European banks may consider banning the use of magnetic stripe credit and debit cards, according to Gerard Hartsink, the chairman of the European Payments Council.
Hartsink, who is also a senior executive vice president at ABN Amro in Holland, said that European financial companies will have largely completed the transition to the EMV Integrated Circuit Card Specification by 2011, and the council, which is driving the transition to the Single Euro Payments Area, could then advise its members to stop accepting magnetic stripe cards, which are considered less secure than those that use EMV.
"My feeling is, although it has not yet been decided, the [council] will take a decision in 2011, maybe 2010, to only use chip cards," he said in comments during a presentation this week at the Contactless Cards and Payments conference in London.
The council has no enforcement power, but if banks in Europe went along with such a decision, it could leave U.S. cardholders in the lurch when they traveled to Europe and tried to use cards for purchases or ATM withdrawals.
"If [Americans] visit Europe, it's not such a problem; their institution could issue an EMV card," Hartsink said.
Payments council members will probably debate the issue in 2010 or 2011, he said.
Hartsink is not the only person suggesting a ban on magnetic stripe cards, according to Dave Birch, a director at the U.K. research company Consult Hyperion. In a recent blog post, he cited comments from a financial regulator in Singapore pressing for a "concerted, global effort to phase out magnetic stripe technology entirely."
TransCard Extending Their Cardholders’ Reach with PULSE Network
CHATTANOOGA, Tenn.--(BUSINESS WIRE)--TransCard (www.transcard.com)—a leading provider of prepaid debit card solutions branded with MasterCard®, Discover® Network and STAR associations—has launched the PULSE network, providing all cardholders with more places to use their cards.
The PULSE ATM/debit network is comprised of more than 289,000 ATMs and point-of-sale terminals, and is used by more than 4,500 financial institutions—including banks and credit unions—across the United States.
“Adding a new PIN POS network will increase the scope of card acceptance and cardholder use,” says Jerry Uffner, TransCard’s President. “We are always working to improve our products, give cardholders more ways to use their cards and, ultimately, provide more cardholder value.”
PULSE is owned by Discover Financial Services—offering a comprehensive suite of payment solutions, including PIN-less bill payment, PIN and signature debit products, credit products, stored-value card programs and, of course, ATM network services.
“Our relationship with Discover Network continues to provide benefits for all of our cardholders—with PULSE being the most recent manifestation of those benefits,” says Craig Fuller, CEO of TransCard. “We look forward to continued product enhancements that make our cardholders’ lives easier and less stressful.”
About TransCard
TransCard (www.transcard.com) is a top ten, stored-value processor and a global provider of transaction-based processing services. TransCard has provided stored-value processing services since 1993 and pay card products beginning in 1996. TransCard differentiates itself in the prepaid card industry by offering compliant solutions, real value, proprietary technology, mobile card management and stability. Its products include pay cards, financial institution stored-value processing, gift reward cards, fleet services and retail program management. TransCard handles nearly $2 billion in electronic transactions annually and was featured as a “10 to Watch” by Intele-Card News. The company was recently named as a 2009 Paybefore Awards Best-in-Category Winner for the Best Corporate-Funded Prepaid Card.
Western Union Launches Consumer Loyalty Prepaid Card
Eight million Western Union Gold Card loyalty members in US Targeted
According to the Banking Business Review,
"Western Union Company, a global money transfer services firm, is planning to add features to The Western Union Gold Card, the company's global consumer loyalty program, with the addition of a reloadable Visa prepaid card. However, it will selectively offer the program in July targeting eight million Western Union Gold Card loyalty members in the US.
The company said that the card members need not to fill out money-transfer forms when sending money-transfers; members can earn points to redeem for rewards that include merchandise or money-transfer discounts; every transaction with a Gold Card earns free phone time and the card also serves as a calling card, allowing the user to recharge phone time."
The company has reported that they have recently launched ‘Overnight Home Delivery’ service pilot featuring the new Western Union MoneyWise Visa prepaid debit card, designed to meet the needs of money-transfer receive consumers. The MoneyWise card is sent overnight via FedEx to be delivered at recipient's door the next day and it can be activated by the receiver with the Western Union Money Transfer Control Number. The card also is protected by the Visa zero liability policy. Continue Reading
According to TrendMicro's blog, there is an email spam which is playing on the "inquiring minds want to know" crowd by asking: "Who killed Michael Jackson?"
The answer of course is located on a malicious website.
From TrendMicro:
"Michael Jackson has been dead for a week already, but there are still a lot of speculations regarding his death. The spam runs are plenty as well — a Michael Jackson-related spam was seen bearing the subject "Who killed Michael Jackson?", coming from a sender named x-files.
The spam message suggests that the icon was killed, and that information on who murdered him can be seen on the given URL.
Clicking the said link leads to a website, where the user is asked to execute a file, which supposedly contains secret information, in order to find out who killed Michael Jackson. (and inquiring minds should know better than to do that)
But of course, the executable is not at all related to Michael Jackson’s murderer, or to Michael Jackson at all, as the file is really an data-stealer detected by Trend Micro as TROJ_ZBOT.AXY.
The Trojan TROJ_ZBOT.AXY connects to a certain URL where it downloads a configuration file containing a list of banking-related websites. Once the user attempts to visit any of the listed sites, a spoofed site is displayed instead of the real one, thus any critical information entered on the spoofed site will be sent to a remote user.
This threat however, doesn’t stand a chance against the Smart Protection Network as of its all components — spam, URL and file — are already either blocked or detected.
In late June I posted about the problems Nigeria was having with their ATM systems. Now, ComputerWorld Kenya is reporting that banks have not done enough to protect consumers when it comes to online banking and online transactions. Here's a blurb from the June 23rd post on the problem with Nigerian ATM's followed by ComputerWorlds story regarding online scams.
The current upsurge and nefarious activities of Automated TellerMachine (ATM) fraudsters is threatening electronic payment system inthe nation's banking sector with users threatening massive dumping ofthe cards if the unwholesome act is not checked.
An investigation carried out revealed that two of every five ATM card users, have become victims of fraud and the sector's regulator, (CBN), their service provider, (Interswitch) along with law enforcement agents and banks are helpless as they have not been able to provide/offer any solution.
Onlyrecently, the CBN admitted that hundreds of millions of naira was lostto ATM-related theft last year alone. Every week, hundreds of bankcustomers across major cities are finding their deposits or asubstantial part of it stolen by faceless crooks. The Special FraudUnit (SFU) also confirmed recently that ATM fraud is on the increase inNigeria.
It was also revealed that the activities of the fraudsters cut across all the banks having ATM facilities. Consequently, some of the users have said the technology should be scrapped if theactivities of the scammers cannot be curtailed. Online scams up as more Africans use the Internet...Attackers are targeting the financial sector in particular
By Rebecca Wanjiku | Computerworld Kenya
Online scams targeting the financial sector are on the rise in Africa as more people access online banking services and mobile banking.
Phishing attacks are mainly occurring in South Africa where online banking is common, while mobile money theft is common in other parts of Africa where Internet penetration is still low. As a result of the increase, South Africa's Absa bank, the largest in Sub Saharan Africa announced Tuesday that its Internet banking customers can download security software to curb cybersecurity attacks.
A phishing attack aimed at Absa customers features a plain, yet clever unsolicited message instructing them to follow a link and confirm their account information as a way for criminals to obtain passwords and user IDs.
Absa's online customers can download Trend Micro's Internet Security Pro 2009 for free, said Christo Vrey, managing executive of Absa Digital Channels.
The software is expected to protect home or office computers against viruses, spyware and other malicious threats. The phishing attacks have risen since 2005 when Barclays Bank bought Absa.
South African consumers are exposed to more phishing attacks because it is the only Sub Saharan country with a developed online banking service. Other countries do not offer full-fledged online banking services and most of the population lacks bank accounts, but cybercriminals have not spared them either.
The Communications Commission of Kenya has set out on an exercise to educate consumers on cybercrime and other threats posed by the expected increase in Internet usage as a result of cheaper bandwidth. The East Africa Marine System and SEACOM cables are expected to start testing service in a month as the region prepares for cheaper connectivity. Expensive connectivity has limited the region's Internet penetration and electronic commerce is nonexistent, so cybercriminals have not targeted that area as much as South Africa.
However, cybercriminals in East Africa have used mobile phone-based tricks in which subscribers receive fake messages informing them that they have won money and are asked to transfer a certain amount via the phone as a "processing fee."
"The criminals normally they use Tanzanian or Ugandan telephone numbers, which work across the region. It's interesting how mobile phone operators and authorities have not arrested the criminals," said Tyrus Kamau, online security consultant based in Nairobi.
In Nigeria, the scams started with the infamous "419" e-mails that promised millions of dollars left behind by Africa's former dictators such as Sani Abacha and later evolved to promises of lucrative oil contracts. After officials cracked down, 419 e-mails slowed, but criminals shifted to mobile technology, which makes it hard to trace them.
"Nigeria is the most populous country in Africa and the crime has evolved just like other countries, but the problem is the inability of most GSM operators to create unique profiles for their customers. In many countries, the 98 percent of GSM users are prepaid and unidentifiable," said Fola Odufuwa, senior partner at Praxis Partners LLC
Greed and ignorance have been cited as the reasons many people in Africa fall prey to the scams as the criminals' Web sites are built to entice and make people fill out even the most intimate details.
Although Kenyan banks offering elementary online transactions have been keen on security, Kamau says that the banks have not done enough to protect consumers.
Overstock.com's marketing affiliates in two states must have been in a total "state of confusion" as Overstock first "stated" that they were being dropped (so Overstock wouldn't have to collect sales tax) before shortly thereafter, rein"stating" them. Hawaii made a "statement" by vetoing the internet tax bill and California Gov. Arnold Schwarzenegger stated it made "absolutely no sense." I wonder if he said that from his estate?
Wall Street Journal
Overstock.com Inc. informed its marketing affiliates in four states — California*, Hawaii**, North Carolina and Rhode Island — that it is ending its business with them to avoid collecting sales tax.
Lawmakers in the states have passed or are preparing to pass legislation that would require companies to collect sales tax if they have marketing affiliates in the state. Affiliate marketers run blogs or Web sites and get a sales commission by featuring links to outside e-commerce sites.
Rival Amazon.com Inc. has taken similar steps in the past few days, ending ties with affiliates in three of the same states and warning about California.
The decision highlights mounting tensions between online retailers and cash-strapped states. Other states are considering similar laws that would use affiliates as a way to force companies to collect sales taxes for online purchases.
Chief Executive Patrick Byrne said Overstock plans to sever its affiliate relationships in each state that appears close to passage of similar laws, but will reinstate its businesses if the laws are found unconstitutional, vetoed or repealed.
Forcing e-commerce sites to collect tax upfront would strip a key advantage they have over traditional retailers, though consumers are technically supposed to pay a so-called use tax for online purchases on their own...
*Update 1: Overstock.comInc. reinstated Hawaii-based Internet affiliate advertisers today,after Hawaii's governor vetoed legislation that would have forcedOverstock to collect taxes on sales in that state.Overstock shutdown affiliate programs in several states where lawmakers wanted theWeb retailer to collect taxes, even though it has no physical presencethere.
*Update 2:Overstock.com Inc. reinstated California-based Internet Retailers afterGov. Arnold Schwarzenegger said it made "absolutely no sense" to goback to taxpayers to solve the state's budget deficit, following theirrecent tax hike, and California should be doing everything it can tokeep and create jobs in the state. "We couldn't be more pleased to havebeen directly told that thegovernor is going to focus on balancing the budget via cost cutting,and not by jamming consumers and small businesses with new taxes,"Overstock Chairman and Chief Executive Patrick Byrne said.
MasterCard Puts the 13-Year-Old Wal-Mart Case in the Rear-View Mirror
(July2, 2009) MasterCard Inc. plans to pay off its remaining $400 millionsettlement obligation to retailers over debit card acceptance early fora discounted $335 million, according to a filing the card network madeon Thursday with the Securities and Exchange Commission. Attorneys forthe retailer plaintiffs have signed on to the proposed deal, whichwould happen Sept. 30 if it gets the required court approval. The casestarted in 1996 when retailers, upset about what they said was the highcost of accepting Visa- and MasterCard-branded signature debit cards,filed lawsuits challenging what were then the bank-owned cardassociations over their so-called honor-all-cards rules. The rulesrequired merchants that accepted Visa and MasterCard credit cards toalso accept the associations’ debit cards. The cases were consolidatedas a class action with more than 8 million plaintiffs and became knownas the “Wal-Mart case” because of the participation of Wal-Mart StoresInc., the nation’s largest retailer. The cardassociations settled in 2003 for just over $3 billion—reportedly arecord—as the case was headed to trial in U.S. District Court inBrooklyn, N.Y. MasterCard’s portion called for payments into asettlement fund of $125 million by the end of 2003, followed by nineannual payments of $100 million. Visa’s initial payments of $225million were to be followed by annual payments of $200 million endingin December 2012. The card associations also agreed to drop theirhonor-all-cards rules and temporarily lowered signature-debitinterchange.
Munich, Germany, July 2, 2009 -- The SmartPayment Association (SPA), which brings together the industry's largestmanufacturers of payment smart cards, has completed its 2008 internalmarket monitoring activity, undertaken in order to get a betterunderstanding of the current status of the payment smart card marketand its key trends.
Key findings:
With more than 580 million payment smart cards delivered by its members, SPA represents the vast majority of the payment smart cards market. This figure corresponds to a 39% year-on-year growth (2008 vs. 2007), showing the ongoing momentum of EMV deployment.
Over 25% growth in all regions with the fastest growth seen in North America, where shipments have more than doubled, CISEEMEA (CIS countries, Eastern Europe, Middle East and Africa) with +65% and South Asia with +49%.
Open-platform is gaining ground and now represents 15% of all shipments, a 72% increase compared to last year. This can be explained by the development of multi-applicative EMV cards. The 70% year-on-year growth in large memory product shipments and the large increase in open-platform dual interface card shipments confirm this trend.
Both dual interface and pure contactless cards confirm SPA's expectations, outperforming the market with year-on-year growth rates of 140% and 66% respectively.
DDA technology is continuing to gain importance, with 69% growth year-on-year, representing 25% of SPA members' shipments in 2008. Migration to DDA has started worldwide, and both Visa and MasterCard mandate that all cards should support DDA by 2011 in Europe. The SPA is about to publish a whitepaper that will present the status of DDA migration and highlight DDA success stories. This document will also outline the impact of DDA migration on banks at both technical and business levels.
"Alot of industries were severely affected by the financial crisis.Despite a slowdown in the SPA payment smart card shipments at the endof 2008, the smart card manufacturers are not as heavily impacted asothers can be", said Marie-Jane Denis, President of the Smart PaymentAssociation. "High volumes continue to be shipped around the world anda majority of regions carry on their migration to EMV standards."
The detailed figures of the SPA 2008 market monitoring are only available to its contributing members.
About the Smart Payment Association Foundedin December 2004, The Smart Payment Association (SPA) is anon-for-profit organisation dedicated to promoting and facilitating theuse of smart cards for payment. The SPA members are Gemalto, Giesecke& Devrient, Oberthur Technologies and Sagem Orga.
The Association's main objective is to accelerate the transition from traditional, magnetic stripe cards to chip based cards by:
promoting the benefits of smart cards for financial institutions by publishing use cases and success stories on innovative applications;
ensuring optimal interoperability between all system components, for both payment and value-added applications;
becoming the voice of the payment industry towards standardization committees and payment associations.
The day before yesterday, in a post entitled: "How to Hack an ATM Live Onstage, Pulled from Black Hat Event" I talked about the decision by Juniper to postpone the presentation. The talk, which would have revealed flaws in theautomated teller machines (ATM) of an undisclosed vendors, will bepostponed until the vulnerabilities are fixed, Juniper said in astatement. The original description of the presentation stated that theresearcher, Barnaby Jack, would "retrace the steps I took to interfacewith, analyze, and find a vulnerability in a line of popular new modelATMs," and would "explore both local and remote attack vectors, andfinish with a live demonstration of an attack on an unmodified, stockATM." Here's more directly from Juniper's Blog
Juniper’s Decision To Postpone “Jackpotting Automated Teller Machines”
Yesterday, Juniper postponed a scheduled Blackhat USA 2009 presentation by one of our employees, Barnaby Jack, entitled "Jackpotting Automated Teller Machines." This decision has grabbed the attention of the press, the Twittersphere and Blogosphere, and understandably so.
The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public. To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen.
Therefore, we felt it our responsibility to delay the presentation until all those protection measures were put into place. Unfortunately, there isn't enough time before Blackhat to make that happen.
We did not arrive at this decision easily. Indeed, we feel that Barnaby's research is important, vital to the advancement of the state of security and should be discussed in an open forum. However, Juniper is also committed to the responsible disclosure of security vulnerabilities, and to protecting the public from them.
We look forward to sharing our findings with the security community in time and, rest assured, we will.
Australia uncovers international credit card scam Updated July 02, 2009 11:53 AM
SYDNEY (AP) -- Australian authorities have uncovered a 6 million Australian dollar ($4.8 million) international credit card scam that used stolen personal information from people as far away as Britain and Spain, officials said Thursday.
Seven people were arrested Wednesday in searches carried out by a multi-agency team in Sydney and Melbourne, Australian Federal Police said in a statement.
The syndicate allegedly used the stolen personal details to manufacture more than 200 fake credit cards and driver's licenses a week and used them to make up to AU$500,000 in weekly purchases of electronic goods, gift cards, phone cards and alcohol, the statement said.
Federal police Assistant Commissioner Mandy Newton said the personal information was stolen from card holders in Australia, Spain, Britain and Malaysia.
"What we are identifying is a global issue, it is not just in Australia," Newton said. More than 1,200 credit card numbers have been involved in the scam since March, Newton said. The syndicate first came to the attention of police during a 2008 Department of Immigration investigation into a suspected illegal work racket, which uncovered evidence of the credit card fraud.
That investigation identified several illegal immigrants who had been arrested for shopping along the east coast using fraudulent credit cards and who are believed to have been used as shoppers by the syndicate, said Immigration Department investigator Peter Richards, without identifying their nationalities.
The seven people will be charged with offenses including dealing in the proceeds of crime, participating in a criminal group, and making and using false instruments.
The Sad Tale of Abandoned Shopping CartsBrowsingand comparing products before adding them to an online shopping carttakes time and effort, but leaving those products is as easy as“click.”And that’s a problem for online retailers.
According to an e-tailing group survey, nearly 60% of US online retailers survey are seeing cart abandonment rates of over 20% this year.
A study by PayPal and comScore found 45% of US online shoppers had abandoned shopping carts multiple times in just three weeks.
Most importantly from the merchants’ point of view, the average cost of abandoned goods in those shopping carts was $109.
In the same study, 46% of online shoppers said high shipping charges were a “very important reason” for emptying carts. Other reasons for abandonment included:
Wanted to comparison shop: 37%
Lack of money: 36%
Wanted to look for a coupon: 27%
Wanted to shop offline: 26%
Couldn’t find preferred pay option: 24%
Item unavailable at checkout: 23%
Couldn’t find customer support: 22%
Security concerns: 21%
“Merchants who don’t welcome back abandoners are leaving hundreds ofdollars per shopper on the table,” said Eddie Davis of PayPal.
“Sweetening the deal with free shipping, coupons and specialdiscounts is a great way to encourage online shoppers to complete theirpurchases.”
And makes leaving carts behind a little bit harder. Never miss a trend. Learn more about an eMarketer Total Access subscription, today.
NYCE Looks to 2010 for SafeDebit Rollout, Pilot Later This Year
(July 2, 2009) NYCE Payments Network LLC expects to start testing Internet-based debit transactions by the end of the year and to start a commercial service some time next year, says Steven A. Rathgaber, president and chief operating officer of the Secaucus, N.J.-based electronic funds transfer network. The service will rely on single-use debit card technology from Verient Inc., a San Jose, Calif.-based technology company. A unit of Metavante Corp., NYCE signed an agreement with Verient last fall and had originally expected to get a pilot for the online service, which it calls SafeDebit, under way early this year (Digital Transactions News, Nov. 18, 2008). Rathgaber says technology implementation has gone smoothly, but the network has had to contend with the inevitable complexities regarding pricing and other business arrangements that arise when a number of banks, merchants, and networks must work together. “There’s a lot of parties at the dance,” he notes. Continue Reading at Digital Transaction News
Researcher launches Day One of daily third-party Twitter app vulnerability disclosures, while some members of Twitter christen July 1 "TwitterSec Day"
The Month of Bugs phenomenon is back, with a new project aimed at exposing vulnerabilities in third-party Twitter applications.
Day One of The Month of Twitter Bugs project revealed four new cross-site scripting (XSS) vulnerabilities in the popular bit.ly URL-shortening tool used by many Twitter users to shorten links to fit into the 140-character Tweet limit. Bit.ly is also integrated into the popular TweetDeck Twitter interface. The controversial month-of-bugs concept -- where researchers disclose new vulnerabilities daily for a month -- was started three years ago by HD Moore, who brought attention to browser security issues with his Month of Browser Bugs project.
"I hope to raise the awareness of developers using the Twitter API to develop more secure code, as they should understand that that by developing insecure code, they are not only exposing their own users to threats, but the entire Twitter community," says Aviv Raff, the researcher behind the project. Continue Dark Reading
Back in July 2006, I had the opportunity to be part of a cool initiative called “Month of Browser Bugs”. This initiative was created by H.D Moore in order to raise the awareness of security vulnerabilities in web browsers. Back then it was mainly focused on system Active-X issues, but it also provided some great examples of how, so called “unexploitable” vulnerabilities, can still be abused for a remote code execution. The initiative was a great success, in my opinion, and made the browser vendors more attentive to security vulnerabilities in their products (e.g. In Internet Explorer 8, installed Active-X controls are now not running automatically, and can be opted-in to run on specific sites).
Today, three years after the “Month of Browser Bugs”, I’ve decided to declare July 2009 as “Month of Twitter Bugs” (MoTB). I’m doing so in order to raise the awareness of the Twitter API issue I recently blogged about. MoTB could have been easily converted to any other “Month of Web2.0 service bugs”, and I hope that Twitter and other Web2.0 API providers will work closely with their API consumers to develop more secure products.
Each day I will publish a new vulnerability in a 3rd party Twitter service on the twitpwn.com web site. As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the 3rd party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.
Even though I have enough vulnerabilities for this month, you are more than welcomed to send me (via email or twitter) vulnerabilities you find in 3rd party Twitter services. I will do my best to publish all submitted vulnerabilities. I will, of course, credit the submitter.
The PIN Payments Blog has focused on eCommerce and security since it's inaugural post in March of 2008.
As I have come to learn, some believe I do it to bash the industry for supporting products which encourage consumers to enter (type) their card number, or their username and password into boxes on the web, or click their mouse...but that's not why I do it.
I do it because I understand that the information superhighway known as the web, is exactly that. An information superhighway. It's also known as the web, and what a wicked web it is...hackers, keyloggers, screen scrapers, data stealing malware, zombies, etc.
Think of hackers as Big Nasty Spiders and your financial data as a big meaty fly. Get the picture? If not, there's one on above on the left.
When websites ask you to enter (type) your credit card or debit card numbers into a box, I know that it's Pandorian in nature and I want to prevent you from boxing yourself in. Consumers cannot "realistically" expect that their card numbers are going to be safe. Sure it may "seem" convenient, but things aren't always as they seem, are they? On the flip side, sometimes they are...and it sure "seems" that as time goes by, hackers get more advanced thus create more advanced programs designed to steal your financial information. Who knows what they'll come up with tomorrow?
This much I do know. When I started this blog, it was safer to type your cardholder data into the web than it is today. And it's safer today than it will be tomorrow. Therefore, the day after tomorrow seems to be the day when everyone will understand that "what we are trying to do here on the blog" is come from help...not anger industry insiders, nor do we want to be perceived as viciously criticizing so-called competitors.
What we try to do here is best represent the truth on this blog...and the truth is, IT IS NOT SAFE TO TYPE YOUR CREDIT CARD NUMBERS INTO A BROWSER.
Speaking of competitors (and truth) HomeATM created a software-based PIN platform years ago, and contrary to a YouTube video floating around out there on the web, it was not a so-called competitor, but HomeATM, who conducted the "first" software-based PIN debit transaction on the web. We did it in 2005, (documentation available upon request) in front of a bunch of Intel "higher ups" who in addition to asking if we were crazy, (like PC's they know the risks inside and out) practically laughed us out of the room.. .That experience instigated our engineering department to re-evaluate how PIN transactions should be conducted on the web, and there is only one way. "Outside the Browser Space." (OBS)
So, we scrapped the software PIN debit thingy and went to work on creating a secure terminal with a built-in PIN Pad...and lo and behold, HomeATMconducted the "first" end-to-end-encrypted PIN Debit application using the Internet. (using a "secure" 3DES, protected by DUKPT hardware device, just like they do it in the stores!)
Now, there were two more tasks at hand. The first one was achieved last March 17th, ironically while HomeATM Chairman and CEO, Ken Mages and I were listening to PCI General Manager, Bob Russo speak. named HomeATM was certified as the first manufacturer in the world with a PIN Entry Device specifically designed for eCommerce usage as PCI 2.x Certified and listed us on their website.
Final task. Get our manufacturing costs down to a price point where distribution to the masses is feasible.
The mountain: Credit/Debit Card Terminals cost $500.00+ and PIN Pads cost $150.00+ (and encrypting the PIN Pad costs an additional $25.00+)
The result: HomeATM becomes the first company in the world to manufacture and offer a credit/debit card terminal with integrated PIN Pad for less than $25.00!(including PIN Pad encryption!)
The end result? "HomeATM Knows PIN." That said, I suspect, (k)no(w), make that know, that yesterday's doubting Thomas' will become tomorrows believers/customers...especially as new reports, like the one released by Trend Micro (below) state what we have stated from day one. It's a dangerous and scary world (wide web) out there!
If that's not scary enough, here's more...did you know that a signature debit transaction is at least 10 times LESS secure than a PIN Debit transaction? That's in the brick and mortar world. So how many times LESS secure is a "card not present" (no signature) debit transaction vs. a PIN Debit transaction? Yet signature debit is being pushed by issuers "over" PIN debit. Why? All in unison! Because they make more money! Yup, the less secure the transaction, the more money they make. At whose expense? Two guesses. If you said consumers and/or merchants your right.
In it's first Focus Report, Trend Micro examines the growth of data-stealing malware, the most dangerous of web threats today. Growth of this threat is unprecedented and you are in exponentially MORE danger today, than when the PIN Payments Blog first started emphasizing the inherent dangers of conducting eCommerce on the web. According to Anti-Phishing Working Group (APWG) statistics, the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008—an 827 percent increase from January
While the term "data-stealing malware" is a relatively new one, itssole purpose for existence is a familiar story: To steal proprietaryinformation such as online banking credentials, credit card numbers,social security numbers, passwords, and more from compromised networksand PCs in order to fuel an underground cyber crime economy driven byprofit-seeking criminal networks that cross geopolitical boundaries.
Trojans: The Rising Star in Data-Stealing
Trojans are the fastest growing category of data-stealing malware,according to data from TrendLabs, Trend Micro's global network ofresearch, service, and support centers committed to constant threatsurveillance and attack prevention. Trojan attacks pose a seriousthreat to computer security. True to their name, they typically arrivedisguised as something benign such as a screen saver, game, or joke.Based on TrendLabs research:
In2007, 52 percent of data-stealing malware were Trojans; in 2008, thatnumber increased to 87 percent; as of Q1 2009, 93 percent ofdata-stealing malware were Trojans.
Trojans and Trojan spywareare the predominant type of data-stealing malware in all regionsmonitored by TrendLabs, including Australia, Asia, Africa, SouthAmerica, North America and Europe.
The Writing is On the Wall ! 81.6% of Survey Respondents Prefer "Swiping" to "Typing!"
Below you will find partial results of our 5 question survey.
If you haven't yet participated in our survey, please refresh the page and do so. We value your insight. There are only five questions and it won't take but about 30 seconds of your time! Thanks in advance!
Meanwhile, I thought I'd share the results of questions 3-5 below. It appears that people realize that when you type, your card data and or banking information (such as Username and Password) can be compromised. (Click the graphic below to enlarge)
Here's a question, rhetorical as it may be..."When you go shopping at a brick and mortar store, would you "write down" your credit or debit card number on a piece of paper and hand it to the cashier, or worse yet, just leave it on the counter?
Of course you wouldn't. You probably would be reluctant to even want to hand your card over to the cashier, as consumers have grown accustomed to swipe it themselves.
So when it comes to "online shopping" it does not take a lot of imagination to see the analogy here, does it?
While 73.7% of respondents to our survey believe it is "unsafe" to "type" their account numbers into a box on a website, and even higher number of respondents (81.6%) agree that it makes much more sense to replicate the brick and mortar experience and would prefer to swipe their card in the safety of their own home, rather than type their card number into a box on a merchant's website.
79.9% believe it makes more sense to swipe their card and enter their PIN to log-in to their online banking account rather than "type" their username and password.
That's less than what Visa has paid ($340,000,000) on a monthly basis, over the last 15 months, into their Litigation Escrow Fund. Plus they save $65 million for paying it off early. In these antitrust matters, MasterCard is usually found guilty by association. Of the two, that make up the Dynamic Duopoly, I think that we might see them take a leading role in focusing on security. This is based on the recent announcement that Level 2 Merchants need to be assessed by a QSA
Here's a blurb from "The Street" which is reporting that they'll pay off the remaining $400 million balance with a $335m lump payment at the end of Q3...
MasterCard(MA Quote)plans to pay $335 million by the end of the third quarter to pay offthe remainder of a six-year-old class action suit alleging theelectronic payments company violated federal antitrust regulations.
The Purchase, N.Y.-based company settled a class action lawsuit in June2003 with a number of U.S. merchants that took issue with certainantitrust aspects of the payment card industry. Under the settlement,MasterCard was required to pay $125 million in 2003 and $100 millionannually each December from 2004 through 2012. The company said in a Securities and Exchange Commission filingon Thursday that it had entered into an agreement the prior day thatwould allow for MasterCard to prepay its obligations of the remaining$400 million at a discounted amount of $335 million on Sept. 30.
Rixty's Cash-Based Payment System Now Available at More Than 10,000 Retail Locations Nationwide
Prepaid Cards and Coinstar Kiosks Enable Gaming Payment for Those without Credit Cards
BERKELEY, Calif., Jul 01, 2009 (BUSINESS WIRE) -- Paying for online entertainment without a credit card just got easier, thanks to Rixty. The innovative e-commerce company launched today its new cash-based payment system at more than 10,000 retail locations. Now anyone with cash and coins can convert that money into online purchasing power across an exciting array of entertainment merchants.
Predominantly designed for the youth market, Rixty is a flexible payment option for any age bracket due to its ease of use and accessibility. By rolling out at more than 9,000 Coinstar(R) kiosks in the US, users will enjoy the convenience of adding to their online accounts by simply choosing the Rixty option when exchanging their coins for free at local Coinstar machines. In addition to the Coinstar kiosks, users will also have the option of buying prepaid cards through the in-store racks at more than 1,000 retail locations, including Cumberland Farms and Hess convenience stores.
Realizing that merchants have traditionally faced difficulty reaching younger audiences that often have limited access to more traditional payment forms, such as credit cards, Rixty aims to reduce that transactional friction and allow users to spend freely across a variety of online publishers.
"Rixty started with the idea that there should be some way to allow online entertainment enthusiasts, particularly the younger generation, the ability to enjoy what's available without relying on a credit card," said Ted Sorom, CEO, Rixty. "Our goal is simple: To provide anyone and everyone the freedom to choose how and where they spend their online entertainment dollars. Rixty does this by converting loose change into online purchasing power."
Rixty is launching with top publishers in the massively multi-player online (MMO) game space, including Perfect World Entertainment, ijji.com, GamesCampus, Ntreev USA, Ndoors Interactive, Inc., ourWorld.com, and Three Rings Design, publisher of Puzzle Pirates and Whirled. Rixty supports business models from microtransactions to subscriptions and is compatible with all types of online entertainment, including downloadable games, virtual worlds, casual and social games on social networks, digital downloads such as music mp3s, videos and games, mobile games and ringtones. The cash-based system also empowers the younger audience to take control of their entertainment spending without requiring adult involvement or a bank account.
"Rixty's new payment solution enables many of our young gamers who don't have credit cards or Paypal to purchase in-game items in Trickster, Grand Chase and Pangya," said Chris Lee, CEO, Ntreev USA. "We are very excited to partner with Rixty."
Merchants have searched for ways to attract new customers who might have previously experienced barriers to entry, which Rixty addresses with a cash option most e-commerce outlets have lacked. In addition, Rixty offers merchants the opportunity to be "discovered" by showcasing new games and online goods on the Rixty website.
"We are very pleased to add Rixty to our payment offerings," said David Chang, executive vice president, GamesCampus. "Rixty allows our users to buy items through their unique payment channels, allowing us to expand our paying customer base."
"What's great about Rixty is its ability to reach a broad spectrum of users from a wide demographic in various age groups," said Joon Kim, customer service manager, Perfect World Entertainment. "Rixty is convenient, easy to use, and widely available in many places."
About Rixty
Rixty is an alternative payment system designed specifically for today's online youth, empowering them to take control of their entertainment spending and giving them access to the online world of multiplayer and downloadable games, virtual worlds, social networks, digital downloads, mobile games and ringtones. Rixty never charges users fees and by reducing payment friction, Rixty converts more users into paying customers, significantly increasing online publisher's revenues. For more information, visit www.rixty.com.
All trademarks are the property of their respective owners.
In the past, I've playfully (and not so playfully) been more than a little harsh on Visa, but my, my, this Steve Reeves makes me look like a shareholder...lol Visa Keeps Throwing Away Billions for Lawsuits | The StockMasters by Steve Reeves Its a good thing Visa Inc. (NYSE:V) raked in $6.2 billion in revenue last year as today they are setting aside another $700 million to cover lawsuits. Let's not forget Visa put $3 Billion in its litigation fund in March 2008, and another $1.1 billion in December. But hey, what the hell, just charge it!
Editors Note: I took the liberty to add those up, and the total figure is a whopping $4.8 Billion dollars in their litigation escrow fund. Guilty conscience or not, they do seem to have covered their butt in case a company points (for example) that although PIN debit is the most secure and safest form of payment in the brick and mortar space, it's amazingly absent in the fraud ridden web space, costing Internet Retailers hundreds of millions of dollars on Interchange fees. Brick and Mortar retailers are up in arms over Interchange, but Internet Merchants are curiously quiet, yet they are the ones that pay the highest fees. So, $4,800,000,000 since March of 2008 equivocates to $340,000,000 per month over the last 15 months.
Anyway, back to Steve Reeves story...
Visa Inc. shares aren't doing much today, standing still at $62 on today's news, here's a quick look at the high's and low's for Visa's share price:
% From 52-Wk High ($ 82.84 ) -31.30 % % From 52-Wk Low ($ 41.78 ) 33.78 % % From 200-Day MA ($ 57.44 ) 8.96 % % From 50-Day MA ($ 65.27 ) -3.46 % Price % Change (52-Week) -23.80 %
The credit and debit card network has spent $2.1 billion in a settlement with American Express Co (AXP.N) over anti-competitive practices, and last year it agreed to pay $1.89 billion to Discover Financial Services (DFS) over several quarters in a similar settlement.
Visa said the new addition to its litigation account had the effect of a $700 million repurchase of the company's common shares. Under the terms of its initial public offering, Visa's U.S. bank shareholders agreed to have their stakes diluted to fund litigation in order to save other shareholders from direct losses from lawsuits in certain U.S. court cases.
Visa -- for shareholders, they are everywhere you want to be, except when it comes to massive lawsuits.
Visa on Wednesday said that it had sold roughly 136.5 million shares VisaNet do Brasil through its Visa International subsidiary, in connection with the Brazilian unit’s initial public offering.
The company plans to keep about half of the roughly $1 billion proceeds from the sale of the VisaNet do Brasil shares. VisaNet, the credit card processor, raised 8.4 billion reais ($4.3 billion) in its initial public offering last month.
The Wall Street Journal reports that Visa Inc. (V) said its international arm's initial public offering in Brazil was the first IPO in the Brazilian market this year. For its offering, the credit-card transaction processing giant said it would retain about half of the proceeds after taxes, and said it would record a gain of about $235 million from the sale in its fiscal third quarter ended June 30.
The company said its subsidiary, Visa International, sold 136.5 million shares of VisaNet do Brasil in the IPO.
Commonwealth Bank still does not know origin of cyber attack that hit them earlier this week according to the Brisbane Times. In addition,Commonwealth Bank and security experts agree attacks like the one the bank experienced will only become more common in the future.
"The increased variety and volume of attacks is inevitable given cyber criminals' desire to obtain personal and confidential information, and gain access to financial accounts,'' Raymond Choo at the Australian Institute of Criminology said.
"There have been a number of cases in Australia and overseas about cyber criminals stealing funds from bank accounts by hacking into those accounts through the internet,'' Dr Choo said.
"Cyber attacks will be more targeted especially organizations in the financial services industries and their top executives will be targeted more heavily than others, with financial gain being the ultimate goal.''
NetBank woes - cyber attacks set to spread | Chris Zappone July 2, 2009
Commonwealth Bank says it still cannot pinpoint the source of a presumed cyber attack blamed for preventing customers from accessing their online accounts, highlighting a security risk expected to become more common in coming years.
Thousands of Commonwealth Bank's 2.5 million NetBank customers continue to be prevented from viewing accounts and carrying out transactions today, nearly a week after the bank was target of what it says was probably a denial-of-service attack by hackers.
D-O-S attacks involve flooding a computer with large volumes of malicious data, in order to knock it offline. The malicious data, now quarantined by the Commonwealth Bank, "was coming from offshore'', CBA chief information officer Michael Harte said.
"We still don't know the origin of it and why there would be such large volume,'' he said. "We're doing further forensics (on the suspicious emails) to make sure we're absolutely safe.''
Mr Harte said a suspicious spike in traffic, beginning Sunday, came amid the end-of-the-year volumes from legitimate customers, which were also higher than expected for the recently launched NetBank platform.
This morning, NetBank customers logging in were warned "that some transactions completed between 27/3 and 29/6 are not displaying on some accounts within NetBank". Continue Reading
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tJuUYuoZY-dPtmgEYzv1yPwH-rkqAsT2rlMbYWgOaq-25un2qTWfTKO_JGl9aQBFS2amEOK9aAZsbb9fbxjwc0VhICel9_aN4Z_8qs4Rc253Wh2EuV65PADXuu5O-U6hU9MXVTXxLvVWu-G6pNuJvY=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u37B9unPnwp2CnAG1ciSYYHlWUIFnznXNFS4DXnDgb1FLeRwz9LdXs5m-DUzX1XgTONObob6ghO88WMpiKeXoVuAU1ArRiMYrmOp0GJ_QLUgSyzylG2ERcyawT9LHyJCOg-36zwytV2kAhjDrQOiPU=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sf2qA5HWURIHfl23ZAxCiQyaSWHKfjfaoTR0Yzj8879nA_eQLpG0cmymYtyMijIyiw3uATU9dqbNEkfMDmbqx4ucmI2uYLEUNe6OpA-NI8WIW7SnaI8dEnQ5onskwkPKrzUVVpaoTF4a-mXMSZSLxc=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sHaQaQejxsC4Qbo3GrgVvDp-2bilVawQmSPlKwuDSjSZufBBXwaT1QAdypCU6V8HD9bhv0euju-Q6eWDC5pwplCsraKgxhKii8uwnh67Usy0ARMw2-rbElbHS6LsHsvFUDRXY2V4n9HgDTxUacfob0=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uhxY6NKfWLAxGzIz9QtEbp2e04Qq3la_ib7E6J2qsgaYlzl86XGMxTlj0ab_B1QrTpDlhSrEfuwIf8P9LsPWAebmw8wuQjbj9xO2w_Uwcc-Lujjdjd4feQYCVveA3Ok0bUNE0S4m9kNBFXFPTlJwg=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ubY7ixeC-wRE1T2RjVyYcPQmdZpr7OAiSjduknKDuEe8BBGww7WytLceuhCBB1nhCD6dkUhXp0OYQhRHEtKo7Sq4fRxG7EiHOyIMuMoaIDqqz9p-nk42pWp8AOGVE50O0pOXQ6kKkUtRXkqJyvv0Tc=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vrKHHrYcIU5Lx8vHDIe68ljufU4GZJN7F5O-byhLoMl4XeCfFr96LL0UXFr6bCJLeZswfwkLxUng2pzlBcCewb1anXAdqgJ7FkIzBquGdr09Xltt97DKyprautwkyBZIYeQI-DGP996iaOM5jAdrY=s0-d)
Australia uncovers international credit card scam | Home >> Other Sections >> Breaking News![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sV-9cY5nRIkrcCU-4jOuokigIQiB22WJ_u1FDdwZHNZ2_IQCykuTXlu6WhAXLiktEjf3k-9Dkck38WAsCcQwQ-kSoWYDal5JyC4sl6wuyV3xf1Ycrwnw-SKKbZtSQpMz2XbFqh3V9c-Cymi0FmfrqR=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sh9dDWBbrVZ72f_biwsZYmvKeuZTYw3LmJkrN9zxq81FU5D8VIVpg947vnGfKkjsoj3ZOr6kgClQp87Gf1lTvGQuu8FOqty9h8GcmCsAoGMFnKIxCsnc1xaLDiLHVzXsgf_Eifn-CQmWI-ZsIS8BZs=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t3C0OYg8uh-8kOSGMPUXqvZxDyy_qkeB6n1zpfxTKRNtdNN-ZR-VpONXw1a6a7TYAT4B-JUFUW8v4UM41VQgNhi3tfKSH1PzkcXcD2Kf3qTW-CF7kQe1kEA6L1rRTmdE4t-BQkLdgw0bbc7KgW3S7J=s0-d)
The "Month of Bugs" is an event which consists of 
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sl5kgZp9J0qoOBSoPG8BClXVqQEFFcnL7bwwjA20D8df2UyZgwgtr5XnBhgsUJDeZ-1cDDnLQUW0NAp2cSbI-e1QCHhTl1I4d1d2iQoZqmTCOSHbHcQqCMQN_XAA9xtL2ywY8iYvvfpHOxE1i3Z-S7=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sGVocsNYweFCoEx5DpK5y2nQ-96K3tISe8MxGCvMw9AndKGORzI1qgOMPDbFIfhF4azL_mHcDUW_YetIDSLnNWgZTC90PAKg58r96PiFhuhl_u_7U8Qj2HJ3rN2Xac4sUlkWc79gjXdQMQ8u_Hny2_=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_smyJTveKD-MH9537260ReIBB1eaP1EGnq9a68RCVliEkK1qSKt-B5apqLNd6bIbyzSkgpZiz2LOBZxIYQwY8pPP6CDgexK-bh9wqUoaArO-1a4HuhkaBAYEZGPiTmOKdBKI26dpIMID67VAtPAcE4W=s0-d)
Commonwealth Bank still does not know origin of cyber attack that hit them earlier this week according to the Brisbane Times. In addition,Commonwealth Bank and security experts agree attacks like the one the bank experienced will only become more common in the future.