AMEX & Discover Eliminate Overlimit Fees

Law Hits Home as Cards Opt Out of Overlimit Fees - American Banker

American Banker | By Maria Aspan



American Express Co. and Discover Financial Services are eliminating overlimit fees on consumer credit cards, in one of the first concrete examples of how a new law will restrict issuers' abilities to turn a profit.



In so doing, they may lead the way for other issuers to give up on overlimit fees, a relatively small but useful source of fee income, observers said.



"Issuers should take overlimit fee income out of their P&Ls," said Philip J. Philliou, a former Amex executive and a partner in the Philliou Selwanes Partners LLC consulting firm. "Under the best of circumstances, it's a much more limited income stream than in years past, and this additional hurdle of assessing the fee" under the new law "begs the question of whether it's efficient and practical" to do so.


Continue Reading at American Banker

Overlimit Fees

Related articles by Zemanta

• AmEx, Discover Ditch Overlimit Fees [Credit Cards] (consumerist.com)


• Card Companies Drop Overlimit Fees (hsh.com)


• American Express, Discover Opt Out of Overlimit Fees (paymentsnews.com)

AMEX & Discover Eliminate Overlimit Fees

Law Hits Home as Cards Opt Out of Overlimit Fees - American Banker

American Banker | By Maria Aspan

American Express Co. and Discover Financial Services are eliminating overlimit fees on consumer credit cards, in one of the first concrete examples of how a new law will restrict issuers' abilities to turn a profit.

In so doing, they may lead the way for other issuers to give up on overlimit fees, a relatively small but useful source of fee income, observers said.

"Issuers should take overlimit fee income out of their P&Ls," said Philip J. Philliou, a former Amex executive and a partner in the Philliou Selwanes Partners LLC consulting firm. "Under the best of circumstances, it's a much more limited income stream than in years past, and this additional hurdle of assessing the fee" under the new law "begs the question of whether it's efficient and practical" to do so.

Continue Reading at American Banker

Overlimit Fees

Related articles by Zemanta

• AmEx, Discover Ditch Overlimit Fees [Credit Cards] (consumerist.com)
• Card Companies Drop Overlimit Fees (hsh.com)
• American Express, Discover Opt Out of Overlimit Fees (paymentsnews.com)

Target going in-house for e-commerce

Posted 10 August 2009 19:22pm
by Patricio Robles
with 2 comments

Tweet this

Target,
the second-largest discount retailer in the United States, has
announced that it will bring its e-commerce website, Target.com,
in-house in time for the 2011 holiday season.


Since 2001, Target.com has been run in partnership with Amazon.com. The e-commerce giant's platform powers the Target.com website and Amazon.com handles much of the call center and fulfillment operations.

But a lot has changed since 2001. E-commerce has matured significantly and in this case, Target wisely realized how important the multi-channel experience is to its customers and decided that bringing its e-commerce operations in-house was the best way to deliver the desired experience.

According to Steve Eastman, president of Target.com, "To deliver a customized multi-channel experience for Target’s guests, we believe it is in Target’s best interest going forward to assume full control over the design and management of Target’s e-commerce technology platform, fulfillment and guest services operations".

With almost 7% of Target's non-GAAP profit coming from e-commerce, it's no surprise that Target wants to take control of its e-commerce platform, and as Sam Black of the Minneapolis/St. Paul Business Journal notes, "Target's decision mirrors a similar bring it in-house strategy that Target initiated last year when it decided to distribute its own food and groceries rather than rely" on a third party partner. Such moves make sense, especially in these tough economic times.

For Amazon.com, the loss of Target won't really hurt the bottom line as Target.com accounted for a small fraction of its total revenues. But one has to wonder how many of Amazon.com's other customers, which include Marks & Spencer and Timex, are at risk of leaving too. Target isn't the only customer to leave; Borders and Toys R Us are amongst those who have moved on, and not all have left on good terms. That's not exactly a surprise; Amazon.com could be looked at as a competitor by many of its retail customers.

If there's any take-away from this, it's that more and more traditional retailers are getting smarter and more comfortable with the internet -- enough so to bring their e-commerce operations in-house. While Amazon.com is still going to be a dominant force in online retail, pure-play pioneers don't have a monopoly when it comes to platforms and supply chains.

Related articles by Zemanta

• Target to End Ten Year Deal With Amazon.com in 2011 (shoppingblog.com)


• Target Plans to Separate Web Store From Amazon (thaibrother.com)


• Web Retailers Increase Quarterly Web Sales (pindebit.blogspot.com)


• How Do You Pay Online? (paymentsnews.com)


• Merchant Risk Council to Sponsor CNP Payment Forum (pindebit.blogspot.com)


• China UnionPay Expanding Online Payments (pindebit.blogspot.com)


• Amazon Wants to Reverse Google's Move (pindebit.blogspot.com)

Target going in-house for e-commerce

Posted 10 August 2009 19:22pm by Patricio Robles with 2 comments

Tweet this

Target,the second-largest discount retailer in the United States, hasannounced that it will bring its e-commerce website, Target.com,in-house in time for the 2011 holiday season.

Since 2001, Target.com has been run in partnership with Amazon.com. The e-commerce giant's platform powers the Target.com website and Amazon.com handles much of the call center and fulfillment operations.

But a lot has changed since 2001. E-commerce has matured significantly and in this case, Target wisely realized how important the multi-channel experience is to its customers and decided that bringing its e-commerce operations in-house was the best way to deliver the desired experience.

According to Steve Eastman, president of Target.com, "To deliver a customized multi-channel experience for Target’s guests, we believe it is in Target’s best interest going forward to assume full control over the design and management of Target’s e-commerce technology platform, fulfillment and guest services operations".

With almost 7% of Target's non-GAAP profit coming from e-commerce, it's no surprise that Target wants to take control of its e-commerce platform, and as Sam Black of the Minneapolis/St. Paul Business Journal notes, "Target's decision mirrors a similar bring it in-house strategy that Target initiated last year when it decided to distribute its own food and groceries rather than rely" on a third party partner. Such moves make sense, especially in these tough economic times.

For Amazon.com, the loss of Target won't really hurt the bottom line as Target.com accounted for a small fraction of its total revenues. But one has to wonder how many of Amazon.com's other customers, which include Marks & Spencer and Timex, are at risk of leaving too. Target isn't the only customer to leave; Borders and Toys R Us are amongst those who have moved on, and not all have left on good terms. That's not exactly a surprise; Amazon.com could be looked at as a competitor by many of its retail customers.

If there's any take-away from this, it's that more and more traditional retailers are getting smarter and more comfortable with the internet -- enough so to bring their e-commerce operations in-house. While Amazon.com is still going to be a dominant force in online retail, pure-play pioneers don't have a monopoly when it comes to platforms and supply chains.

Related articles by Zemanta

• Target to End Ten Year Deal With Amazon.com in 2011 (shoppingblog.com)
• Target Plans to Separate Web Store From Amazon (thaibrother.com)
• Web Retailers Increase Quarterly Web Sales (pindebit.blogspot.com)
• How Do You Pay Online? (paymentsnews.com)
• Merchant Risk Council to Sponsor CNP Payment Forum (pindebit.blogspot.com)
• China UnionPay Expanding Online Payments (pindebit.blogspot.com)
• Amazon Wants to Reverse Google's Move (pindebit.blogspot.com)

EPX Delivers Tokenized E2EE

EPX delivers tokenized end-to-end encryption



Wilmington, Del., August 10, 2009--Today Electronic Payment Exchange (EPX) became the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX’s BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants’ point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.



Encryption built into hardware and software at the point of sale provides strong protection against potential breaches before card numbers enter into the authorization process by immediately encoding credit card numbers upon the card swipe. Further securing the transactions, tokenization provides unsurpassed security against data breaches and identity theft after the initial card swipe by replacing account numbers with values that are meaningless to hackers and identity thieves.



EPX Chief Executive Officer Ray Moyer recognizes the significant advantage in using both tokenization and encryption in a true end-to-end payment processing solution. “There no longer needs to be any debate over encryption versus tokenization. Quite simply, the answer is to use both,” says Moyer. “Merchants deserve the best possible solution that incorporates the benefits of both technologies. Rather than creating regulation and expecting merchants to absorb the costs and burdens of securing payment data, we in the payment industry must lead the way in developing and delivering the most secure and cost-effective solutions to facilitate PCI compliance, to protect merchants, and to ultimately enhance consumer confidence.”



David Hogan, CIO and senior vice president of retail operations for the National Retail Federation (NRF), sees the value in EPX’s solution. "Protecting consumer's credit card data against today’s professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," states Hogan.



FasTraxPOS, a retail automation company offering point-of-sale solutions to more than 1,300 convenience and tobacco-related stores, is one of the first organizations to adopt EPX’s new tokenized end-to-end encryption solution. FasTraxPOS Chief Executive Officer Darren Schwartz recognizes the impact EPX’s solution will have on his merchant customers. “We realize the importance of protecting our customers from the costs and liabilities associated with compromised credit card information,” says Schwartz. “Using EPX’s processing with our new point-of-sale system will give our merchants affordable protection and virtually ensure PCI compliance.”



Dr. David Taylor, founder of the PCI Knowledge Base and a leading authority on PCI compliance, commented on EPX’s announcement. “Whether to use encryption or card number tokenization for true end-to-end card data security is one of the most active debates in the PCI compliance community. In light of major card data compromises at several retailers and a major US processor recently, this hybrid solution could become a significant leap forward. This kind of pragmatic solution seems to give merchants the potential of a lower-cost and more easily implemented alternative to protecting cardholder data along every inch of the transaction process. Our research among both large and smaller merchants suggests there is definite demand for solutions that encrypt data at the reader, then tokenize it through the rest of the transaction flow, so we expect this will generate a lot of interest in the market.”



About Electronic Payment Exchange



Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.



EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.



Source: Company press release.

EPX Delivers Tokenized E2EE

EPX delivers tokenized end-to-end encryption

Wilmington, Del., August 10, 2009--Today Electronic Payment Exchange (EPX) became the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX’s BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants’ point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.

Encryption built into hardware and software at the point of sale provides strong protection against potential breaches before card numbers enter into the authorization process by immediately encoding credit card numbers upon the card swipe. Further securing the transactions, tokenization provides unsurpassed security against data breaches and identity theft after the initial card swipe by replacing account numbers with values that are meaningless to hackers and identity thieves.

EPX Chief Executive Officer Ray Moyer recognizes the significant advantage in using both tokenization and encryption in a true end-to-end payment processing solution. “There no longer needs to be any debate over encryption versus tokenization. Quite simply, the answer is to use both,” says Moyer. “Merchants deserve the best possible solution that incorporates the benefits of both technologies. Rather than creating regulation and expecting merchants to absorb the costs and burdens of securing payment data, we in the payment industry must lead the way in developing and delivering the most secure and cost-effective solutions to facilitate PCI compliance, to protect merchants, and to ultimately enhance consumer confidence.”

David Hogan, CIO and senior vice president of retail operations for the National Retail Federation (NRF), sees the value in EPX’s solution. "Protecting consumer's credit card data against today’s professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," states Hogan.

FasTraxPOS, a retail automation company offering point-of-sale solutions to more than 1,300 convenience and tobacco-related stores, is one of the first organizations to adopt EPX’s new tokenized end-to-end encryption solution. FasTraxPOS Chief Executive Officer Darren Schwartz recognizes the impact EPX’s solution will have on his merchant customers. “We realize the importance of protecting our customers from the costs and liabilities associated with compromised credit card information,” says Schwartz. “Using EPX’s processing with our new point-of-sale system will give our merchants affordable protection and virtually ensure PCI compliance.”

Dr. David Taylor, founder of the PCI Knowledge Base and a leading authority on PCI compliance, commented on EPX’s announcement. “Whether to use encryption or card number tokenization for true end-to-end card data security is one of the most active debates in the PCI compliance community. In light of major card data compromises at several retailers and a major US processor recently, this hybrid solution could become a significant leap forward. This kind of pragmatic solution seems to give merchants the potential of a lower-cost and more easily implemented alternative to protecting cardholder data along every inch of the transaction process. Our research among both large and smaller merchants suggests there is definite demand for solutions that encrypt data at the reader, then tokenize it through the rest of the transaction flow, so we expect this will generate a lot of interest in the market.”

About Electronic Payment Exchange

Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.

EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.

Source: Company press release.

PIN Debit on the Internet will Spell the Demise of Signature Debit!

Now here's a report that says what I like to hear! Looks like PIN Debit will become the "signature product" for consumers when conducting "online transactions." By 2010 according to this author.

So I guess it comes down to whether consumers would prefer a guaranteed 100% end-to-end 3DES DUKPT encrypted (Zones 1-5) application such as HomeATM's... 

or a platform that is already proven to subject consumers "primary account numbers" to hackers (by "typing" their card numbers  into a box on a website)  and could very well likely expose their PIN's.  How motivated would cybercriminals, who consider stealing PINs to be the "Holy Grail" of financial data, be to get their hands on PINs? 

I've already placed my bets on which one will prevail over the long haul...

PIN Debit on the Internet will spell the demise of Signature Debit

August 10, 2009

PrintEmail to a Fri

• Analysis of: Debit Cards in Use to Reach 5.2 Billion By 2012, According to New Report by Global Industry Analysts, Inc.

Summary

Signature
debit remains a payments alternative only because there still is no PIN
debit product on the Internet.  Also playing into the picture is that
Issuers prefer Signature Debit due to higher Interchange rates.  On the
otherhand, merchants, acquirers, and consumers are in favor of PIN
Debit.

Analysis

PIN
debit continues to grow despite the marketing efforts of Card issuers
who actively market against PIN debit in favor of Signature debit. 
(Who but bankers would spend marketing dollars demoting one of their
own products?).  PIN debit is preferred by merchants and consumers
because of percieved security, cash back availability, speed at the
POS, and less cost to the merchant.  Once we have a viable PIN debit
product on the Internet, we will see a real growth spurt in PIN over
Signature.  And, by the way, we should see PIN on the Internet by the
end of next year, 2010.

This author consults with leading institutions through GLG

Engage this author or other Transaction & Payment Processing experts

 

Analyses are solely the work of the authors and have not been edited or endorsed by GLG.

Contributed by a Member of the GLG Financial & Business Services Councils 

Request a Consultation with this Author

PIN Debit on the Internet will Spell the Demise of Signature Debit!

Now here's a report that says what I like to hear! Looks like PIN Debit will become the "signature product" for consumers when conducting "online transactions." By 2010 according to this author.

So I guess it comes down to whether consumers would prefer a guaranteed 100% end-to-end 3DES DUKPT encrypted (Zones 1-5) application such as HomeATM's... 

or a platform that is already proven to subject consumers "primary account numbers" to hackers (by "typing" their card numbers  into a box on a website)  and could very well likely expose their PIN's.  How motivated would cybercriminals, who consider stealing PINs to be the "Holy Grail" of financial data, be to get their hands on PINs? 

I've already placed my bets on which one will prevail over the long haul...

PIN Debit on the Internet will spell the demise of Signature Debit

August 10, 2009

PrintEmail to a Fri

• Analysis of: Debit Cards in Use to Reach 5.2 Billion By 2012, According to New Report by Global Industry Analysts, Inc.

Summary

Signaturedebit remains a payments alternative only because there still is no PINdebit product on the Internet.  Also playing into the picture is thatIssuers prefer Signature Debit due to higher Interchange rates.  On theotherhand, merchants, acquirers, and consumers are in favor of PINDebit.

Analysis

PINdebit continues to grow despite the marketing efforts of Card issuerswho actively market against PIN debit in favor of Signature debit. (Who but bankers would spend marketing dollars demoting one of theirown products?).  PIN debit is preferred by merchants and consumersbecause of percieved security, cash back availability, speed at thePOS, and less cost to the merchant.  Once we have a viable PIN debitproduct on the Internet, we will see a real growth spurt in PIN overSignature.  And, by the way, we should see PIN on the Internet by theend of next year, 2010.

This author consults with leading institutions through GLG

Engage this author or other Transaction & Payment Processing experts

 

Analyses are solely the work of the authors and have not been edited or endorsed by GLG.

Contributed by a Member of the GLG Financial & Business Services Councils 

Request a Consultation with this Author

Open Account, Walk out with Debit Card (No SafeTPIN?)

Sounds like a perfect promotional program with which to include our PCI 2.x certified authentication, swiping and PIN Entry Device...

U.S. Bank: Open an Account, Walk Out with a Debit Card - Bank Technology News

Bank Technology News | August, 2009

By John Adams



Visa payWave has found an early mover for instant unembossed debit card issuance in the States, with U.S. Bank signing up as the first domestic card issuer to allow consumers to leave a branch with a debit card immediately after opening an account.



The bank, which is piloting the cards at branches in Denver and Salt Lake City, is testing demand for a card that combines three types of technology—instant issuance, unembossed personalization and contactless payment.



Lynn Heitman, an svp in U.S. Bank’s retail payments solution, says the technology allows the process to normally be completed within one minute. “So it’s not like waiting seven-to-ten days to get a card in the mail,” she says. “Our goal is to send customers out the door fully equipped to be able to use that account.” 

Editor's Note: If you equipped them with our device they would be fully empowered to securely sign in to your online banking platform, instantly transfer money in real-time, conduct secure 3DES DUKPT encrypted online transactions and enhance their iimage all at once!



Continue Reading: 

Open Account, Walk out with Debit Card (No SafeTPIN?)

Sounds like a perfect promotional program with which to include our PCI 2.x certified authentication, swiping and PIN Entry Device...

U.S. Bank: Open an Account, Walk Out with a Debit Card - Bank Technology News

Bank Technology News | August, 2009
By John Adams

Visa payWave has found an early mover for instant unembossed debit card issuance in the States, with U.S. Bank signing up as the first domestic card issuer to allow consumers to leave a branch with a debit card immediately after opening an account.

The bank, which is piloting the cards at branches in Denver and Salt Lake City, is testing demand for a card that combines three types of technology—instant issuance, unembossed personalization and contactless payment.

Lynn Heitman, an svp in U.S. Bank’s retail payments solution, says the technology allows the process to normally be completed within one minute. “So it’s not like waiting seven-to-ten days to get a card in the mail,” she says. “Our goal is to send customers out the door fully equipped to be able to use that account.” 

Editor's Note: If you equipped them with our device they would be fully empowered to securely sign in to your online banking platform, instantly transfer money in real-time, conduct secure 3DES DUKPT encrypted online transactions and enhance their iimage all at once!

Continue Reading: 

China's Online Market Flourishes

The New York Times ran a piece on the Taobao and the online market in China...here are some excerpts:

YIWU, CHINA — As a college senior, Yang Fugang spent most of his days away from campus this year, managing an online store that sold cosmetics, shampoo and other goods he often bought from local factories.

Today, that store on Taobao.com — the fast-growing Chinese online shopping bazaar — has 14 employees, two warehouses and piles of cash.

“I never thought I could do this well,” said Mr. Yang, 23, who earned $75,000 last year. “I started out selling yoga mats and now I’m selling a lot of makeup and cosmetics. The profit margins are higher.”Taobao fever has swept the school Mr. Yang attends, Yiwu Industrial and Commercial College, where administrators say that a quarter of the 8,800 students enrolled operate Taobao shops, often from dormitory rooms.

When Taobao was founded in 2003, it appeared to have no chance. EBay and its Chinese partner, EachNet, controlled 90 percent of China’s online shopping. But Mr. Ma, a former English teacher, quickly undermined eBay’s fee-based service by offering free listings on Taobao, essentially giving away ads to anyone who wanted to sell.

At the time, eBay executives ridiculed the strategy, with many repeating that “free is not a business model.”

But almost immediately, the site took off, and in 2006, eBay pulled out of China, citing dwindling market share and large losses. Today, it is Taobao that commands 80 percent of China’s e-commerce market, according to iResearch.

China's Online Market Flourishes

The New York Times ran a piece on the Taobao and the online market in China...here are some excerpts:

YIWU, CHINA — As a college senior, Yang Fugang spent most of his days away from campus this year, managing an online store that sold cosmetics, shampoo and other goods he often bought from local factories.

Today, that store on Taobao.com — the fast-growing Chinese online shopping bazaar — has 14 employees, two warehouses and piles of cash.

“I never thought I could do this well,” said Mr. Yang, 23, who earned $75,000 last year. “I started out selling yoga mats and now I’m selling a lot of makeup and cosmetics. The profit margins are higher.”Taobao fever has swept the school Mr. Yang attends, Yiwu Industrial and Commercial College, where administrators say that a quarter of the 8,800 students enrolled operate Taobao shops, often from dormitory rooms.

When Taobao was founded in 2003, it appeared to have no chance. EBay and its Chinese partner, EachNet, controlled 90 percent of China’s online shopping. But Mr. Ma, a former English teacher, quickly undermined eBay’s fee-based service by offering free listings on Taobao, essentially giving away ads to anyone who wanted to sell.

At the time, eBay executives ridiculed the strategy, with many repeating that “free is not a business model.”

But almost immediately, the site took off, and in 2006, eBay pulled out of China, citing dwindling market share and large losses. Today, it is Taobao that commands 80 percent of China’s e-commerce market, according to iResearch.

Phishing Doesn't Fly with HomeATM

Phishers are sending out cleverely-constructed e-mails purporting to be from a Taiwanese bank in a bid to trick victims into downloading malware that exploits an Adobe vulnerability.



The spam e-mails contain credit card promotion email messages that are embedded with an .swf virus link, says Internet security outfit Symantec.



Recipients are able to see the bank's image at the top of the message and promotion notes at the bottom. There is also a large blank space designed to trick victims into believing the promotion content has been lost in transit.



Continue Reading at Finextra



As I've stated numerous times on this blog, if people would swipe vs. type then phishing wouldn't fly!

Related articles by Zemanta

• Researcher reveals massive 'professional thieving' botnet (computerworld.com)


• Zero-day PDF attack goes after Flash flaw (macworld.com)


• You: What Conficker Reveals About Internet Crime: Scientific American (scientificamerican.com)


• Could you be responsible for the Twitter outage? (news.cnet.com)

Phishing Doesn't Fly with HomeATM

Phishers are sending out cleverely-constructed e-mails purporting to be from a Taiwanese bank in a bid to trick victims into downloading malware that exploits an Adobe vulnerability.

The spam e-mails contain credit card promotion email messages that are embedded with an .swf virus link, says Internet security outfit Symantec.

Recipients are able to see the bank's image at the top of the message and promotion notes at the bottom. There is also a large blank space designed to trick victims into believing the promotion content has been lost in transit.

Continue Reading at Finextra

As I've stated numerous times on this blog, if people would swipe vs. type then phishing wouldn't fly!

Related articles by Zemanta

• Researcher reveals massive 'professional thieving' botnet (computerworld.com)
• Zero-day PDF attack goes after Flash flaw (macworld.com)
• You: What Conficker Reveals About Internet Crime: Scientific American (scientificamerican.com)
• Could you be responsible for the Twitter outage? (news.cnet.com)

More on the Network Solutions Breach...

Network Solutions Breach Revives PCI Debate

If Firms are PCI Compliant, Why are They Getting Breached?

August 10, 2009 - Linda McGlasson, Managing Editor

The recent data breach at Internet domain administrator and host Network Solutions compromised more than 573,000 credit and debit cardholders and begs the question: What more can be done to secure such systems? The incident also raises new questions about the Payment Card Industry Data Security Standard (PCI).

At the time of the breach, discovered in June, Network Solutions says it was PCI compliant. The breach was the result of hackers planting rogue code on the company's web servers, intercepting financial transactions between the sites and their customers, which are mostly small online stores.

So, if Network Solutions was PCI compliant, how could it be breached? Paul Kocher, chief research scientist at Cryptography Research Institute, says the fundamental limitation with PCI is that it attempts to distill security down into a static set of requirements, while adversaries aren't restricted to a rigidly-defined set of methods. "As a result, clever attackers will always find holes," he says. "PCI does provide some value by forcing merchants to put some effort into addressing the most common attacks, but the objective is to reduce total risk -- not stop all attacks."

Continue Reading at Bank Info Security

Related articles by Zemanta

• Washington Post Security Fix: Network Solutions Hack Compromises 573,000 Credit, Debit Accounts (boxofmeat.net)


• Network Solutions Suffers Massive Data Breach (it.slashdot.org)


• Shoppers 'need more protection' (news.bbc.co.uk)

More on the Network Solutions Breach...

Network Solutions Breach Revives PCI Debate

If Firms are PCI Compliant, Why are They Getting Breached?

August 10, 2009 - Linda McGlasson, Managing Editor

The recent data breach at Internet domain administrator and host Network Solutions compromised more than 573,000 credit and debit cardholders and begs the question: What more can be done to secure such systems? The incident also raises new questions about the Payment Card Industry Data Security Standard (PCI).

At the time of the breach, discovered in June, Network Solutions says it was PCI compliant. The breach was the result of hackers planting rogue code on the company's web servers, intercepting financial transactions between the sites and their customers, which are mostly small online stores.

So, if Network Solutions was PCI compliant, how could it be breached? Paul Kocher, chief research scientist at Cryptography Research Institute, says the fundamental limitation with PCI is that it attempts to distill security down into a static set of requirements, while adversaries aren't restricted to a rigidly-defined set of methods. "As a result, clever attackers will always find holes," he says. "PCI does provide some value by forcing merchants to put some effort into addressing the most common attacks, but the objective is to reduce total risk -- not stop all attacks."

Continue Reading at Bank Info Security

Related articles by Zemanta

• Washington Post Security Fix: Network Solutions Hack Compromises 573,000 Credit, Debit Accounts (boxofmeat.net)
• Network Solutions Suffers Massive Data Breach (it.slashdot.org)
• Shoppers 'need more protection' (news.bbc.co.uk)

iPhone as a Check iMager

Bank Will Allow Customers to Deposit Checks by iPhone


Customers
of USAA can photograph both sides of the check, send the images through an app
and then void the check.

By SUSAN STELLIN
Published: August 9, 2009

The Internet has taken a lot of the paperwork out of banking, but there is no avoiding paper when someone gives you a check. Now one bank wants to let customers deposit checks immediately — through their phones.

USAA, a privately held bank and insurance company, plans to update its iPhoneapplication this week to introduce the check deposit feature, which requires a customer to photograph both sides of the check with the phone’s camera.

“We’re essentially taking an image of the check, and once you hit the send button, that image is going into our deposit-taking system as any other check would,” said Wayne Peacock, a USAA executive vice president.

Customers will not have to mail the check to the bank later; the deposit will be handled entirely electronically, and the bank suggests voiding the check and filing or discarding it. But to reduce the potential for fraud, only customers who are eligible for credit and have some type of insurance through USAA will be permitted to use the deposit feature. Mr. Peacock said that about 60 percent of the bank’s customers qualify.

USAA may seem like an unlikely innovator in mobile banking. It ranks in size just below the top 20 banks in the United States, and serves mostly military personnel, though many of its products are available to anyone.

But with just one branch, in San Antonio, and customers deployed all over the world, the company has been aggressively developing an anytime, anywhere banking strategy. Three years ago, it introduced the option of depositing a check from home using a scanner. That laid the groundwork for the phone deposit feature, which USAA plans to offer on other phones this year.

Related articles by Zemanta

• Bank Will Allow Customers to Deposits Checks by iPhone (nytimes.com)

iPhone as a Check iMager

Bank Will Allow Customers to Deposit Checks by iPhone

Customers of USAA can photograph both sides of the check, send the images through an app and then void the check.

By SUSAN STELLIN
Published: August 9, 2009

The Internet has taken a lot of the paperwork out of banking, but there is no avoiding paper when someone gives you a check. Now one bank wants to let customers deposit checks immediately — through their phones.

USAA, a privately held bank and insurance company, plans to update its iPhoneapplication this week to introduce the check deposit feature, which requires a customer to photograph both sides of the check with the phone’s camera.

“We’re essentially taking an image of the check, and once you hit the send button, that image is going into our deposit-taking system as any other check would,” said Wayne Peacock, a USAA executive vice president.

Customers will not have to mail the check to the bank later; the deposit will be handled entirely electronically, and the bank suggests voiding the check and filing or discarding it. But to reduce the potential for fraud, only customers who are eligible for credit and have some type of insurance through USAA will be permitted to use the deposit feature. Mr. Peacock said that about 60 percent of the bank’s customers qualify.

USAA may seem like an unlikely innovator in mobile banking. It ranks in size just below the top 20 banks in the United States, and serves mostly military personnel, though many of its products are available to anyone.

But with just one branch, in San Antonio, and customers deployed all over the world, the company has been aggressively developing an anytime, anywhere banking strategy. Three years ago, it introduced the option of depositing a check from home using a scanner. That laid the groundwork for the phone deposit feature, which USAA plans to offer on other phones this year.

Related articles by Zemanta

• Bank Will Allow Customers to Deposits Checks by iPhone (nytimes.com)

Dubai to Create RAPID (Real-time Automated Payments Infrastructure Dubai)

Finextra: Dubai to construct real-time payments system

Dubai has enacted a new Payment System Settlement Finality (PSSF) Law that creates the legal foundation for building a regional transaction processing hub for local processing of payments and other ancillary services.

The first such legislation in the Gulf, the new PSSF Law paves the way for the launch of a Real-time Automated Payments platform (Rapid) in the Dubai International Financial Centre, to provide transaction processing services to banks and their customers both in DIFC and the wider Middle East and North Africa (MENA) region.

Omar Bin Sulaiman, governor of the DIFC says: "The enactment of the PSSF Law forms part of a comprehensive infrastructure that DIFC is creating to catalyse the development of the financial services industry in the region."

He says DIFC has adopted legal best practices from Europe, Hong Kong and New Zealand, among others, to ensure finality of designated payments.

The legislation will assist Gulf-based companies in conducting legally sound payments within the region instead of having to use offshore infrastructures which often do not settle within local operating hours.

Aite Report: $100 Billion to Fix Card Insecurity

Aite Report Says There Is No Easy Cure for Threats to Card Security

By Marc Rapport

There’s no vaccine against card datasecurity breaches in the United States, and the prognosis for thispersisting ailment shows there is no fast cure, according to a recentreport, which also said it would cost an estimated $100 billion to fixcard security in the U.S.

According to the report, "Merchants are in the most vulnerable position in the card data securityrealm and malware, counterfeit card fraud and card-not-present fraudcurrently top the list of threats. Of even more concern, card securitymay never be fixed, as criminals will always seek new ways to commitfraud."

That’s according to a new report released by research and advisory firmAite Group. The report, “Card Data Security: In Search of a Technology Solution,” which is based on survey responses from 29 individuals (mostof whom head up risk managment for North American issuing banks orpayment processors), focused on what the respondents thought weretoday’s biggest card security problems, the responsibilities ofstakeholders and possible card security solutions.

What did surveyors find as the most viable remedies for card securityissues? One promising solution, a shift from magnetic stripe cards toEMV architecture (the use of smart cards), may never come to fruition.The report stated that a decision to make the use of smart cards astandard practice is five to seven years away–or may never take placeat all.

“With the deeply entrenched magnetic stripe infrastructure in theUnited States, and the cost and effort involved in transitioningstakeholders to chip and PIN infrastructure, this may be the case,”Aite Group’s Nick Holland said of the survey participants’ predictionsthat standardized EMV architecture may never be a reality in the U.S.

However, out of the three biggest threats to card security–malware,counterfeit card fraud and CNP fraud–counterfeit card fraud is the onlyproblem that an EMV architecture shift could solve. There are otherpromising solutions to all three problem areas, the report said.

Editor's Note: HomeATM solves CNP (card not present) fraud by morphing a CNP environment (the Web) into a "Card Present" environment. By "swiping" vs. "typing" we render malware designed to steal your online banking login credentials and credit/card numbers useless. The data is instantaneosly 3DES DUKPT encrypted "inside" our device so that it is never in the clear. Rather than use the "web" HomeATM utillizes the Internet as a conduit to send the encrypted data packet to the processor.

End-to-end encryption of the card network, stricter policy enforcementsand process improvements, neural network monitoring and magnetic stripefingerprinting are all viewed to have a significant impact on cardfraud prevention. Overall, it’s the technological advances, such asdata loss prevention technologies, that are expected to make the mostpositive changes in the card data security landscape, Holland said.

• BSMS - Both Sides of the Mouth Syndrome (pindebit.blogspot.com)
• Make the "Hack You" Link... (pindebit.blogspot.com)
• Society of Payment Security Professionals Welcome 50 New CPISM/CPISA's (pindebit.blogspot.com)