Financial Solutions revenue declined 3.2% to $271.3 million compared to $280.4 million in the prior period, as increased demand for risk management and commercial outsourcing services was offset by lower software license and professional services revenue;
• Payment Solutions revenue declined 2.3% to $364.7 million compared to $373.3 million in the 2008 quarter, due primarily to a $9.7 million decline in the company's retail check guarantee business. Excluding Check Services' revenue from both periods, Payment Solutions revenue increased 0.4%;
• International revenue declined 8.3% to $162.3 million in U.S. dollars, compared to $176.9 million in the prior year quarter.
• International revenue increased 11.5% in constant currency, driven by 16.3% growth in payments and 4.5% growth in financial solutions.
• Adjusted EBITDA increased 0.7% to $181.2 million in the first quarter of 2009 compared to $180.0 million in the 2008 quarter. The adjusted EBITDA margin improved 100 basis points to 22.7% compared to 21.7% in the prior-year quarter, driven by increased operating leverage and ongoing expense management.
• Financial Solutions EBITDA declined 2.9% to $102.0 million, due primarily to a decline in high margin software sales. The 37.6% margin was comparable to the prior period;
• Payment Solutions EBITDA increased 11.5% to $95.2 million, and the margin increased 320 basis points to 26.1%. The improvement is attributable to increased operating efficiency;
• International EBITDA decreased 8.6% to $23.4 million due to a $5.2 million unfavorable currency impact. The International margin of 14.4% was comparable to prior year.

The effective tax rate in the first quarter of 2009 was 34.5% compared to 33.1% in the first quarter of 2008.

Balance Sheet

FIS had $272.0 million in cash and cash equivalents at March 31, 2009. The company repaid $54.0 million of debt during the first quarter, reducing total debt outstanding to $2.46 billion, of which $2.1 billion has been swapped to fixed interest rates. The effective interest rate was 5.2% as of March 31, 2009.

Continuing an intensive focus on capital spending, capital expenditures totaled $45.3 million in the quarter, which is a 42% reduction from the $78.3 million spent in the prior year.

Acquisition Update

On April 1, 2009, FIS announced plans to acquire Metavante Technologies, Inc. (NYSE: MV). The transaction is subject to approval by FIS and Metavante shareholders, receipt of regulatory approvals and the satisfaction of customary closing conditions. Subject to receiving the required approvals, FIS expects to complete the transaction in the third quarter of 2009.

2009 Outlook

FIS reaffirmed its full year outlook for adjusted net earnings of $1.60 to $1.66 per share. This guidance does not reflect the proposed acquisition of Metavante. FIS will update its fiscal 2009 guidance to include Metavante's results following the completion of the transaction.

Use of Non-GAAP Financial Information

Generally Accepted Accounting Principles (GAAP) is the term used to refer to the standard framework of guidelines for financial accounting. GAAP includes the standards, conventions, and rules accountants follow in recording and summarizing transactions, and in the preparation of financial statements. In addition to reporting financial results in accordance with GAAP, the company has provided non-GAAP financial measures which it believes are useful to help investors better understand its financial performance, competitive position and prospects for the future. These non-GAAP measures include earnings before interest, taxes and amortization (EBITDA), adjusted net earnings, and free cash flow. Adjusted EBITDA excludes the impact of merger and acquisition and integration expenses, LPS spin-off related costs, certain stock compensation charges and certain other costs. Adjusted net earnings exclude the after-tax impact of merger and acquisition and integration expenses, LPS spin-off related costs, certain stock compensation charges, acquisition related amortization and certain other costs. Any non-GAAP measures should be considered in context with the GAAP financial presentation and should not be considered in isolation or as a substitute for GAAP net earnings. Further, FIS's non-GAAP measures may be calculated differently from similarly-titled measures of other companies. A reconciliation of these non-GAAP measures to related GAAP measures is included in the press release attachments.

Conference Call and Webcast

FIS will host a call with investors and analysts to discuss first quarter 2009 results on Wednesday, April 29, 2009, beginning at 8:30 a.m. Eastern daylight time. To register for the live event and to access a supplemental slide presentation, go to the Investor Relations section at www.fidelityinfoservices.com and click on "Events and Multimedia." A webcast replay will be available on FIS' Investor Relations website, and a telephone replay will be available through May 13, 2009, by dialing 800-475-6701 (USA) or 320-365-3844 (International). The access code will be 996633. To access a PDF version of this release and accompanying financial tables, go to http://www.investor.fidelityinfoservices.com.

About Fidelity National Information Services, Inc.

Fidelity National Information Services, Inc. (NYSE: FIS), a member of the S&P 500 Index, is a leading provider of core processing for financial institutions; card issuer and transaction processing services; and outsourcing services to financial institutions and retailers. FIS has processing and technology relationships with 40 of the top 50 global banks, including nine of the top 10 and was ranked the number one banking technology provider in the world by American Banker and the research firm Financial Insights in the 2008 FinTech 100 rankings. Headquartered in Jacksonville, Fla., FIS maintains a strong global presence, serving more than 14,000 financial institutions in more than 90 countries worldwide. For more information on Fidelity National Information Services, please visit www.fidelityinfoservices.com.

FIS, Fidelity National Information Services, Earnings, PIN Payments News Blogg

Debit Card Skimming Scams

Debit-card 'skimming' scams

Three steps to take to protect your account data from getting into the wrong hands

VIDEO:

Debit Card Theft

 

Whetherby choice or necessity, American consumers are increasingly relying ondebit rather than credit cards. Debit purchases for 2008 are expectedto have increased by 13 percent, to a total $1.2 trillion. Thatcompares with a rise of only 3 percent, to $1.9 trillion, for creditcards over the same period, according to the Nilson Report, anewsletter that tracks the consumer payment industry.

Whenyou use a debit card, the money is immediately taken from your checkingaccount. While using debit guarantees you that pay as you go, thesecards have downsides, including a growing appeal to thieves. "Aseconomic conditions have worsened, there's been a noticeable increasein all types of card fraud," says Avivah Litan, an analyst specializingin fraud detection and prevention at Gartner Research in Stamford,Conn. "But ATM and debit-card fraud is the top area of concern we'rehearing about from banks all over the world."

Unlikecredit-card thieves, who usually charge merchandise and then resell itto come up with money, people who create counterfeit ATM or debit cardsby stealing your PIN and other account data can simply pull cold cashfrom your bank account. Using a technique known as skimming, they setup equipment that captures magnetic stripe and keypad information whenyou input your PIN at ATM machines, gas pumps, restaurants, orretailers.

Here's how you can protect yourself:

Don't type in your PIN at the pump (or into a web browser!)

Beespecially vigilant at gas stations, Litan says. "Gas pumps arenotorious for skimming because they're produced by only a couple ofdifferent manufacturers, and if someone gets the key to one from adisgruntled employee, they can insert a skimming device inside the pumpwhere it can't be seen," she says. She recommends using a credit cardrather than a debit card when you fill your tank.

Ifyou must use a debit card at the gas pump, choose the screen promptthat identifies it as a credit card so that you do not have to type inyour PIN. The purchase amount will still be deducted from your bankaccount, but it will be processed through a credit-card network, whichwill give you greater protection from liability if fraud does occur.This is because card issuers typically have "zero liability" policiesfor both debit and credit cards, but sometimes exclude PIN-basedtransactions from that protection.

Editor's Note:  As the PIN Payments News Blog reported last January, (Triple DES for GAS)  Visa has mandated that all new gasdispensing machines must support Triple DES effective January 1st.  Forexisting machines, Triple DES must be implemented into pay at the pumpstations by July,  2010.  So, if your gas station has NEW gas dispensing machines, your good to go...otherwise heed this advice until 7/10!

Visa'snew requirement calls on gas retailers to ensure that all new pumpscapable of processing debit card purchases are equipped with anencrypting PIN pad, or EPP, that supports 3DES

Continue Reading at Consumer Reports

New Standard for Encrypting Card Data in the Works - HomeATM Already Done

Banking / Finance News
Source: ComputerWorld
Complete item: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9132420

Description:
The same organization that led the development of security standards for payment-card magnetic stripe data and PIN-based transactions will soon begin work on a new specification for encrypting cardholder data while it is in transit between systems during the transaction process.

And among the companies in the forefront of the effort is Heartland Payment Systems Inc., the Princeton, N.J.-based payment processing firm that announced in January what some analysts think could end up being the largest data breach involving credit-card information thus far.The Accredited Standards Committee X9, which is accredited by the American National Standards Institute, is set to launch an initiative formally known as the Sensitive Card Data Protection Between Device and Acquiring System program. ASC X9 develops and maintains numerous standards for the financial services industry in the U.S., and participants said this week that the goal of the new effort is to develop a data encryption standard to protect information from the moment a card is swiped at a payment register to the end of the transaction chain at a so-called acquiring bank.

The need for such "end-to-end" protection has become increasingly apparent within the payment card industry in the wake of the continuing breaches at companies such as Heartland and RBS WorldPay Inc., another payment processor that disclosed a system intrusion last December.

But while proprietary tools are available from a few vendors for achieving that type of protection, there currently is no standard approach, said Sid Sidner, director of security engineering at ACI Worldwide Inc., a vendor of payment processing software in New York.

And yes, HomeATM's proprietary approach to securing online transactions is way ahead of the game.  Not only do we provide end-to-end protection, but we also encrypt the Track 2 data, which is what they are talking about here.  Furthermore, we utilize DUKPT key-management to provide an enhanced layer of security for PIN entry, something that CANNOT be done with a software based approach to PIN Entry, and are the "first and only" company to engineer, develop and manufacturer a PCI 2.0 Certified PIN Entry Device specifically designed for eCommerce use.  So is HomeATM ahead of the game?  We're the only end-(to-end) game in town!  Let me provide more information on DUKPT key managment (from Wikipedia)


In cryptography, Derived Unique Key Per Transaction (DUKPT) is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Therefore, if a derived key is compromised, future and past transaction data are still protected since the next or prior keys cannot be determined easily. DUKPT is specified in ANSI X9.24 part 1.

DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.

DUKPT is not itself an encryption standard; rather it is a key management technique. The features of the DUKPT scheme are:

• enable both originating and receiving parties to be in agreement as to the key being used for a given transaction,
• each transaction will have a distinct key from all other transactions, except by coincidence,
• if a present key is compromised, past and future keys (and thus the transactional data encrypted under them) remain uncompromised,
• each device generates a different key sequence,
• originators and receivers of encrypted messages do not have to perform an interactive key-agreement protocol beforehand.

Continuing on with the story:

As a result, ACI, which is a member of the ASC X9 group, wrote up a "work request" in February suggesting the development of a standard. According to Sidner, the effort will focus on the formatting of "cryptographic payloads" to carry sensitive data over transaction networks. The goal, he said, is to create something akin to the level of standardization that exists now for protecting PIN data. Although numerous messaging formats are used to transport cardholder data over a transaction network, the cryptographic blobs that protect the PIN data itself in each message looks exactly the same.

A similar encryption standard would require few or even no tweaks to the existing payment systems infrastructure, claimed Sidner, who is chairing the working group set up to carry out the project. As part of the standards effort, ASC X9 may also look at the viability of using the same security-key management mechanism that is currently used for PIN security, he said.

E-Secure-IT
https://www.e-secure-it.com

"finovatestartup09" finovatestartup09, DUKPT, HomeATM, New Encryption Standard

Related articles by Zemanta

• Hacked! Is Visa Next? (pindebit.blogspot.com)
• Heartland data breach could be bigger than TJX's (infoworld.com)
• Visa, MasterCard Issue New Breach Warning (wired.com)
• Malware Inside the Credit Card Machine (loosewireblog.com)

Hacker Targets Twitter

By Steve Evans - CBR security

Twitter, the phenomenally popular micro-blogging site, faces more question about its security procedures after a French hacker claimed he accessed the account of a Twitter employee with administrative rights.

The hacker claimed that this enabled him to access Twitter accounts belonging to US president Barack Obama and singers Britney Spears and Lily Allen. He posted screenshots taken during the break-in on a hacker forum.

The screenshots appeared to show email addresses, mobile phone numbers and information about other Twitter accounts that had been blocked by the user.

This is the latest security setback for Twitter, which has seen huge growth during 2009. Over the Easter weekend the site was hit by a malware attack that resulted in Twitter identifying and deleting almost 10,000 tweets that could have continued to spread the worm.

Graham Cluley, senior technology consultant at security firm Sophos, said: “This is just the latest in a string of security issues at Twitter in recent months, and the website is surely in danger of losing the confidence of its users who will be rattled by yet another breach.

“Just like with the recent Twitter worm outbreaks, this is not so much a case of Twitter raising awareness amongst its many users about sensible online security, but learning a few lessons itself. Careless security by the micro-blogging site could potentially put millions of Twitter users at risk.”

Recent research from Sophos revealed that two thirds of businesses think social networking is a security risk, as IT admins believe that employees share too much personal information via their social networking profiles.

Twitter, Phishing, Hacker

Related articles

• Twitter Worm Could Take Over Your Computer (in Theory) (readwriteweb.com)
• Password guessing attack exposed in Twitter pwn (theregister.co.uk)
• Twitter users hit by smut spam hack attack (theregister.co.uk)

Facebook Targeted with Another Phishing Attack

Facebook beefs up security with MarkMonitor - Security : News   By Steve Evans

Social networking site hit by another phishing attack

Facebook has expanded its use of MarkMonitor’s AntiFraud Solutions to cover malware attacks, after it was revealed on Wednesday that users of the social networking site were the victims of another phishing scam.

Facebook’s users were sent an email claiming to be from the site, but redirected users to FBaction.net where they were asked to enter their username and password. Their details were then stolen by the fake website.

Facebook was already using MarkMonitor’s technology to protect users from potential phishing attacks but has now extended that to cover malware as well.

Facebook has often found itself the target of malware attacks due to its strong brand name and number of users. The impact of malware on a user’s PC can range from deleting important files to capturing personal information such as usernames, passwords and other login information that can be used for identity theft.

Continue Reading at CBR

I do believe we're starting to see a "trend" here.  What's Next?  Is Twitter going to be targeted by a Hacker?  If so, I would say that social networking sites protect their user's data, or, who knows...they could wind up in jail.  (see previous post)

Related articles

• Facebook hit by phishing scam (guardian.co.uk)
• The Latest Facebook Scam (gawker.com)

Social Networking is a Security Risk - 2/3rd's of Businesses Say!!

Two thirds of businesses say social networking is security risk - Security : News

Security firm Sophos said its latest research into social networking found that 63% of system administrators worry that employees share too much personal information via their social networking profiles, putting their corporate infrastructure – and the sensitive data stored on it – at risk

The findings also indicate that a quarter of businesses have been the victim of spam, phishing or malware attacks via sites like Twitter, Facebook, LinkedIn and MySpace.

With social networking now part of many computer users' daily routine – from finding out what friends are up to, to viewing photos or simply updating their online status – Sophos experts note that unprecedented amounts of information is updated every minute.

Frequent use of social networking sites makes them a prime target for cybercriminals intent on stealing identities, spreading malware or bombarding users with spam, Sophos said.

So I guess what they are also saying is that applications such as TwitPay need to be enhanced.  I think we can help Amazon with that. 

Keep in mind, just because Sophos is warning about the security risks of social networking sites doesn't mean they are going to be targeted by Hackers or utilized for phishing attacks. 

Does it?  We'll see.  Stay tuned.  I've got some insider information that both incidents will be covered by the PIN Payments Blog within the next hour and a half!  Click the "Follow Me on Twitter" graphic above right to stay up to date.

Until then, you may read the above article in it's entirety here

Survey Says! Jail for CEO's of Breached Companies

Data breach CEOs should face jail: survey - Security : News

A new survey of security executives has revealed that they believe CEOs and board members should face imprisonment for exposing consumers’ confidential data.

The survey, carried out on behalf of Websense at this year’s e-Crime Congress, found that 30% of the 104 respondents believe jail time is a suitable punishment for security breaches that result in the loss of confidential data.

Negligent security procedures should also result in a fine for the guilty company, 62% of respondents believed.

Compensation for consumers whose data had been compromised was favoured by 68% of respondents.

The tables are turning.  If security executives feel that strongly about the crime, then it's time for CEO's to start seriously looking at protecting cardholder data. 

Here's my "hard cell" ... CEO's now have a choice! 

1 PCI 2.0 Approved PED with 3DES End to End Encryption with DUKPT (pronounced DUCK PUT) key management or...
2.  Get PUT away and throw away the key?  (no key management)

I do know that 10 out of 10 people surveyed would rather have HomeATM Monitoring than go to Jail.

Read the Entire Article

France Delays SEPA Direct Debit Launch for a Year

Newsflash from Finextra.com.  01/05/2009 15:19:00
FRANCE DELAYS SEPA DIRECT DEBIT LAUNCH

French banks have pushed back the date for implementation of the Sepa Direct Debit scheme by a year to November 2010, setting the stage for a confrontation with the European Central Bank and the European Commission.

More on this story: http://www.finextra.com/fullstory.asp?id=19990

FreeMason Job: Chip-and-PIN On Trial

'Phantom' withdrawal case concludes in U.K. court

A Halifax bank defends chip-and-PIN, while the plaintiff argues his cash card could have been cloned
By Jeremy Kirk , IDG News Service , 04/30/2009

A one-day trial that raises questions about the security of cash cards used in the U.K. and Europe concluded Thursday, with a decision expected in about a month.

Alain Job sued U.K. bank Halifax in March 2007 over eight withdrawals made from his account in February 2006. Job maintains he did not withdraw a cumulative £2,100 ($3,100). He also maintains he did not authorize anyone else to withdraw the money.

Job decided to sue after the Financial Ombudsman Service (FOS), which mediates disputes between banks and customers, sided with Halifax.

Job is the first person to sue a U.K. bank over a phantom withdrawal and believes one possibility is that his card was cloned. Halifax maintains that it was his exact card that was used to perform the withdrawals and that either Jobs is knowingly trying to defraud the banks or was grossly negligent in handling his card and PIN (personal identification number).

Job admitted at one point during testimony to putting his cash card in his garden outside one night for some inexplicable reason, according to Alistair Kelman, an attorney who watched the proceedings in Nottingham County Court.

Stephen Mason, an attorney who specializes in the collection of digital evidence and has written about case law involving disputed cash-machine transactions is representing Job is "pro bono" i.e. "he's doing Job for Free"

Continue Reading at NetworkWorld

Visa, American Express Dropped from Lawsuit

AmEx, Visa Gift Card Claims Construction Upheld

On April 17th I blogged about a lawsuit filed by Actus (a Texas hold'em, make that "holding" company against Visa, MasterCard, AMEX, Green Dot, First Data etc.  It seems this was done a couple years ago by a company called EPC, or Every Penny Counts over some gift card patents they held.  Yesterday an Appeals court upheld a lower courts ruling that EPC is SOL. 

Thecourt ruled Thursday that the U.S. District Court for the MiddleDistrict of Florida had correctly construed the key term of the patentsheld by Every Penny Counts Inc.   It sounds like the court was a little annoyed at EPC:

Here's the pages argument for affirmation:

"EPC has surprisingly little to say about what it alleges is substantively wrong with the district court’s construction, or why its proposed construction would be better on the merits. Instead, it attempts to assign error to the district court’s construction on a number of procedural grounds. Principally, it argues that the court erred by (1) spending a portion of the claim construction hearing considering the meaning of the phrase “sales price,” which was not a disputed claim term; and (2) using the accused products to tailor a construction of the patent claims that would make it impossible for EPC to prove infringement. Neither of these arguments has merit.

EPC’s first argument is that the district court erred by spending a portion of the claim construction hearing considering the meaning of the phrase “sales price,” which was not a disputed claim term. This argument is somewhat puzzling, since it was EPC’s own proposed construction that raised questions concerning the meaning of “sales price.” EPC proposed to construe “excess cash” as “an amount . . . offered in excess of the sale price of merchandise” (emphasis added). It admitted, however, that the parties disagree about what constitutes a “sale.”  According to the defendants, a sale occurs when cash changes hands at the cash register. According to EPC, by contrast, to call a transaction a sale is to imply that the merchant would treat the cash the consumer tenders as income on its accounting statements. EPC also insists—without offering any evidence—that when a consumer purchases a gift card, a merchant would not consider this to be a sale.

In the light of this acknowledged disagreement over the meaning of “sales price,” the fact that EPC would both propose to define its patent claims in terms of this phrase and then fault the court for attempting to clarify the phrase’s meaning is at best ironic and at worst disingenuous.

Again, the court’s obligation is to ensure that questions of the scope of the patent claims are not left to the jury. In order to fulfill this obligation, the court must see to it that disputes concerning the scope of the patent claims are fully resolved. In the present case, to evaluate EPC’s proposal concerning the scope of its claims, the court first had to understand this proposal. If the court had adopted EPC’s proposed construction without first assigning a fixed meaning to this construction, then it would quite clearly have failed to assign “a fixed, unambiguous, legally operative meaning to the claim.” Thus, there was nothing improper about the fact that the court interpreted EPC’s (quite slippery) proposed construction.

As Michele de Montaigne has said, there are times when “[w]e need to interpret interpretations more than to interpret things.” Jacques Derrida, Structure, Sign and Play in the Discourse of the Human Sciences, in Writing and Difference 278 (Alan Bass, trans. 1980) (quoting Montaigne).

Equally without merit is EPC’s argument that the district court erred by “tailoring its claim construction to fit the dimensions of the accused product.” A court may not use the accused products for the sole purpose of arriving at a construction of the claim terms that would make it impossible for the plaintiff to prove infringement. But that is not what the court did here. To the contrary, the court quite properly invited the parties’ views of what they thought “excess cash” meant in the context of a series of hypothetical transactions, some of which involved the accused products. For example, the court described a situation in which a consumer tenders $50 for a grocery store gift card with a face value of $50, and then asked the parties to identify whether there was any “excess cash” in that transaction, and if so, what portion of the amount tendered constitutes the “excess.” In other words, the court considered the accused products only to elicit the parties’ views about what the claim term means in the context of a concrete transaction involving these products.

EPC’s suggestion that this was improper is way wide of the mark. See id. at 1326-27 (“While a trial court should certainly not prejudge the ultimate infringement analysis by construing claims with an aim to include or exclude an accused product or process, knowledge of that product or process provides meaningful context for the first step of the infringement analysis, claim construction.”); Aero Prods. Int’l, Inc. v. Intex Recreation Corp., 466 F.3d 1000, 1012 n.6 (Fed. Cir. 2006) (“Although the court revealed an awareness of the accused device, the court’s awareness of the accused device is permissible.”).

In short, the district court correctly construed the claim terms in EPC’s patents. EPC’s attempts to assign error to the process by which the court arrived at its construction cannot succeed.
.
The district court appropriately construed the key term in EPC’s patent claims. We therefore affirm. The defendants may recover their costs accrued in this court.

AFFIRMED.

Click here to read the court document

The Only Way to Process Secure Online Transactions...

With news coming out of Washington that the U.S. economy, as measured by the gross domestic product (GDP), fell by 6.1% for the first quarter of 2009, it looks like the Great Recession isn’t going away anytime soon.

In addition, with unemployment inching up toward 10% and home foreclosures still on the rise, a jump in credit card fraud is the last thing that American consumers need, but that’s exactly what they’re getting.

As Credit and Debit card scam artists are becoming more brazen and more creative, U.S. credit card holders are growing more anxious.

According to a 2009 survey by Unisys Security Index, approximately 75 percent of Americans believe that the global financial crisis increases their risk of identity and related fraud.   More than two-thirds surveyed said they are extremely concerned about other people obtaining and using their credit and debit card data, with 90 percent at least somewhat concerned.

Unisys adds that credit and debit card fraud is the top security concern for people, with 68 percent saying they are extremely or very concerned; 66 percent said they are seriously concerned about unauthorized access to or misuse of personal information.

So how can credit card holders protect their cards and their money?   (Hint, one of the devices on the left "Stops Hacking"... the other one "Causes It"

Rest assured, both are deadly to hackers.

So how do you protect cardholder data when conducting online transactions? There's only one secure way to do it.  Albeit, there's a lot of articles published that recommend the following to conduct secure online transactions:  Here's a direct quote from one of them:

"When online, use only secure sites, especially when using your credit card online. Be sure to check the URL of the site’s purchase page as well, which will always read “https” if it is secured."

The fact is, that statement is not even close to being entirely true.  "https:// has already  been demonstrated to being insecure and subject to hack attacks"  And because it's already been compromised, you will never know whether or not your transaction is secure irregardless of whether it reads http:// or "https"  Therefore, I'd strongly advise you to "scratch that advice."  Simply put...it's httbs://


See the pic on the right? (click to enlarge and take a look at the address)

I blogged  about the hole in "https" a while back.  I think I called it "httbs" at that time too. Yes,  I checked and I did...way back on January 2nd...in a post entitled: Browsers and -Commerce  Don't Mix. 

As I've stated numerous times on this blog, there is only "one" way to secure your cardholder data when shopping online. Via a hardware device.  If you want to protect your cardholder data, then you MUST keep your cardholder data OFF the web.  It cannot be typed, it cannot be mouse clicked, it cannot be cut and pasted.  It cannot be on the web...period. 

In order to do it "outside the browser space: you'll need to Swipe your card in a 3DES end to end encrypted magnetic stripe reader which hopefully, then encrypts ALL the track 2 data.  To secure the transaction with another layer, you could add two-factor authentication (2FA) by entering your PIN,  which should also be end to end encrypted.  To protect your data even more, experts recommend the use of DUKPT key management which assigns a unique key "each" transaction.  The value is that if a hacker were to somehow breach their way through all that security, they would only have access to "ONE" transaction. 

There's only "ONE" company in the world who manufactures a  PCI 2.0 Certified magnetic card reader WITH PIN Entry Device for eCommerce.  That'd be HomeATM. 

That's it.  So...remember, don't type, swipe.  If you can see it on your screen,  then so can the bad guys.

There's myriad ways for them to do that.  Here's a select few:  zombies, worms, malware, malicious code, DNS Hijacking, Click Jacking, Key-logging, Memory Scraping, Screen Scraping, Cloned Websites, Data Hijacking, Remote control access, etc. etc. etc.  Remember the line from Field of Dreams?  If you build it they will come?  Here's one to remember for the web: If you type it, they will swipe it.  

Question:  If your cardholder data is going to be "eventually" swiped anyway, shouldn't you be the one doing the "SwipePIN?"

httbs, https, homeatm

Related articles

• 100 Million Credit Cards Stolen in Largest Cyber Crime Ever (geeksaresexy.net)
• Shoppers rely on debit cards and pay cash instead of using credit cards (telegraph.co.uk)
• Mystery Processor's Breach Timeline (pindebit.blogspot.com)
• Visa, MasterCard Issue New Breach Warning (wired.com)
• Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012 (pindebit.blogspot.com)

Banking / Finance News
Source: Computing
Complete item: http://www.computing.co.uk/computing/news/2241443/chip-pin-security-goes-trial-4632986

Description:
A trial that could prove to be a test case for the security of chip-and-PIN card technology starts today.

Alain Job is suing Halifax, claiming that a fraudster withdrew £2,100 from his account at cash machines despite the fact he did not lose his card and changed his PIN as soon as he received it. The bank refused to refund the money, claiming that its chip-and-PIN system is secure.

Related articles

• BSMS - Both Sides of the Mouth Syndrome (pindebit.blogspot.com)
• Nigeria Chip and PIN Migration Begins with CBN Compliance (pindebit.blogspot.com)
• To Hell With Convenience (pindebit.blogspot.com)

Western Union to Pilot Mobile Bill Payment

Newsflash from Finextra.com.

30/04/2009 15:37:00
WESTERN UNION, CPS AND VERISIGN PILOT MOBILE BILL PAYMENT SERVICE

Western Union has teamed with VeriSgn to pilot a system that enables Consumer Portfolio Services (CPS) customers to trigger their monthly car payments directly from their mobile phones.

More on this story: http://www.finextra.com/fullstory.asp?id=19987

Merchants On "Warpath" Against Interchange

HOME DEPOT EXEC: MERCHANTS ON ‘WARPATH’ AGAINST INTERCHANGE FEES

Merchants are "on the warpath" to push for legislation that would cut or cap credit and debit card interchange rates this year, Mario de Armas, director of international and interchange financial services at The Home Depot Inc., told attendees this week during a panel discussion at Source Media's 21st annual Card Forum and Expo at Marco Island, Fla.

"The cost for us to accept credit and debit cards continues to rise, and we have to pass those costs on to our consumer and commercial customers ... who can least afford it in this economy," de Armas said, adding that " Visa and MasterCard have done a very poor job of communicating the value of what interchange provides."

He noted that interchange began as a more clearly defined subsidy to help cover the cost of electronic payments, then mushroomed to become "a profit center for banks."  De Armas said Home Depot plans to drop its co-branded MasterCard issued by Citigroup Inc., noting customers purchase more with the company's proprietary credit card (also issued by Citi).

Moreover, the company is looking into why its payment terminals require cardholders to opt out of signature-debit if they want to use less-expensive PIN-debit instead.

Editor's Note to Internet Retailers:  Want to accept TRUE PIN Debit on your website and benefit from the lower Interchange associated with 2FA PIN Based transactions?  How about "card present" credit card Interchange rates?  We can "steer" you in the right direction with HomeATM's patented PCI 2.0 Certified platform.  Send me an email to discuss further...

Panelist William W. Shaw, group vice president at Roanoke, Va.-based First Citizens Bank, which is both a credit card issuer and an acquirer, said on the issuing side he is "very concerned" about the possibility of interchange-rate caps. "It seems we're moving further and further away from free enterprise, ... and I'm very concerned about capping anything, from the free-enterprise side of it." On the acquiring side, when credit card networks reset rates each year, "it's hugely expensive," and the system is "too complex," he said.

Panel moderator Adil Moussa, an analyst with consultancy Aite Group, said recent research from his organization found that some 28% of U.S. merchants routinely attempt to steer customers toward lower-cost payment options at the point of sale to offset the effects of interchange. Home Depot, a member of the Merchants Payments Coalition, is working closely with other merchants on lobbying efforts, de Armas said, noting he is "cautiously optimistic" that lawmakers will draft legislation this year that could lead to a reduction or elimination of interchange.

- Banking / Finance News
Source: spamfighter
Complete item: http://www.spamfighter.com/News-12275-New-Phishing-Scam-Selects-First-Dakota-National-Bank-for-Target.htm

Description:
U.S. based First Dakota National Bank released a news item in the media last week alerting customers of a phishing e-mail that spoofs the Bank's name.

The scam e-mail claims that there is a new message for the recipient from the bank...to read it she/he must log into her/his online account with First Dakota and go to the Message Center Section.  In an e-mail that reads: "First Dakota National Bank Online Banking," the recipient is asked to follow a given link.

But when the user clicks the link, she/he is directed to an Internet site that informs the user that the bank has restricted her/his online banking account. The site then asks for personal information like name, zip code, e-mail address and banking details like debit card number.

Editor's Note:  Well, simpy put, these guys are "rookies". 

The "veteran's" would have you click a link that takes you to a cloned replica of the bank's original website.  

The "professionals" would not even bother phishing, they would simply perform DNS Hijacking to a perfectly cloned site...when user's logged onto their online banking website, the pro's would be able to obtain username's and passwords.  The pro's would then go to the the genuine site and have complete access to the account.


That is why bank's need our PCI 2.0 PIN Entry Device for secure log-in.  They issue the card, they issue the PIN, so why the Username/Passe'word?  Swipe the card, enter the PIN.  You can't do it if you don't have the card and you can't do it if you don't have the PIN.  That's what 2FA is all about.   HomeATM's SafeTPIN is capable of stopping the professionals and the veteran's.  The rookies might still get away with the occassional phishing attack, but never if consumers were instructed by their banks to always be SwipePIN. 

As I've been prone to say in the past.  It's inevitable that someone will be SwipePIN cardholder data...shouldn't it be the cardholder?

Related articles

• Hackers swarm bank accounts (comsecllc.blogspot.com)
• IBM Agrees with HomeATM...Hardware Required (pindebit.blogspot.com)
• IBM looks to secure Internet banking with USB stick (infoworld.com)
• CheckFree warns 5 million customers after hack (infoworld.com)
• HomeATM Featured in American Banker (American Banker)

PayPal Has Good Q1, eBay Not So Much and Skype Hyped for IPO

Last week, eBay announced first quarter 2009 revenue of $2.02 billion, a $171.6 million year-over-year decrease.  eBay's marketplace sales dropped 18% in Q1  while Amazon's gained 18%.  According to eBay, PayPal and Skype performed well with year-over-year revenue growth.

eBay sees strength for PayPal, expecting the online payment processor to more than double its revenue in the next few years.

The Payments business unit reported a strong quarter with $643.0 million in revenue, an increase of 11 percent year-over-year. Net total payment volume (TPV) for the quarter was $15.86 billion, an increase of 10 percent. The revenue and net TPV growth was driven by continued momentum in PayPal Merchant Services and the contribution made by Bill Me Later, according to eBay.

Continued increases in PayPal penetration on eBay helped offset the negative impact of gross merchandise volume (GMV) on revenue and TPV. Active registered accounts reached 73.1 million, an increase of 22 percent year-over-year. The Payments business will continue to focus on the acquisition of new merchants, greater penetration into the Marketplaces business and the growth of Bill Me Later.

Meanwhile, Skype contributed $153.2 million in revenue for the quarter, representing 21 percent year-over-year growth. Skype added 37.9 million new users during the quarter and ended the period with more than 443.2 million registered users. In addition to growing its user base, Skype is focused on product strategies to enhance customer engagement.

On April 14, 2009, eBay Inc. announced plans to separate Skype into an independent company during the first half of 2010, via an initial public offering.  It might be a good idea to do the same for PayPal.  If so, I'd certainly put PayPal first on the list and continue to build some Skype Hype. 

Related articles

• eBay revenue shrinks for first time in history (theregister.co.uk)
• eBay endures revenue shrinkage deja vu (theregister.co.uk)
• Presentation on Q1 2009 Earning Report of Ebay Inc. (slideshare.net)
• Paypal, Skype May Keep eBay Above Water (marketingvox.com)
• eBay Plans IPO for Skype in 2010 (mashable.com)
• EBay plans to spin off Skype (money.cnn.com)

Airlines lost $1.4 Billion to Online Fraud...HomeATM Can Help!

April 29, 2009 - 3:19pm | author: Petrony | Fraud | News

HomeATM's PCI 2.0 certified payment solution is available to airlines via Universal Air Travel Plan's payment platform.  I humbly suggest they take a closer look.  What's that old line?  Oh, I know: $1.4 Billion Saved is $1.4 Billion Earned! 

Are chargebacks the problem?  Maybe.  Is the fact that credit card companies withhold millions of dollars in usable revenue the problem?  Maybe.  I could use logic to go on and on, but I'd rather just say that we would solve the aforementioned problems immediately, in fact yesterday. 

You can't change the  past, but you CAN change the present.  What's the future?  Some say the present creates the future...I say the future should include "card presence."  Airlines have an choice.  What's the alternative?  We've talked in the past...and at the time...you passed.  Don't let the "passed" get in the way!   We can make this profitable.  Speaking of prophets, I know that the future is laced with more losses from online fraud...or more gains from card "present" TRUE PIN Debit from HomeATM. 

We hadn't yet spread our  PCI 2.0 wings when we last talked...now it's a whole new ballgame and together we can make this fly!   Come Fly with HoMEATM :)

Airlines lost $1.4 Billion as a result of online fraud

The survey commissioned by Mountain View, Calif.-based CyberSource Corp. and Airline Information LLC, producer of conferences and publications about commercial aviation, showed that in 2008 airlines lost more than $1.4 billion to online fraudsters, which makes about 1.3% of their Web-generated revenues.

One of the most popular frauds related to the online airline purchase was determined to be when a fraudster buys a ticket in the name of another person using the information from a stolen card, and then sells the ticket with a discount to another person.

Moreover, the survey showed that airline fraud often involves the cardholder not traveling, international, single-passenger and one-way travel deals.

The average revenue loss rate on airline Web sites made 1.3%. Carriers with the least experience in selling tickets online had higher fraud rates, as well as, carriers catering more to low-fare leisure travelers, rather than to full-fare and business travelers. Moreover, it was revealed that 30% of online bookings required additional manual review and verification. On average carriers used 5.8 fraud-detection tools.

Another data found as a result of the survey was that airlines reject 2.8% of their online bookings on average.

Results are based on online surveys of airline executives with fraud-control responsibilities and follow-up phone interviews conducted between Dec. 1 and Jan. 16 that resulted in 99 qualified responses. Carriers participating in the survey ranged from large to small companies all around the world. Participating carriers had combined online sales of $40 billion last year, about 25% of the industry’s online total.

Gartner Alerts: Subscription Based

HomeATM believes that Gartner is among the top payment/security analysts in the business.  As a new feature to the PIN Payments Blog we will share their latest analysis.  Keep in mind you must subscribe in order to read Gartner's entire alerts, but this should give you an idea as to what they consider important:  Whether you do or not is entirely up to you.  One thing's for sure.  If you enter a PIN on the web, make sure it's hardware based!

Gartner Information Security Summit
21 September 2009 |

The Gartner IT Security Summit will enable you to create a layered approach combining risk management, compliance, secure business enablement and infrastructure protection. Hear the latest analysis revealing market trends, opportunities and threats.

PC Remote Control Security: Risks and Recommendations
29 April 2009 | Cosgrove, Terrence; Girard, John

IT organizations rely on PC remote control to provide support to users on a variety of office and mobile platforms. Gartner provides recommendations and controls to avoid damage to your organization's security perimeter.

Related articles

• How Hackers Can Steal Secrets from Reflections (sciam.com)
• Americans Have a False Sense of PC Security (pindebit.blogspot.com)

Visa Immune to Recession - Profit UP 71%!

It was the FIRST quarter since Visa was founded that debit payment VOLUME exceeded credit payment volume.  Not the number of transactions, but the volume.  The paradigm shift continues...


Here's the press release:

BOSTON — Visa Inc.'s fiscal second-quarter profit rose nearly 71 percent, beating Wall Street expectations, as cost cuts and international gains offset U.S. consumers' growing reluctance to use credit cards during a recession.

The world's largest electronic payment network today also said it expects a slight improvement in its full-year fiscal 2009 profit margin compared with its earlier guidance.

San Francisco-based Visa reported net income for the three months ended March 31 of $536 million, or 71 cents per share. That's up from $314 million, or 39 cents per share, in the year-earlier quarter.

Not counting one-time items including restructuring and amortization expenses, Visa's adjusted profit was $553 million, or 73 cents per share. On that basis, analysts surveyed by Thomson Reuters expected a profit of 64 cents per share, on average.

Revenue rose 13 percent to $1.64 billion, slightly ahead of analysts' forecast of $1.61 billion, and in line with the company's expectations. Visa earns revenue primarily from fees it charges to process payments made with credit and debit cards, which has enabled it to weather the recession better than banks that issue credit cards and make loans.

Despite its growing profit and revenue, Visa's payments volume dipped 1 percent to $675 billion for the period ended Dec. 31 — Visa reports some operational results on a three-month lag. The U.S. payment volume decline was slightly
steeper than the overall decline, but was partly offset by growth in other regions of the world that are increasingly embracing credit and debit payments over cash and checks. Total cards carrying the Visa brands rose 8 percent over a year ago, to more than 1.7 billion.

The shift to electronic payments "continues unabated" despite the recession, Chairman and Chief Executive Joseph Saunders told analysts on a conference call.

While calling Visa "resilient" amid the sour economy, Saunders conceded his company "is not immune."

For example, Visa reported increasing consumer reliance on debit transactions rather than credit, with less spent per transaction, as consumers become more conservative. The quarter that ended Dec. 31 marked the first since Visa was founded in the 1970s that U.S. debit payment volume exceeded credit payment volume.

Continue Reading

Privacy is Dead, Long Live the PIN

In an article written for CNET, John Lowensohn writes about HomeATM at Finovate. Here are some excerpts and I've taken the liberty to clarify a few miscues in the article:

by Josh Lowensohn

What'ssomething we often use for security in the real world but not online?PIN codes. We use them at stores, banks, and ATMs, so why not use themonline? For one, a QWERTYkeyboardlets you create a much stronger, and often easier-to-remember passwordthan you could with numerical digits. 

But PINs are still a password andcan be just as good as a password with the right precautions.  He then goes on to feature HomeATM as one of the companies at FinovateStartup conference doing just that.

HomeATM

The HomeATM plugs into your USB port and lets you make purchases and transfer money instantly--and securely.

HomeATM.net is ATM hardware for the Web. It's a physical piece of hardware you have to lug around with you.   Editor's Note:  To be sure, I know that "lug" is the NOT the proper term, (dictionary.com: LUG: 1. to pull or carry with force or effort: to lug a suitcase upstairs)  as our device is less than the size of a business card (see picture above left) and weighs less than an ounce.   The HomeATM device more than comfortably sits in your shirt pocket and since it's designed for eCom use and hooks to your laptop it readily fits in any compartment of your laptop case, let alone a purse or briefcase. 


You securely enter your PIN or swipe your debit card to use for P2P money exchanges and purchases on commerce sites. Editor's Note:  It also serves as an "authenticator" and an "enabler."   It is designed as a 2FA (two factor authentication)  module.  Banks issue your card and they issue your PIN.  So why are we entering: Username/Password when we could simply swipe the bank issued card and enter the bank issued PIN for secure authentication to the bank's online banking website?   Once authenticated, it "enables" the consumer to

• 1. Securely purchase goods online,
• 2. Securely transfer money in real-time from bank account to bank account or person to person or Business to Business, or yes, Consumer to Business and Business to Consumer...using "ANY US Bankcard" 
• 3. Securely use the online banking services, i.e. Bill Payments.  It is the razor and the bank's online services are the blades. 

The payoff is that, unlike money-transfer systems that go off the credit and check system (which can take up to three days to clear), the money gets transferred immediately. All the while your data isn't compromised by things like keyloggers or screen-grabbing tools.

Josh continue the article by saying: "The only downside is that you and the person you're sending the money to need to have the hardware."  Editor's Note:  That's not entirely true.  The sender could load the money onto a recipients card or even third party reloadable card and they could immediately have access to the cash.   (Of course the downside would be that both the sender and the recipient "would  need to "lug around" a debit, credit or reloadable card" lol)  

Besides, the price for our "key injected" thus "pre-encrypted" secure hardware swiping device WITH a PIN Pad is less ($12) than the price you would pay for simply injecting the PIN Pad. (usually around $20) and that would be AFTER spending several hundred dollars for a POS device AND another $100 plus for the PIN Pad 

So, I don't know...whaddya think?  Maybe there's some inherent value to "lugging" around our PCI 2.0 Certified PED. 

Oh...and while I'm on the subject, one more thing.  The device that we manufacturer specifically for use with ANY mobile phone "enables" your "smart phone" (i.e. iPhone, Blackberry) to become a secure POS device WITHOUT having to "lug around" our device. 

Just connect it "one-time" to your mobile device via the earjack, swipe your card(s), enter your PIN(s) and "voilla" your 3DES encrypted payment information is securely stored in HomeATM's HSM  (Hardware Security Module) in our PCI certified data NOC.  (network operations center)

The user is now "enabled" to use their mobile phone to securely purchase online, transfer money from account to account, to others, etc. 

When the user is done "enabling" their phone, they can simply pass our device along to the next person, who can then do the same thing...and so on...and so on...

Related articles

• Safe-T-PIN Receives PCI 2.0 PED Certification - The Paypers (pindebit.blogspot.com)
• HomeATM Receives First Ever Internet PCI 2.0 PED Certification (pindebit.blogspot.com)
• Chase Paymentech Predicts: PIN Debit Ubiquitous on Web by 2012 (pindebit.blogspot.com)

Corporate Security Threatened by Converged Risks

Business ICT Risks - General
Source: Net-Security
Complete item: http://www.net-security.org/secworld.php?id=7418

Description:
As the risks faced by businesses grow ever more complex and threats proliferate, the job of those responsible for managing the security of the organization have got much harder.

The whole concept of security has also expanded way beyond the traditional remit and into areas such as protecting brand and intellectual property, preventing losses, anti-counterfeiting, cyber-terrorism, parallel trading and on-line fraud.

Many security departments are so busy fighting day-to-day fires that they risk missing less obvious but equally important threats as well as failing to "keep an eye" on the wider issue of 'converged' risk. As traditional risks converge with new ones, they can seriously jeopardize the organization's long term profitability, damage its brand or even threaten its very existence.

E-Secure-IT
https://www.e-secure-it.com

Card Skimmers Create 149% Increase in ATM Fraud

- Banking/Finance - ATM / POS
Source: european-atm-security
More info: https://www.e-secure-it.com/upload/351074.doc

Description:
EAST (the European ATM Security Team) has reported a 149% rise in ATM related fraud attacks during 2008.  This reverses a previous trend and is primarily led by the 129% increase in card skimming incidents, with a total of 10,302 reported.  Despite this significant increase in incidents, fraud related losses increased by just 11% with a total loss of ?485 million reported.  This smaller increase in losses, relative to the significant rise in reported incidents, is indicative that that deployed counter-measures, such as anti-skimming devices, are increasingly effective, as are fraud monitoring and detection capabilities. 

EAST Director and co-ordinator, Lachlan Gunn said, "This increase in reported incidents is of great concern to EAST members.  While the year on year fraud loss figures show an increase, the half year figures show a declining trend for such losses over the past three six month periods, with international losses due to card skimming falling by 18% in the second half of the year.  This indicates that the EMV* rollout in Europe continues to be effective, although international losses are expected to continue while criminals are able to illegally withdraw cash from ATMs abroad that are not EMV compliant".

E-Secure-IT
https://www.e-secure-it.com