Debit is King, Replaces Cash on Throne

Debit has Overthrown Cash as King

According to a new report from BAI and Hitachi Consulting, entitled: 2008 Study of Consumer Payment Preferences, debit card usage has not only soared, it seems to have pulled a coup d’état.

PIN and SIG Debit has "overthrone" cash as the news preferred payment method by consumers..  It now constitutes a whopping 37% of consumers payments. Cash has fallen into second place at 29%.  So it's official. 

Cash is no longer king.  PIN (Online) Debit is first... preferred 45% to 35% over SIG Debit which seems to reign far below in popularity, even in the face of banks and V/MC pushing it with their rewards based incentives. (20% have no preference) 

When it comes to purchasing goods online, it's literally impossible to "sign" a debit card...therefore, in reality, signature debit doesn't even really exist when it comes to the making purchases on the web. (That's one emperor who most definitely wears no clothes) With the recent onslaught of fraud, the inherent weaknesses in the browser space, combined with a call to arm consumers with more secure payments, (along their preference for PIN debit), it won't be long before online debit for online shoppers becomes mainstream. 

Speaking of mainstream...I don't know how HomeATM can even be considered an "alternative payment" method.  There's nothing alternative about us...patented, yes. HomeATM was NEVER an alternative payment company. PIN Debit isn't an "alternative" payment.   In fact, as this report shows, it's preferred!  Hence, when it comes to securing transactions there's no alternative but to provide an end-to-end encrypted (E2EE) solution. So it looks like HomeATM, with it's patented E2EE PIN Debit solution for internet retailers...is also royally sitting pretty! 

It's all part of the paradigm shift.  Debit is the new King, and PIN (Online) Debit is heir to the throne when it comes to online shopping.  Our ability to transform a Card Not Present into a Card Present (CNP2CP) transaction not only heightens security, but it signifcantly reduces costly interchange fees while virtually eliminating chargebacks.  Online Debit for Online Shopping is Inevitable...in this developing Perfect Storm!

Here's the press release announcing the report.  To read the report in PDF format, click here. 10 pages.

DALLAS--(BUSINESS WIRE)--Consumers’ use of cash is declining as they continue to embrace a range of card-based payment options, according to the 2008 Study of Consumer Payment Preferences, a nationwide study conducted by BAI Research and Hitachi Consulting, and sponsored by First Data, MasterCard Worldwide, Metavante, and PULSE.


Traditional card-based payment methods already have whittled away the base of check transactions in the United States, and are now impacting consumers’ use of cash, with 41 percent of consumers indicating they use cash less often today than they did two years ago.

“More and more consumers are substituting card-based payments in place of cash,” said Ajay Nagarkatte, managing director of BAI Research. “Of those who have reduced their cash use, 97 percent are shifting to credit, debit, or gift/prepaid cards instead.”



Credit Cards

Consumers carry an average of four credit cards in their wallets. However, only 2.2 of those cards are used to make purchases in any given month, underscoring how competitive the credit card market has become. Study findings reflected the consolidation that has occurred in the credit card industry, with 75 percent of consumers’ Visa and MasterCard credit cards coming from 10 issuers.

According to the study, nearly half of all active cardholders revolve at least a portion of their total credit card balance each month. Although a slight majority of cardholders (54 percent) reported they pay all credit card balances in full, 46 percent carry a balance on one or more cards.

A significant driver of credit card use is rewards programs. More than 75 percent of cardholders report having rewards attached to at least one card. Overall, 58 percent of cards earn rewards. For 51 percent of rewards cardholders, rewards have a strong impact on their use of the card.

Debit Cards

Debit cards have enjoyed phenomenal growth over the past few years, and according to the study, signature and PIN debit now account for a combined 37 percent of consumers’ in-store payments.

PIN debit is preferred by 45 percent of consumers, while 35 percent prefer signature (20 percent have no preference). Those preferring PIN debit consider it more secure, faster, and easier to use than signature.

Consumers preferring signature debit do so for the security,(Editor's Note:  What?), their inability to remember a PIN,  (Editor's Note: Oh...) lack of fees, and, in some cases, rewards programs.

Gift/Prepaid Cards
Growth of gift/prepaid cards was not as robust as some analysts anticipated. Gift/prepaid cards accounted for only four percent of consumers’ in-store purchases, the same as in 2005. Study findings suggest, however, that the market for open-loop gift/prepaid cards is increasing. Retailer-specific cards continue to dominate the gift card space, but more than twice as many gift card purchasers/receivers bought or were given a general purpose gift card in 2008 as were in 2005.

“Today’s card-based payments have done much to erode the base of paper transactions in the U.S.,” said Chris Allen, director, Consulting Services, Financial Services Practice at Hitachi Consulting. “And emerging payment methods like contactless and mobile are likely to take it further still.”

About the Study
The 2008 Study of Consumer Payment Preferences is based on a nationally representative sample of 3,308 U.S. consumers in June 2008. For more information or to inquire about purchasing the study, contact Chris Allen, director, Payment Strategy Group, Hitachi Consulting, at 617-753-9250 or Ajay Nagarkatte, managing director, Syndicated Research, BAI, at 312-683-2486.

About BAI
BAI is the financial services industry’s partner for breakthrough information and intelligence needed to innovate and stay relevant in an evolving marketplace. For more than 80 years, we have focused on advancing the industry by offering unbiased education and research. Our offerings are as diverse as the industry, and include premier events such as BAI Retail Delivery Conference & Expo, ground-breaking research and performance metrics, professional learning and development programs, and in-depth editorial coverage through BAI Banking Strategies. Visit www.BAI.org for more information. BAI is Bank Administration Institute and BAI Center.

About Hitachi Consulting Corporation
As Hitachi, Ltd.'s (NYSE: HIT) global consulting company, with operations in the United States, Europe and Asia, Hitachi Consulting is a recognized leader in delivering proven business and IT strategies and solutions to Global 2000 companies across many industries. With a balanced view of strategy, people, process and technology, we work with companies to understand their unique business needs, and to develop and implement practical business strategies and technology solutions. From business strategy development through application deployment, our consultants are committed to helping clients quickly realize measurable business value and achieve sustainable ROI.
Hitachi Consulting's client base includes 25 percent of the Global 100 as well as many leading mid-market companies. We offer a client-focused, collaborative approach and transfer knowledge throughout each engagement. For more information, call 1.877.664.0010 or visit www.hitachiconsulting.com.

About the Sponsors

About First Data (www.firstdata.com)
First Data, owner of the STAR® network, is a global leader in electronic commerce. First Data powers the global economy by making it easy, fast and secure for people and businesses around the world to buy goods and services using virtually any form of payment. Serving millions of merchant locations and thousands of card issuers, First Data has the expertise and insights to help customers accelerate their business.

About MasterCard (www.mastercard.com)
MasterCard Worldwide advances global commerce by providing a critical economic link among financial institutions, businesses, cardholders and merchants worldwide. As a franchisor, processor and advisor, MasterCard develops and markets payment solutions, processes over 18 billion transactions each year, and provides industry-leading analysis and consulting services to financial institution customers and merchants. Through its family of brands, including MasterCard, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories.


About Metavante (www.metavante.com)
Metavante Technologies, Inc. (NYSE:MV) is the parent company of Metavante Corporation. Metavante Corporation delivers banking and payments technologies to over 8,000 services firms and businesses worldwide. Metavante products and services drive account processing for deposit, loan and trust systems, image-based and conventional check processing, electronic funds transfer, consumer healthcare payments, electronic presentment and payment, business transformation services, and payment network solutions including the NYCE Network, a leading ATM/PIN debit network. Metavante is headquartered in Milwaukee.

About PULSE (www.pulsenetwork.com)
PULSE is one of the nation’s leading ATM/debit networks, currently serving more than 4,500 banks, credit unions and savings institutions across the country. PULSE is owned by Discover Financial Services (NYSE: DFS). The network links cardholders with more than 289,000 ATMs, as well as POS terminals at retail locations nationwide. The company is also a valued resource for industry research related to electronic payments and is committed to providing its participants with education on evolving products, services and trends in the payments industry.

Related articles by Zemanta

• Prevent Fraud Use PIN - Liberty Bank (pindebit.blogspot.com)
• "SwipePIN" Your Card Data...Better You than Fraudsters! (pindebit.blogspot.com)
• Terminal Disease Boosts Fraud (pindebit.blogspot.com)
• It's Global Warfare Against Visa/MasterCard (pindebit.blogspot.com)
• PIN Debit on the Web (pindebit.blogspot.com)
• Cash or credit - or debit card? (msnbc.msn.com)

Further E-vidence How PIN Debit Can Save E-tailers

In an article published by BlogCritics Magazine, they talk about the fact that e-commerce merchants are at great  risk to chargebacks due to the stolen card information obtained during the Heartland Breach.  I will put this as simply as I can...they have an opportunity to virtually eliminate this risk of chargebacks by employing HomeATM's PIN based solutiion which would mitigate this risk completely.  Here's their story, some of which I've highlighted to emphasize the impact of NOT utilizing a PIN based solution....

Are E-Commerce Merchants at Risk in Mystery Data Breach?

Days before the Heartland Data Breach was announced, volunteer computer security experts at the Open Security Foundation had already figured out what had occurred. Many believe Heartland is going to become the largest data breach in history and will surpass the TJX caper. At this point, only time will tell.

Now the folks at the Open Security Foundation are predicting another data breach at a card processor/acquirer that hasn't been announced to the public yet.  For over a week, they've been speculating about this mysterious data breach based on a tip, which was corroborated by other anonymous sources.

According to their latest post on this matter, they knew at the time it was a "card not present" breach at an acquirer/processor, but couldn't publish that it was. They are now reporting this based on it being revealed by another source.

On February 21, 2009, databreaches.net revealed evidence of this data breach based on information sifted from two credit union sites (TVACU.com and Pennsylvania Credit Union Association CardNet).

The only data elements at risk are account numbers and expiration dates. No track data, PIN, CVV2/CVC2 data or cardholder-identifying information was captured. The period of exposure being reported is from February to August of 2008.

It has also been written that the exposure was enabled by malicious software that was placed on the unknown acquirer/processor's system. Both of the credit union sources also state that it is being left up to the card issuers, whether to issue new cards or monitor the accounts for fraud. Reissuing cards has become a major expense to the card issuers after a data breach is discovered.

This makes me wonder if we will discover that the acquirer/processor was PCI DSS (Payment Card Industry Data Security Standards) compliant? PCI DSS is the payment card industry's own set of standards to protect data. In many of the recent breaches, the "breached" met this standard, which has led to questions as to whether it is really effective or not.

Both articles also indicate that Visa/Mastercard are not revealing the source of this breach until the "mysterious source" of it makes their own announcement on the matter.

Given these reports, my speculation is that this information could be used in e-commerce type transactions.  If only primary account information and expiration dates were exposed — counterfeiting it on cloned cards is unlikely. It simply wouldn't be feasible to do so by the criminals involved.  (Editor's Note:  But purchasing online with Card Numbers and Expiration Date is easy to do, not so if they required PIN numbers which were NOT exposed...)

This doesn't mean that there are no financial risks involved to businesses in this data breach. E-commerce fraud is a big problem and its estimated impact on merchants last year was $4 billion. To fight this problem, most e-commerce merchants manually review orders to detect fraud, which can be a substantial payroll cost. The percentage loss to fraud in e-commerce has been stable for about three years, but since sales have increased, the dollars lost to it are growing.

Card-not-present chargebacks are frequently returned to merchants as chargebacks. The best way (Editor's Note: Really the second best) of avoiding these types of chargebacks is to verify transactions using the address verification service (AVS), the card verification value code 2 (CVV2), the card validation code 2 (CVC2), and the card identification (CID) when processing transactions.

Editor's Note: Actually, the best way to avoid these type of chargebacks is to utilize HomeATM's PIN Debit application.  Chargebacks are virtually eliminted with PIN based transactioins, and also would significantly reduce costs associated with manually reviewing orders to detect fraud.  Of course, the other benefit is lower interchange costs associated with the more secure PIN based transaction.  The story continues...

Smaller merchants — who ironically are charged the highest interchange fees for accepting card payments — are at the most risk because fraudsters count on the fact that they do not verify a lot of this data because of the associated costs and their ability to afford doing so.  

Perhaps this one of the reasons why there is no rush to reissue cards. If the only information stolen can be used in card-not-present transactions, the card issuers are at little risk of suffering any financial losses. They will simply charge them back to the merchants, who failed to ensure the transaction wasn't fraudulent. It might be a good time for e-commerce merchants to be more cautious.  Editor's Note:  It may be a better time to switch over to PIN Based transactions powered by HomeATM...

From what I can gather, this matter isn't exactly confidential; having said that, it appears that primarily financial institutions are being warned and not the e-commerce merchants who logically will be the primary target if this stolen information is used. The costs in the aftermath of data breaches are substantial and who bears the brunt of them is becoming a hot topic.  Editor's Note:  Which I predict, will, in turn, make the idea of instituting a PIN Debit platform a hot topic as well... 

To close this post, I will refer to a good information source on preventing chargebacks from Wells Fargo. There are a lot of other sources, but a lot of them are selling something. If anyone has any other good sources, please feel free to leave a comment and share them with everyone!  Editor's Note:  Will do!

heartland breach, e-commerce, Open Security Foundation, TJX, largest data breach in history,

PIN Debit Payments Blog Now "PIN Payments Blog"

You may have noticed something different about the HomeATM Blog today...


The PIN Debit Payments Blog has decided to change it's name to simply The PIN Payments Blog. You can see the change reflected in the banner above vs the one pictured below. Not a major change to be sure, but I thought I'd address it. Although most everything else will remain the same, the reasoning behind the change is that HomeATM is in no way "limited" to providing only PIN Debit Payments. HomeATM can process credit cards just as easily as debit but employs a unique approach to credit card processing by providing an "end to end encrypted" (E2EE) process by attaching a "PIN" to credit cards. In fact...

We are the only provider that we are aware of who (and based on the fact that our process is patent-pending, I assume it will stay that way until further notice) can offer and provide "PIN Credit Payments" as well as "PIN Debit Payments." I talk more about that below.

In addition, we enable a secure E2EE PIN Mobile Payments platform... a dually-authenticated E2EE PIN Based P2P Payments platform and yes, we can even provide business owners with an E2EE approach for PIN Based B2B payments enabling SME's to pay invoices to their regular suppliers. With HomeATM's B2B platform we enable SME's to issue and reload Corporate Prepaid Cards in order for them to be used for business travel or expenses. We can do the same in situations that have a need and desire to implement a secure Payroll Card Platform.

So HATM, as a whole, is by no means limited to PIN Debit, but is in essence, one of the industry's leading "PIN Payments Providers" hence the name change to the "PIN Payments Blog."

Today I'll talk more about our PIN Credit Application. Most likely you've probably never heard the term PIN Credit, but there are some underlying reasons behind why our engineers have come up with our patent-pending approach to attaching a PIN to a credit card. Let's take a closer look...

Over the course of the last several months, I've talked about our "PIN my Card™" program. To review, HomeATM's PIN my Card™ application, will alow credit card users to assign a PIN code to their credit cards. This unique offering provides a couple of distinct advantages.

First, and foremost, it allows for the end-to-end encryption of credit cards processed by online shoppers. In today's fraud-smitten environment, we feel our PIN my Card program can virtually eliminate fraud. Secondly, it will allow our CNP2CP™ (Card Not Present to Card Present) process to occur with a credit card. This is important to consumers because it ensures that it is them using their card rather than a fraudster simply typing in their Personal Acccount Number that they stole from, using the most recent example... Heartland Payments.

CNP2CP™ also also provides important benefits to Internet Retailers as well.

For one, A CNP2CP™ enabled transaction provides a safer environment, along with the lower interchange rates associated with the vastly more secure "CP" transaction. Secondly, by attaching a PIN to a credit card, we provides retailers with the ability to accept a dually-authenticated transaction, thus an additional layer of security. (What you have/Card and What You Know/PIN). This added layer of security further reduces interchange fees. Combined, Internet Retailers can save up to 100 basis points vs. the way they now process credit card transactions.

So at the end of the day, when the smoke clears, HomeATM is not limited to providing PIN Debit Payments by instead PIN Payments as a whole. For that reason, we have decided to change the name of the blog to the PIN Payments Blog. We will continue to strive towards bringing you the latest payments news from around the globe with an emphasis on security along with latest developments from HomeATM. Thanks for visiting the HomeATM PIN Payments Blog and feel free to leave any comments below. Here's more on the Chip and PIN Dilemma...

Related articles

• Chipping Away at Credit Card Fraud (pindebit.blogspot.com)
• PIN Debit on the Web (pindebit.blogspot.com)
• Signature Debit Wrestles Fraud, Get's PIN'd (pindebit.blogspot.com)

Heartland Breach...Just Keeps Growing and Growing

Bank Info Security is reporting that the number of banks affected by the Heartland Breach has now reach 500+.  Here's their story:

Heartland Data Breach: 500+ Institutions Affected
Related Phishing Scam Uncovered in Texas
February 23, 2009 - Linda McGlasson, Managing Editor

The number of financial institutions that stepped forward to say their customers' credit or debit cards were compromised because of the Heartland Payment Systems (HPY) data breach has now reached more than 500. Heartland Payment Systems data breach coverage

Little more than a month ago, on Jan. 20, Heartland, a Princeton, NJ-based payments processor, went public that it had discovered hackers had gained access to its computer networks and had been able to see credit card and debit card numbers as they were processed for several months in 2008. The nation's sixth largest payments processor, Heartland said it processed an average of 100 million transactions each month in 2008, and has about 175,000 retail and merchant customers for which it handles credit and debit transactions across the U.S.

Three customer class action suits have been filed in U.S. Federal Court in New Jersey against the payments processor by Philadelphia-based law firms. No class action suit on behalf of institutions affected by the breach has been filed yet.

Three men were arrested and charged with using "cloned" or counterfeit cards with stolen credit card numbers from the Heartland breach in Tallahassee, FL earlier this month, but no further arrests have been made in the case. The three men arrested in the Florida fraud case were described as lower-level players, but law enforcement continues to follow the trail of fraud and credit cards stolen in the Heartland breach that have been used in Mexico, Texas, Florida and other states.

Related Phishing Scam Hits Texas Bank

A bank in Texas reports that its customers are being targeted in a phishing scam related to the Heartland breach. Extraco Bank in Killeen, TX had to replace 9,000 cards that were compromised. On Saturday, the bank told customers in an email that if they received a text message or page that told them to call an 866 number and asked for debit or credit card number, expiration date and PIN numbers, to contact the bank. It is a phishing scam, the bank told its customers.

The local paper, The Killeen Daily Herald, reported the bank's phishing scam on Sunday. Identical scams were already reported in other local area cities, says Extraco. The bank is working with AT&T and the U.S. Secret Service to trace the scammer and get the number disconnected.

Related articles

• Payment Processor Heartland Reports Breach (cbsnews.com)
• Three Men Arrested In Heartland Data Breach For Using Fake Visa Gift Cards [Credit Card Fraud] (consumerist.com)

Phishing Attacks Surge in 2008

The volume of phishing attacks detected by RSA during 2008 grew by 66% over those observed throughout 2007, with UK and US financial institutions bearing the brunt of the assaults.

The first six months of 2008 demonstrated a dramatic increase in the volume of phishing attacks detected by RSA, peaking in April with 15,002 attempts. Attacks initiated by the notorious Rock Phish Gang and those initiated via other fast-flux attacks accounted for over half of the bombardment during this period.

US financial institutions suffered a whopping 68% percent of the total number of attacks, ten times higher than the number of brands targetted within the UK - which ranked a distant second on the list.

Although the US led by a huge margin in terms of the number of attacked brands during 2008, the UK led in terms of total volume of exploits. This is a result of several massive surges of attacks against a small number of the country's financial institutions during 2008.

RSA also noted the expansion of phishing into new territories, such as Latin America and Asia Pacific as a key contributory factor in this year's volume growth.

Utah Transit Authority Accepts Contactless

Image via Wikipedia

Press Release:

Utah Transit Authority Showcases Open Payment System for Transit

New electronic payment system unveiled at annual Smart Card Alliance event

Editor's Note:  Earlier I posted about how even though PIN Debit is preferred 45% over 35% over SIG Debit, one of the underlying reasons for those who preferred SIG Debit is they couldn't remember their PIN.  With that said, it would make sense that there could be a flaw in this system.  Specifically: 

Tap on. Tap off. Be sure to tap on when boarding and tap off when exiting to complete your trip. It is important to remember to tap off with the same card when exiting in order to close out the trip, as failure to tap off would leave the trip incomplete. This is especially important for FrontRunner, which charges you based on the distance you travel. If you fail to tap off on FrontRunner, you will be charged the maximum fare, instead for only the distance that you have traveled.

The Utah Transit Authority is showcasing its new electronic fare collection system this week at an event held in Salt Lake City by the Smart Card Alliance. The new electronic payment system for the transit agency is the first full-system rollout of a transit payment system based on the open payment network.

UTA’s new EFC system accepts major contactless credit and debit cards such as Visa payWave, MasterCard PayPass and American Express expresspay for a single adult cash fare on more than 600 buses and a fleet of light rail and commuter rail trains.

Payment authorization is initiated when a customer taps a contactless credit or debit card to an electronic reader on a train platform or bus. Riders are also asked to tap off when exiting in order to complete their trip and get an electronic transfer. The rider is then able to tap onto a new bus or train without being charged for a new trip. The final charge is processed through a back office system that matches up individual card “taps” within the two hour transfer window to create a complete trip and calculate the final charge. Customers may also pay for more than one rider by tapping on and tapping off multiple times, once for each rider.

In addition to providing a new method of payment for customers, the “tap on/tap off” approach provides UTA with valuable data that the transit agency will use to adjust services to better reflect the actual travel patterns of its riders.

“The new EFC system is an investment in the future that will pay big dividends for our riders,” said John Inglish, UTA general manager. “The EFC system will help UTA better determine ridership patterns and be more responsive when planning service.”

The system, which officially launched in January, is used daily by thousands of UTA riders. In addition to accepting credit and debit card payments, the new EFC system is also being used to validate UTA-issued passes carried by corporate and educational customers as well.

A technical tour demonstrating the new electronic payment system and supporting infrastructure will be held on Friday, Feb. 27, from 8 to 11:30 a.m. at the UTA corporate offices located at 3600 South 700 West, Salt Lake City, Utah. To attend, please RSVP to Carrie Bohnsack-Ware at (801) 634-1864 or e-mail cbohnsack-ware@rideuta.com.

For more information, visit www.rideuta.com/electronicfare.



###

Established in 1970, UTA has become a multi-modal transportation leader that is 100 percent accessible with 69 light rail vehicles, 30 commuter rail cars and more than 600 buses. UTA’s TRAX light rail system is currently averaging between 40,000 and 50,000 riders a day along its 15-mile Salt Lake-Sandy line and the 4-mile University Line. UTA is an ISO 14001:2004 9001:2000 certified agency. During the 2002 Winter Olympic Games, UTA’s transit system was declared a great success on the international scene - carrying more than four million Olympic riders.

utah transit authority, homeatm, pin debit, contactless

Made in India, Aimed at US

Business Case for Contactless: Made in India, Aimed at U.S.

As part of their efforts to deliver banking services on mobile phones, banks have had to learn to work with wireless carriers.

This still-evolving partnership forced the two players, which had rarely collaborated in the past, to confront such issues as how to deliver the software to users and who is responsible for resolving technical problems. And as banks look to add mobile payments to the equation, they face an even more complicated challenge: persuading carriers to install the chips that are required for phones to support contactless purchases.

Citigroup Inc. is hoping that an upcoming test in India of phones with contactless payment capabilities will help it develop a business case to present to carriers in the United States.

"The mobile phone really has emerged more recently as the big thing that's going to take contactless over the edge," Jeff Semenchuk, the executive vice president at Citi Innovation, said in an interview Tuesday.

He said the goal of the Bangalore test, which could get under way as early as April, is to collect enough data on consumers' use of mobile phones equipped with contactless payment chips to demonstrate to handset manufacturers and U.S. carriers that including the same chips in phones in this country would be worth the investment.

"It's no longer a technology trial or anything like that. It's literally a business model trial," Mr. Semenchuk said.

He said Citi plans to collect data in India through the end of the year, and that if the test goes as expected it would be two to three years before mobile phones with contactless chips are widely available within the United States. But once the wireless industry is sold on the idea, the transition could come rapidly, Mr. Semenchuk said.

The idea of including payment features in phones is "where it used to be with camera phones," he said.

Cameras in phones were initially dismissed as a gimmick, but caught on quickly and are now ubiquitous, he said. "It's inevitable that contactless will be huge."

Continue Reading at Bank Technology News

Related articles by Zemanta

• Samsung Wins Big In China Telecom's First 3G Mobile Phone Tender (chinatechnews.com)
• Cellphone Makers Start Offering 'Green' Models (nytimes.com)

Security Challenges, Opportunities in an Increasingly Mobile World

Smart Card Alliance Conference Program for
CTST The Americas 2009 Explores Security Challenges,
Opportunities in an Increasingly Mobile World

PRINCETON JUNCTION, NJ, February 23, 2009 –

An agenda packed with information about technology and market trends is in store for attendees of CTST The Americas 2009, the premiere event for secure identity and payments. Being held May 4-7, 2009 at the Ernest N. Morial Convention Center in New Orleans, CTST 2009 is the place to see cutting edge presentations and case studies, learn best practices, meet with innovative vendors, witness live demonstrations, network with industry peers and more.

The Smart Card Alliance, as part of a continuing partnership with CTST and SourceMedia, is once again producing the conference program as its official annual meeting. The Alliance has built the conference program around the theme of “Enabling Secure Identity and Payments in a Mobile World.”

“Our increasing mobility—using cell phones, the Internet and digital transactions—has changed the way we interact and the way our identity, payment and other information is handled and used,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “What can we do to keep our information protected? Our conference program will cover all of the newest business applications and technology developments in identity, payments, government, mobile communications, healthcare and transit applications, and how these developments translate into business opportunities in a new, more mobile, world.”

More than 120 speakers will cover a wide range of topics divided into four main tracks—Identity & Security, Payments & Applications, Mobile & NFC, Emerging Technology—and two one-day spotlight tracks—Healthcare and Latin America. Attendees can pick the sessions that interest them most, and leave time to visit the exhibit hall. Keynote sessions start each day, bringing together executives from the payments, security and mobile industries for interactive roundtable discussions. Attendees can meet with colleagues during dedicated networking sessions during the day and at the evening receptions sponsored by the Smart Card Alliance and other supporting sponsors.

Three pre-conference workshops from the Smart Card Alliance, Collis and OATH are offered this year, covering the topics of “Smart Card Technology and Payments Applications,” “Mobile & Contactless Payments from EMV to NFC,” and “OATH Initiative for Open Authentication Workshop,” respectively. The Alliance will also present its “Outstanding Smart Card Achievement” (OSCA) awards at a Networking Reception on Monday night, May 4. The OSCAs recognize the issuing organization, technology organization and individual that have significantly impacted and influenced the market for smart cards in North America.

The complete agenda and full registration details are available on the CTST Web site. Early registration discounts and the conference rate at Hilton New Orleans Riverside hotel expire on April 4, 2009. Smart Card Alliance members receive one free registration at CTST and qualify for a $200 discount off additional paid registrations.

CTST 2009 sponsors are Collis, First Data, Gemalto and Oberthur Technologies.

Related articles by Zemanta

• Gemalto Wants EMV in USA (pindebit.blogspot.com)
• Canada's EMV Transition Numbers (pindebit.blogspot.com)
• Money Transfers to Account for 50% of Mobile Payments by 2013 (pindebit.blogspot.com)

CNP Forum Annual Conference in Barcelona

What:  CNP Payment Forum

Where & When:
Mon 11 May - Wed 13 May in Barcelona, Spain check the agenda to see a detailed overview of the days events.

We are a non-profit organisation created by and committed to serving merchant organizations that process CNP transactions (Customer-Not-Present) i.e. e-commerce, mail and telephone orders).

Editor's Note:  Of course, another alternative to dealing with the inherent risks associated with CNP is to enable a CP environment.  HomeATM can enable ANY internet retailer to transform CNP-2-CP with our patented approach to reducing fraud and increasing a web retailer's bottom line.   For more information on how your organization can signficantly lower risk, interchange fees, and virtually eliminate chargebacks, email us at : CNP2CP@HomeATM.net. 

Back to the CNP Forum.  They are inviting representatives of acquirers, card schemes and payment service providers to participate with their respective merchants in their activities in order to encourage dialogue and best practices between all stakeholders in the CNP arena. CNP Payment Forum was formed by European merchants with support from Direct Respons Forum (DRF) USA

Purpose:
To provide an opportunity for CNP payment professionals to address and share the unique challenges facing CNP merchants that include:

1. Management and optimisation of multiple payments methods and channels across borders;
2. Maximisation of business opportunities through payment instruments;
3. Integrating payment processes with complex inter-company systems;
4. Compliance with requirements imposed by regulatory bodies;
5. Strategies for handling disputes and fraud;
6. Education, sharing of best practices and keeping up-to-date on current trends, new technologies and payments related initiatives;
7. Influencing payment organisations and regulators for the benefit of the CNP space.

Mission:
CNP Payment Forum serves CNP merchants by providing: networking opportunity, education, sharing of best practices and representation (or engagement) in promoting the interests of the industry in CNP processes.

What we do:
A yearly conference for all levels of Customer Not Present Merchants. Highlights include:

1. Beginners: Credit Card Processing 101, Chargebacks 101, Recurring 101
2. Advanced: Round Table discussions, Industry Updates, Faster Payment, SEPA PSD, AML, PCI DSS Compliance Sessions and Panels;
3. Shared merchant experiences from different industry sectors;
4. Opportunity to share information with peers regarding loss prevention and trends in processing and technology;
5. Engage in substantive dialogue with payment industry leaders and card company executives;
6. Speak directly with representatives from European Commissioner, Chase Paymentech, CyberSource, GlobalCollect, EMS Card, VISA, MasterCard, American Express, JCB, Maestro, PayPal, and many other companies.

By providing CNP merchants with a venue to exchange views, share best practices, discuss technologies and payment related products, it is expected that merchants will discover ways to work together to influence the direction of the operational supply chain and payments industry.Merchant participation is vital to the future success of this forum.  We encourage all interested parties to contact us - we need volunteers.  There are no costs associated and by serving on a committee, you can help shape the future of our industry.  To find out more please contact us.

Location: Held at the 5 star Eurostars Grand Marina Hotel  visit website »  or... as previously mentioned, you can learn how to transform CNP2CP, which lowers risk, interchange and virtually eliminates chargebacks by contacting HomeATM at CNP2CP@homeatm.net

Visit HomeATM at www.homeatm.net

Related articles by Zemanta

• PIN Debit on the Web (pindebit.blogspot.com)
• More on PCI and Tiers 1, 2 and 3 (pindebit.blogspot.com)
• 25 E-Commerce Tech Terms You Should Know (pindebit.blogspot.com)
• It's Global Warfare Against Visa/MasterCard (pindebit.blogspot.com)
• Fighting Visa and MasterCard (pindebit.blogspot.com)
• Alternative Payments Continue Torrid Growth (pindebit.blogspot.com)
• Interchangeable -Antitrust and Visa (pindebit.blogspot.com)
• What is a Chargeback and How Can HomeATM Eliminate Them? (pindebit.blogspot.com)

Acculynk: Card Not Present PIN Transaction

Acculynk uses a floating PIN Pad to process PIN Debit transactions on the Internet.  But if the Card's Not Preset, then where's the PIN Verification Value or the PIN Offset which is resident on the magnetic stripe of the card?  Hmmm?  Maybe the CNP Forum can address those questions in Barcelona...

Card Not Present Payment (CNP) Forum Annual Conference 2009 to be held May 11-13th in Barcelona, Spain.

Editor's Note:  If you'd like to learn how you might be empowered to transform "CNP" transactions into "CP" (Card Present) transactions, please contact HomeATM at: CNP2CP@homeatm.net.  Our CNP2CP solution works for all Internet Retailers, and any merchant who is on the go, including but not limited to, Food Delivery, In Home Services/Sales, MLM, Flea Markets, Fairs, Trade Shows, etc.  HomeATM's CNP2CP program lowers interchange, risk, fraud, and virtually eliminates chargebacks. 

The CNP Payment Forum serves CNP merchants by providing: networking opportunity, education, sharing of best practices and representation (or engagement) in promoting the interests of the industry in CNP processes.

What is it? A yearly conference for all levels of Customer Not Present Merchants. Click the picture on the right to enlarge and read.

Highlights include:

1.Beginners: Credit Card Processing 101, Chargebacks 101, Recurring 101
2. Advanced: Round Table discussions, Industry Updates, Faster Payment, SEPA PSD, AML, PCI DSS Compliance Sessions and Panels;
3. Shared merchant experiences from different industry sectors;
4. Opportunity to share information with peers regarding loss prevention and trends in processing and technology;
5. Engage in substantive dialogue with payment industry leaders and card company executives;
6. Speak directly with representatives from European Commissioner, Chase Paymentech, CyberSource, GlobalCollect, EMS Card, VISA, MasterCard, American Express, JCB, Maestro, PayPal, and many other companies.

By providing CNP merchants with a venue to exchange views, share best practices, discuss technologies and payment related products, it is expected that merchants will discover ways to work together to influence the direction of the operational supply chain and payments industry. Merchant participation is vital to the future success of this forum. We encourage all interested parties to contact us - we need volunteers. There are no costs associated and by serving on a committee, you can help shape the future of our industry. To find out more please contact us

Or, as previously mentioned, you can learn how to transform CNP2CP, which lowers risk, interchange and virtually eliminates chargebacks by contacting HomeATM at CNP2CP@homeatm.net

Or visit HomeATM at www.homeatm.net

Related articles by Zemanta

• PIN Debit on the Web (pindebit.blogspot.com)

Reasercher Demo's SSL Attack (Still Can't Hack the PIN)

As the name implies, "Browsers" are for "browsing" ...when you're done and it comes time to make that online purchase...it should be done "outside the browser." 

I posted earlier this year (Browsers and E-Commerce Don't Mix - January 2nd  2009) that researches disclosed that a key piece of Internet technology that banks, e-commerce sites, and financial institutions rely on to keep transactions safe suffers from a serious security vulnerability. 

They demonstrated how to forge security certificates used by secure Web sites, a process that would allow a sufficiently sophisticated criminal to fool the built-in verification methods used by all modern Web browsers--without the user being alerted that anything was amiss. 

They also said it was unlikely to affect most Internet users in the "near future" because taking advantage of the vulnerability requires discovering some techniques that "are not expected to be made public." 

Oh really...?  Well that's good news!   Oops!  Wanna watch the video on YouTube?  It's embedded at the end of this post... 

Researcher demonstrates SSL attack
By Tom Espiner ZDNet.co.uk
Posted on ZDNet News: Feb 20, 2009

A security researcher has demonstrated a way to hijack Secure Sockets Layer (SSL) sessions to intercept login data.

Moxie Marlinspike, who spoke at the Black Hat security conference on Wednesday, explained how to subvert an SSL session by performing a man-in-the-middle attack. The anarchist researcher explained in a YouTube video that the attack uses a tool developed called SSLstrip, which exploits the interface between http and https sessions.

"SSLstrip man-in-the-middles all of the potential SSL connections on the network, specifically attacking the bridge between http and https,"Marlinspike said in the video. (embedded at the end of this post)

Secure Sockets Layer, and its successor Transport Layer Security, are cryptographic protocols used to encrypt communications over TCP/IP networks. SSL and TLS are often used by banks and other organizations to secure web transactions.

The attack relies on users not directly calling up an SSL session by typing a URL into a browser. Most users initiate sessions by clicking on a button. These buttons are located on unencrypted http pages, and clicking on them will take users to encrypted https pages to log in.

"That opens up all kinds of avenues for ways that you might intercept [details]," Marlinspike said. In his Black Hat presentation, he claimed to have gathered details on 117 email accounts, seven PayPal logins and 16 credit card numbers, within a 24 hour period.

SSLstrip works by watching http traffic, then by acting as a proxy when a user attempts to initiate an https session. While the user believes the secure session has been initiated, and SSLstrip has connected to the secure server via https, all traffic between the user and SSLstrip is http. This means "disastrous warnings" displayed by browsers are avoided, as to the browser the session appears normal. Login details can then be harvested.

Marlinspike said that an https padlock logo can be spoofed in the URL bar, to further lull the user into a false sense of security.

While SSL is generally accepted as being secure, security researchers have claimed SSL communications can be intercepted.  In August last year, researcher Mike Perry said he had been in discussions with Google regarding an exploit he planned to release, which would allow a hacker to intercept a user's communications with supposedly secure websites over an unsecured Wi-Fi network.

This article was originally posted on ZDNet.co.uk.

homeatm, SSL attack, hackers,

Related articles

• HTTPS - Not As Secure As You Thought (lockergnome.com)

Citi Replacing Cards After Breach...but How Many?

According to the Press Association, Citigroup has started sending replacement credit cards to its customers, apparently in response to a massive security breach at Heartland Payment Systems.

"Heartland Payment Systems revealed that its system used to process Visa, MasterCard, American Express and Discover Card transactions was breached late last year.  The Princeton, New Jersey, company said the breach did not involve  personal identification numbers (PINs)"

(Editor's Note:  Translation for They didn't get the PIN's.  What If banks and V/MC  had pushed the more secure "PIN Debit, instead of pushing the less secure "signature debit"?  Sure, their excessive profit's derived from higher interchange fees and the milking of $17 Billion dollars off consumers from overdraft charges was nice but now it's kinida biting them in the *ss.  I guess there is a price to pay when self-interests are given priority over what's best in the long run.  What's best in the long run is securing payments...so at the end of the day, this dilemma has been exacerbated by their own self-serving modus-operandi.

Earlier this week I posted that every $100 of PIN based transactions there was 1.09 cents of fraud.  Signature debit comes in at 5.4 cents.

It will be interesting to see how drastically those numbers shift after the final tally on how much this breach winds up costing. Don't expect anything too drastic however...it wouldn't be in V/MC's best interest if those numbers become any more disparate.

Prediction 1: The new signature debit fraud numbers WILL NOT include costs associated with replacing cards and monitoring accounts...only the actual amounts of fraud committed using the breached card numbers. They want to keep these numbers as low as possible.

Prediction 2:  The PIN debit fraud number's will always include every single penny derived from skimming, tampering, the use of camera's, people foolish enough to provide their PIN's to scam artists, and if they could, they'd include ATM Bombs.  V/MC will manipulate the data in order to skew these numbers to appear as high as possible, to keep people from questioning their mindset in pushing SigDebit over PINDebit.

Predilection 101: Visa and MasterCard will continue to push whatever makes them the most money.

Prediction 3:  Because of their aforementioned predilection, V/MC will be involved in yet another Antitrust lawsut, drag it on for as long as possible, and settle for about a third of what they wrongfully profited while they dragged it out over the years on the morning the case is scheduled to begin.  OR...they will see the light of day and determinie that their strategy won't hold up in the long term, and having learned from past mistakes, work with the other EFT networks (Visa owns Interlink/MC owns Maestro) and empower PIN Debit instead of fraudsters.  Flip a coin. 

So...how many cards will Citi have to replace?  Citibank has not revealed how many of its customers are involved however...Citi has more than 150 million credit card accounts worldwide.

Meanwhile...the growing number of banks across the US have that have said their customers were involved in the Heartland breach and have issued new cards to consumers has climbed to 440+. . The rest are still monitoring their systems for unusual activity to detect fraud.

Please take a moment to participate in our poll. 
You will be able to view results after voting.

Click Here to Take Poll/View Results

Related articles

• US credit card payment house breached by sniffing malware (theregister.co.uk)
• Will any one of Bank of America, Citibank, CapOne or Chase buy a transaction network in 2009? (hubdub.com)
• Another day, another 100 million credit cards compromised (venturebeat.com)
• Perfect Storm Brewing, HomeATM Perfectly Placed (pindebit.blogspot.com)

HomeATM Plans On Participating in FinovateStartup09

HomeATM has committed to attend Finovate Startup '09
and plans on participating as one of the presenting company's as well. 
Developing...

To learn more about Finovate Startup ''09 and Finovate '09 you may visit either
www.Finovate.com or Netbanker.com

HomeATM in the News

MONTREAL FIRM PLANS TO TEST HOME-USE CARD READER

Heightened attention to data breaches tied to point-of-sale software and online shopping carts is bolstering a security-engineering company's argument that the use of PINs on the Internet can be done securely only using a payment card terminal that (easily) attaches to consumers' personal computers. (in milliseconds)

HomeATM ePayment Solutions, which is based in Montreal, is close to piloting a personal card-swipe device and PIN pad that consumers plug directly into a PC's USB port. The system requires no installation or software. When consumers check out at a participating merchant's Web site, the site prompts them to use the device to swipe their card and enter their PIN to complete a transaction. If a retailer conducts a successful pilot, the hardware will provide peace of mind for the consumer while turning card-not-present interchange rates to cheaper card-present rates for merchants, contends Kenneth Mages, HomeATM chairman and CEO. The company has an agreement with a major electronic funds network to begin the pilot, but first HomeATM wants to secure participation from a large, Tier 1 merchant, Mages says. Tier 1, or Level 1, merchants process more than 6 million transactions per year. The company is considering several merchants, including a major U.S.-based airline, which Mages declined to name. The device, called SafeTPIN, received Payment Card Industry Data Security Standard certification two weeks ago.

Editor's Note:  The headline can be a little misleading. We don't "PLAN TO TEST" the device.  We tested it already.  Rigorously!  But, in order to prove our results were objective, it was thoroughly tested by a fully accredited outside resource.This from the Witham Laboratories website:

One of only eight in the world…

Among our many certifications, Witham Laboratories is the only organization in the Asia-Pacific region accredited by the PCI to test PIN Entry Devices (PEDs) - we are one of only eight organizations in the world with this accreditation. So, do we plan to pilot the device...yes.  Do we plan on testing it?  Done.

For more information on the accreditation process, visit Witham Labs.

For more information visit: www.HomeATM.net

Click Here to participate in HomeATM's Poll on whether you would use such a device if insured your safety

HomeATM, Cardline, Ken Mages, SafeTPIN

Related articles

• SwipePIN" Your Card Data...Better You than Fraudsters! (pindebit.blogspot.com)
• SwipePIN device Now Available for Smartphones/Blackberry's
  

Please Take This Poll

If you have a moment, our Chairman and CEO, Ken Mages, would be interested in hearing your opinion. After you vote you will be given the results

Would you use a personal swiping device if it 100% protected your ID/Card Data?

Click Here to take the Poll

Thank you in advance for taking the time to share your valued opinion and for visiting the HomeATM PIN Debit Payments Blog!

John B. Frank
HomeATM ePayment Solutions

Also, feel free to leave your comments on this post!