Obopay Launches Widgets

If you'd like to try it, go ahead...make my day!
I'll let you know how it works out...

By the way, Chip In did this a while ago...

Just type in the amount ($300 limit, but you can do it more than once or in each widget...lol), click send, and you done.

If you're not sure which one to use, try both and I'll let you know which one I liked better...

JBF

Cred-Ex's New Alt-Pay

New Alternative Payment Solution Cred-Ex Soon to be Available in the US

Secaucus, New Jersey (PRWEB) January 13, 2009 -- Cred-Ex (www.Cred-Ex.com) prepares to launch its new alternative payment solution. Cred-Ex helps combat identity theft through its patented process.

Cred-Ex will grant instantaneous credit to consumers online on its website or at its participating merchants' shopping cart screens. Merchants will feature the Cred-Ex icon next to Visa, MasterCard, American Express and Discover. Security-conscious consumers that don't want to use their credit cards online will be able to make online purchases with Cred-Ex. Online research firm comScore, Inc. reported that online shopping is increasing at approximately 15% per year, as more and more consumers shop on the Internet. Further, according to Rosetta, retail adoption of Alternative Payments Soared 23 Percent in 2008.

While composed of complex algorithms, Cred-Ex's patented process is easy for merchants and consumers to use. Unlike its competitors, Cred-Ex's platform does not require consumers to input harmful personal data such as their credit card, bank account or Social Security numbers. As a result, Cred-Ex does not store consumers' sensitive data on its servers. This will protect the consumer's identity. Cred-Ex typically approves a new application in 5 to 10 seconds.

Cred-Ex's patent also applies to its new m-Commerce solution. Consumers who have a Cred-Ex account will be able to use their cell phones to make purchases at the point-of-sale at participating merchants' brick and mortar locations. The Company expects their m-Commerce solution to increase consumer loyalty and combat consumers' rotating their credit cards. m-Commerce is already prevalent in Europe and Asia and is just starting to take hold in the US. The Company has satisfactorily concluded testing its m-commerce solution.

Coleen Barbiere, Chief Operating Officer, says, "Merchants welcome new ways to increase webstore sales and profits by increasing conversion ratios. And our Cred-Ex payment option, coupled with our new m-Commerce solution, will revolutionize alternative payment solutions in the US."

Merchants benefit from alternative payment solutions because they increase webstore profits. CyberSource recently reported that additional payment choices can increase merchants' sales conversion rates by up to 14%. Plus, Jupiter Research found that alternative payment solutions increase average order size by 13.3%. In today's challenging economy, alternative payment solutions can improve a much needed increase in the bottom line.

About Cred-Ex: Cred-Ex is the main brand of Emerging Payments Technologies, Inc. that has been a leader in alternative billing for over 10 years. Emerging Payments Technologies, Inc. began developing the Cred-Ex platform and brand in 2004 to lead the trend in online billing, e-Commerce, and now m-Commerce. Cred-Ex's owners have built several major companies in Europe that include Nocreditcard.com (www.nocreditcard.com), the European pioneer in alternative billing; Fluendo (www.fluendo.com) that specializes in delivering products and consulting services focusing on UNIX and GNU/Linux; Fluendo comes out ahead by combining best-of-breed systems from the Open Source world with a strong team of highly knowledgeable software engineers; and Aedgency (www.aedgency.com ), a leading interactive advertising agency, performance-based only, that specializes in Search Engine Marketing (SEM), and contextual advertising. Aedgency was responsible for generating over €200 million in online traffic arbitrage from network end users in 2008.

Contact:
Eric Gelb
Business Development
Cred-Ex
T: 201-865-7600 x 102

Source: Press Release

Swiping Device Takes Back Seat

Creative Mobile Technologies (CMT), the nation's largest comprehensive taxi technology services provider, has inked a deal with Boston Cab Dispatch, Boston's premier radio affiliation service with almost 500 member taxis comprising over 25% of the Boston taxi industry. The deal will bring Boston taxi passengers a quick and easy rear-seat, self-swipe credit card payment system as well as multi-channel, interactive media screens and additional technologies designed to enhance the passenger experience and drive new efficiencies into taxi service offerings. The technology will also bring Boston Cab members into compliance with the City of Boston's mandate, that by April 2009, all taxis must provide rear-seat credit card acceptance capability.

This is the second major American taxi company in less than three months to announce the implementation of CMT's state-of-the-art taxi technology. In October 2008, CMT struck a similar deal with Chicago's Yellow, Checker and Blue Diamond family of 2,600 taxicabs. CMT is currently operating in more than 5,500 New York City taxicabs.

These new service offerings are based on CMT's "FREEdom Solution," developed in New York City by leading technology professionals and recognized leaders of the taxi industry. CMT's signature Passenger Information Monitors (PIMs) feature credit card acceptance functionality enabling passengers to securely swipe their own credit card and complete wireless transactions in seconds. The CMT PIM, which features a uniquely tailored news and entertainment network as well as GPS-powered maps that passengers can control with state-of-the-art touch-screen technology, has revolutionized and redefined the modern rider's taxicab experience.

"CMT is very excited about bringing our award-winning product to the great City of Boston whose exceptional taxi system is exemplified by Boston Cab Dispatch and its forward-thinking CEO, Brett Barenholtz," said Ron Sherman, CEO of Creative Mobile Technologies.

Jason Poliner, CMT's Chief Operating Officer, said "Boston taxi passengers will now have the quickest, safest, and most reliable credit card payment process available while the Boston taxi industry will benefit from higher passenger volumes and larger tips. Our completely re-engineered, state-of-the-art touch screens feature entertaining media content and important local information that will provide a value-added service previously unavailable to Boston riders."

Boston Cab Dispatch is a well-respected innovator in the Boston taxi industry. The company has remained ahead of the curve, having implemented the first computerized dispatch system in Boston -- 12 years before any other taxi company. Boston Cab currently has the greenest taxi service in New England.

"While our mandate is simply to provide credit card access in the back seat, we have chosen to go a step further and embrace the latest technology available to the taxi industry," said Brett Barenholtz, CEO of Boston Cab Dispatch. "After an exhaustive and thorough research process, we are convinced that CMT's excellent record of safe, reliable credit card processing, coupled with its superior media screen product, provides a perfect match for Boston Cab which always strives to provide our members and customers with the best possible service."

Boston Cab Dispatch's drivers will also benefit from the implementation of CMT's advanced solution. The technology will vastly improve credit card transaction reliability, efficiency, and ease-of-use in both the driver and passenger components of the transaction process, and the seamless integration with Boston Cab Dispatch's existing host dispatch technology will increase the fleet's geographic coverage capabilities and eliminate the need for redundant in-vehicle data communications appliances.

About CMT:

Creative Mobile Technologies (CMT) began providing New York City taxicabs with credit and debit card processing, media and advertising content, text messaging, interactive passengers maps, GPS, and electronic trip sheets in 2007. In New York, CMT, which gained a reputation as the "by the industry, for the industry" taxi technology solution, partnered with Bank of America, World Line Communications, Feeney Wireless and Mobile Knowledge. CMT's media partner, Clear Channel Taxi Media developed the exclusive NY10 Taxi Entertainment Network with content by NBC Universal. CMT is now the nation's leading provider of total taxi technology solutions, operating in over 5,500 New York City taxicabs and soon to be in over 2,600 Chicago taxicabs. CMT's "FREEdom Solution" received one of VISA's highest honors for its commitment to credit card security and privacy protection. To learn more, visit www.cmtnyc.com .

About Boston Cab Dispatch, Inc.:

Boston Cab Dispatch has been the taxi industry leader in Boston for the last 50 years, relying on its four generations of experience. Boston Cab's premier radio association boasts almost 500 taxis as members. For over a decade, the company has featured computerized dispatching and continues its commitment to update, improve, and advance its dispatch system to meet the evolving needs of the industry.

Source: Company press release.

Related articles by Zemanta

• Techie Visa Card Features Buttons and Screen to Generate CCV Dynamically

PIN Debit and PCI Compliance

Howard Riell, in an article written for Convenience Store Decisions, writes about PCI compliance.  As you'll undoubtedly notice while reading the article, PIN entry devices, or PED's are an integral part of PCI certification. The long and the short of it is that all PED's must be certified by PCI-approved laboratories and encrypt PIN's with Triple DES.  I know how that's done with a hardware device...(we're in the midst of getting our personal swiping device tested and approved for PCI compliance) but I'm not quite sure how it would/could/should be done with a software application.  (See "Software Breach 92 Times More Likely Than Hardware")

Here's some snippets from from the CSN story, entitled: "The High Stakes Of Compliance:"

It was in September 2006 that the credit card companies formed the PCI Security Standards Council in the hopes of battling fraud. Today, all merchants who accept payment card transactions must comply with the PCI Data Security Standard or face sizable penalties.  Indeed, the passing grade for PCI is 100%, which means failing even one of the criteria will bring consequences...

Editor's Note:  So, it's obvious that these Triple DES mandates are an integral element of PCI compliance and in 5+ months TDES is required on "all debit transactions." Since Jan. 1, 2008, all newly manufactured debit card processing terminals must incorporate PIN entry devices that have been certified by PCI approved laboratories

• By January 2009, newly installed fuel pumps that accept debit cards must feature PCI-compliant encrypted PIN pads.  See "Triple DES for GAS" 
• Manufacturers have to begin installing key pads capable of implementing a new Triple Data Encryption Standard (TDES), which requires that data be encoded several times through an encrypted PIN pad.
• By July 1, 2009, TDES will be required for all debit transactions and by
• June 30, 2010, all fuel dispensers will need to be able to encrypt PINs according to the TDES.

The very next day, July 1st 2010, pumps that process debit transactions must be upgraded with encrypted PIN pads, and in-store POS terminals have to be certified as PCI-compliant.  The devices must also process all debit transactions using TDES.

One of my favorite lines from the article comes from Bruce Snyder, manager of IP retail systems for 395-store Kwik Trip based in La Crosse, Wis“ who instead, sounds like a spokesman for Gemalto.  (see: Gemalto Wants EMV in US)  Apparently he doesn't like the implementation costs (retailers will need to replace outdated hardware) and thinks that as long as they have to get new equipment anyway, then V/MC and the banks should spend billions to implement EMV and when they're done, he'll replace Kwik Trip 'sexisting equipment with Chip and PIN readers.  Problem is, it won't be Kwik...it'll be years, if they started today.  (don't hold your breath)


"We have this silly little mag stripe that is so vulnerable and penetrable and we are building an infrastructure around it to protect the information, and a lot of people are making good money on that,” Snyder said. “With the new rulings on EPPs, if I want to continue to do debit we have to replace all of our dispenser doors and PIN pads at a huge expense to us to remain compliant. What we have to do is put in an encrypted PIN pad at the dispenser if we want to continue to do debit there.” But the new door and PIN pad will cost $1,500 per dispenser. (Ouch!  Consumers can get our SwipePIN device for merely the cost of shipping and handling, which in the face of $1500...makes for a rather compelling value proposition)

“Start doing the math on that and now you have to make a decision: can we afford to do this? And what happens if we don’t?” Snyder said. “We need to change that method of presenting ourselves for a credit transaction and make it more secure so that we don’t have to build all of this stuff around it to try to protect a very flawed method...”

Read the complete story at Convenience Store Decisions

Related articles by Zemanta

• Chipping Away at Credit Card Fraud
• PIN Debit on the Web
• Gemalto Wants EMV in USA
• More on PCI and Tiers 1, 2 and 3
• Unembossed Around
• Signature Debit Wrestles Fraud, Get's PIN'd
• Gas Station Skimming Becoming More Popular
• Ouch! Card Swiping Devices Now Being Doctored During Manufacturing
• Chip and PIN Coming to Dubai
• UK Card Fraud 14 Times Higher Overseas
• Travel advice Don't pack these cards

Wanna Get Away? Get Banks OK in UK

If you "wanna get away" and you live in the UK, make sure your bank nose..otherwise you'll have "slim pickin's" when it comes to payment options...

Travelers have been told that they need to inform their banks about their travel destinations, when they go away, according to a recent report in the newspaper The Times.

This is in the aim of combating credit card fraud, where several holiday goers found their debit or credit cards frozen, when they are abroad. Banks monitor card usage and often freeze them if they begin showing unusual behavior.

The banks claim that if customers inform them of their travel plans, then it means they can make a proper assessment of the information. HBOS told the newspaper, saying: “If people are going to Africa, South America, we like to know. Also, we like to know about people going to Eastern Europe.” This is due to the increase of credit card fraud taking place in these locations.

However, locations in the United States are said to be the most likely places that involve fraud with British cards. Around £24.6 million was taken from UK cardholders in the country in 2008, marking an increase of 118 percent in the last three years. Much of this fraud is conducted by criminals who copy the information on the card's magnetic strip when it is used. They can then use this information to create fake cards for their own use. Credit card fraud has become less likely in the UK, due to the introduction of Chip and PIN.

Related articles

• Bank customers forced to disclose travel plans to cut fraud cost
• U.K. Blames Abroad for Increased Fraud in Broad Campaign
• Gemalto Wants EMV in USA
• Terminal Disease Boosts Fraud

Free Javelin Webinar - Data Breach Defense 2009

Complimentary Webinar on January 28, 2009

Attend a Javelin Strategy & Research Webinar on January 28, 2009 at 10:00 AM PST to learn about the latest developments in data breach risk management for financial services and other industries.

Senior Javelin Analyst, Tom Wills, will share updates and insights based on recent Javelin primary market research about:

(1) The data breach risk landscape in 2009
- Insider fraud, Web application attacks, and other emerging threats
- The impact of a down economy on identity theft

(2) The impact of data breaches on customer relationships and corporate reputation
a. Customer attrition statistics
b. How consumers view financial institutions as responsible for data breach incidents – even when the institution is not directly involved
c. What actions customers expect of organizations that have suffered a breach

(3) US regulatory update
- New State laws requiring specific preventative steps
- The Federal Trade Commission’s Red Flag rules

(4) Best practices for Prevention, Detection, and Resolution™
a. Securing sensitive information
b. How to recognize when a data breach has taken place
c. How a careful, high-touch and cross-functional data breach response can mitigate the risks of customer loss and litigation

(5) Vendor Spotlight: ID Experts – led by ID Experts President Rick Kam

Javelin Speaker: Tom Wills, Senior Analyst – Security, Fraud, and Compliance
Title: Data Breach Defense 2009: Prevention, Detection and Resolution Strategies to Protect Your Reputation and Stay Compliant with Regulations
Date: Wednesday, January 28, 2009
Time: 10:00 AM PST

Space is limited. Reserve your Webinar seat now at: https://www1.gotomeeting.com/register/285178252

Related articles by Zemanta

• Dual Authentication for All Consumer Accounts - FTC
• U.S. Identity Theft Convictions Up 26 Percent, Feds Say

Visa "Zero-ing In" on Liability

Zero Liability Helps Protect Canadian Visa Business Cards

Additional fraud protection adds value for Canadian small businesses

Visa Inc. (NYSE: V) announced today in Canada an important expansion of its Zero Liability program, which will now include Visa Business cards issued by Canadian financial institutions. The move can help better protect Visa Business cardholders from losses due to fraudulent transactions.

In a consumer survey(i) of more than one thousand Canadian Visa cardholders, 80 percent of respondents indicated they were extremely or very interested in having Zero Liability protection on their Visa card, with 30 percent ranking Zero Liability as the most appealing feature.

"Visa Business cards offer many benefits to small business owners in Canada and the addition of Zero Liability is another reason for them to use a Visa card with confidence," said Kareem Chouli, Head of Commercial Solutions in Canada, Visa Inc. "Security is a priority for Visa, and the Zero Liability policy is an important layer of our fraud prevention efforts."

Visa's Zero Liability policy protects business cardholders against fraud exactly the same way as it protects personal cardholders. Zero Liability means that business cardholders who have been victims of credit card fraud, including unauthorized transactions made via telephone or on the internet, do not pay for fraudulent transactions. Zero Liability does not apply to transactions with Visa Corporate or Visa Purchasing cards.

Personal Visa cardholders, including those who have been issued a Visa chip and PIN card, from Canadian-issued financial institutions will continue to be protected by the Zero Liability policy. All Visa cardholders must comply with the terms of their cardholder agreement including protecting their PIN where applicable.

With Visa Business cards, small businesses can conveniently manage their finances by separating business and personal spending, and tracking and analyzing expenses online. Online resources at visa.ca/smallbusiness include free business tools and guides, articles, as well as information about the Visa Savings for Business program - offering exclusive discounts to Canadian Visa Business cardholders.

Source: Press Release

Related articles by Zemanta

• Signature Debit Wrestles Fraud, Get's PIN'd
• Credit card costs soar for hard-hit consumers
• Visa, MasterCard fee hikes suggest price fixing: business group
• Chipping Away at Credit Card Fraud

Interswitch Targeted by Fraudsters

Last week, in a post entitled "ChipPin In" I covered a story from the Nigerian Punch regarding that country's transition from magstripe to Chip and PIN.  Interswitch is Nigeria's premier transaction switching platform and evidently, they have their hands full when it comes to dealing with fraudsters.  From "phishing"  to "phake" websites, it's no wonder they have decided to implement Chip & PIN...

Interswitch exposes failed ATM fraud attempt, says ‘don’t disclose your PIN number’

Internet fraudsters are at work again. They are trying once again to defraud Automated Teller Machine (ATM) card users by sending fraudulent mail purportedly in the name of Interswitch Nigeria Limited, the switching company which drives the ATM and debit card network of Nigeria’s 24 banks.

Mitchell Alegbe, managing director of Interswitch assures card users however that his company is on top of the situation and that the card users will have no problems as long as they do not disclose their PIN numbers to anyone. Alegbe says Interswitch is the nation's foremost transactions and switching company, with all the 24 banks connected to its network to provide electronic banking services through debit and credit cards, ATM and point of sale terminals (POS) and that it is constantly deploying new technologies to address the issue.

In a recent attempt, the fraudsters sent out e-mail to random addresses attempting to get ATM and debit card users to disclose their PIN numbers. The said mail read”:This is to notify you that our services are being upgraded to a new, better and more secured system . You are now required to click here and register all your debit cards, X-change cards, and cash cards online immdiately so as to enable your card to work on our new servers. Only registered cards will work with the ATM machines.”

Interswitch says this message is not from it and that card holders should ignore it.The company adds that on no account should any card holder disclose his or her PIN number to any third party.

In a previous attempt, fraudsters allegedly set up a fake website which attempted to replicate the Interswitch website and the company promptly moved to get the site shut down. Officials of the company told Business Day that the company has put in place a technology that enables it detect and shut down any fake Interswitch website immediately it appears on the internet and it has shut down such websites since the technology was installed.

In addition to this, the company in collaboration with participating banks embarked on a massive enlightenment campaign to inform cardholders on the activities and operations of the company and means of detecting fraud attempts and protecting their card information from getting into wrong hands.

Related articles by Zemanta

• Chip and PIN Coming to Dubai
• Chipping Away at Credit Card Fraud
• Signature Debit Wrestles Fraud, Get's PIN'd
• Terminal Disease Boosts Fraud

CheckFree Users not Scot-Free

CheckFree initially reported that about 160,000 consumers were exposed to their recent breach, but has since adjusted those numbers by +4.84 million.  The reason for the adjustment was straight-forward...their "inability to determine the actual identities of customers redirected to the Ukraine by hackers."  So one has to question how they came up with the 160,000, er 5 million number.  They have 40 million plus users. 

According to a story from Bank Technology News' John Adams; entitled "CheckFree's Hack Attack Has a Long Tail"  it's been a good year for hackers.  "The CheckFree hacking put the cap on a brutal year for security, with Guardium estimating a 50 percent increase in data breaches across all industries in 2008—affecting nearly 36 million Americans—with another 50 percent increase predicted for 2009".

Wow...that's a disturbing trend.  What's more disturbing, is that Avivah Litan, VP and distinguished analyst at Gartner, says payments and funds transfer processors, rather than retailers are now the one's being targeted by hackers.

Still, the takeaway for the payments industry is that crooks are getting very wise to where the real booty is to be found—the payments and funds transfer operations which provide access to the point at which money enters and exits financial institutions. “There’s an emphasis on attacking processors now instead of retailers,” Litan says.

Here's a portion of the news story from Bank Technology News:

For a five-hour period in December, customers accessing CheckFree’s electronic bill payment site instead found themselves unknowingly redirected to the worst neighborhood on the Internet—a bogus malware site manned by Ukrainian hackers. That’s the easy part to figure out.

According to a notice recently filed by CheckFree parent Fiserv with the New Hampshire attorney general’s office, about 160,000 customers were exposed to the breach. Yet the firm and a number of its banking clients are alerting a whopping five million consumers to possible exposure.

The reason for that 4.84 million-customer gap between estimated and potential exposure is the inability to determine the actual identities of customers redirected to the Ukraine by hackers, requiring the additional notification of clients of banks that outsource their bill payments to CheckFree.



continue reading at American Banker/BTN

Related articles

• CheckFree warns 5 million customers after hack - infoworld.com
  
• FiServ's View on Next Gen Payments

News: Gaza Strip(s) PC of Financial Data

Last week in a post entitled: "Got Hacked? Bank on It" I talked about webjacking and made a prognostication that these types of hacks will  milk your hard drive for information and become more common in 2009. 

"I'm sorry to report  that it doesn't look like this will be the last time this year...I'll be talking about webjacking ...these webjack attacks will become almost as common as a Gulf of Aden pirate attack."

Well, it didn't take long for a webjacking to make "news."

The bad news is, IT IS THE NEWS. 

Using mainstream news headlines regarding recent events in Gaza, it lures people to a site that apprears to be CNN.   The bad news is, it isn't CNN...it's a clone, and you there is nothing which clearly indicates that you've been duped. 

According to the report, this has been planned for weeks, initially  the hackers had designed  the attack  using Barrack Obama's inauguration as the basis for the allurement, but  instead, have decided to lure people with headlines relating to the recent events in Gaza.

This email spam attack contains "headline" news links to a website masquerading as CNN.  Once there, user's are innocuously instructed to download an Adobe Acrobat 10 update, which, instead, infects the user’s computer with a password-stealing Trojan virus which scrapes the hard disk looking for banks/financial service data. 

This is a disconcerting development to say the least, and I've got some "ews" for you.  If you EVER type in your credit/deibt PAN (Personal Account Number) or PIN into a browser space that's "your bad."  The "good news" is that you can protect yourself with your own personal swiping device from HomeATM. 
Here's the story from ComputerWorld:

Hackers have launched a large-scale spam attack masquerading as CNN.com news notifications about the Israeli invasion of Gaza, security researchers said today, in a repeat of a massive campaign last summer that also posed as CNN alerts.

Yesterday morning, RSA's FraudAction Research Lab spotted the first messages in the new attack, which take advantage of the ongoing conflict in Gaza. Israeli ground forces entered Gaza on Jan. 3 after several days of airstrikes and naval bombardments that began Dec. 27.

The messages, said Sam Curry, vice president of product management at RSA, pose as alerts from the CNN cable news channel, and promise "graphic and striking" images about the conflict in Gaza between Israel and Hamas.

"It starts off with phishing e-mail that tries to look like CNN," said Curry, "and then the social engineering aspect kicks in. The message tries to get you to go to a Web site that looks like CNN.com. There, the [fake] site says you must update to Adobe Acrobat 10." Accepting the download delivers a Trojan horse to the PC instead.

"The Trojan is an 'SSL' stealer," added Curry. "It scrapes the disk and looks for traffic to and from known financial services."

The attack had been prepared weeks in advance, said Curry, and the hackers had only decided in the last several days to hang it on the events in Gaza. The FraudAction Research Labs' usual monitoring of cybercriminal activity, he said, had uncovered talk about an impending attack as much as four weeks ago.

During the interval, the attacks bandied ideas about what current event they would use to bait their attack. "There was some talk about the inaugural [of Barack Obama next week], the economy and massive drops in the Dow," Curry said. "They talked about how the news had to hit a critical threshold."

They eventually selected news of the Israeli attacks in Gaza against Hamas. "The thing is that they're completely apolitical," Curry noted. "They were ready to exploit significant news either way, whether there was a cease fire or an intensification of the conflict...  (continue reading at ComputerWorld)

Related articles from PIN Debit Payments Blog

• Got Hacked? Bank on It 
• Software Breach 92 Times More Likely Than Hardware Breach
• E-Commerce Not Safe in a Web Browser 2 
• Browsers and E-Commerce Don't Mix
  

Online Retailers Familiarizing Themselves with Foreign Markets

According to CyberSource many U.S. online retailers are "overseaing" ways to increase volume from international markets...

With sales in the U.S. slowing for many retailers, many of them are accepting orders from customers in emerging foreign markets including India and China, CyberSource Corp. says in a new study.

One way many retailers are getting more revenue is through international online orders, says Doug Schwegman, director of market and consumer intelligence for CyberSource, a provider of online payments processing and risk management technology and services. The study is based on a survey of 400 online retailers conducted for CyberSource by Mindware Research between Oct. 21 and Nov. 11, 2008. The 400 respondents account for a total of more than $60 billion in 2008 online revenue; 41% of them have annual revenue of $10 million or more, 29% have annual revenue of $25 million or more.

The study found, for example, that about half or more of merchants accept orders from 15 countries outside of the U.S. and Canada. On average, each merchant accepts orders from nine foreign countries.

Most surprising, Schwegman says, is that nearly half, or 49%, of merchants accept orders from India, and that 52% accept orders from China, two markets that may present challenges in shipping and payments. Most payment transactions in these and other foreign markets, however, are handled with common major credit cards including Visa, MasterCard and American Express, he adds.

Also surprising, however, is that few of the surveyed merchants who accept orders from overseas use payment options popular among consumers based in foreign markets. For example, in Germany, where 73% of the surveyed merchants accept orders, only 12% of them accept payments through the bank transfer methods preferred by many local consumers even though CyberSource and other payment services companies can enable U.S. merchants to accept such payments, Schwegman says.

Following are the 15 countries included in the study and the percentage of U.S. merchants that accept orders in each:

1. U.K., 87%
2. Germany, 73%
3. France, 68%
4. Australia, 68%
5. Japan, 68%
6. Spain, 66%
7. Mexico, 66%
8. Italy, 65%
9. Brazil, 55%
10. Hong Kong, 55%
11. Singapore, 53%
12. South Korea, 53%
13. China, 52%
14. Taiwan, 50%
15. India, 49%

Related articles by Zemanta

• Credit Card History
• Visa and MasterCard under DOJ Investigation
• Best and Worst Online Payment Options in the UK
• Discover To Make a Killing and I'm Lovin' It!

ChipPin In

Stanley Opara writes for the Nigerian Punch about his country's transition from magstripe to Chip and PIN. Interswitch is that county's premier transaction switching platform and it won't be long before the United States stands alone as the only country on the globe yet to commit to EMV. 

Nigerian financial market and the chips/PIN revolution

By Stanley Opara
Published: Sunday, 11 Jan 2009

The e-payment industry remains a faction of the techno-driven set-ups, and the impact of this marriage between technology and finance has recorded huge successes as inferred from current statistics and industry analysis.

The truth, therefore, is that e-payment machinery, especially the card technology, is presently enjoying popular patronage, even as its applications in the day to day business activities rest on geometric cruise.

With the penetration deepening by the day, carrying abreast huge transactions, the issue of security and reliability has indeed become an industry subject-matter, with operators, regulators and users really concerned about the way forward.

The move by the Central Bank of Nigeria in this regard, could be described as prompt, and the compelling directive to players to convert technology from the traditional magnetic stripe to chip and PIN/smart card platform, a welcome development.

However, saying the country‘s card payment industry has come a long way, is stating the obvious. Nigeria was among the very first countries that adopted smartcard payment platform in the 90s with the ValuCard and SmartPAY schemes.  These e-purse smart cards could not generate the expected mass adoption due to some technical and strategic challenges. Hence, it was rested in the early 90s. In its place, Nigerian banks decided to adopt a cheaper but fraud-prone magnetic stripe cards.

The success of the initiative, powered by InterSwitch, the country‘s premier transaction switching platform, helped lay a foundation for the e-payment industry in the country and the West African region as a whole.

Today, as a result of this initiative, Nigerian banks have issued over 25 million cards. These cards are being used to process payment transactions on over 11,000 point of sale terminals, 7,000 ATMs and 200 web locations, 50,000 mobile devices...

But in its efforts to follow global best practice and secure global acceptance for cards of Nigeria origin, the CBN has mandated all the banks to convert their payment cards to a smartcard platform by the end of the second quarter of 2009. The CBN shifted the initial September 2008 deadline in order to permit the banks to prepare thoroughly for the expected cutover.

Since major payment card schemes in Europe, Middle East, South America and Africa have been converted to the secured smartcard platform, CBN‘s position is therefore in line with this global trend.

Experts have maintained that until the introduction of smart card payment system, all face-to-face credit or debit card transactions used a magnetic stripe or mechanical imprint to read and record account data, and a signature for verification, and as worries over the level of fraud associated with magnetic stripe cards heightened in the 1980‘s, the introduction of extra security measures including on-card photographs and holograms failed to solve the problem.

In the 1990s, card fraud increased. As a result, the payments industry commenced a quest for more secure and authentic replacement for the magnetic stripe.

This search inadvertently led to the mass deployment of the smart cards also knows as chip and PIN cards. Specifically, the French developed chip technology, which is also known as smart card technology, and had over the years recorded advancements in processor and circuit technology, following the chip to grow in complexity and size with many now holding 100 times the information stored on a magnetic stripe.  continue reading at "The Punch"

Related articles by PIN Debit Payments Blog

• Gemalto Wants EMV in USA
• U.K. Blames Abroad for Increased Fraud in Broad Campaign
• Canada's EMV Transition Numbers
• Chip and PIN Coming to Dubai
• Interac Chip and PIN Transition Rollout Begins

CompuCredit must "Comp You Cash"

$114 million refund in pipeline for subprime credit card users - Action Line - MiamiHerald.com

The Miami Herald is reporting today that CompuCredit was ordered to reverse fees it charged customers they secured with deceptive marketing practices.

Those fees total $110.3 million in reversals and $3.7 million in cash refunds. I suppose that's gives a new twist to their "Comp" You Credit branding strategy. Oh, they've got to "comp you cash" if your balance is lower than the the amount they've been ordered to compensate.

Here's the story from the Miami Herald...

CompuCredit, a company marketing Visa and MasterCard credit cards to consumers in the subprime credit market, has agreed to reverse fees charged to eligible consumers' accounts to settle allegations that it violated federal law, according to the Federal Trade Commission. It is estimated that the redress program will result in more than $114 million in credits to consumer accounts.

Eligible consumers whose current balances are less than the amount of credits to be applied will receive an estimated $3.7 million in cash refunds.

In a federal court complaint filed in June 2008, the FTC alleged that CompuCredit engaged in deceptive conduct in connection with marketing credit cards. The FTC also alleged that Jefferson Capital Systems, a debt collection company wholly owned by CompuCredit, engaged in deceptive conduct in marketing credit cards as part of its debt collection activities and engaged in abusive practices while collecting debts.

Eligible consumers will be identified from company records and contacted.

Related articles by Zemanta

• Your Credit Card Costs Consumers ~$50,000,000,000 Per Year [Explainers]
• Visa, MasterCard fee hikes suggest price fixing: business group
• Small businesses: Shopkeepers hit by MasterCard doubling its fees
• Banks Mine Data and Pitch to Troubled Borrowers
• Discover To Make a Killing and I'm Lovin' It!
• As debt grows, collections boom

Software Breach 92 Times More Likely than Hardware Breach

Yesterday, DTN wrote that Fireman's Fund Insurance is offering SME's payment card breach insurance. That kinda gives you an idea how serious of a problem these breaches really are.

Remember, software is 92 times more likely to be breached than hardware. (In 400+ breaches, 92% were "software related" (combining POS and Online Shopping Cart software) while only 1% were hardware related). Source: Trustwave (PDF)

Oh, by the way, the 1% of hardware device breaches were the result of tampering, which is highly unlikely, if not virtually impossible, to occur with your own personal swiping device from HomeATM. I sincerely doubt anyone would break into your home and start fiddling with your personal card swiper and leave your big screen HDTV on the wall...don't you?

So which would you rather use if you were shopping online? A software based application, or a hardware based solution.

With Breaches Rising, Insurer Offers Card-Compromise Coverage

"Fireman’s Fund Insurance Co. this week unveiled what it says is the first coverage available to small and medium-sized businesses for losses from payment card data breaches. News of the policy came on the same day that a non-profit research organization reported that data breaches increased 47% last year. The idea behind the coverage, according to Brian Gerritsen, product director at Novato, Calif.-based Fireman’s, is to give peace of mind to business owners who are diligent about complying with the Payment Card Industry data-security standard, or PCI, the card networks’ uniform protection rules that all card acceptors are supposed to meet.

Continue reading at Digital Transaction News

Related articles by Zemanta

PCI to assess the assessors

TJX Suspect Gets 30 Years

In a follow up to a series of posts I've dubbed "Hacker's 11, The Boston Globe reports that a suspect has been jailed in Turkey for an unrelated (well, related in the sense that he was found guilty of an unrelated cybercrime)  It is believed to be the harshest sentence ever for a cyber-related crime.

In a separate article, Finextra reports: "Although US authorities filed extradition papers against Yastremskiy he has now been convicted in Turkey on the separate charges. According to local reports, he pleaded not guilty but was convicted yesterday in a court in the city of Antalya."

Here's the story from the Boston Globe:

Suspect in TJX data theft sentenced in Turkey in unrelated case - The Boston Globe

By Ross Kerber and Musa Kesler, Globe Correspondent | January 9, 2009

ISTANBUL - A Ukrainian man who authorities allege played a key role in the largest data theft on record was sentenced to 30 years in prison in Turkey yesterday in an unrelated case.

US prosecutors have said that Maksym Yastremskiy was instrumental in the sale of credit and debit card numbers stolen from the retailer TJX Cos. of Framingham and other companies. While the sentence may be one of the longest ever handed down in a cybercrime, the conviction could hamper his prosecution in the United States.

He and 10 others were charged last year with (Editor's Note: See  Graphic on Right)  being part of a ring of thieves from around the world that broke into nine major US retailers' computers systems, stealing customer data and then selling that information. The thieves allegedly hacked into the systems and installed programs to capture data.

Yastremskiy, according to prosecutors, earned more than $11 million from his illicit activities. He has also been charged in another US case, involving theft of data from a Texas restaurant chain.

Court documents indicate that in TJX's case, as many as 100 million card numbers were stolen. Prosecutors alleged the ringleader was Albert Gonzalez of Miami.

A 27-year-old business school graduate, Yastremskiy was arrested in 2007 while on vacation in the Turkish resort of Kemer. His attorney, Ridvan Yildiz, said he was charged with breaking into Turkish bank accounts electronically, to which he pleaded not guilty.

He was sentenced yesterday in Antalya, a city on Turkey's southwestern Mediterranean coast near the resort town.

Before sentencing, Yildiz said, Yastremskiy told the judge: "I am innocent. I didn't do anything to break bank accounts. Somebody else did it, not me. I want to be released from the jail."

Yastremskiy had also argued that a laptop computer found in his hotel room containing bank information belonged to a friend.

Yildiz plans to appeal the sentence to Turkey's highest court, known as the Yargitay.

The 30-year sentence was at the low end of the range of 24 to 72 years sought by prosecutors.

Mark Rasch, a former federal prosecutor and computer-crimes expert in Bethesda, Md., said the sentence was the longest he had ever heard of involving a cybercrime. It would be allowed under US laws only if the offenses had led to death or other extreme consequences, he said.

Yet the heavy sentence could give US prosecutors influence in obtaining Yastremskiy's cooperation against others. "This would be great leverage," Rasch said.

A previous defense attorney for Yastremskiy had said that US officials have sought to extradite him, but that Turkish law prevents that until after he serves his sentence.

Yesterday, US Justice Department officials would only say they continue to seek Yastremskiy his extradition. US prosecutors in Boston have already won several guilty pleas from minor figures in the case.

Ross Kerber can be reached at kerber@globe.com. Kerber reported from Boston. Kesler, a correspondent for the newspaper Milliyet, reported from Istanbul

Related articles by Zemanta

• Turkish courts hands out 30 years to hacking godfather
• Carder linked to TJX hack jailed for 30 years by Turkish court
• Inside the Mind of a Hacker

POS Special Issue from JBF (not me)

The Journal of Business Forecasting (JBF) has published a special Point of Sale Issue.  Here's there press release.

Great Neck, N.Y., Jan. 9, 2009 -- As businesses continue to search for better ways to thrive in a volatile economic climate, the IBF offers guidance with a special issue of the Journal of Business Forecasting, which includes 12 articles on demand planning & forecasting with Point-of-Sales (POS) / Syndicated data. This issue has all you need to know about how to keep pace with consumer behaviors and make better decisions with consumption data. Winning companies are the ones leveraging consumption data for forecasting in this economic climate.

Over the past months, the world's current economy has forced change in demand planning and forecasting processes. Consumers continue to be less loyal, more demanding, and more cost conscious. In order to operate efficiently and profitably in this environment, making decisions based on what consumers are doing is extremely valuable. This special issue will give professionals best practices in forecasting & planning with POS/ Syndicated data that can spell survival for retailers who integrate them into their business strategy.

Highlights include the articles by demand planning & forecasting professionals, such as Jeff Brown's article (Consumer Driven Forecasting to Improve Inventory Flow: Brown Shoe Company's Journey) about how the Brown Shoe Company implemented a forecasting process to capture information about consumers' purchases so they could synchronize demand with factory operations. The article by Robin Simon gives the ABC's of POS-based demand planning and forecasting while the article by Larry Lapide from MIT discusses the what, why, and how of POS data. Hugh McCarthy from Nestle explains how to enhance the demand planning process with POS forecasting; Mike Borgos from Osram Sylvania tells how to maximize POS as a source of data and insight; and Richard Shapiro from Jarden Consumer Solutions gives details on how to use POS data in demand planning.

The Journal of Business Forecasting, a leading quarterly publication of the IBF for nearly 30 years, is complimentary with IBF membership. This commemorative Point-of-Sale (POS) and Syndicated Data Winter 2008-2009 issue will hit the shelves in January 2009.

To reserve your copy and download a free sample article from this special issue visit: www.ibf.org/POSPR.cfm

Source: Company press release.

• Intel issues another revenue warning

See You Later...

Amazon Cuts Ties with Bill Me Later, still holds equity stake.

On Dec. 31st, 2008, (to no one's surprise) Amazon removed Bill Me Later as a payment option from it's website. PayPal purchased  BillMeLater in October for $945 million and Amazon had invested in them almost a year earlier.


According to the The GreenSheet, "Amazon's statement offered no explanations; it simply said, "Bill Me Later will no longer be accepted as a payment method on Amazon. However, all sales and orders processed with Bill Me Later prior to the sunset date will continue to be processed." More than 1,000 online stores, catalogs and travel sites currently offer BML as a payment method they said.

In December of 2007, Amazon took and equity stake in Bill Me Later which competed with PayPal's Pay Later Service.  The way Bill Me Later works is you enter your birth date and last four digits of your social security number online, and it does a credit check on you in three seconds to determine whether you are worth the risk. Bill Me Later pays the merchant, and sends you a bill. 

I imagine that Amazon will sell it's stake in BML but as of yet, no announcement has been made.

Related articles by Zemanta

• eBay Acquires Bill Me Later for $820 Million in Cash (Updated with Conference Call Notes and Headcount Reduction)
• BillMeLater; Just Not on Amazon
• Alternative Payments Growing Threat to Cards - Bank Technology News
• Will Amazon Ditch Bill Me Later After eBay Takes Over?

Big Show Starts Sunday

http://nrf.com/annual09

What are you doing this Sunday?

PIN Debit Payments Blog Related Articles

• Is Online PIN Debit For Real This Time Around?
• PIN Debit on the Web
• Dismal Holiday Numbers
• "Amazon" Thanksgiving Day Parade?
• Signature Debit Wrestles Fraud, Get's PIN'd
• DebitFacts.org Launches Today
• Top 15 eCommerce Sites in November
• The Benefits of Debit Cards by Bruce Cundiff via DebitFacts.org

Custom Fraud Possible? Yahmon!

Here's a letter to the editor of the "Jamaica Gleaner" published under the title: "A dangerous practice"

It illustrates how aware consumer's are becoming to potentially fraudulent/risky practices. Mr. Cooke knows better than to punch debit/credit card numbers into a computer. So I have two questions:

1. Why isn't the Jamaican Custom's Office as aware?

2. What on earth was the agent thinking (drinking) entering a PIN (using a keypad) into a computer?  It's high time they put some more energy into preventing this type of behavior...

As the title states...it's a dangerous practice.    

The Editor, Sir:

Kindly publish this as an open letter to Director of Customs Danville Walker and Minister of Finance Audley Shaw.

Dear Sirs,

I wish to comment on a practice I encountered at the Customs office at Berth 6 Newport West on January 5. I attended there to clear a barrel of food and clothing sent by my wife's siblings in New York. The process was relatively quick and easy, given past experiences clearing personal effects there in 1999. But when I went to pay the customs duty at the cashier, I was shocked to be asked to hand over my debit card with which I was paying the fee.

Instead of asking me to swipe my debit card in a machine, as is usual, the clerk asked for my card and then entered the number of the card and relevant particulars in the computer, and enquired whether it was a chequing or savings account. She then asked me to enter my PIN and press enter, before handing me back my card.

I remarked to her that this was unusual, (translation: he wasn't "a custom'd" to this?) and that the card was private as it contained personal information that could be retrieved and used by someone fraudulently.

This practice is dangerous and should be stopped as identity theft has become a very prevalent crime in recent years. It should be necessary only to have the customer swipe his card, enter his PIN, and press enter to get confirmation from the card company for the amount required.

I must strongly object to this dangerous practice which can put customers' bank accounts at risk to unscrupulous persons. Please mister Commissioner of Customs and mr minister, review and change this practice for the security of your customs.

I am, etc.,
LLOYD A. COOKE

Royal Flat Box 642 Mandeville PO