Business – Page 10

Alternative Payment Methods

Ed Kountz of jupiter in his recent blog on Alternative online Payments offers an opinion that credit and debit cards where not designed for the Internet. It is interesting to reflect back in history and remember when it was not the magnetic strip that was important to the execution of the transaction but the numbers printed on the front of the card a merchant could simply would say into a phone or type onto their telephone keypad to get an authorization.

Move to the Internet and instead of asking the merchant to type in the account number and expiry date we ask the consumer to fill in an Internet form. How can one argue that ISO7810-3 cards where not built for the Internet.

Back in the day, circa 1993, when we began to think about how we would secure payments over the Internet and address words like dis-intermediation. It was clear that by any definition the ubiquitous credit card was already a vehicle for enabling eCommerce. All the internet did was to take mail order and catalogue business and give it the power to become a global operation; no longer limited by the cost of a telephone call or postage. Nowadays, of course, the internet has become such a vital part of our everyday lives, with people looking up things like “internet in my area” to make sure that they are getting the best deals possible so that they can be confident that their connection won’t let them down.

And, of course, Mr Kountz is correct, there is a real issue with security and the Internet. Yet the issue is no greater than what was faced when Card Not Present transactions started happening as telephone ordering became common place. Did the payment associations attempt to keep up? MAYBE!

First we saw the introduction of CVC2/CVV2 and address verification as tools to address the risks of someone who had captured the data on the face of the card from employing that card maliciously. Not a bad solution, if the merchant was willing to make the changes to their web sites and call center procedures.

Next came SET, now here was the perfect solution, yet at a cost that simply did not offer anyone a reason return on investment; even if Card Not Present Fraud was an issue. Since then the payment associations tried to develop a simpler yet equally secure solution called 3D-Secure, Verified by Visa or SecureCode. The idea is sound. The issue of adoption came down to the simple issue of figuring out how to get the consumer to go through the additional step of activating their 3D-Secure password and better yet remember it. Versus what became the reality, they simply said this is too difficult, I don’t need to buy that today, so they abandon the shopping cart. Merchants saw 3D-Secure as a way to lose potential business and at a rate alarmingly larger than the cost of fraudulent transactions.

So what is the answer? Create new means of payment that are designed for the specific trading environment (mobile, Internet, Mail Order, telephone Order, face to face …) or figure out how to get everyone to work together to come up with a workable solution that exploits the power of the Visa, Discover, MasterCard and American Express Brands.

In my opinion it is about communications and working together as a team. Not once has the merchant been asked to participate in developing more secure solutions to payments. They are simply told through compliance and rule changes this is what they shall do.

Maybe the new Visa and MasterCard will find that merchants are now shareholders and bringing them to the table is in the interest of everyone especially the consumer. Or is it time for a new payment Brand that is built to serve the merchant and operated by the Banks?

Interchange under judicial and legislative review

Today on Payments News – from Glenbrook Partners” they posted an article referencing the hearing taking place

Thursday 05/15/2008 – 11:00 AM
2141 Rayburn House Office Building
Judiciary Committee Antitrust Task Force
Hearing on H.R. 5546, the “Credit Card Fair Fee Act of 2008”

House Judiciary Committee Holds Hearing on US Interchange Fees

As we mentioned here on Payments News on Monday, the House Judiciary Committee is holding a hearing on Thursday, May 15th beginning at 11 AM Eastern time on H.R. 5546, the “Credit Card Fair Fee Act of 2008”. As of tonight, the committee’s website doesn’t list the witnesses who will be testifying – but it promises that a live webcast of the hearing will be available.

As an editorial comment, many of us in the payments industry find the “solution” proposed in this legislation to be overly complex. Read the actual text of the draft legislation – and you may reach the same conclusion! We wonder whether the merchant community in fact would be well served by the remedies proposed. A very basic question comes to mind: “Is this the best you can do?”

The legislation that is under review can be found at http://judiciary.house.gov/hearings.aspx?ID=204

My sense is that like Australia, Europe and other countries the USA Congress is ready to challenge the nature of how interchange is calculated and define methods of assuring merchants much reduced rates. How the financial lobby will engage and how the associations will defend there position, should make for an interesting debate.

European ATM Skimming Fraud Jumps 43%

Reported by Epaynews.com

May 08 2008 : In 2007, ATM fraud losses rose by 43 percent in Europe to €439.01 million (US$683.7 million) from €306.48 million in 2006, reports EAST (the European ATM Security Team). Most of the losses in 2006 and 2007 were due to card-skimming at ATMs, the non-profit organization says.The year-on-year increase in fraud losses was mainly due to a €173.6 million increase in cross-border losses in 2007.

“These (cross-border) losses are occurring globally in countries where all or part of the ATMs deployed are not yet EMV-compliant,” EAST says. “Domestic European fraud losses have fallen year on year, an indication that the roll out of EMV-compliant ATMs is driving down fraud.”

According to EAST, 78 percent of European ATMs are now EMV-compliant.

Card fraudsters are being forced to seek out non-EMV compliant ATMs to obtain cash, EAST says. “Incidents continue to be reported where data skimmed from EMV cards in European countries where ATMs are EMV-compliant, has been sent by criminals to European countries where ATMs are not fully EMV-compliant,” it says.

The skimmed data is used to make counterfeit cards that enable fraudsters to illegally withdraw cash from ATMs.

According to EAST, skimmed data is also increasingly being sent to countries in and outside Europe where EMV cards can be used as magnetic-stripe cards in ATMs. This takes advantage of a process known as “mag-stripe fallback”, which is designed to ensure that a card can be used even if its EMV chip is damaged or faulty.

Crooks Have Your Card and You Don’t Even Know It

How Thieves Copy Credit and Debit Cards and Drain Accounts

By ELISABETH LEAMY – ABC News

May 2, 2008—

While your ATM card is tucked in your wallet, thieves half a world away could be cloning it and using it. The crime is called “white card fraud,” and ABC News investigated just how easy it is for thieves to make a copy of your card and use it to drain your account.

It’s difficult to get an exact figure, but it’s estimated that identity thieves net an estimated $345 million this way every year. Gary Burkey of Wilmington, Del., discovered somebody was withdrawing money from his account at ATM machines in a part of Pennsylvania he had never even visited.

Criminals get people’s numbers in a variety of ways. One way they capture card numbers is by installing skimmer devices over the slot where you insert your card when you use an ATM.

They also use hidden cameras to record your PIN. Miami Beach police have actual footage from a crook’s camera in Florida that shows a victim inputting his PIN. Clear as day: 1-4-2-6.

Click here for tips to protect you from today’s modern identity thieves.

“What makes this really sneaky, really devious, is once the criminals get the account information, they wait on it for a little while, said Cpl. Jeff Whitmarsh of the Delaware State Police. They replicate the cards and when the consumer least expects, that’s when they go in and hit the account.”

ABC News found the machines used to copy cards for sale right on the Internet, even though there are very few legitimate uses for them. We had our choice of 30 machines and bought one for about $500. We were even able to request priority shipping and received the package the next day.

ABC took the device to Chris O’Ferrell, an ethical hacker for a computer company called Command Information, which helps the federal government secure its systems.

We handed over an ABC News credit card and O’Ferrell swiped it so the machine could capture the information on the magnetic strip. Right away, the data popped up on the computer screen: name and account information.

With another swipe, O’Ferrell transferred it to a blank white card that came with our kit. Any card with a magnetic strip can be made into a clone — gift cards, hotel key cards, etc.

In less than five seconds, we had a duplicate credit card.

“That’s it. That’s all there is to it,.” O’Ferrell said.

We cloned an ATM card too. At one point we even accidentally deleted the data on one of our source cards, but since we had a clone, we were able to put the data back on.

Once we had clones of our cards, the question was, would they work? We tried the Visa card out at a gas pump. Without actually making a purchase (we didn’t want to violate any laws) we inserted the card to see if it would get authorized.

When the “lift the handle and begin fueling” message came up, we knew our clone was working. We tested the cloned ATM card by checking our balance at an ATM machine. When the screen read “Hello Elisabeth Leamy,” that was our first clue that that one was working.

It’s a bonanza for crooks. They used to have to risk going into stores to buy pricey merchandise, which they then sold for cash. Now they can just drain ATMs. Authorities say specialized crews do nothing but hit ATMs, cashing out on behalf of other identity thieves and taking a commission. One Bulgarian gang pulled $200,000 out of a single cash machine in Florida.

More than 65 other countries in Europe, Asia and South America now use smart chip technology that makes card cloning almost impossible. But the United States has stayed with magnetic strips to avoid the cost of converting ATMs. By one estimate, we have 400,000 cash machines in this country.

“It’s totally unacceptable,” O’Ferrell said. “It makes it extremely easy for the criminals to clone our cards and steal our identities.” Experts say since U.S. credit and debit cards are so much easier to tap, U.S. cardholders have become targets.

China, socialism and the world of electronic health records.

Today during a most enlightened networking meeting, beyond what someone in transition normally speaks of, we got into a most interesting and thought provoking conversation.

Electronic Health Care Records

Somehow we got into a discussion of the evolution and problems involved in developing the electronic patient record. The gentleman, who will remain nameless, remembered a conversation he had with a man who was involved with the United Kingdom’s work on the exploration of space. This knighted individual apparently suggested the key issue with developing the electronic health record was the issue of creating the patient’s electronic history from the previous pencil and pen records.

His approach to solving this problem was to use prisoners as the codifiers. Of course such an idea immediately causes one to worry about privacy and the threat to the patient and doctors when these prisoners were freed.

As we talked an interesting thought occurred. How often is a patient’s history relevant? How often is the doctor quite happy to meet with a patient and simply focus on the symptoms described during that persons visit?

As we reflected, we both realized that often the patient’s history will never be pertinent to a future diagnosis. In those situations where the history is relevant, let’s say 10%, then there is value to the effort of codifying historic medical records, charts and the like. The doctor and his office staff can find the time to organize the codification of the relevant data. Clearly such an approach with the reduction is the cost of establishing the basic health record, is connected with the value a complete electronic health record will have in reducing the cost of long term care, something insurance companies and public health authorities can understand.

For that 90%, after the doctor has become automated and is part of a system designed to capture and retain the Patient Health Record, at the next appointment the doctor in conjunction with the patient can record important facts such as allergies, reactions to drugs, existing conditions and any pertinent operations or procedures the patient can remember.

Only when this basic profile indicates conditions that will have future implications, is there a need to go through the effort of backtracking through the records and recording any pertinent information.

China and Socialism

I asked my companion what he was up to. He talked about the five companies he was working with in China and the various trips he had taken to remote parts of that great country. He said three things that stuck in my mind.

He remembered a bus trip where he asked about unemployment. His Chinese companions asked him to look out the window and tell them what he saw. His response “everyone is working”, “there are no beggars on the street”. They smiled and he was reminded that in this socialist environment one of the fundamentals is that everyone has work however menial it may be.
We then spoke of the economic divide that is emerging and like in all countries this is a reality that will always exist unless we can evolve to that social utopia described as the purest form of socialism. A society where every man works to his ability and everyone shares equally. He then reflected on the reality that mobile phones, TVs and other luxuries were everywhere and the age old work ethic that is China, will drive these people to want more, therefore, work harder to get more. It is this work ethic that is China’s strength and will be the issue we will have to address as the world moves forward in time. If we in the west continue to expand our leisure time and the Chinese continue to follow their nature and continue to focus on work. Who will win? I think the answer is evident. Those that work will be the ones who win.
He then spoke of issues within the industrial complex where mine accident occurred or dangerous products are released. The interesting comment was that those in power, the top three managers, are shot when such things happen. Of course this form of behaviour is abhorrent and clearly a violation of Christian thinking or western thoughts of punishment.

Yet what is interesting, assuming they learn to balance the punishment (100 dead in a mine cave do to poor conditions and insufficient safety standards) to the crime, is that those ultimately responsible are ones that are punished.

I then reflected on what happens in our society. The executives always seem to go unscathed. They successfully push the blame down to the supervisors and little people who work and manage the place where the disaster occurred.

If we were to dig deep enough I am sure we would find that they did all they could do with the tools and budget they were provided. Budgets and tools authorized by executives sitting in big offices taking down big salaries and only getting worried when shareholders not employees come screaming for justice.

Assuming that China is going to continue to evolve. That they are going to embrace compassionate forms of punishment. While at the same time maintaining their work ethic and maintaining the premise that responsibility is top down not middle down. They will become not only an economic power to deal with, but a country with a strong moral sense of responsibility and thus a threat to the soft life that has become the western dream.

A dream that balances not working more than 40 hours a week with demands for more and more vacation. China will be a country where hard work is rewarded, pleasures are sought and people have a moral sense of responsibility to each other.

We in the west need to be mindful and learn from those countries that take the goodness of socialism, merge it with the power of capitalism and the forces of the global economy.