HomeATM Client UATP Unveils New Website

UATP Unveils New Public Web Site

UATP is a global travel payment network. UATP accounts are actively issued by 15 member airlines and accepted as a form of payment for corporate business travel by more than 200 airlines worldwide.

Airlines currently issuing UATP accounts include Aer Lingus, Air New Zealand, Alitalia, American Airlines, Austrian Airlines, British Airways, Continental Airlines, Delta Air Lines, Japan Airlines, KLM Royal Dutch Airlines, Lufthansa German Airlines, Qantas Airways, Ltd., Scandinavian Airlines System, United Airlines and US Airways. For information, visit uatp.com. (PRNewsFoto/UATP)

WASHINGTON, DC UNITED STATES

WASHINGTON, Feb. 9 /PRNewswire/ -- Universal Air Travel Plan, Inc. (UATP), announced today the launch of its re-designed public web site: uatp.com. The new site focuses on UATP's core corporate charge card program, as well as UATP's new and successful business lines including:

• Alternate forms of payment processing... including HomeATM
  
  
• USS, UATP's settlement service for low-cost carriers, travel agencies and other Merchants
• Prepaid cards and gift cards
• Travel Protection Plans - insurance program for the travel industry

"The new site offers targeted information to airlines, travel agents, corporations and travelers; it is part of our global effort to raise UATP brand awareness," said UATP President and CEO, Ralph Kaiser. "We've had significant growth in the past few years and want our brand to reflect that success; launching the new web site is just the beginning."

The new design features vastly improved navigability, enhanced internal search engine, upgraded events and press section as well as improved UATP information for Issuers, Merchants and corporate customers alike. New features to the site include information available in several micro-sites in Chinese, French, German, Japanese Portuguese and Spanish. Additional micro-sites will be added as UATP continues to expand its international reach.

UATP had a record year in 2008 with approximately US$12 billion in total charge volume.

About UATP

UATP accounts are accepted as a form of payment for corporate business travel by airlines and travel agencies worldwide. UATP accounts are issued by: Air New Zealand (ANZFF.PK), American Airlines (NYSE: AMR), Austrian Airlines (AUALF.PK), Continental Airlines (NYSE: CAL), Delta Air Lines (NYSE: DAL), Japan Airlines (JALSY.PK), Northwest Airlines, Qantas Airways, Ltd. (QUBSF.PK), United Airlines (Nasdaq: UAUA), and US Airways (NYSE: LCC). AirPlus International issues the UATP-based Company Account for: British Airways (LSE: BAY.L), Continental Airlines (NYSE: CAL), and Lufthansa German Airlines.

Contact:
UATP Corporate Communications
Wendy Ward, wward@uatp.com
+1 202 626 4077


SOURCE Universal Air Travel Plan, Inc.

Comments Have Been Enabled on the HomeATM Blog

With the rising number of people visiting the HomeATM PIN Debit Payments Blog, I have decided to enable a "Comments" feature in order to make the blog more interactive.

To leave a comment, click the title of the post your wish to leave one on and the "Comments" feature will be located on the bottom of the post.

Please feel free to leave your thoughts, questions, criticisms, or ideas on how to make the blog better in the comments section. Comments will be moderated to prevent spam comments.

Melissa Antonelli, a regular contributor to the TrialPay blog, gets credit for the first (1st!) comment (left) and actually sparked the the idea that maybe I should enable comments.

Thanks Melissa for your kind words. TrialPay recently surpassed 20 million users...("TrialPay Adds 5 Million Users in 54 Days!")...maybe we can discuss how HomeATM and TrialPay can mutally benefit each other at the Retail West show here in Phoenix/February 21-23rd.

And once again, to everyone else, thanks for following the HomeATM blog and we welcome and encourage you to share any thoughts and ideas you may have...

JBF and the folks at HomeATM!

M-Cube Offers Prepaid Mobile Banking

Banking Technology reports that M-Cube, which is a part of VeriSign, is offering a Prepaid Mobile Banking Platform...

M-Cube offers mobile banking for Ryanair prepaid members | Banking Technology magazine - UK

M-Cube has launched the M-Cube M-Payments Platform, a mobile banking application for consumers using prepaid cards in the UK and Ireland. This application will be immediately available to members of the M-Cube Ryanair Prepaid Programme and should be functional across the range of M-Cube backed prepaid cards.

The Ryanair Prepaid Programme, launched in November 2008, is a mass market multi-brand prepaid programme created by a prepaid card provider in the UK and Ireland. Holders of other M-Cube backed prepaid cards will also be offered access to the mobile application.

Using the M-Payments Platform, cardholders should be able to carry out a range of transactions directly from their mobile phones without the need to sign into their account via a computer. The services available to cardholders include:

• Activation of a new prepaid card
• Checking account balances
• Obtain a mini-statement of recent account transactions
• Top up prepaid card with funds
• Report a prepaid card as lost or stolen
• Live chat
• Foreign currency transfers
• Transfer between accounts

The M-payments application has been developed in partnership with information security experts Network Security Solutions using the firm's proprietary mobile text messaging security backbone, Xecure Message Service.

Surprise! ID Theft on Rise

ID theft on the rise, but costs down - Phoenix Business Journal:

The number of reported identity theft cases jumped 22 percent from 2007 to 2008 in the U.S., to 9.9 million, according to Javelin Strategy and Research, but the financial impact on victims has dropped.  Editor's note:  Financial impact on "individual victims" has dropped...because there's 22% more of them. 

The cost per incident -- including unrecovered losses and legal fees -- fell 31 percent, to less than $500, the San Francisco firm reports.

Identity fraud is defined as the unauthorized use of another person’s personal information to achieve illicit financial gain.

The survey says almost half of the cases are linked to stolen wallets, while only 11 percent of the victims had their identities stolen over the Internet. (Editor's Note: I expect that number to jump, maybe even double this year, until there's end-to-end encryption)  Heartland will contribute as will other breaches this year. 

We still don't know what's going on with Adele Services either. See: (Major Credit Card Hack Starting?)

Women were 26 percent more likely to be victims of identity theft.

“The good news is research shows consumers have more control than they may think and more of them are actively taking steps to protect themselves,” said James Van Dyke, president and founder of Javelin Strategy & Research, in a company statement. “Additionally, the financial industry has made significant strides to resolve fraud incidents for their customers and put stronger controls in place to limit fraud, which is lessening the impact of this crime”

Javelin Strategy & Research has been researching identity fraud for five years with 24,000 U.S. respondents involved in its survey. In October, nearly 4,800 telephone interviews were conducted to for the study.

Sorry Noca...NoCanDo

Rafe Needleman at CNET writes about a startup that is offering a new online payment system.  The problem is that users have to enter their checking account AND routing numbers via a keyboard online. 

If "noca" believes that enabling consumers to pay directly out of their checking accounts by typing their Checking Account Number (CAN) and bank routing numbers into a browser space with a keyboard they might want to revisit that idea. 

Followers of this blog undoubtedly know my stance on typing/entering any account numbers online.   Sorry...No Can Do...I'm just not the type.

Anyway...during a demo of a $10 transaction, Rafe needled the CEO about the security of the system (it asked for a mobile phone number, then called it and gave it a PIN) but the CEO, said that if it was a bigger amount, it "may have" incorporated  a tougher question.  May have?  Brilliant!

Now I don't know if the CEO (pictured on right)  was sleep walking when he did the interview, but  "PJ" Gupka, (who stated he was formerly in charge of VIsa network architecture) said that his system is more secure than Visa's. 

I would think that when scheduling a demo in front of CNET,  purporting your system "is more secure than Visa's" (especially with security being such a hot topic following the Heartland breach), you may want to choose the amount that actually incorporates those "tougher security measures."  At the end of the day though, if you are typing your "CAN" with a keyboard, (and your routing number) it doesn't matter how they encrypt it or what type or how many algorithms they use.  The data is fair game UNTIL it's encrypted.  It appears that it's not encrypted until it's captured, and my concern is that via a myriad of hacker inspired methodologies, it can be captured by them first.  Since the  security of a transaction is only as secure as it's "weakest" link, then this doesn't appear to be very secure at all. 

End-To-End Encryption (E2EE) is the only way to guarantee a secure transaction.  That's why Heartlands CEO is calling for it, (after a potential 100 million card breach) and more importantly, why HomeATM has provided E2EE on ALL it's transactions since January of '07.  Now I'm no security expert, I know (maybe) enough to be dangerous (to myself) but I think I'm within my rights to recommend that you don't buy the "type hype." Malware, keylogging, sniffers, bots, etc will tell you that.  Heck, Heartland got hacked and they were PCI certified.  They got nailed when they "unencrypted" the card data.  Nobody "typed" their card, oh excuse me, in this case, their checkiing account numbers online.  Sounds like a good idea 5 years ago...not today. 


Here's the story...with some of my comments included:

A new way to pay: Noca's credit card alternative
Rafe Needleman - Rafe Needleman writes about start-ups, new technologies, and Web 2.0 products, as editor of CNET's Webware.  e-mail Rafe.

When you buy a product online and use either a credit card or Paypal, a significant percentage of your transaction cost--from 2.5 percent to 4 percent when all the fees are considered--goes straight to either the credit card processing company or to PayPal.  With so many retailers operating at such slim margins already, this is a material expense. While payment processing will probably never be free, a new company, Noca, is launching today that undercuts payment processing by an order of magnitude: It charges just 0.25 percent for transactions.  (Editor's Note:  I think they meant .0025% if it's 2.5 basis points)

Noca, CEO PJ Gupta told me, does not enable credit of any sort. Rather, it's a financial interchange platform that lets consumers pay for goods through direct checking account withdrawals.

Gupta told me he was formerly in charge of Visa's network architecture, and that Noca is built in a more efficient way. "There's no reason to use IBM servers today," as the credit card processing companies do. "There are two to three order of magnitude of inefficiencies there." (Editor's Note:  He sure likes that "order of magnitude" line, doesn't he?  I wonder to which order of magnitude his system blows away the efficiency of Visa and IBM)

He also says that Noca is more secure. Transactions are handled and encrypted by Noca's servers; merchants never see the checking account and bank routing numbers consumers enter (the same is true of PayPal transactions). Editor's Note:  The merchants are NOT the one's I'm worried about...it's the "hackers."  If a user "types or clicks" his Credit Card, Debit Card, PIN number, Social Security Number, it doesn't matter, online, it can be had )  An additional, adaptive security comes in to play depending on the type and amount of the transaction.  (Editor's Note:  It doesn't matter, it's fair game when you type instead of swipe.)

In a live demo where Gupta was buying $10 worth of digital goods from early Noca customer Klatcher, the system asked for a mobile phone number, sent a PIN to it, and required the user to enter that PIN on the transaction form. I didn't see how that added any security at all.   (the buyer could give out any mobile number), but Gupta told me that if the transaction had been for more money or for physical goods, the verification process "might have" incorporated Yodlee's system of challenging the buyer to produce personal information from financial records, such as selecting an accurate previous address or amount of the buyer's regular mortgage check.

To pay using Noca, get out your checkbook and copy down some numbers. (Editor's Note: Get out my checkbook?  Did I go back in time?  Copy down some numbers...yes apparently I did) 

Gupta believes that the technology he's built to link into the banks, prevent fraud, and do so cheaply is a competitive barrier. But I am surprised that his customer roster at launch is sparse--only three vendors, and probably not one you've heard of. (Editor's Note:  ya think?) There are a dozen companies evaluating the system or getting closer to launching with it, Gupta says. There will be major vendors online with Noca, "well before June 30," he promised. (Editor's Note: More proof PJ is sleeping...now he's even dreaming)

One downside: (Editor's Note:  That was the punchline) Noca doesn't offer chargeback or dispute arbitration services. That's between merchants and their customers. But it does give consumers far more detailed transaction statements than credit cards or bank accounts.  (I don't know how smart that is either)

The author concludes by saying that Noca is a smart company for the current economy. Credit is tight for everyone, including consumers, some of whom are losing or just throwing out their credit cards.  Noca makes online purchasing easy and secure even without credit. And its lower fees could help make goods purchased online less expensive, too. 

Editor's Note:  Smart?  I didn't read anything I tought was smart about it.  For current economy? Question: Does anyone 14-41 years old even have a checkbook anymore, (NO Checking Accounts) or remember what drawer it's in?  "Makes online purchasing easy and secure?"  Typing in all those numbers, both your Checking Account Number (CAN) AND your routing number is neither convenient, nor easy and it's definitely NOT secure.

In closing, I guess there's two ways to make my point that noca will never do online, (ndo) 1. 1.  Add the "ndo" acronym to the end of their name and it creates a whole new message: Nocando. 

Put another way  Sorry noca, but:

N
O
Checking
Account
Number
Done
Online 

In closing, I woke up in a sarcastic mood this morning (again) and used this story to further demonstrate that it is not safe to type any numbers (credit card, debit card, checking account, social security, etc) into a web browser.  If noca feels I went overboard, I would welcome their rebuttal and gladly post it here.  If you have any comments, click the title of this post and a comment form will appear at the bottom of the post.  Remember...Instead of Typin'...

Related articles

• A new way to pay: Noca's credit card alternative (news.cnet.com)
• Credit Card Fees Squeezing Profits? Switch to PIN Debit (pindebit.blogspot.com)
• Is Noca The Next PayPal? (techcrunch.com) Editor's Note:  I gotta read this!
  

On Visa, Barclays and Heartland

Barclays Trounces Forecasts, Posts Flat Net Wall Street Journal - USA ... the disposal of its life insurance book, and booked €291 million in profits on the initial public offering of VISA and sales of shares in MasterCard. ... See all stories on this topic

Image via CrunchBase Visa Rally May Be Short Lived Seeking Alpha - New York,NY,USA Investors in Visa and MasterCard will argue that this doesn’t matter because these companies simply process the transactions and do not have credit risk. ... See all stories on this topic

Recent local debit card threat noted by Midwest Bank York News-Times - York,NE,USA Visa and MasterCard are working proactively with merchants, who are required to make changed in the way they store customer data and are required to report ... See all stories on this topic

Related articles by Zemanta

• Fortune - MasterCard vs. Visa (pindebit.blogspot.com)
• The Steady Ascent of the Debit Card (businessweek.com)
• Perfect Storm Brewing, HomeATM Perfectly Placed (pindebit.blogspot.com)
• "SwipePIN" Your Card Data...Better You than Fraudsters! (pindebit.blogspot.com)

Internet Growth Could Double Shares of Payment Provider - Barron's

Wirecard shares could double: Barron's

NEW YORK (Reuters) - Shares of Wirecard, a German online-payment processor, have fallen to about 4.40 euros from 11.65 euros last May, but the selloff is probably an overreaction and the shares could double in value, according to Barron's.

Wirecard is not immune from the contraction in consumer purchasing but the recession could actually accelerate growth in Internet purchasing, Barron's said.

The company has about an 8 percent share of Europe's 100 billion annual online transactions and could add another 1,000 customers this year as retailers outsource their Internet payment processing to cut costs, Borge Endresen, a portfolio manager of the AIM European Small Company Fund, told Barron's. AIM owned more than 300,000 wirecard shares as of December 31.

(Reporting by Helen Chernikoff; Editing by Bernard Orr)

Related articles by Zemanta

• Mayaysia Airlines Selects WireCard for Internet Payments (pindebit.blogspot.com)

Video: Debit Card Thefts on Rise - Consumer Reports

Consumer Reports: Debit Card Thefts On The Risk

With the economy in trouble, all kinds of theft are on the rise, including criminals who are targeting debit cards. They've found a way to steal your PIN code and your money with the help of a device called a skimmer, which they install on ATM machines. Thieves then use the stolen information to create a new card.

Your whole account could be wiped out, including money you had set aside for your mortgage, for your car payment, or for other payments.

Attorney John Campbell, who helps victims of bank-card fraud, says you're most vulnerable at places such as gas stations, convenience stores, and airports, where it's easier to install skimmers. But even at your bank's ATM, check to make sure nothing looks loose or out of place.

Fortunately, Consumer Reports says there is one simple thing you can do to get better protection. When you're making a purchase with your bank card, press "credit" not "debit." The money is still deducted like a debit, but you don't use your PIN code...and so a criminal can't steal it. And by using the "credit" option, in most cases you'll only be responsible for $50 of any loss.

Consumer Reports says another important way to protect against debit-card theft is to check your account frequently online. That way, you can spot any suspicious activity right away.

Consumer Reports has no commercial relationship with any advertiser or sponsor appearing on this Web site.

Heartland Breach Won't "Disappear"

Huge bank card scam hits Bermuda
Bermuda Sun

Hundreds of debit and credit card customers in Bermuda have been dragged into one of the world's biggest security breaches.

Bank of Bermuda and Butterfield Bank are warning customers to be on guard after cyber-crooks hacked into the computer system of an overseas payment company.  Individuals and businesses with Visa and MasterCard cards are said to be at risk from the data breach at Heartland Payment Services.  Some 'compromised customers' have already had their bank accounts closed and replacement cards with new account numbers issued.

And the island's two biggest banks are now advising all card customers to monitor their statements to look for any suspicious activity.

Tech-security experts said the breach could set a worldwide record. It is believed that the scam could be the result of a "widespread cyber fraud operation" and the stolen data could be used to make fake cards.Bank of Bermuda confirmed its customers had been affected and it was doing all it could to protect them.

Lisa Fox, head of card services at the Bank of Bermuda, said the bank was working to safeguard its affected customers by contacting them directly, closing compromised accounts and issuing replacement cards.

Robert O. Carr, Heartland's chairman and CEO, said he "sincerely regretted any inconvenience caused" by the data breach. He stressed that no personal information such as cardholder's PIN numbers, addresses or telephone numbers had been stolen.  Mr. Carr said: "We will not rest (in peace?) until we have the answers to how and why this breach occurred so we can prevent any future attacks at Heartland and elsewhere.

Full Story from Bermuda Sun

Related articles

• The Steady Ascent of the Debit Card (businessweek.com)
• Cash or credit - or debit card? (msnbc.msn.com)
• Fortune - MasterCard vs. Visa (pindebit.blogspot.com)
• Perfect Storm Brewing, HomeATM Perfectly Placed (pindebit.blogspot.com)

Strengthen Security of Online Payments - European Parliament

Security and safety of Internet transactions need to be strengthened, says European Parliament
Download the European Parliament Press Release in PDF format

More than half of EU citizens and nearly 1.5 billion people worldwide have access to the Internet. Yet, despite the fact that one out of three EU citizens conducts online purchases, only 30 million carry out cross-border shopping in the EU. In view of this, MEPs are demanding increased Internet security, simplified rules and specific measures for SMEs in a report adopted in Strasbourg with 562 votes in favour, 9 against and 10 abstentions.

In a report drafted by Giorgos Papastamkos (EPP-ED, EL), The European Parliament believes that lack of trust in the security and safety of transactions and payments "constitutes the most important danger for the future of e-commerce".

Editor's Note: HomeATM fully agrees with the assessment that the security of internet transactions need to be strengthened. It was the reasoning behind providing end-to-end encryption on our transactions since January '07. The lack of trust is a problem indeed, but in order to build trust, e-payments need to be End-to-End Encrypted. (E2EE) Without E2EE, another breach is imminent.

One guaranteed way to provide E2EE is via PIN Debit through a personal swiping device. Of course the PIN Entry Device (PED) would need to meet PCI 2.0 requirements by going through a series of rigorous testing. Upon completion of testing it would then need to be submitted through the proper channels in order to receive official PCI 2.0 certification. Should that happen, you have a game-changing platform. Which is why HomeATM was pleased to announce that it's SafeTPIN (T stands for Transaction) personal card swiper with built-in PIN Pad was deemed by Witham Labs to either meet or exceed PCI 2.0 standards. (HomeATM Meets PCI 2.0 Standards) In short, HomeATM has believed that the security of online transactions needed to be strengthened from day one, which was the basis for our approach to bringing safe and secure PIN-authorized transactions to the web.

MEPs call on the Commission to investigate the causes and to redouble its efforts to "create mechanisms for strengthening businesses' and individuals' trust in international electronic payment systems, as well as establishing suitable means for resolving disputes related to illegal commercial practices".

Combating counterfeiting, piracy and fraud

Illegal behaviour such as counterfeiting, piracy, fraud, breach of transaction security and violation of citizens' private space pre-existed in the "physical world", say MEPs, but these activities have been both "facilitated and exacerbated" by the abundant technological possibilities provided.

They stress the need to adopt and strengthen necessary and appropriate enforcement measures and for more effective and concerted coordination. This will permit the combating and elimination of existing illegal online commercial behaviour, without affecting the development of international e-commerce, MEPs say, especially with regard to cases liable to involve major public health risks, such as bogus medicines.

MEPs also believe that the regulatory deficiencies in the EU online market are hindering the development of a stable and strong European online industrial and commercial environment. This, they say, results in unsatisfactory levels of participation by European consumers in EU and international trade transactions and hinders creativity and innovation in commercial activity.

Improve regulatory provisions

MEPs deplore the regulatory provisions permitting or requiring geographic market partitioning, high Internet access charges, and any limits on the availability of delivery options in the EU.

The report calls on the Commission to improve the legal interoperability of Internet services through the development of model licences and other legal solutions compatible with jurisdictions. It also asks that existing European deliverables for legal interoperability be propagated in order to reduce both transaction costs and legal uncertainty for online providers.

The report points out that the inherently international character of electronic commerce calls for universal understanding and cooperation, and proposes that bilateral and regional trade agreements signed by the EU should contain explicit provisions covering broad and open use of the Internet for trade in goods and services. The fact that the Doha Development Agenda "does not mandate specific negotiations on e-commerce', is regrettable, it says.

Measures for SMEs

MEPs call on the Commission to develop a comprehensive strategy for removing the barriers to using e-commerce still affecting SMEs (access to ICT, costs of developing and maintaining e-business systems, lack of trust, lack of information, legal uncertainty over transnational disputes, etc.).

They ask the Commission to include policy recommendations, which offer incentives to SMEs to further participate in online trading products and services.

The report recommends the establishment of a database, designed to provide information support and management guidance to the new and inexperienced participants in online trading, and the conduct of a comparative economic analysis of the benefits of e-commerce and online advertising for SMEs, as well as case studies of successful EU SMEs trading online.

There is also a call for a detailed analysis of the influence of online trade upon conventional trading patterns and activities, in order to be aware of and consequently avoid potential adverse effects.

Increase investment for third-country Internet trade

Finally, MEPs believe that the participation of the least developed and other developing countries in international trade through the Internet has to be supported through increased investment primarily in basic infrastructure such as telecommunication networks and access devices. The report underlines the need for low cost and better quality provision of Internet services.

REF. : 20090204IPR48481

Source: Press Release

Juniper on Mobile Money Transfer Market

Press Release: Contraction in Migrant Workers Impacts Mobile Money Transfer Market by 50%, down to $73bn by 2011

Hampshire, UK – 4th February 2009: A new study by Juniper Research indicates that the mobile money transfer market will be particularly vulnerable to the effects of the global recession. The rapidly changing economic downturn is forecast to have an immediate impact on the gross value of mobile money transfers, with the market in the worst case scenario reaching $73bn by 2011. This is some 50% less than previously forecast, although strong growth overall is still expected in the long term.

The Juniper Research mobile commerce report determined that the short term impact of the recession is likely to be felt most severely in this market owing to the effect of job losses in the migrant worker population.

Report author Howard Wilcox pointed out: "We are still in the early stages of the recession but we are already observing significant layoffs which will affect a market where the growth is fuelled by migrant workers sending remittances home to families. Workers from countries such as India, the Philippines and Mexico are likely to be hit in this way because of the sheer numbers working abroad as expatriates. However, we still see this market long term as a significant growth opportunity."

The Juniper report determined that all the mobile commerce market segments are still set to grow significantly over the next five years driven by a range of factors including user demand, but they will all be affected to a greater or lesser extent by the recession. The report includes a top level assessment of the impact of the global economic situation resulting from the credit crunch on the main mobile commerce market segments.

The Juniper Research mobile commerce study analyses the trends and issues affecting the mobile commerce market, across all the main segments providing forecasts of gross transaction values for digital goods and physical goods purchases, NFC (Near Field Communications), mobile money transfers, ticketing, coupons and banking. The report also presents the latest application and services examples and case studies from in excess of 60 mobile commerce companies pioneering in this developing market.

Mobile Commerce whitepapers and further details of the study, 'Mobile Commerce: Prospects for Payments, Ticketing, Coupons and Banking 2008-2013’ can be freely downloaded from www.juniperresearch.com. Alternatively please contact John Levett at john.levett@juniperresearch.com, telephone +44(0)1256 830002.

Related articles by Zemanta

• Slowdown hits Mexico remittances (news.bbc.co.uk)
• Will NFC Answer the Call? (pindebit.blogspot.com)
• Is Online PIN Debit For Real This Time Around? (pindebit.blogspot.com)

Amazon Payments Taken Out of Beta

Amazon takes payments service out of beta

Amazon Payments, a subsidiary of Amazon.com, (NASDAQ:AMZN), today announced the General Availability of Amazon Flexible Payments Service (Amazon FPS) and the launch of Amazon FPS Quick Starts.

Amazon FPS Quick Starts aggregate various Amazon FPS APIs into a simplified set of APIs that substantially reduce the steps a developer must take to enable transaction processing on their websites. Now, developers can enable common payment transactions such as one time payments, recurring payments and pre-payments in hours rather than days.

Amazon FPS is the first payments service designed from the ground up specifically for developers. It is built on top of Amazon's reliable and scalable infrastructure and allows developers to accept payments from Amazon's tens of millions of customers.

Starting today, developers who sign up for Amazon FPS by March 15th and launch their applications by June 1, 2009 can take advantage of free payment processing for the first 90 days until total transaction volume reaches $500,000. To learn more about Amazon FPS, Amazon FPS Quick Starts, and the free processing promotion, visit amazonpayments.com/fps.

Amazon FPS Quick Starts include:

* Basic Quick Start enables one-time payments for e-commerce and digital goods, donations, and any other online service.
* Advanced Quick Start provides periodic or delayed payment features required by subscription and usage-based services such as digital music and online storage. Advanced Quick Start offers developers flexibility in specifying payment instructions by time period, amount, and frequency. For example, a user can make recurring payments for a specific amount at regular intervals or a sender might set a spending limit per week for a particular named recipient.
* Marketplace Quick Start is designed for building marketplace applications. Developers can facilitate transactions between a third party buyer and seller, take a cut of the transaction, and have control over who pays the transaction processing fees.
* Aggregated Payments Quick Start reduces processing costs by consolidating multiple transactions, including micro-payments, into a single, larger transaction. This Quick Start offers prepaid and postpaid mechanisms to aggregate transactions. You can enable your customers to create prepaid balances that can be used subsequently to make multiple smaller purchases on your web site or you can extend credit and charge them later for accrued usage. In both cases, the Aggregated Payments Quick Start enables you to programmatically track individual transactions and the aggregated amount.
* Account Management Quick Start simplifies integrating account activity, balance and transaction information into websites and existing applications.

"Developers have been excited about the flexibility that Amazon FPS offers and the wide range of innovative business cases it enables. Developers have asked us for an easier way to get started and tools that would enable them to make the most of the Amazon FPS feature set. This release incorporates this feedback by introducing Amazon FPS Quick Starts, which significantly simplifies integration while maintaining all the flexibility that Amazon FPS provides," said Mark Stabingas," General Manager of Amazon Payments. "Developers can now choose the Amazon FPS Quick Start that meets their unique business needs and monetize their innovations quickly."

"SocialGold's objective is to make it really simple and easy for users to buy currencies and goods in online games and social applications. Amazon FPS Quick Starts provide the most logical and easy-to-use interface we've seen," said Vikas Gupta, Co-Founder and CEO of Jambool, a virtual economy platform for online games. "With Amazon Quick Starts we could quickly zero in on the API we needed. The documentation is great, the API is lightweight and we believe Amazon FPS Quick Starts will be instrumental in helping us create a great experience for our users."

"Meetup is a worldwide network of local, offline groups," said Maya Voskoboynikov, Group Product Manager for Meetup. "By integrating with Amazon FPS, we are helping Meetup Groups develop their own economies in the form of membership dues, event tickets and sponsorship payments. Helping Meetup Groups grow their economies is key to supporting the growth of long lasting organizations. We chose Amazon FPS for its flexible and powerful API, which allowed us to build several custom solutions from one basic foundation."

"We needed to support hundreds of thousands of merchants across a vast network of boutique marketplaces," said Matthew Trifiro, CEO of 1000 Markets. "Amazon FPS was the only system capable of giving us a robust checkout experience across our network. We looked at other payment systems available and chose Amazon FPS because Amazon is the most trusted name in e-commerce and that leads to more sales."

Source: Amazon Payments, 06 February 2009

Related articles by Zemanta

• Amazon pulls beta tag from PayPal foe (theregister.co.uk)

Mobile Money Transfer Gaining Acceptance

Finextra: Monilink reports growing user acceptance of mobile money transfer

Monilink reports growing user acceptance of mobile money transfer

UK m-banking outfit Monilink is reporting a surge of interest in mobile payments, with over half a million pounds transferred by users in the past month.

The Monilink mobile money service is currently available to over half of UK adults including customers of Alliance & Leicester, first direct, HSBC, Lloyds TSB, NatWest, Royal Bank of Scotland and Ulster Bank.

Customer surveys indicate that the most requested new services are the ability to move money to third party accounts, such as topping-up travel cards, charging electricity and gas pre-payment accounts and paying-off credit card balances.

The vendor is currently expanding its portfolio to offer services for the most advanced smartphone devices, including the latest touch screen handsets. It says the ongoing development of services specifically designed for smartphones demonstrates the growing acceptance of mobile money services by consumers across the UK.

John Milliken, managing director of Monilink believes that big bank backing for the service is crucial to user acceptance.

"Consumers we talk to are still reluctant to give secure information to brands they haven't heard of before," he says. "In the UK the successful mobile money services are all presented to the consumer by the banks themselves which I believe is the crucial difference between the mass-market services here and some of those offered in some other places in the world."

Monilink recently introduced facilities for intra account transfer and international money mover services over recent months.

Says Milliken: "I look forward to continuing this trend with the announcement of our new payment services, including some of those that our customers have requested."

X-Force Is With You...

IBM has released it's 2008 X-Force Security Report.  Since I've been detailing how unsafe it is to do e-commerce in a Web browser space (7 words - You should be SwipePIN instead of Typin') I thought I'd share some statistics to back it up.  (click graph on left to enlarge)

X-Force Trend Statistics Report
The X-Force produces the X-Force Trend Statistics report twice per year, once at the end of each year and once at mid-year. These reports provide statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber-criminal activity. The information in this report is for customers, fellow researchers, and the public at large and is intended to help others understand the changing nature of the threat landscape and what might be done to mitigate it.

First, let's flashback and take a look at their leading paragraph from last years release:

"ARMONK, NY - 11 Feb 2008: IBM (NYSE: IBM) today released the findings of the 2007 X-Force Security report, detailing a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cybercriminals are now stealing the identities and controlling the computers of consumers at a rate never before seen on the Internet."

Here are some personally selected highlights:

Web-Related Security Threats

• The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent. Last year, China replaced the US as the most prolific host of malicious Web sites.

 

Browser-related vulnerabilities are still overwhelming the largest percentage of critical and high vulnerabilities affecting personal computers in 2008. (52 percent of all criticals and highs)

• Even good Web sites are facing more issues. Web applications, in particular, are increasingly vulnerable and highly profitable targets for helping the criminal underground build botnet armies

• Web applications in general have become the Achilles heel of Corporate IT Security. Nearly 55% of all vulnerability disclosures in 2008 affect Web applications, and this number does not include custom-developed Web applications (only off-the-shelf packages). 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008.

• Last year, SQL injection jumped 134 percent and replaced cross-site scripting as the predominant type of Web application vulnerability.

• Exploitation of Websites vulnerable to SQL injection has increased from an average of a few thousand per day, when they first took hold early in 2008, to several hundred thousand per day at the end of 2008.

• In addition to these vulnerabilities, many Web sites request the use of known vulnerable ActiveX controls, which leave Web site visitors who do not have updated browsers in a compromised position.

• The majority of phishing – nearly 90 percent – was targeted at financial institutions. Over 99% of all financial phishing targets are in North America or Europe, with the majority of targets in North America (58.4 percent).  

• The days of amateurs, college students, or hackers taking joy rides on corporate information systems are largely over. Today’s attackers are economically motivated. They are international criminal organizations who make a living stealing financial information and identities.

 

Remotely Exploitable Vulnerabilities

The most significant vulnerabilities are those that can be exploited remotely, because they do not require physical access to a vulnerable system. Remote vulnerabilities can be exploited over the network or Internet, while local vulnerabilities need direct system access.

2008 marks the third straight year where the percentage of remotely exploitable vulnerabilities has reached a record high.

In 2008, they represented 90.2 percent of all vulnerabilities, up from 89.4 percent and 88.4 percent in 2007 and 2006 respectively.

A factor in the increase that has occurred over the past few years is the growing number of Web application vulnerabilities, which are typically remotely exploitable and an ever-growing percentage of the overall vulnerability count.  See figure 14 above. (click to enlarge)

To take a look at the full 106 page PDF, click here.

Related articles

• IBM: malware economics, web security biggest issues of 2008 (arstechnica.com)
• IBM urges rethink on vulnerability assessments (vnunet.com)
• Web browser flaw could put e-commerce security at risk (Jonathan Stray/CNET News) (techmeme.com)

Parking Ticket = Malware in Disguise

Here's a new angle on getting people to unknowingly and willingly visit a site which installs malware on their machines.  According to Christopher Null at Yahoo Tech, hackers put counterfeit "parking tickets" on the windshields of illegally parked cars.  The counterfeit tickets instruct the car's owner to go to a website and pay the fine.  Yes, you guessed it...the website installs malicious code.  Here's his story:

Parking tickets actually malware attacks in disguise : Christopher Null : Yahoo! Tech

The last place anyone would expect to face a computer security attack is on the windshield of their car in the form of a parking ticket.

But that's the latest -- and intensely clever -- way that hackers are attempting to goad people into visiting infected websites and willingly install malware on their machines.

The scam is instantly clever once you hear how it works: Hackers print up phony "PARKING VIOLATION" notices and plaster them on cars parked on the street. The phony ticket directs the car's owner to visit a certain website, and of course the website in question (which largely seems to comprise of photos of badly parked cars) is a hack site which attempts to install malware on your PC.

Essentially what we have here is a phishing attack that takes place in the real world instead of via email. The use of fliers on parked cars is what's truly ingenious: A similar attack sent via postal mail would probably have minimal effect, but people are incredibly protective of their cars, and I imagine these windshield fliers will actually have a pretty good percentage of people typing in the URLs typed on them.

Related articles by Zemanta

• Fake parking tickets lead unwary to malware (theregister.co.uk)
• Phishing scam aims to hoodwink hotel habitants (theregister.co.uk)
• Experts predict rise in 'virtual' malware (vnunet.com)

UATP Processes Record $12 Billion in 2008

UATP Announces Record Charge Volume for 2008

UATP Announces Record Charge Volume for 2008
PR Newswire


WASHINGTON, Feb. 5 /PRNewswire/ -- Universal Air Travel Plan, Inc. (UATP), the low cost payment network privately owned by the world’s airlines, today announced record charge volume and profits for calendar year 2008. UATP CEO Ralph Kaiser stated, "UATP continues to prosper even in today’s economic environment. While we see challenges from an overall decrease in travel spending in the upcoming year, there are enough growth drivers in our business to continue to be optimistic about our performance in 2009."

UATP processed approximately US$12 billion in 2008, all with just 38 staff worldwide.

UATP has also been working hard to diversify its product offerings beyond its core corporate travel charge card business with great success. "UATP’s alternate form of payment processing business has taken off in 2008 much like our USS business did after its launch a few years back. Both lines of business are posting impressive growth rates," added Kaiser.

UATP’s alternate form of payment processing includes work for such online payment brands as Acculynk, BillMeLater, HomeATM, Moneta and PayPal.

USS is UATP’s in-house, proprietary settlement system which allows travel agency and low-cost air carrier payment processing to be conducted outside of normal channels. In 2009, in addition to offering air travel payment, with its industry leading data, UATP plans to expand its merchant base via USS to include hotels and rental car companies. This is expected to add significant charge volume to the network and greatly enhance the core product offering.

"Notwithstanding the current economic climate, 2009 will be a growth year for UATP. We are a dynamic and hungry company and we’re always looking for ways to save money for the airlines and their corporate customers while enhancing profitability for our shareholders," concluded Kaiser.

About UATP

UATP accounts are accepted as a form of payment for corporate business travel by airlines and travel agencies worldwide. UATP accounts are issued by: Air New Zealand (ANZFF.PK), American Airlines (NYSE: AMR), Austrian Airlines (AUALF.PK), Continental Airlines (NYSE: CAL), Delta Air Lines (NYSE: DAL), Japan Airlines (JALSY.PK), Northwest Airlines (NYQ: NWA), Qantas Airways, Ltd. (QUBSF.PK), United Airlines (Nasdaq: UAUA), and US Airways (NYSE: LCC). AirPlus International issues the UATP-based Company Account for: British Airways (LSE: BAY.L), Continental Airlines (NYSE: CAL), and Lufthansa German Airlines.

Contact:
UATP Corporate Communications
Wendy Ward, wward@uatp.com
+1 202 626 4077

SOURCE UATP

Paradigm Shift E-vidence Continues to Stack Up

In a continuing series of Paradigm Shift posts, I bring you this.   Earlier this week, Macy's announced they were cutting 7000 jobs amid reorganization.  Meanwhile, Amazon had it's best quarter ever. Something's going on here.  Let's take a closer look.

Yesterday Internet Retailer reported:

"Growth for the 110 e-retailers that have reported 2008 sales, so far, has reached 21.8% over 2007.  That's $33.50 billion for those same e-tailers in 2008 vs. $27.46 billion in 2007"

Let's just say that the bricks and mortar circuit didn't quite fare so well, and leave it at that. 

I was only joking back in December when I said that one November Thursday we'll turn on our TV to watch the Amazon Thanksgiving Day Parade...in fact, if I remember correctly, I think I may have even called that the "Parade-igm" shift.  Maybe I wasn't so off-base.

Speaking of shifts, there's an article out of the U.K. saying that more shoppers are preferring e-commerce over bricks and mortar.  It also says consumers prefer to "let their fingers do the shopping."  That's true, and there's a preponderance of mounting e-vidence pointing to that being fact, rather than speculation.

Apparently the Yellow Pages were way ahead of their time with their "let your fingers do the walking slogan, and that all well and good...

...until checkout time.  It's at that point whereby you should be taking out your card and putting those fingers on hold. Because if you are tempted to touch any keys when they ask for your card number, then here's  7 "key "words: 

"You Should be SwipePIN' instead of Typin'."

As the Paradigm Shifts into second gear, on the Internet Autobahn originally dubbed the information highway,  HomeATM will be there with our End Encrypted, Dually-Authenticated PIN Debit solution for the web.  (Did I forget to mention that by "SwipePin" instead of "Typin" we morph the transaction from "card not present" into a "card present" transaction?")  I didn't think so.
 

The Internet was originally called the  Information Highway for a reason.  When you "type vs. swipe", someone's going to be there to commit highway robbery...the information is out there  to be had.  If you don't want to be the one being "had, then simply stop being that "type" of online shopper. 

Would you not agree that if someone's going to be SwipePin' your card information, it should be you instead of the bad guys? 

Recent breaches/hacks at CardSystems, TJX, RBS Worldpay, and Heartland aren't a whisper...they're a shout!  Are they an anomaly?  If so, which one?  Sure, I understand that the V/MC, and EFT networks won't make as much revenue per transaction, but at whose expense are they making it anyway? 

I would suggest they take a closer look at the bigger picture...on the flip side, they just may save money by incorporating a PIN Debit approach to the web.  How you say?  Here's how...maybe, they'd avoid a 100 million card holder breach, which has the potential (at $202 per compromise) ,to put a major dent in the money they're making by keeping security low and interchange high. 

The inherent nature (and value) of PIN Debit's built-in security , when swiped, (what you have=card and what you know=PIN) would empower e-tailers to process transactions at rates up to 100 basis points lower than they are currently paying.  

Do the math on $33.50 billion dollars, (the figure Internet Retailer is reporting with only 22% of the results in, from last year) and multiply that  figure by 100 basis points.  That's money that would go back into the economy instead of into the coffers of lawyers defending Visa and MasterCard in court for Antitrust Violations. 

So, in my humble opinion, the time has arrived for the inevitable to occur.  We need to protect consumers and we need to protect e-merchants.  A more secure transaction via dually-authenticated end to end encryption shouldn't be "explored", it's the way it should be done...and HomeATM has been doing it that way, with $0 fraud since January '07.  

Oh...BTW...I almost forgot...here's the story providing further e-vidence of that Paradigm Shift...


Retailers lacking e-commerce likely to perish - CBR

Retailers who do not provide an online sales option to their customers are going to lose out on their business, as more shoppers are preferring e-commerce to high street shopping.

Businesses which do not invest in e-commerce are 30% more likely to fail, says Tenon Recovery, a turnaround, restructuring, recovery and insolvency specialist. Online retail sales in the UK rose from £46.6 billion in 2007 to £53.2 billion in 2008.

The rise in online sales was simultaneously marked by the closure of several high street stores. According to Tenon Recovery, the high street casualties are increasing as the businesses are investing more in brick and mortar buildings but not in e-commerce sites.

Carl Jackson, national head of Tenon Recovery, says that the new-age consumers like to go shopping with their fingers rather than their feet, as it is easier for them to compare prices online than move around the high street. Businesses which do not enable their consumers to shop 24 hours a day are at a disadvantage.

Tenon Recovery’s estimates are in line with the IMRG Capgemini e-Retail Sales Index for 2008, which has found that the online sales in the UK in December last year increased by 14.2% from 2007.

In an excerpt from a related story, "Online Sales to Jump Next Christmas" the e-vidence in the shift from retail, bricks and mortar, high street, call it what you will, to online is also mounting...

"...of the 2,000 consumers surveyed, 37% did more than half of their shopping online, while 59.9% spent more online this Christmas than last year.

Research undertaken by Capgemini, as part of the IMRG Capgemini e-Retail Sales Index, also observed that online sales have been increasing in spite of a fall in the growth of high street, as shoppers are turning to e-tailers to beat credit crunch.  (Editor's Note:  You can replace "credit crunch" with Snow, High Price of Gas, Time, etc.)

Matthew Tod, CEO at Logan Tod, said: “With 53% of those surveyed intending to increase online purchases for Christams’09, online retailers can look to see a sustained growth level as consumers continue to adopt the habit of online shopping.”

continue reading original story at CBR eCommerce

Related articles by HomeATM Blog

• Online Fraud Up...Down Under (pindebit.blogspot.com)
• Paradigm Shift: Retails 70%-22% Lead over Web Changes to 44%-49% (pindebit.blogspot.com)
• Sour E-conomy Doesn't E-qual Sour Grapes for E-Commerce (pindebit.blogspot.com)
• e-Commerce Expanding into Bricks and Mortar? (pindebit.blogspot.com)
• 12% of Online Buyers Have Been Victmized by Hacksters (pindebit.blogspot.com)
• Paradigm Shift E-vidence (pindebit.blogspot.com)
• First Data Transitions Chase Paymentech Portfolio (pindebit.blogspot.com)
• Heartland reveal massive credit card scam (vnunet.com)