Fremont, Calif., Aug. 20, 2009--UIC’s PP795 received formal PCI approval on August 19, 2009.
The PP795 is the first signature capture device to achieve approval under the newly strengthened PCI 2.1 requirements. PCI now requires MSR security to protect card data in the terminal.
"PCI approval of the PP795 demonstrates UIC’S expertise and leadership in designing and manufacturing advanced payment devices," says Tom Siegler, VP and GM for UIC USA. "We are very proud to bring the first signature capture enabled PIN pad terminal to market with MSR security." Editor's Note: I suppose that PCI approval of HomeATM's SafeTPIN demonstrated our expertise and leadership in designing and manufacturing "advanced" payment devices as well and we remain the first and "only" eCommerce enabled PIN Pad terminal in the marketplace!
Resistive touch/signature pad for high quality capture
OPOS and JavaPOS compliant
Secure remote Key Management
PCI 2.1 approved and EMV certified
Supports up to six languages
Excellent ergonomics
Countertop, handheld or stand-mounted use Micro SD card and contactless payment options
The PP795 will be shipping in Q3 2009 equipped with UIC's high performance MSR and optional card readers.
UIC continues our commitment to developing cost-effective, high performance products for the retail and banking markets.
Visit us at www.uicusa.com to see our full line for data collection and transaction processing products.
About UIC:
Since its inception in 1985, UIC (Uniform Industrial Corporation) has been a leader in Electronic Commerce/Data Collection systems and components for Banking, Retail, Access Control, Lead Capture, and Auto-ID solutions. UIC designs, develops, and manufactures easy to use products that combine affordability and reliability with high quality and performance. Headquartered in Taipei Taiwan with full service operations in Fremont, CA and Dundee UK, UIC has a worldwide network of Clients, Resellers and Distributors.
Electronic payments remain an area of high growth, with a 10% to 20% CAGR around the world. There is huge untapped potential in markets such as Indonesia, Russia, China, India, and Saudi Arabia. Yet market entry can be difficult, with economies of scale and network effects creating huge barriers to entry. By establishing a clear target based on geography, customer and payment flow, new entrants can create viable niches.
In a new report, Payment Opportunities: Finding the White Space, Oliver Wyman examines various opportunites for new payment plays across the globe.
Prepaid cards used for business to individual payments, such as payroll cards for U-Haul and employee inscentive programs for Coca-Cola.
Airline ticket payments in China with China PnR.
Alternative electronic payment systems (AEPS) in Russia such as OSMP and Cyberplat. These providers accept cash for payments such as mobile top-ups and charging a convenience fee to the payer.
In each case, the payments concentrated on a specific type of customer, with a specific payment need and created a value proposition that resonated across the payment value chain.
"The payments sector is turning heads," says Paul Mee, coauthor of the report. "It is growing dramatically and undergoing radical change across multiple markets and dimensions. Payments represent a relatively low capital intensity, lower risk annuity business—accessible to anyone with customer insight, confidence, and the right capabilities."
"To focus on a winning solution, the best way forward now is to spot frictions in a particular payment flow, geography, or customer group and to develop tailored payment propositions to remove those frictions," adds Zilvinas Bareisis, coauthor of the report.
This 32-page report contains 13 exhibits. A table of contents for this report is available online.
Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally experienced analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is part of Marsh & McLennan Companies [NYSE: MMC].
Internet slowly wakes up to PayPal's quiet fee hike
PayPal made some policy changes in June, but it's likely that you haven't heard much about them until very recently. That's because the company quietly slid in extra fees that will affect nearly all users but failed to be transparent about the changes. Now, the Internet is slowly discovering what happened, and no one is happy about it.
PayPal has generated its fair share of controversies over the years, but it has begun to stir up another one by adding new transaction fees that affect all customers—without telling anyone about them. The company slipped the fees in with a more general update to its "send money" service in June, but because the changes were so well hidden, the Internet has been slow to wake up to what amounts to a good increase in PayPal's income.
Under the previous system, fees were charged based on the type of account the receiver was using as well as where the money was coming from. If the receiver was a premium or business account owner, he or she was charged 30¢ plus 2.9 percent of the transaction—the same applied to all accounts if the money was coming from a credit or debit card instead of a PayPal balance or directly from a bank account. People using personal accounts could make all these payments to anyone else for free.
In June, PayPal made a number of changes to its User Agreement and posted an update to the PayPal Blog. At that time, director of product marketing Heinz Waelchli wrote that PayPal had now begun allowing those with business and premium accounts to make personal transfers to friends and family for free. This, in itself, is a welcome update—I use my PayPal account to receive payments for items I sell on Etsy, but now I can send money to my brother from the same account without either of us having to give PayPal a cut.
What PayPal failed to do was inform users of the fact that any transfer having to do with goods or services will be charged the 3¢ + 2.9 percent fee no matter who or where it's coming from. This includes payments sent from personal accounts as well as payments made after someone has sent you a request for payment (even if that request has nothing to do with goods or services).
eMarketer has revised its forecast of US retail e-commerce sales growth after a lackluster first half of 2009. Retail e-commerce sales, excluding travel, are expected to contract by 3.1% this year.
Growth will resume in 2010, at 5.5%, as consumer spending recovers from the recession. By 2011, eMarketer expects pent-up demand to accelerate growth, peaking in 2012. Retail e-commerce sales will continue to increase, but the rate of growth will fall off in 2013, continuing the pre-recession trend of strong but slowing growth.
Previously, eMarketer projected flat growth for retail e-commerce, expecting declines in the first half of the year followed by second-half recovery. But August figures from the US Department of Commerce (DOC) show sales decreased more than expected in Q2, falling 4.5% year over year to $30.77 billion.
”While many economists see signs of an economic recovery, consumer spending online and offline is still in the doldrums, as evidenced by poor back-to-school sales,” said Jeffrey Grau, eMarketer senior analyst.
According to comScore, US retail e-commerce sales declined by 1% year over year in Q2 2009, after a stagnant Q1.
“DOC retail e-commerce sales estimates have historically validated comScore’s sales figures,” noted Mr. Grau. “However, for Q2 2009, comScore reports a less severe—yet nevertheless dismaying—sales contraction.”
“The marginally negative growth in Q2, on the heels of flat growth in Q1, signals that online retail spending has yet to turn the corner after a disappointing end to last year,” said comScore chairman Gian Fulgoni in a statement.
“Unfortunately, it appears that the reality of nearly 10-percent unemployment and rising gas prices, coupled with an increased savings rate, continues to hold down consumers’ discretionary spending,” added Mr. Fulgoni. “It may still take some time to dig our way out of this recession.”
Keep up on the latest digital trends. Learn more about an eMarketer Total Access subscription, today.
Merator Advisory Group's (http://mercatoradvisorygroup.com/ ) annual report on the merchant acquiring industry in the United States is now in its third year. While developments in this market unfold at a surprising pace, the old cliche about "the more things change" has never rung so true. Accelerating change seems to be the new constant.
In our first two years doing the acquiring market overview, we identified and delineated trends in the space that have accelerated and, in some cases, have come to their full fruition. Notable among the topics we've analyzed and discussed in reports, as well as in advisory sessions with our clients, has been growing competition for merchant customers between banks and non-banks (ISOs), and the seeming push on the part of banks to "reintermediate" themselves in the merchant card acceptance value chain in a more significant way. Value-added services and technology continue to play a larger role as the commoditization of payment processing services truly begins to hit home for acquirers. The evolving scope of PCI is also fresh in the minds of our clients and other participants in the space as the industry saw the announcement of two major breaches of payment card information at payment processors over the last year.
Last year's report predicted a perfect storm converging on the acquiring space that would significantly alter the industry landscape. Many of the same issues are still brewing - a still-foundering economy and lingering recession, new laws regulating the payments space, and another round of pending legislation targeting interchange and the cost associated with merchant card acceptance being chief among them. The third key issue that we identified last year, however - dissolution of the largest acquiring operation in the world - has evolved into a new instance of market consolidation with the announcement of a different joint venture between two of the top 3 acquirers in the US market. The space has been ripe for consolidation over the past few years, and the economy and the other market forces we've alluded to have pressed the issue.
As merchant acquiring faces its existential crisis, the question of what it truly means to be a merchant acquirer naturally arises. In this year's report, we update our discussion of the various basic business models used by acquirers and other participants on the merchant side of the payments value chain to go to market in the US, and increasingly in other parts of the world. We also examine updated industry data concerning the market performance of the top players in the space and we make projections about how these players might stack up in the years ahead. Finally, we further explore the impact and potential impact of some of the secular trends within Payments and their effect on the acquiring business in particular, now and in the future.
"The economic downturn was the single biggest determining factor in the various performance records of the nation's largest acquirers in 2008. Merchant attrition and declining volume growth due to reduced consumer spending both had a large impact on merchant acquirers' business," comments David Fish, Senior Analyst in Mercator Advisory Group's Credit Advisory Service and author of the report. "As we consider the merchant acquiring space currently, and where it might be headed, we need to take into account many of the trends and the market events that stand to have a broad impact, either as catalysts or symptoms of these trends. Whether the issues at hand are a root cause of market dynamics or the result of them, change is happening in the space either way. Fortunately, the acquiring side of the payment chain has a long history of fighting tooth and nail for its slice of the action."
Report Highlights Include:
Change is the new constant in the US merchant acquiring space, with the pace accelerating as pressure from market forces intensifies.
However, the forces impacting the domestic acquiring market remain largely the same. Acquirers have been adapting to the new normal in a variety of ways.
We provide an expanded taxonomy of the 7 basic business models acquirers use to further clarify what it means to be an acquirer.
Market data covering the top 10 US acquirers is delineated and analyzed, and our projections for acquired bankcard volume suggest a very different landscape within five years.
The market is poised to continue a trend of consolidation, driven by the economy, new complexities arising from data security issues, and increasing competition between banks and non-banks.
This report contains 29 pages and 11 exhibits
Companies Mentioned in This Report:
Advent International; Alliance Data; American Express; Banc of America Merchant Services; Chase Paymentech; Citi Merchant Services; Discover; Elavon; Fifth Third Processing; First Data; First National Merchant Solutions; Global Payments (GPN); Heartland Payment Systems (HPY); Intuit Payment Solutions; Kohlberg, Kravis & Roberts (KKR); MasterCard; Moneris; National Processing Corp. (NPC); Network Solutions; RBS WorldPay; SunTrust Merchant Services; TSYS; Visa; Wells Fargo Merchant Services.
Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access, and other membership benefits. Please visit us online at http://www.mercatoradvisorygroup.com.
For more information and media inquiries, please call Mercator Advisory Group's main line: 781-419-1700.
Mercator Advisory Group is the leading independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors.
London / Beijing —August 19, 2009 Retail Decisions (ReD), a card issuer and a world leader in fraud prevention and payment processing, today announced – in conjunction with Chinabank Payment (CBP), a leading payment service provider and a prepaid card issuer – that attempted card- not-present (CNP) fraud for China’s airline sector increased from 5% to 8% representing a 60% increase over the last six months.
According to a recent Analysys International report, China’s online payment market will reach 538 billion Yuan (US$78.7 billion) in 2009, an increase of 128% compared with 2008. Analysys International predicts that China’s online payment market will reach 1.67 trillion Yuan (US$244 billion) in 2012. With increasing volumes, Chinese merchants can expect card-not-present (CNP) fraud to increase dramatically in the coming years.
Editor's Note: I hate sounding like a broken record, but if you want to reduce "CNP fraud, eliminate the CNP environment.
Provide consumers with a way to"swipe" their card for online shopping. Problem solved. When they "swipe" their card, it has to be present. When they type card numbers into a box, we don't know where the heck these jokers got the numbers from.
There are two choices. Either provide an environment which enables customers to swipe their card information or continue letting the fraudsters do it.
“The growth in China’s payment market is incredible, however there are significant changes occurring with the government initiatives to shut-down online gambling and adult content sites prior to National Day as well as the impending issuance of the Electronic Payments License.” said Mr. Zhao Guodong, Founder of Chinabank Payment. “The market is becoming tightly regulated and that is why, now more than ever, CBP’s strategic objective of becoming China’s most safe and secure payment service provider is vital. ReD is helping us achieve that objective and together we will continue to have a remarkable effect on payment security in China.” said Mr. Zhao Guodong.
ReD has been working with CBP for more than a year leading up to today’s announcement. CBP deploys one of ReD’s signature products, ReD Shield, the CNP fraud prevention service, which provides a real-time risk assessment to online retailers. Currently CBP has 30 Chinese merchants using this leading edge technology, helping clients to manage international fraud exposure.
“In the Chinese market alone, ReD saves its merchants up to 1 million Yuan (US$146,000) each per month with ReD Shield.” said Carl Clump, Retail Decisions CEO. “CBP has taken the threat of fraud very seriously, implemented ReD Shield and is now reaping the benefits through protecting its merchant base.”
ReD Shield is a fully outsourced, real-time CNP fraud prevention service that significantly reduces fraud while increasing merchants’ revenue. The service combines neural technology with customized, merchant-specific velocity and compound rules coupled with ReD’s expertise, providing a real-time risk assessment recommendation which allows merchants to find the precise balance between preventing fraudulent transactions and maximizing good transactions. Some of ReD’s outstanding Chinese merchants include Air China, CTrip, eLong and China UnionPay Data amongst others.
CBP currently works with 20 banks in China, including Bank of China, Industrial and Commercial Bank of China, China Merchants Bank and Agricultural Bank of China. For the past two years, Bank of China has named the company Partner of the Year. CBP operates as a 3rd Party Payment Provider and is a Prepaid Card issuer. It was one of the first companies to offer online payment services and is consistently viewed as a reliable and secure system. On the prepaid card side, it works with retailers in a range of industries including retail, travel – including airlines and hotels – international trade and online gaming.
For the complete analysis of fraud trends in China contact Retail Decisions.
###
About Retail Decisions
Retail Decisions (ReD) is a payment card issuer and world leader in card fraud prevention and payment processing. A specialist supplier to the payments industry worldwide, ReD has over 20 years experience in the fraud prevention market. Its blue-chip international clients come from the global telecommunications, retail, travel, petroleum, banking and the broader e-commerce sectors. They include Wal-Mart, Macy's, Bloomingdale's, Sears, Texaco, Shell, Asda, Boots, John Lewis, The Carphone Warehouse, Comet, Travelocity, T-Mobile and Virgin Mobile.
The company has offices in the United States, UK, Mainland Europe, Australia, China and South Africa with representation in India, Japan, and South America. More information about ReD please visit: www.redplc.com. About Chinabank Payment
Chinabank Payment (CBP) [Ebank Online (Beijing) Technology Co., LTD.] is a leading payment service provider based in Beijing. Founded in 2003, Chinabank Payment has provided secure solutions for online payments for ecommerce enterprises and individuals. Clients include Microsoft China, China Unicom, Sohu.com, Nokia, Hewlett-Packard, Elong.com, Kingsoft, Digitalchina, the9.com.cn, Scitechgroup, Hongen.com.cn, Phoenix TV, Xiamen Airlines, CYTS, Holiland Cake, China-pub, Ticketone, Shanghai Teacher University, Beijing Normal University and CERNET Corp. It works with a range of industries including retail, service and high-tech. CONTACTS:
Carl Clump, Chief Executive Officer Gwyneth Pritchard, Head of Group Marketing Retail Decisions Ltd Retail Decisions Ltd Tel: +44 (0) 1483 728700 Tel: +44 (0) 1483 794932 Website: www.redplc.com email: gpritchard@redplc.com
There a lot of banking promotions cropping up designed to "lure" customers over.
Want to lure them over? Use phishing. Did I just say "use phishing" to lure them over? I did.
$100 isn't going to do it. When it comes to innovative marketing ideas, bribing a customer has never been near the top of the list. But...instead of customers being lured away from your bank by becoming a victim of phishing, "lure" them to your bank by using "phishing" as bait. It'll work hook, line and sinker.
Here's what I'm thinking. How about running an innovative promotion in which a bank guarantees their customer is 100% protected from phishing. If you lure them by protecting them from the bad guys (which would also protect the $1000's, not $100, of dollars in their bank account), you would attract more customers than $100 would attract AND, at the same time, enhance your bank's image. It's all about security. Here's proof:
Editors Note: Wow, if I was a financial institution offering "online banking"that headline would haunt me 24 hours a day until I figured out a wayto either change it or use it to create an opportunity for my onlinebank to flourish.
My first thought would be: "If 50% would consider "changing banks AFTER" they get hit by card fraud/onlinebanking/phishing fraud, how many would consider "changing banks" to"AVOID" getting hit?
And to which competitor would they go?
I'd conclude that if they "left because of insecurity" they would probably "come on board BECAUSE of security."
Soif I wanted to open a portal for dissatisfied online banking customers,I would use a uniquely positioned product to ensure my customerssecurity. I'm thinking Swipe vs. Type here. Then I would think...howmany potential customers could my bank procure by "guaranteeing" onlinesecurity? Research would determine if it was millions or only"Hundreds of Thousands." I think I made my point. If not, I challenge you to continue reading...
Banks have a "serious issue" with phishingand I am suggesting that there is a low-cost solution to completely eliminating this on-going threat. Eliminate typing and you'll eliminate phishing. First a quick backgrounder...
The nature of this beast known as "phishing" is to lure these onlinebanking folks, with a sophisticated and genuine looking trap whichincludes genuine looking emails which provide links to genuine lookingsites. (a new "type" of bait and switch)
Once there, users are simply instructed to do what they've been programmed to do since day one with online banking. And therein lies the problem...
They are told to "type" in their username and password to log-in.
Problem is, once they "type" in their "username | password" they provide full access to their accounts to the phisheries.
Ifyou haven't figured it out already, (something phishy goin' on here) allow me to point out the majorflaw in this process...
If online banking customers had not beenoriginally programmed to "type" anything into a box the first place, then this type of phishing would not have cropped up in the second place. A simple case of "cause and effect."
Case in point: Imagine if you will, that when ATM's first came out, users were instructed to "make up" a username and password for whichwould have provided full access to ATM's? How smart would that havebeen?
Fortunately the banks were smarter than that and they required that their ATM customers insert their card into a built-in card reader AND enter their PIN. Two factor authentication 101. What you "have" (card) and what you "know" (PIN)
Why should it be any different for online banking log-in?
What has happened since then to make them believe "typing" is safer than "swiping?" Why are they suddenly dissin' the card?
Window of Opportunity
Instead of dissin' the card, I say "DISCARD" the antiquated username and password log-in process and instruct customers "USE THEIR CARD" (what they have) and their PIN (what they know) thereby replicatingthe exact same process these customers use gain access to an ATM.
True2FA. The only difference would be that authentication would be done inthe safety (no skimmers/no cameras) of the online banking customers own home...with a PCI 2.x certified (not compliant..."certified") personal PIN Entry Device. (providing 2FA 3DES E2EE DUKPT Security)
If the online banking community introduced their customers to a simple(not) new log-in process, one whereby they require that theironline banking customers log-in the "same way" they do at ATM's...by "swiping" with "THEIR CARD, and securely entering "THEIR PIN" they would greatlyenhance the security of their online banking sites.
This two factor secure log-in would eliminate the issues they arehaving with these phishing attacks altogether. A secure 2FA 3DES E2EE DUKPT log-in would also eliminate threats created by cloned bank websites, cloned cards, DNS Hijacking,etc. The data is never in the clear...so when it comes to becoming a victim of fraud, your customer is in the clear.
In effect, banks would be arming their online banking customers with aweapon of phish destruction, one that fights cybercrime and "empowers"them as mini-profit centers. Does anyone disagree with the statementthat "Bill Payments, Money Transfers, and secure online transactions"ALL make money for banks? (again, see previous post)
That said, I humbly suggest it's high time to "studythree key issues" more closely. Let's look at "these issues" one at a time:
$12! Yes (in quantity)...banks could save $88 per customer (compared to Citi's offer above) and PROTECT their customer. Protect them from what? Did you know that the average phishing attack costs the bank and thebank customer $350. Want proof?
According to research firm,Gartner, banks, online payment organizations and other financialinstitutions are bearing most of the financial cost of phishingattacks.
(A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.)
The average loss was$352 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved. (sounds like the $100 bribe above is lost in the first phishing attack to me)
"The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner. (Yes, the very same Avivah Litan who says "never" enter your PIN on the Internet unless it's hardware based)
Want to read more on this subject? Scroll down to the next post. I'll make it easy...click here.
Aug 19, 2009 (Datamonitor via COMTEX) - excerpts in blue
Card fraud is expected to increase in the US with the country still no nearer to introducing the chip and PIN technology which has proved successful in Europe.
With fiscal pressures particularly evident in the current economic climate, technology vendors are rushing to pilot alternative solutions to the costly chip and PIN option.
Editor's Note: This might sound a little too simple, but an obviously less costly solution to Chip and PIN technology would be the elimination of signature debit. PIN Debit for every debit transaction. Simple, easy and not at all costly. Signature Debit Fraud is more than 10 times higher than PIN Debit fraud. Besides, it's the preferred form of payment by both consumers and merchants alike.
Chip and PIN increases CNP (Card Not Present Fraud) fraud. Fraud is like water in that it finds the path of least resistance. If it finds resistance it moves to where there is none.
Chip and PIN resists fraud at brick and mortar locations, but increases the opportunity for fraud to occur where Chip and PIN is not required...which is in the CNP world. (i.e. Online Shopping)
Therefore, let's turn our attention as to how we can increase resistance. First question I have is why on earth is "signature" debit used for E-Commerce. What signature are they talking about? Where do I sign? Typing your card number into a box does not constitute a signature in my book.
Signature Debit is "offline debit" and was not designed for "online shopping." On the other hand PIN Debit is "online debit" and "Online Debit for Online Shopping" sounds like a perfect fit to me.
It makes more sense to use PIN Debit's encrypted and built-in two factor authentication anyway.
So I say simply eliminate the use of "offline debit" for "online shopping"
Doing so would provide for the elimination of typing credit and/or debit card numbers into a box in a web browser. Typing is the cause. Hacking is the effect. But let's take it a step further. It's not just about two-factor authentication. It's about eliminating the CNP environment altogether.
With HomeATM, when the cardholder swipes their card, (Card Present) the cardholder data is "instantaneously" encrypted "inside our device", and thus provides complete "Zone 1 through Zone 5" true "end to end" encryption. We now have an environment that is "exponentially" more secure than typing.
By eliminating "typing" and mandating "swiping" we have eliminated the CNP (path of least resistance) environment and the the threats posed by phishing, cloned bank websites, malware and DNS Hijacking are eliminated as well.
It's really not that difficult a concept to comprehend. I suppose I can make it sound more technical...the formula to secure transactions is: 2FAE2EE3DESDUKPT
(Two-Factor Authentication, End to End Encryption, Triple Data Encryption Algorithm Derived Unique Key Per Transaction...see, simple!) Not? Here's a primer: 3DES, DUKPT & E2EE Explained
The article continues:
With the recent adoption of chip and PIN technology in Canada and Mexico, following its successful adoption in Europe, fraudsters are expected to increasingly target the US market. (especially the CNP market)
A recent survey by Actimize found that around 66% of bankers, card issuers or payment processors anticipate US card fraud levels to increase. As the number of cases of attempted fraud threatens to rise in the US, local banks, card issuers and payment processors will come under increasing pressure to find a solution that reduces their liability. (how about 2FA E2EE 3DES DUKPT?)
Knowing which technology solution to choose is not a simple decision, (au contraire...there's a very simple solution when it comes to CNP fraud. Eliminate the CNP environment by providing consumers with a device that allows them to prove "card presence" with the swipe of a card.) with many factors such as the current infrastructure and IT budget likely to drive the final determination.
Fraud prevention and detection solutions are expensive, and it is hard to say that they guarantee business development. However, a lack of detection/prevention from fraud attempts may lead to even more significant costs within banks.
Fraud losses comprise not only the actual amount that is stolen, but also labor costs related to investigation and managing fraud cases. These costs can be up to five times higher than the stolen amount, and are rarely published by banks. As such, identifying a suitable alternative to the costly chip and PIN solution is a sound strategic move.
Editor's Note 2: Stop with this "fraud prevention and detection" jargon. It's the wrong mindset. We should be talking "elimination." Eliminate typing, Eliminate CNP environment and you done. Simply admit to the fact that the web is not safe and have consumers utilize the same process used to access "cash" at an ATM. Swipe their card, enter their PIN.
There is only one PCI 2.x certified device in the world specifically designed for E-Commerce, and our Slim version (depicted in all the pictures) can be had for as little as $12 each in quantity.
Banks could give it away at a fraction of the cost they are spending to give away Smokey Joe Grills, or other useless (when it comes to securing transactions) promotions. And it would attract online banking customers like typing attracts hackers!
Our device would enhance a financial institution's reputation, create a branding strategy and secure more business and more customers for their financial institution. How? Here's how...
Slim is perfect for online banking log-in, Ideal for a financial institutions internal P2P money transfer application and More secure than any current payment mechanism available for online shopping. Want proof? Here ya go:
Commissioned by CashEdge in June 2009, the survey polled more than 850 consumers nationwide aged 18 years and older who use online banking capabilities. These respondents described themselves as bank customers (76 percent), credit union ...
So if I wanted to open a portal for dissatisfied online banking customers, I would use a uniquely positioned product to ensure my customers security. I'm thinking Swipe vs. Type here. Then I would think...how many potential customers ...
But HomeATM has gotten the price down to the point that banks could literally give them away...thus empowering their online banking customers to not only log-in securely but pay bills in real-time, send or receive money in real-time and ...
The first step to prevent online banking fraud is to secure the log-in process. It's not a difficult concept to comprehend. Instead of giving away Smokey Joe's, Toasters, Fans, Tupperware, etc. banks need to start giving away something ...
1. Fraud is one of the main concerns of financial institutions today, but how should they go about preventing it?(Editor's Note: I say "eliminate" what causes fraud)
2. What technology or training should they put in place? (Editor's Note: HomeATM's PCI 2.x Certified 3DES DUKPT encryption enabled Internet Point of Sale Device. Don't need training. People already know how to "swipe" their card and "enter" their PIN. They've been doing it for years!)
3. What are some of the fraud schemes they need to guard against?(Editor's Note: Phishing, Keylogging, Counterfeit Cards, Cloned Bank Websites, DNS Hijacking, even Malware to an extent)
I ask one. Why in the heck are we "typing" our credit/debit card numbers into a box on a website?
It's obvious that "typing" is what has "empowered" the fraudsters. Fraudster's focus on "what is typed" " (username/password's and PAN's) and "THAT" is what they are "swiping!" There is only "ONE" way to prevent them from swiping what we are typing.
STOP (Eliminate) "TYPING!"...& empower consumers to do their own "swiping."
Does this not make 100% complete sense to everybody reading this?
(if not, please leave a comment)
Again, I say stop trying to "prevent" it. It makes more sense to "eliminate" it. The most common fraud schemes used by the bad guys can be immediately eliminated by "eliminating" typing and replace it with "swiping." So what threats would swiping eliminate?
Phishing:Phishing is the act of luring consumers into "typing" their username/password or credit/debit card number into a box on a website which looks genuine. There is no way to prevent that if you don't eliminate the act of "typing" to begin with. If financial institution customers were mandated to access their online banking accounts the same way they access their money at ATM's (swipe and enter PIN) phishing would be eliminated.
Keylogging: If consumers stopped "typing" (key stroking) then what good is "keylogging"? Hint: It isn't.
Counterfeit Cards: If consumers had to "swipe their card" and "enter their PIN" (two factor authentication) then the counterfeit cards being used by fraudsters would be useless. (where the fraudster doesn't have the PIN) Most counterfeit cards are enabled to be used online because all the user needs to do is "type" in the Primary Account Number (PAN) If they had to "swipe" the card and "enter the PIN" to conduct an online transaction, financial institutions would virtually eliminate the threat of counterfeit cards.
Cloned Bank Websites:A cloned bank website only works if the user is fooled into "typing" their username/password into the boxes provided by the bank for log-in. If users were instructed to "swipe their card" and "enter their PIN" then the encrypted data would mean nothing to the fraudsters. On the other hand, once they get a hold of your username and password, your bank account would be emptied faster than you can say..."What happened?"
DNS Hijacking:What good would it do to hijack the DNS of a financial institution if consumers no longer "typed" their PAN or Username/Password into boxes? If consumers "swiped" and "entered their PIN" for log-in, and the encrypted packet was never in the clear, they wouldn't be able to see the information. No see...no phish!
Malware:Even the effects of malware would be vastly reduced. The purpose of malware is to infect the users PC so that when they visit financial institution websites, the malware can record pertinent information. Again, if users stopped "typing" in that "pertinent" information, it would become...well..imperinent. Right?
I did not view the video below but I did provide my take on what financial institutions can do to eliminate or vastly reduce fraud. I have a difficult time believing there are human beings on the face of this earth who actually think it is "safer to type" than to swipe. But I know they are out there.
I guess the more pertinent question is"
How did it come to be that they all chose to work in the ePayments Industry?
Want to hear what Aite has to say? "Click below:
About the speaker:
Nick Holland is a senior analyst at Aite Group. To view the video, click the link below:
Popular social networking site Twitter is being used to control botnets, according to Jose Nazario, who is a Senior Security Researcher from Arbor Networks. Botnets are computers infected with malware that allows them to be commandeered by hackers. Nazario says that he stumbled upon one such Twitter account, though it has since been reported and taken down.
The key challenge of building botnets, for hackers, has always been in how to control them. Years ago, this used to be done via IRC channels, where infected computers would visit in order to receive their commands. These have proven to be relatively easy to track down though.
By switching to Twitter, hackers are leveraging not only on the server infrastructure of the social networking site, but also the publicly-known APIs used for the posting and viewing of tweets. And compared to earlier methods that saw hackers putting down money to purchase domains for their bots, creating a user account in Twitter costs them nothing.
Finally, using Twitter also makes it difficult for anti-malware applications to differentiate between a legitimate visit and the behavior of an infected workstation. Talking about the use of Twitter to host a botnet, Nazario said to The Inquirer, "I wouldn't call it rocket science, but it's effective."
For more on this story:- check out this article at The Inquirer
Hi everyone, Anuj from the communications team here with a question: What do Special K, Hallmark and PayPal all have in common? Well…according to a study released last week by AOL DailyFinance and Landor Associates, we are three of the top 10 Breakaway Brands in 2009.
PayPal was selected along with other brands like Google and Apple as well as National Geographic, Trader Joe’s, Payless, Superbowl and my personal favorite (apart from PayPal of course), Häagen-Dazs. The top 10 were chosen from 2,500 global brands. The brands were ranked based on both relevance – how appropriate the brand is for consumers and whether they want it in their lives; and differentiation – how strongly a brand stands out and offers something special.
Here’s what they had to say about PayPal:
“Once a staple of the digiterati and eBay users, PayPal entered the vernacular over the last three years as more and more people have come to see it simply as an easy way to pay for things and send or receive money online. A merchant’s darling because of its lower-than-credit-card service fees, PayPal is also a favorite with customers without cards or those who are especially concerned about security (the PayPal “P” is a symbol synonymous with safe online transactions). PayPal bolstered its brand by introducing mobile payment options and merchant services such as online invoicing, express checkout, and recurrent billing.”
We’re honored that PayPal is viewed as a brand that helps create trends, while remaining true to its core brand promise.
To check out the full list of top Breakaway Brands of 2009, please go here.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s1cEdLXObNcQvN7ZP-YjGLl5ZQf3EZoqk1Qu7VuZBLxH58YNLVYiGQa2mKpinzwDzPvlVfSpa3kasJ7MCRVknfgtwhezQeeqzU19HyAXqtAS7Tg3xk9-HwlRcF0dJnMMiMlHlld0cYc2oUDy1ZV_XE=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sFmrExDeuRLa_n0LWRGr0bF6qEPxCEcD4Ww6TDfXb5w4hTrARGoeOkyhLb9ogFWdbmVm5ytqXwWeurL-aqpvQLaVQWa5z0tvgH-2q4uujN_JZeiGQBofZz8Uzo8cPFBXhx9aGu4yPK2SGsUbnacZEV=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tpP1eRT3_iGrTS-EikSoWStP6HJlBCz7RtDA1MBL2lF1num9sxQTBxzjsjHpf0OGp9IfUVHLIZDb_5G1Hd9i_BSkbOpce6Lbqp7BYXkoleucIM7t8Lkn-Tl4ieobsxFUR-Q-CRx5FZzMyMB0FdKtA=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tRAmS1sySmvgXdeBF4iJo_zjOQ2pQQn5rDGfDcclTORUYeNnAu9p-QetfgNtza-gzDxM9jISKafX8YUaUXrEr4pTvL-7qkCydLsEqM3jBrCFNkRcgGjneT22fVBCR_BsaJNLyInihZPzEwbt-85aoO=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ufD-8rAyxJSr5i9BVAmCBZpGF8WOSVdhmzReUyOJkEbFaEGnlup-begh_sBU9WUB__pdZ9z8pctJvQg-TmB28U4UKrxtfSC56Pc_r0zMD19MEc3RaaAtmFYteS0xgCEZs9wxR5oBa522VHMr1EtLx8=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uPZeHUhYgJ9f29O2OeiG57mQ9JT2qd4q5JaY6xrv5XSa9iZQBUJjpgr-C7BFJWueNSxSTorDNHazaPSY5AMj3kmAB7p2Os76wFx1ZhFZCnFSpdSySEOs7vQBRnJdbs8kxrB_8W__U7P_AhY41d520=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_scklRgn-hDezZjisZpr3uVuSHKlJW-3u_c0dOj9mc2lilcCcnpI5Tk_rWy_nVnlrbL7gXhrKqQldxJ131b2ohijr-Ufuvb_IpQK03eUmOowP7ODBE120fMFNVJhAHvy82ufvnO4n4SZkHOgC5k1Z0=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tXyeYkkIVfeFxatFtSwo2VsYahxzfqZ4l1EshYlwF3t1pvpVymb2-e-CauWf1ePULOMPV_92ItFGVbW8EeDd5Jj2p8gj2ZJM9-KdGTgmbpHdkYGVf4BGlK9fJjYyfXjXme_bCm1Cbsi2gOy6TrIrMq=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s99hmH7AESpfZVOGvUfMggLam_66yPR2_ttL-JeiSgFO7GHGgeC94brOrFEtImSr_-TpRdGJ0ovkQiseyEXcZz2SdH2QFe0cgULJDGsMa8-CKfgCggu5pnpgupMaQpLybYQmN3cgyGd0jXNmyHf6U=s0-d)
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uc6xwdxrKpquPdZCyxjrNctS5WF45fXLwk_h_J1wDTWJEZTHePIzXagsPNHDSxzVhMlyS6S6heH0egk-7NA0VRrUJ1Qja-LhGE5mmJLYjW6ajtiBVzjZVo4QTenGLdFxFiMbSbzD27Yxh2-GNQkxKz=s0-d)
