Mobile Payment Industry News

Wednesday, September 3, 2008

Visa Launches 4 New Mobile Payment Services

Visa Launches New Mobile Payment Services; Continues Mobile Technology Momentum Globally

Visa has announced it is launching four new programs to deliver payments and services via mobile devices. Two commercial mobile payments programs, in Brazil and Korea, along with two mobile offers and transaction notification pilots in the United States, add to more than a dozen pilot and commercial programs enabled by the Visa mobile platform around the world - PaymentsNews

Editor's Note: HomeATM's Wedgie Can Hook up to a mobile phone NOW (see pic above) whereas Near Field Communications is years away. (see "related stories" at the bottom of this post) I can't help but think of the 40 million card data breach due to Wireless Networks. I also question the security of SIM cards. Past experience projects that Hackers will have a "Near" Field Day with this one!

Anyway...here's the press release:

Visa Mobile Platform Powering New Mobile Payment Programs in Brazil, South Korea and Value-Added Service Pilots in U.S.

SAN FRANCISCO--(BUSINESS WIRE)--Visa (NYSE:V), the global leader in payments, today took the next step toward making mobile commerce a global reality by launching four new programs to deliver payments and services via mobile devices. Two commercial mobile payments programs, in Brazil and Korea, along with two mobile offers and transaction notification pilots in the United States, add to more than a dozen pilot and commercial programs enabled by the Visa mobile platform around the world.

The Visa mobile platform gives Visa’s bank and wireless carrier partners the tools and technology framework they need to develop, test and offer innovative mobile services around payments to this growing market segment. The mobile platform already supports consumer programs and pilots in a dozen countries and territories, delivering convenient, reliable and secure payment services to active lifestyle consumers.

Visa’s investment in its mobile platform comes as more consumers in both developed and emerging markets adopt mobile devices. According to the GSM Association, there are nearly 3.5 billion such devices in the world with the greatest growth coming from developing countries. As these numbers have increased – and as the devices themselves grow smarter – consumers rely on them for much more than just communication, creating greater opportunity for them to play a central role in commerce and to deliver new services around payment.

Visa’s vision in creating its mobile platform has been to apply the scale, flexibility, and security of its global payment network to deliver both payment and value-added mobile services that have immediate value to consumers, merchants and issuers.

“Today we again see how far Visa and our partners have come in the development of mobile financial services,” said Elizabeth Buse, Global Head of Product at Visa Inc. “As the payments ecosystem has expanded, so has Visa’s opportunity to deliver innovative products and services to a diverse set of stakeholders.”

Global Momentum

The Visa mobile platform was created to help financial institutions, telecommunications providers and handset manufacturers tap into technology to deliver both mobile payments and related services that enhance the consumer payment experience. Visa has continued to extend the platform to offer more innovations that meet the needs of consumers, merchants, financial institutions and mobile service providers. The latest programs include:

Brazil: Visa announced yesterday the availability of remote mobile payments in Brazil by Banco do Brasil, which is marking its 200th anniversary in early October with a number of innovative banking programs. It is the first program of its kind in Latin America, allowing Banco do Brasil’s Visa cardholders to pay with their mobile device and confirm the transaction via text message. The service is accessible through any Brazilian mobile carrier serving the more than 140 million subscribers in the country. Companhia Brasileira de Meios de Pagamento (VisaNet Brasil), the acquiring institution for all Visa debit and credit payment transactions in the country, will be running the deployment of this technology in Brazil.
Korea: In a world first and in partnership with T-Money provider KSCC (Korea Smart Card Company), card issuer Shinhan Bank and Korea Telecom Freetel (KTF), Visa has made it possible for commuters to use their Visa account to top up their T-Money balances automatically on the phone’s SIM card when it falls below a certain level. By conducting the entire transaction automatically over the mobile network, commuters are freed from the inconvenience of waiting in line at transit kiosks or other agents to top up their transit account.
US: Visa recently announced a partnership with Chase Bank for a pilot program to deliver personalized mobile offers to select consumers in Phoenix, AZ. With more than 50 participating merchants, the program has capacity for 5,000 participants who will receive offers, including discounts or special deals, directly to their mobile devices via text message. They will be able to redeem these offers at the merchant’s location or online. The pilot will also cover special game day offers for baseball fans attending games at Chase Field, home of the Arizona Diamondbacks.
North America: Visa is working with multiple leading issuers, such as PNC Bank, SunTrust Bank, U.S. Bank, Wachovia, and Wells Fargo in the United States, and RBC, TD Bank Financial Group, and Vancity in Canada, to trial a transactions notification program that is able to send near real-time information to cardholders. Participating cardholders will receive e-mail or SMS text messages on their mobile devices whenever one or more transaction “triggers” occur, sometimes before they leave the store. These mobile notifications will be created simultaneously with the transaction, providing cardholders with an effective way to monitor and manage their accounts.
These mobile payment initiatives join a series of existing pilots in several countries and territories, including:
Australia: Last week, National Australia Bank (NAB), Telstra and Visa announced an Australian first with the launch of a contactless payment trial using components of the Visa mobile platform. The trial, involving 200 participants and 12 merchants in the Docklands area of Melbourne, will run over the coming months and will enable Telstra, NAB and Visa to assess Australian consumers' and retailers' reaction to mobile payments.
Canada: In November 2007, RBC announced a mobile payments trial based on the Visa mobile platform. The Ontario-based trial will involve multiple phases including in-lab testing, an RBC staff pilot, and a consumer pilot. As part of the trial, mobile phones with an embedded NFC contactless chip will enable users to make mobile Visa payWave transactions at contactless acceptance locations.
France: Visa Europe is part of a joint pilot with six major French banks as well as four mobile operators called “payez mobile.” This trial tests mobile payments with 1,000 customers at 200 sales outlets in Caen and Strasbourg in France.
Germany: In July 2007, a joint venture between Visa Europe, Nokia, T-Systems and Rhein-Main-Verkehrsverbund (RMV), a regional transport network in Frankfurt, called RMV2go was announced. The joint venture was formed to spearhead the development of payment solutions based on the Visa mobile platform, incorporating Visa payWave on Nokia mobile devices.
Korea: In February 2007, Visa and SK Telecom, the country’s leading mobile operator, announced a trial of the world’s first contactless payment application using a third-generation (3G) universal SIM (USIM) that is personalized for payment “over-the-air.” The program involved SK Telecom subscribers installing the Visa payWave contactless application directly onto their phone. Since then, KTF, another major mobile operator, launched a similar trial with Visa in June 2008.
Malaysia: In October 2007, Visa, in partnership with Maybank, Maxis and Nokia, begin a mobile Visa payWave trial with 100 staff from the participating companies. The trial utilized Malaysia’s existing contactless infrastructure and built upon a mobile payment trial conducted in 2006. Technologies from the Visa mobile platform, including graphics-rich user software and the ability to download and personalize the Visa payWave function over-the-air, were tested during the trial.
Spain: In June 2007, BBVA, Nokia and Visa announced the launch of a mobile payments program using Nokia 6131NFC mobile phones with NFC (Near Field Communication). A small group of BBVA employees were pre-selected to participate in the program. Each participant received a phone that is preloaded with the Visa payWave application and can be used to pay for purchases at various merchants throughout Madrid.
Taiwan: In September 2007, Visa announced a trial with Chunghwa Telecom, the largest telecommunications provider in Taiwan; Chinatrust Commercial Bank (CTCB), the largest privately owned bank in Taiwan; and Nokia. The program involved Chunghwa and CTCB customers provisioning their phones over-the-air with the Visa payWave payment application. This pilot has been complemented with two additional pilots conducted by Far EasTone and Taishin Bank and Vibo and United Bank of Taiwan.
United Kingdom: Visa Europe announced its participation in a large scale UK mobile pilot for payments – entitled “mobile wallet” with mobile operator O2. The six month pilot will examine the use of mobile phones to pay for purchases, access events, and travel.
United States: In June 2007, Wells Fargo Bank and Visa announced the launch of a three-phase mobile pilot that tests mobile payment and offers on phones equipped with NFC. The initiative also includes mobile coupons and account management services.

HomeATM PIN Debit Blog, Visa Launches Mobile

Mexican E-Commerce to Grow 70% in 2008

Mexican e-commerce seen growing 70 percent in 2008 | Markets | Economy | Reuters

MEXICO CITY, Sept 2 (Reuters) - Mexican firms will likely sell 70 percent more goods and services over the Internet this year, mostly to people buying plane tickets and computers, experts predicted on Tuesday.

This year's expected brisk growth follows a 78 percent surge in Mexican e-commerce sales in 2007 to $955 million, the country's Internet association said at a news conference.

Less than a quarter of Mexico's population of 107 million surfs the Internet, and of those users only about one in 10 buys products and services online, according to a study by the association.

E-commerce sales in the United States last year, covering more than 12,000 retailers but not including travel services, exceeded $120 billion. The study looked at sales data at 22 companies in Mexico with sizable online retail businesses, including airlines, cinemas and department stores.Airline tickets account for about two thirds of online purchases in Mexico, followed by computer-related products, according to the study. (Reporting by Noel Randewich; Editing by Phil Berlowitz)

HomeATM Helps Smartcard Marketing Post 185% Gain

Smartcard Marketing Systems Inc. Posts 185% Gain

Smartcard Marketing Systems Inc.(PINKSHEETS: SMKG) announced today that their card loading and payment processing volume increased 185% in 2008 for the month of July over July 2007. The company attributes its dramatic growth to its successful launch of two prepaid debit card programs and the quick adoption of the HomeATM's online payment processing solution with Pin Debit online. The company processed $46,375 in card loads in July of 2007 and $132,245 in July of 2008.

As stated by CEO Massimo Barone of (PINKSHEETS: SMKG)"We are in an accelerated growth stage of our business cycle as new merchants and consumers purchase our products and services through www.Velocitymoney.com. In addition with the Canadian market prepaid debit cards now an active program and more market penetration with Pin Debit Pads we anticipate continued triple digit growth through 2008 and will report on a month to month basis."

More Skimming Attacks Over the Weekend

Another long holiday weekend, another debit card scam TheNewsTribune.com | Tacoma, WA

Wily debit card scammers may have struck again over the Labor Day weekend, victims and police said Tuesday. At least 50 accounts were compromised.

Susie Engelbeck, 47, a stay-at-home mom from Puyallup, said someone using an ATM in Los Angeles took $800 out of her account over the weekend. When she went to report the fraud to her bank Tuesday morning, about 10 other victims were there doing the same thing, she said. “They had a line of people who had been scammed,” Engelbeck said.

Over the July Fourth holiday, more than 125 people who used their debit cards at a South Hill Arco gas station in 2007 had money withdrawn from their bank accounts. Police estimated losses were at least $500,000. Puyallup police Sgt. Ryan Portmann said Tuesday that the department has fielded about 20 new fraud reports so far, with the withdrawals happening in California and Texas. The thefts in July were linked by purchases at an Arco at 11608 Meridian Ave. E. last August. It’s possible the thieves kept some numbers in reserve from that scam, he said.

On Tuesday, Pierce County sheriff’s spokesman Ed Troyer again urged anyone who used a debit card at the station last August to get a new card. “We don’t know if they have more cards and are planning to do another round,” he said after the July thefts. By coincidence, Engelbeck’s mother-in-law left a News Tribune article on the thefts on the kitchen table for her to read Saturday. “I thought, ‘Three-day weekend, hmm,’” she said, referring to this most recent holiday. “I checked my account, even though I had just checked it 21/2 hours before.” After spotting an apparently fraudulent charge, Engelbeck said, she immediately closed the account.

Todd Pietzsch, a spokesman for the Boeing Employees Credit Union, where Engelbeck banks, said 50 to 60 members reported thefts over the weekend. “We take care of our members,” he said. “If it’s fraud, they’re reimbursed.” Neither the Pierce County Sheriff’s Department nor Tacoma police saw a new wave of reports Tuesday. But there are probably more people out there who don’t yet realize they’ve been robbed, Troyer said. “We definitely want everyone to call so we can try and obtain photos,” he said. Security photos of the thieves from previous ATM thefts haven’t turned up any leads, indicating the crooks are probably not from the South Sound area, he said.

Unfortunately, the scam is one that’s becoming more common. The thieves apparently installed a device on the gas station’s card reader that “skims” victims’ card information and PIN numbers. They seem to be targeting Arco stations, which take cash and debit cards but not credit cards. Arco officials could not be reached for comment Tuesday.

Other agencies up and down the West Coast have reported similar scams. In July, the San Jose (Calif.) Mercury News reported that debit card and PIN numbers skimmed at Arco stations were used to steal upwards of $325,000 over the Memorial Day weekend.

HomeATM PIN Debit Blog

Tuesday, September 2, 2008

Newegg Stops Collecting Sales Tax for NY

The Return of Tax-Free Online Shopping in NY?

For online retailers cranky about a controversial new law in New York requiring them to collect sales tax on purchases shipped to that state, Newegg has an solution: don't do it.

Newegg, a Web-only merchant that sells computers, accessories and consumer electronics products, has reversed its policy of collecting sales tax on New York purchases, the company confirmed.

When the law took effect June 1, Newegg began collecting the tax like other retailers. It was not immediately clear what prompted the change, and company spokespeople did not respond to requests for comment.

The tax provision sits in a murky legal area that online retailers and some tax-policy analysts say places an unreasonable burden on interstate commerce. Amazon, which is collecting the tax, has filed a lawsuit against New York, charging that the measure is "invalid, illegal and unconstitutional."

The most relevant precedent is a 1992 Supreme Court ruling involving a mail-order company that concluded that a business must have a physical presence in a state in order to be responsible for collecting sales tax on purchases shipped there. Under the new law, New York is requiring online retailers that derive sales through referrals from affiliates who live in the state to collect the tax, even if they have no employees or operations there.

Like many online retailers, Newegg maintains an affiliate program. Web site owners who post banner ads and links promoting Newegg earn commissions of 1 percent to 2 percent of the sales they refer.

The new law led one store, Overstock.com, to drop its affiliate program in New York. Overstock has joined Amazon in its legal dispute against the state.

New York estimates that the provision will generate $50 million in revenue for the state in the fiscal year. Tax experts look to other cash-strapped states to adopt similar measures if the New York law holds up in court.

Newegg collects sales tax on purchases shipped to California, where it is headquartered, and New Jersey and Tennessee, where it maintains operations.

On the policy page of its Web site, Newegg states that, "Sales tax is only required for orders shipping into states where we have or may have nexus for state tax purposes under applicable laws."

When companies don't collect sales taxes on out-of-state purchases, the consumer is still responsible for paying it in the form of a use tax that is reported on the state income tax return. Most people either don't know about that rule or ignore it.

This article appears courtesy of InternetNews.com, where it ran Aug. 25, 2008.

Convenience and Security Boost Payment Card Industry

The Green Sheet 2.0 :: Newswire

With card companies offering benefits such as redeemable reward points, and cash-back offers, customers are being beguiled into using their cards for payment of various products and services. Cards represent a fast, secure and convenient means of payment for goods and services purchased by customers.

Apart from replacing the cumbersome and often risky paper-based transaction system, electronic payments have boosted business prospects of organizations worldwide. By using electronic systems, business organizations and customers are now able to conduct safe and hassle-free transactions. With the rapid expansion of point-of-sale (POS) networks and online markets, electronic payment systems are becoming accessible to increased number of wholesale and retail outlets across the world. Growing adoption of payment cards has also led to a decline in the direct and indirect costs associated with plastic payment cards.

Contactless technology is expected to be a major driving force in the global payment cards market. As compared to conventional magnetic stripe cards, contactless payment cards offer improved security, ensure faster transaction, and eliminate the need for user authentication measures such as signatures. Reduction in the cost of development of contactless technology-based cards is expected to drive up the market for contactless debit cards and RFID smart cards. However, the absence of a large user base for such cards prevents merchants/businesses/retailers from adapting their POS systems to the technology.

Payment Cards: A Global Outlook

Types of payment cards in use across the world include credit cards, debit cards, charge cards, commercial cards, and cash/prepaid cards. Credit cards have emerged as the world's most popular form of borrowing. With Internet emerging as a major medium for purchase of goods and services, debit and credit cards are being widely utilized. Credit cards is a relatively mature market and presently faces testing times with consumers shifting towards debit cards. However, credit card usage in countries such as the United States, UK and France is anticipated to grow. Another form of payment card that is gaining popularity among consumers is the 'top up' card or prepaid card, which is targeted chiefly at consumers without bank accounts.

Debit card transactions across the world are growing rapidly, driven by consumer shift from credit cards to debit and prepaid cards. This shift is mainly attributed to the fact that debit card transactions do not result in any debt accumulation, making it extremely attractive among consumers wanting to keep a check on their expenses. Government agencies are also using debit cards to make payments for medical and health insurance reimbursements. Debit cards offer attractive prospects for financial institutions, which are evolving new strategies to ensure their higher uptake among consumers. Reward programs and cash-back offers are some of the programs offered by issuers to lure prospective customers into using their cards.

Smart cards are being promoted as the future of secure payment transactions. Incorporating a microprocessor chip, smart cards are considered ideal for user identification and authentication. Smart cards find use in ID programs, network security, and transportation sectors. With growing number of consumers holding smart cards, local merchants are expected to upgrade their point-of-sale terminals for acceptance of these cards. This would subsequently promote conversion of magnetic stripe-based credit and debit cards to chip-based smart technology.

Card fraud is a major concern facing the payment cards industry. Card fraud, identity theft, and card skimming are some of the challenges faced by this industry. However, the development of advanced technologies such as RFID, and biometric authentication are expected to facilitate card issuers to effectively deal with card fraud.

The report titled "Payment Cards: A Global Outlook", published by Global Industry Analysts Inc, provides statistical anecdotes, market briefs, and concise summaries of research findings. The report provides a recapitulation of recent mergers, acquisitions, and other noteworthy strategic corporate developments. The report also offers a prelude to major regional markets, providing the reader with a macro level understanding of markets. Major markets discussed include United States, Canada, Japan, Europe, Austria, Belgium, Germany, Hungary, Italy, Switzerland, UK, China, Hong Kong, Malaysia, South Korea, Argentina, Brazil, and Mexico, among others. The report also includes an indexed, easy-to-refer, fact-finder directory listing the addresses, and contact details of 248 companies worldwide.

For more details about this research report, please visit
http://www.strategyr.com/Payment_Cards_Industry_Market_Report.asp

India - Debit,Credit a Hit/Scores Big - RBI

Mumbai: With a larger number of banks issuing plastic, and merchant acquisition business also scoring well with the advent of retail, it is no surprise that card transactions, both debit and credit, were up by more than 42 per cent to Rs70,459 crore during 2007-08, according to the latest data from the Reserve Bank of India (RBI).

The RBI's latest numbers testify that growth in plastic money was much higher than the 24.51 per cent recorded in 2006-07. This is in part on account of the greater adoption of banking technology by the public, and because of banks encouraging the use of cards on account of the lower per-transaction cost.

Besides convenience of not carrying cash, the ramping up of ATM networks for both cash and non-cash transactions, and the proliferation of merchant acquisition points across the country by both new organised retail and traditional retail merchants, card transactions have garnered wider acceptance. Additionally, banks have provided incentives such as cash-back schemes and discounts at certain retailers to popularise the use of plastic money.

The use of debit cards, for banks, also ensures that more cash stays in customer's accounts. Also, the card ensures fewer visits to the branch, as most account functions such as cash deposit / withdrawal, cheque deposit, ordering chequebooks and statements, and even funds transfers can be done via the ATM. Also, it is more cost effective for a bank to let a customer use the card, rather than service him at a branch.

RBI's data indicates that the number of cards issued increased by 46.7 per cent to 88.31 million as of March 2008, compared with 60.17 million at the end of financial year 2006-07.

During 2007-08, the total credit card outstanding rose 43.6 per cent to Rs 5,843 crore. Till May 23 this year, the outstanding shot up by 87 per cent to Rs 12,375 crore. In 2006-07, the value of credit card transactions went up by 22.06 per cent.

Another driver for the adoption of plastic money is the growth of e-commerce and transactions via the Internet. Travel services such as airline and railway tickets are the primary drivers in this segment, and an increase number of people use cards as a payment mechanism for utility services.

Bankers expect debit card usage to surpass credit card usage mainly on account of convenience, which is a primary driver for the adoption of plastic money. Moreover, unlike credit cards, debit cards do not involve any borrowings / loan from the bank, and typically do not need a credit review before they are issued, making them ideally suited to a larger population of the banked public.

Credit, Debit Card Fraud and Skimming Cases Rise

Pictured below is an ATM Machine with a camera placed on what initally appears to be an innocent brochure holder, but in reality, captures PIN numbers of consumers withdrawing cash at the ATM. What isn't shown, is the skimming device, which captures the information off the magnetic stripe and wirelessly sends it to the perpetrators ususally parked in a car with a laptop about a block away. Here's a story from the Ventura County Star reporting on the recent surge in credit and debit card fraud cases around the country.

Some local police are reporting an increase in credit and debit card fraud cases this year, with thieves using high-tech tools to steal confidential financial data from unwary customers at stores, restaurants and gasoline stations.

The number of cases has "really exploded in the last month and a half," said Jim Graham, a detective with the Thousand Oaks Police Department. "There's been a big jump in this from Bakersfield all the way down the coast of Southern California," he said.

Many of the thefts are reported to banks but not police, so exact counts of victims and dollar losses are hard to come by, he said. Authorities estimate worldwide losses to be in the billions of dollars annually.

Thieves have an array of devices to pilfer credit and debit card numbers, including "sniffer" software programs that capture PINs and other sensitive information.

One of the more popular devices being used in Ventura County is a "skimmer," Graham said. The gadget captures information on a card's magnetic strip, which then is cloned to withdraw money out of a person's account at an ATM or to buy merchandise.

Skimming machines were once bigger, but thieves are now making "some the size of a matchbox," Graham said. That makes it easier for thieves to place them on pumps at gasoline stations or at store terminals where shoppers swipe their cards.

Police say thieves return a week or so later to retrieve the skimmers and extract the data inside.
"If you figure they're getting $300 to $400 for every card, it's not hard to see how profitable it can be," Graham said.

It's also a hard-to-solve crime, said Rick Kline, an Oxnard police detective who investigates fraud. "We're solving maybe five out of 100," said Kline. (Editor's Note: Are they actually recruiting people to get into the game?)

While many stores, ATMs and gas stations have video surveillance cameras, "the quality of the videos is often very poor," Kline said. Also, thieves "generally wear a hat" or other disguise, "making it very hard to identify them," he said.

"Most of these crimes are solved when the victim has an idea of who's behind it," Kline said. Susan Nettles of Ojai has yet to find out who stole her debit card information and then used it three times at ATMs in Huntington Beach to withdraw almost $600 from her account, although she thinks she knows where her card was compromised.

"I think it happened at the Cost Plus store in Oxnard," Nettles said. Cost Plus announced in July that the electronic PIN pads at eight of its Southern California stores, including the one in Oxnard, might have been tampered with between February and April. Since then, Cost Plus has made numerous changes to improve security, including replacing some of the PIN pad machines, said spokesman Dan Gagnier.

"The newer machines are a lot harder to tamper with," Gagnier said. The company "wants its customers to feel comfortable using their cards at our stores." Cost Plus also is working closely with credit card companies, banks and law enforcement agencies "to ensure that any of its customers affected by this incident are identified." Nettles filed a police report, something authorities say many victims fail to do. She said she now is leery of using her debit card. "Now I try to use cash when I can," she said.

Thieves aren't the only ones availing themselves of high-tech tools. Credit card companies and banks are increasingly relying on sophisticated software to monitor customer spending habits. The software flags out-of-the-ordinary purchases or payments and alerts authorities. Robert Meyers, a Ventura County supervising deputy district attorney who investigates fraud, said such software has "generated many more cases" for prosecutors. But investigators said victims also should report the crimes to police. For starters, it would give investigators a better idea of the scope of the problem, Graham said. "We're able to see if there are patterns," he said, including whether a sizable number of victims might have purchased things at particular stores or places.

Friday, August 29, 2008

eCommerce Technology Spending to Rise

Internet Retailer conducted a study via email participation of 92 "web only" merchants and other's participated and here are the findings:

Though 72 percent of internet retailers plan to purchase e-commerce applications or services this year, they'll be spending less than they expected to spend last year, according to Internet Retailer's latest survey on e-commerce technology spending intentions (via Retailer Daily).

A whopping 73.6 percent of respondents say they plan to increase those budgets 15 percent or less, compared with 49.4 percent of respondents last year who said so; moreover, about half (47.2 percent) say plan to increase those budgets 10 percent or less, the survey found. Below, additional findings from Internet Retailer's survey.

The top spending priorities of online merchants:

Replacing outdated e-commerce platform: 28 percent
Miscellaneous apps: 20.5 percent
Content management system: 11.9 percent
Web analytics: 11.8 percent
Order management system: 8.2 percent
Site search software: 6.8 percent.
Among the top new website features or applications to be implemented:
Customer reviews and ratings: 35.5 percent
Inventory availability tools: 34.2 percent
Blogs, forums or videos: 32.9 percent
Streamlined navigation using Web 2.0: 26.3 percent
Mouse-over tools: 25 percent

Most online merchants, however, intend to keep their current platforms and applications:

67.1 percent intend to keep their rich media applications.
61.7 percent don't intend to replace their web analytics software.
55.2 percent will continue to used their present content management system.
55.2 percent don't plan to buy site search software or service.
52.6 percent will stick with their current order-management system.
46 percent plan to keep their in-house or third-party platform.

Other highlights from the survey:

At two-thirds (67.1 percent) of e-retail companies, the official with the final word on tech purchases is the CEO; next are the CIO (9.2 percent) and CMO (6.6 percent).

The annual e-commerce tech budget is $50,000 or less at 51.4 percent of online retailers; that budget at 27 percent of retailers ranges from $50,001 to $200,000; 9.5 percent have budgets of $200,001 to $999,999; 5.4 percent have $1 million to $2.5 million; and 6.7 percent have budgets of more than $2.5 million.

51.3 percent of the surveyed retailers don't plan to hire a consultant or other third-party help for a major technology upgrade in 2008.

73.7 percent run their own internal fulfillment program. Among the remainder that do outsource fulfillment, 65 percent plan to keep their third-party provider.

About the study: The survey was emailed in early June to subscribers of IRNewsLink, Internet Retailer's e-newsletter; responses were collected and analyzed by Vovici Corp.; 92 web-only merchants, chain retailers, catalog companies and consumer brand manufacturers took part in the survey.

Related: Investment in the web by big retailers will increase even more as top executives at the largest retail chains become more aware of the power of the web in driving multi-channel sales, says Kasey Lobaugh, direct-to-consumer practice leader at consultants Deloitte LLP.

Many retailers today, he says, don’t realize that store sales preceded by visits to retail web sites account for about 20% of sales and online-only sales for another 7%, accounting for 27% of total sales in one way or another driven by the web.

“Today, most retailers only see it as a 93%-7% split, where the 93% of sales are in stores and 7% online; they don’t realize that 20% of store sales are influenced by the web,” Lobaugh says.

But that mindset is changing fast among senior retail executives, he adds, especially as the percentage of total sales driven directly or indirectly by the web grows to about 50% over the next few years. “CEOs will soon recognize that what they thought was 7% of sales driven by the web is actually about 50%, so there is going to be a big shift in investing in a web-focused multi-channel retailing environment,” Lobaugh says.

Get a Phone Message After Every Transaction?

Times...they are'a changing. In the past, telemarketers would call and try to get us to "buy" something. Now there's a group who wants to call you AFTER you "buy" something. Actually they plan to send an SMS to cellular phones or PDA's everytime a credit/debit/ATM card is registered with them and subsequently used for a transaction. They are essentially pitching what they have to offer as a Value Added Service Provider, (VASP) Rather than selling "ring tones", they are, instead, trying to "cell" notifications of credit/debit/ATM card use. Initially it sounds like it has a ring to it, but I don't know what to think of this idea quite yet.

What I do know is that the iPhone's OS has a security hole which can expose private information. (The flaw being a simple two-step trick which can be accessed directly from the iPhone's password protected interface, gives full access to a user's contact list, e-mail and text messages, including access to all SMS's.) see: Huge Security Flaw Puts All Private Information At Risk - Gizmodo

The other question I would pose, in order to determine the viability of the idea would be how much each SMS would cost the end-user. If it costs, for example 50 cents for each transaction notification, a $25 transaction would have effectively, a 2% discount rate. Here's a tip...for that money, banks could offer a "Transaction Insurance Protection Plan" (see, I told you I'd give them a TIPP...) Here's there press release:

MIAMI, Aug. 28 FL-CNSC-Debit Security Aug. 28 /PRNewswire

Ivan Ochoa and Daniel Davila, executive members of the newly-created company C.N.S.C. (Charge Notification Services Corp.) are launching their proprietary and patented credit, debit card and ATM transaction security service in the United States.

The premise of the C.N.S.C. service is to put the cardholders in control of their own identity security by instantly advising them via SMS (Short Message Service) to their cellular telephones or PDAs each time a charge or withdrawal from a C.N.S.C. covered card is made.

With the proliferation of cellular phones, this service is expected to reduce credit and debit card fraud significantly for individuals or companies who choose the coverage. Credit card fraud in the United States has increased in terms of total losses and is expected to continue growing, according to studies conducted byThe Nilson Report.

A Cybersource report indicates the same escalating trend ine-commerce transactions, surpassing the two billion dollar mark for 2007. Those affected by fraudulent activity include the card user, who may spend months trying to clear up an unauthorized transaction; the financial institution issuing the credit or debit card, as each time a fraudulent transaction is detected several time-consuming steps must be taken by staff, making it an expensive proposition for banks and issuers; and ultimately by the merchant accepting the fraudulent charge, as in most cases, the charge-backs are a direct loss to them. "The result of this is that society at large loses, even those who do not use credit or debit cards, since it makes every product and service more expensive. It is a zero sum game in which those who operate within the law lose out," stated C.N.S.C., E.V.P. and Chief Operations Officer Daniel Davila.

Referring to the most recent large-scale credit card fraud cases, C.N.S.C.Chief Executive Officer Ivan Ochoa comments: "We know that merchants have been slow to advise cardholders of fraudulent activity and that despite the existing firewalls and algorithms developed to detect abnormal usage patterns,the technology exists that allows criminals to access card numbers, as well as social security and drivers license information. Fraud has become everyone's problem, and consequently, everyone's responsibility. We are confident that with a minimal investment on the part of card issuers and the cooperation of cardholders, we can overcome this pernicious social and economic predicament affecting us all."

Messrs. Ochoa and Davila have a combined five decades of experience in the financial services industry. Mr. Davila's background includes 16 years at American Express where he was a Senior Director within the Global Network Services (GNS/Franchise) division and more recently, two years as Vice President and Chief Risk Officer of the credit card division at Russian Standard Bank (RSB) in Moscow. While at RSB, Mr. Davila launched a similar SMS credit card fraud protection service with great success, resulting in an overall significant reduction of fraudulent transactions. Mr. Ochoa's 25 years in the financial services industry include executive positions within American Express and MasterCard International, where he was Chief of Staff for Latin American countries. His areas of expertise include managing operationsfor multi-markets, re-engineering, quality control and technology. Mr. Ochoahas lead major innovative developments in products and systems.

SOURCE Charge Notification Services Corp.

Thursday, August 28, 2008

More on Hacker's 11

There's been a lot of press relating to the 40 million card breach and the subsequent arrest of the Hacker's 11. In fact, I've done several posts on it myself.

It was all done by something called "wardriving," (see WarDriving 101) which involves driving through areas with a laptop searching for accessible wireless Internet signals, and then tapping into those systems to install "sniffer programs" that capture credit and debit card numbers as they move through a retailer's processing networks.

Perhaps the worst part of this is that nothing can be done to prevent it from happening again. Members of the international stolen credit and debit card ring, which included some U.S. citizens, were locked up -- but you can't lock up a technique. As long as there's WEP, there's theft.

As I mentioned yesterday, the financial community is heavily regulated (see yesterday's post "PCI, PCIDSS 101) to protect consumers' data, which is encrypted by law and industry agreement. No one "purposefully" shortcuts that process. But the crooks found a way to insert a data sniffer into the system so that by the time cards were swiped and the information was released from the point-of-sale device, the information already had been snagged.

The industry will devise a solution. But in what amounts to a digital arms race, criminals will figure out a way around it. The Center for Democracy and Technology advises consumers that, as more and more of their lives are processed online, they must take more responsibility as they are handing over personal and financial information.

Editor's Note: I personally, think the solution lies in "NOT handing it over at all" but instead, using HomeATM's Personal PIN Pad for online purchases. The fact is: Anytime you type in your credit/debit card number a consumer is ripe for hacking. Myriad methods to do it, and more and more on the way every day. Maybe we can get the environmentalists to go after the keyloggers or at least have the owls spot them... Seriously, though, entering your credit card information via a keyboard on a PC is asking for trouble. This is why I have spent a lot of time trying to make the case for a personal PIN Entry Device. (See Reverse Matriculation, Bring the Device Home)

HomeATM is working vigilantly on creating and putting forth a program that will get their Personal PIN Entry Device into the hands of as many consumers as possible. We believe it won't be long before that happens and millions of consumers have one. However, in the meantime, if you absolutely feel the need to purchase something online, keep these two rules of thumb at the forefront of your awareness:

1. When typing in a credit card number, make sure the web page is secured (more secured), as indicated in the URL as https -- the "s" standing for "secure."

2. Do not enter your financial or personal information while using a wireless network. Someone could be sitting outside of Starbucks with a program that is sniffing the information typed into your keyboard and stealing that (and your buck$) right out of thin air.

Those crooks thank their lucky stars that your bucks don't stop there... thank yours that it won't be long before you can be the proud owner of your own personal HomeATM!

75% of "Online" American's Use eBilling Services

CheckFree released the results of an annual Consumer Banking and Bill Payment Survey that they sponsor and according to their release, "more Americans than ever, an estimated 63.1 million households or three-fourth's of those online, are paying their bills online rather than writing paper checks.

The Consumer Banking and Bill Payment survey has been conducted annually since 2002 by CheckFree Consumer Insights, a consumer research and data analytics unit of Fiserv focused on tracking the latest online banking, billing and payment trends. What follows is additional information – including charts, survey findings and a complimentary prerecorded webinar – about the 2008 Consumer Banking and Bill Payment Survey.

Additional Survey Findings

Among younger respondents under age 45, 57 percent considered the environment as an important reason why they use online billing and payment, compared to 44 percent among those in the 45-and-older age group.

Fifty-five percent of those living in the Western United States cited environmental concerns as a key motivation for online bill payment adoption versus 49 percent for other regions.

Major credit cards (48 percent) were the most frequently cited e-bills received and paid at online banking sites, followed by cable or satellite television (42 percent), cellular phone (41 percent), electricity (38 percent) and local telephone (34 percent).

Fifty-four percent of respondents who were aware their online banking site offers e-bills said they receive at least one e-bill, while 46 percent do not. The most appealing features of e-bills were due-date reminders, convenience and assurance that bills are never paid late.

E-bill recipients were 45 percent more likely to report being extremely satisfied with their bank or credit union than non-e-bill users. Fully half of e-bill recipients said their experiences with e-bill had made them less likely to switch financial institutions in the future. E-bills are electronic representations of paper bills that are securely delivered directly to a business or financial institution Web site. With e-Bills, consumers can review balances, transactions and all other details available in paper bills, and schedule payments with just a few clicks of the mouse.

Overall, 67.9 million households, or 80 percent of the estimated 85.1 million U.S. online households, use online banking services, up from 63.4 million in the 2007 survey. [See Chart: Consumers’ Online Banking Usage Mirrors Internet and Broadband Trends.]

Those living in Western (83 percent penetration) and Southern (81 percent penetration) states were more likely to adopt online banking than those in the Northeast (78 percent) and Midwest (78 percent).

Respondents identified 24/7 access to account balances, time savings and better organization of their finances as the most important benefits of conducting banking activities online.

Watch Recorded Webinar

In this complimentary webinar, "Consumer Billing and Payment Trends," senior researchers from CheckFree Consumer Insights discuss compelling findings from this year's Consumer Banking and Bill Pay Survey and David Baron, vice president of Financial Research Services for Harris Interactive, provides insights into what made the survey successful.

>> Watch Webinar

Wednesday, August 27, 2008

PCI, PCI DSS 101

Here's a comprehensive article explaining the Payment Card Industry Security Standards Council requirements pertaining to protecting card holder data. The article, written by Jeff Kress from NewsFactor.com does a good job putting, what many tend to consider to be a confusing subject, PCI, into a better perspective.

"Any firm that stores, processes or transmits credit card data should comply with security standards or risk great losses. Whether we buy goods online or in a store, credit card purchases are a way of life. Some may worry about transactions over the Internet, but they generally assume credit card data and related personal information with merchants are secure. But are they?

According to analysts, financial fraud surpassed all forms of computer losses in 2007. The most noted credit card loss was with TJX (parent company of HomeSense and Winners) in 2006. The security breach resulted in the loss of 45 million credit- and debit-card numbers. The TJX losses reportedly will exceed US$1 billion. The breach was due to inadequate security controls. In addition, TJX may have also lost customers' personal information such as drivers' license numbers. The problem is that TJX is not alone: many merchants have inadequate controls to protect credit card information.

To address financial fraud, major credit card companies created an organization, the Payment Card Industry Standards Council (PCI). Its goal was to set standards to enhance the security of credit card payment data. The result is the Payment Card Industry Data Security Standard. (PCIDSS)

Merchants that store, process or transmit cardholder data must comply with the PCI standard. Reports indicate that larger-merchant compliance is improving. On January 22, 2008, Visa reported that as of the end of 2007, 77 percent of large merchants and 62 percent of medium-sized merchants were PCI compliant. These are big improvements compared with the previous year, when less than 20 percent of large and medium- sized merchants were deemed compliant. These two categories represent approximately two-thirds of Visa's transaction volume. However, smaller merchants and government agencies are slower in adhering to PCI requirements.

PCI requires merchants to verify compliance with the data security standard. A merchant's credit card transaction volume determines what compliance validation steps are followed. Larger merchants are required to have annual on-site audits and network scans performed quarterly by certified assessors. Smaller merchants may only be required to do self-assessments. The merchant levels differ between the credit card companies so one should refer to the merchant agreement for specific requirements. Although compliance validation requirements differ, all merchants that store, process or transmit cardholder data, regardless of size, are required to comply with all aspects of the PCI standard. Failure to do so may result in a merchant being fined and/or terminated from the processing services.

Not complying with PCI requirements can be costly. If a merchant's systems are breached, the merchant is responsible for all costs associated with inappropriately used credit cards. The merchant is also required to pay all costs associated with informing consumers, canceling outstanding credit cards, issuing new credit cards and forensic audit costs. Analysts have set the costs of credit card breaches at between $100 and $300 per credit card record. A breach can result in a loss of merchant reputation, lost customers or customer lawsuits. Credit card companies can also issue fines for noncompliance even if no breach is detected. To prevent such costs, merchants need to comply with the PCI standard.

PCI Standard's Objectives

Build and maintain a secure network. Most merchants think their credit card systems are secure. But in the context of PCI, what is a credit card system? The PCI standard considers any network, server or application connected to the systems that store, process or transmit to be the credit card systems. PCI compliance on such a large scale can be difficult to achieve. The solution is to set up the credit card systems so they are isolated from other merchant systems.

The PCI standard identifies two primary requirements for building and maintaining a secure network. The first is to install and maintain a firewall configuration to protect cardholder data. Firewalls must protect all credit card systems from external access. In addition, the PCI standard identifies the need to change vendor-supplied defaults for system passwords. Systems that have not changed default settings and vendor-installed passwords are common compliance violations.

Protect cardholder data: Keep cardholder data stored to a minimum. Stored credit card information needs to be protected using strong encryption standards. A common violation occurs when merchants store the magnetic stripe data from a credit card. The data contains all the information a criminal needs. Such information should never be stored. PCI information suggests that most merchants are unaware that their systems were storing the complete magnetic stripe data.

Maintain a vulnerability management program: It is important to protect systems against such threats as a computer virus. Also, follow appropriate processes for making changes to systems. Merchants that collect credit card information from e-commerce Web sites need strong security processes to develop and monitor the Web sites. Weaknesses include missing and outdated security patches. Also, Web applications often have weaknesses that are accessible by anyone on the Internet.

Implement strong access control measures: Limit access to cardholder information on a need-to-know basis. Bad practices such as group sharing of user accounts, not changing passwords regularly or not having minimum password standards are not acceptable. Other weaknesses include inadequate access controls due to improperly installed merchant point-of-sale equipment. While credit cards are typically stored on systems, the PCI standard requires strong physical controls in merchant facilities.

Regularly monitor and test networks: Merchants need to track and monitor all access to network resources and cardholder data. This requires logging and monitoring systems on a timely basis. All credit card systems need to be regularly tested. The requirements in the PCI standard are explicit and detailed. For example, perform vulnerability assessments at least quarterly or after any significant change to the network. Test credit card systems annually. This includes annual penetration testing on both the network and application layer. The standard also requires effective intrusion detection systems to alert staff to possible security breaches. A lack of effective monitoring is a weakness. Merchants often find it difficult to meet the PCI standard requirements for monitoring and testing its network. Segmenting the network to isolate the credit card systems will reduce the time and costs associated with meeting these requirements.

Maintain an information security policy: Merchants need a strong security policy that sets the tone for the whole company. Staff awareness processes need to ensure employees are aware of their responsibilities. Many security breaches are caused by staff who are unaware of their role in keeping the company's data secure.

So what happens if a merchant can't meet a specific PCI requirement? The standard allows merchants to implement compensating controls. Merchants need to show that the compensating control effectively mitigates the risk addressed by the PCI standard.

The PCI Data security Standard sets security and monitoring requirements that far exceed some merchants' existing capabilities. Smaller merchants would like to have the standard reduced to reflect their size. However, for now, merchants that store, process or transmit cardholder data must comply with the standard.

There are many articles on PCI and the Data security Standard. However, the best source for guidance and materials is the Payment Card Industry Security Standards Council Web site at: https://www.pcisecuritystandards.org/index.htm. Merchants should also refer to their respective merchant agreements for guidance.

A common misconception is that smaller vendors are not required to be PCI compliant. Some think not being compliant is OK as long as they continue to make progress. That's what credit card firms reportedly told TJX before it was breached. That did not prevent TJX from facing losses that could reach billions of dollars. So make sure you and your clients take steps to protect credit card data before harm occurs to your firm or clients' reputation, before customers are lost and before fines and litigation start."

Related Story: How to Ensure Safe Online Shopping - NewsFactor.com

Several Million for $150...Hop Aboard the PCI Express!

There's PCI, and then there's just plain ole' PC. What are several million records doing on a laptop in the first place? And why would the National Bank of Scotland employ a "third party" archiving company that sells it's used laptops containing personal data on eBay? I found a good article on PCI and I'll post it next, but first this amazing faux pas...

When Andrew Chapman bought a PC on eBay for about $150, he didn't expect the added bonus -- the personal records of millions of customers of a major international bank.

Chapman says he found "several million" personal records on the PC. The records, which belonged to the National Bank of Scotland, its NatWest subsidiary, and American Express, had been stored on the machine by a third-party archiving company, according to news reports about the eBay purchase of the National Bank of Scotland data.

The data includes account details, and in some cases, customers' signatures, mobile phone numbers, and mothers' maiden names, Chapman says. Chapman said anyone with a basic knowledge of computer software would have been able to find the data fairly simply. "The information was in back-up CDs and in ISO files, so it would have been possibly quite easy to find if you know something about computers," he said.

A spokeswoman for data processing company Mail Source, which is part of the archiving firm Graphic Data, said it was investigating how the computer equipment had been removed from a secure location. "The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed," she said. Spokespeople for Graphic Data, the banks, American Express, eBay, and U.K. law enforcement agencies all expressed concern about the incident and said they would begin an investigation as soon as Chapman gives the computer back to Graphic Data.

30% of Canadian Back to School Shoppers To Do It Online

In what looks to be an unabashed plug of Verified by Visa, the payments industry behemoth recently polled online shopping plans of Canadiens and found the following:

TORONTO, ONTARIO, Aug 27, 2008 (MARKET WIRE via COMTEX)

Almost one-third of Canadians in need of books, computers and back-to-school supplies will avoid the hustle and bustle of traditional shops in favour of the World Wide Web this year.

According to an August 2008 survey commissioned by Visa Canada(i), 13 percent of Canadians are planning to shop online between now and Labour Day and, of those, 40 percent plan to spend more online than in the same period last year.

With the average estimated online spend before Labour Day totalling $881, survey respondents said they were turning to the Internet because of its convenience (41 percent), better prices (41 percent) and superior selection than brick-and-mortar retailers (31 percent).

While restocking backpacks and lockers is one reason to turn to the computer, Canadians shopping online also planned to purchase travel (45 percent), computers or electronics (41 percent) as well as fall and winter clothing (32 percent).

"It's interesting to see the variety of goods Canadians plan to buy online," said Zack Fuerstenberg, Director, New Channels, Visa Canada. "Last year when we conducted similar research, half of respondents were only planning to purchase books."

Fuerstenberg continued by pointing out that the categories of merchandise most attractive to online shoppers are mirrored by the types of merchants that participate in the Verified by Visa(R) program. "Air Canada, Dell, Best Buy, Future Shop, West Jet, Via Rail, Telus and Aldo are all participating in the program along with 2,000 other participating Canadian merchants."

The Verified by Visa service, which is supported by Visa-issuing financial institutions and participating merchants, works through the use of a personal password and helps ensure that purchases made online with a Visa(R) card are made by the actual cardholder. Free for consumers, the Verified by Visa program has been adopted by more than 200,000 merchants and 378 million Visa cardholders around the world. Canadian Visa cardholders can sign up for this program at their Visa card issuer's website, through visa.ca or when shopping at participating merchant websites.

The Verified by Visa service is just one of Visa's multiple layers of security in the eCommerce channel. Another layer that helps protect online merchants and cardholders shopping via the Web is the "three-digit code," or CVV2, which is the number printed on the signature panel on the back of a Visa card. It helps to prove to the merchant that the cardholder has the card in his or her possession when ordering online or over the phone. AVS, or the Address Verification Service, helps ensure that the person making a purchase with a Visa card is the same person who receives the Visa card's monthly statement. Merchants begin the process by matching the address provided by the cardholder during check-out to the billing address the Visa card issuer has on file.

(i)For the Visa Back-to-School Shopping Survey, a total of 1005 respondents were interviewed during the period between August 6th - 10th, 2008. The margin of error is +/-3.09% at 95%.

Tuesday, August 26, 2008

Keeping up with the Jones' (& the Discover vs. MasterCard/Visa Lawsuit)

Finds No Conspiracy Between Visa and MasterCard

Purchase, NY. - MasterCard Worldwide said it is pleased that Judge Barbara S. Jones narrowed the scope of Discover’s antitrust case against MasterCard by granting certain aspects of MasterCard’s summary judgment motion.

In particular, Jones found that despite Discover’s assertions, there is no evidence of a conspiracy between MasterCard and Visa. She also dismissed Discover’s debit-related claims against MasterCard.

In dismissing Discover’s claims of an inter-association conspiracy between MasterCard and Visa, the court’s decision recognizes the intense competition between MasterCard and Visa, which benefits consumers in the form of innovative products and programs.

Further, Judge Jones limited the scope of the trial by dismissing Discover’s debit-related claims against MasterCard. In granting MasterCard’s motion, the Court recognized that Discover failed to establish that MasterCard’s Competitive Programs Policy (CPP) somehow excluded Discover from offering debit cards. This is not surprising since, the CPP only applied to credit and charge cards, not debit cards.

MasterCard said it is disappointed that the Court granted aspects of Discover’s summary judgment motion seeking to apply collateral estoppel in its claims against MasterCard, but pleased it rejected Discover’s attempt to obtain broader findings. Collateral estoppel is the application of certain findings in one lawsuit to a subsequent one.

However, in no way does Judge Jones’ ruling change the fact that Discover will have to establish that MasterCard and Visa, rather than its own business decisions, caused the damages it alleges. The jury will be able to fully evaluate all evidence concerning Discover’s damages claims, and MasterCard looks forward to demonstrating the weaknesses of those claims in court.

For example, public results of Discover’s business performance after the CPP was withdrawn show that Discover has not seen any increase in its overall percentage of the credit card volume share from third-party issuance. This real world evidence highlights the weakness of Discover’s claim that the CPP damaged Discover by preventing Discover from entering into third-party issuing relationships. Indeed, the most recent results show that Discover’s overall credit card volume share—including both Discover-issued and bank-issued Discover cards—actually declined from 5.46% in 2006 to 5.33% in 2007.

A further demonstration of the weakness of Discover’s damages claim is the testimony of Discover’s own executives, who had testified before and during the DOJ case that the repeal of the CPP would hurt their company, and create a situation where Discover would not be able to build volume by attracting third-party issuers.

Visa responded to Judge Jones ruling as well with the following release:

"Visa is pleased that the court resolved several disputes in this case at this stage. Among other things, the court:

Dismissed Discover's claims of debit monopolization against Visa; and
Rejected Discover's allegations of an inter-association antitrust conspiracy between Visa and MasterCard.

"As a consequence of these summary judgment rulings, Discover cannot challenge the legality of the agreements Visa has signed with its debit issuance partners. As such, it is unlikely the Discover litigation will have a significant impact on Visa's ongoing business operations.

"In addition, the court granted collateral estoppel on a limited number of issues that were determined in an earlier, related lawsuit. This ruling, however, does not establish all the elements of Discover's claims. Discover must still prove the remaining elements of its case and any damages at the upcoming jury trial.

"Visa believes it will be clear to a jury that it is Discover's own business model and decisions - not the actions of competitors - that have limited its options in the marketplace. Discover has been free to engage in bank issuing partnerships since 2004, but has yet to demonstrate that it can do so in a meaningful way.

"Although we expect Discover will be unable to prove the level of damages that it seeks in this case, Visa remains committed to resolving legal challenges in a manner that allows us to remain focused on our business activities. To that end, as part of the Visa Inc. restructuring process, the company developed a retrospective responsibility plan that addresses potential liability in certain U.S. litigation ("covered litigation"), including the Discover case. Additional information regarding the company's retrospective responsibility plan is available in the company's Final Prospectus, dated March 18, 2008, at http://www.sec.gov/."