Debit Card Issues: Breaches, Resolving Errors & Other Concerns

Download this Event to your Calendar
Printer-friendly VersionPrinter-friendly VersionShareThis
Debit Card Issues: Breaches, Resolving Errors & Other Concerns

WEBINAR – ON DEMAND WEB LINK – FREE CD ROM

Register



Thursday, July 8, 2010

12 - 1:30 pm PT

1 - 2:30 pm MT

2 - 3:30 pm CT

3 - 4:30 pm ET   



Your debit card franchise is poised for rapid growth in 2010 and beyond . . .

but so are identity theft, data breaches, and card regulation.  Are you ready?
Last year, debit and prepaid card transactions grew 13% as consumers migrated in droves from “pay later” to “pay now.”  But last year also saw the biggest card breach in history and the first real threat to the integrity of PIN security as criminals successfully reversed HSM encryption at RBS/Worldpay.  Revisions to Reg E, ongoing implementation of the CARD Act, and the evolution of PCI rules also present major challenges and opportunities for card-issuing community banks.  Learn what your bank should do strategically and tactically to protect its fastest-growing payment franchise and the customers who use it.



Continuing Education: Attendance verification for CE credits provided upon request.



HIGHLIGHTS

•    Debit card security update:  End-to-End (E2E) Encryption vs. Tokenization vs. EMV

•    Regulatory Update:  Title IV of the CARD Act and PCI

•    Fee income threats:  Bank of America, overdraft opt-in for one-time debits, shift to PIN

•    Resolving debit errors:  hold-triggered overdrafts (signature vs. PIN)

•    Deputizing customers in the fight against fraud:  one- and two-way mobile text alerts

•    The future of debit:  online PIN debit, EMV and P2P

•    Next steps:  top 5 debit moves for 2010



WHO SHOULD ATTEND?

This informative session is designed for bank management; operations/marketing officers; and staff responsible for managing credit/debit card programs and other payments services/initiatives.



MEET THE PRESENTER


Lee Wetherington

Profit Stars    


Place: 
Webinar
Date: 
Jul 8 2010

Posted by John B. Frank Sunday, May 30, 2010 0 comments



Debit Card Issues: Breaches, Resolving Errors & Other Concerns

Download this Event to your Calendar
Printer-friendly VersionPrinter-friendly VersionShareThis
Debit Card Issues: Breaches, Resolving Errors & Other Concerns

WEBINAR – ON DEMAND WEB LINK – FREE CD ROM

Register



Thursday, July 8, 2010

12 - 1:30 pm PT

1 - 2:30 pm MT

2 - 3:30 pm CT

3 - 4:30 pm ET   



Your debit card franchise is poised for rapid growth in 2010 and beyond . . .

but so are identity theft, data breaches, and card regulation.  Are you ready?
Last year, debit and prepaid card transactions grew 13% as consumers migrated in droves from “pay later” to “pay now.”  But last year also saw the biggest card breach in history and the first real threat to the integrity of PIN security as criminals successfully reversed HSM encryption at RBS/Worldpay.  Revisions to Reg E, ongoing implementation of the CARD Act, and the evolution of PCI rules also present major challenges and opportunities for card-issuing community banks.  Learn what your bank should do strategically and tactically to protect its fastest-growing payment franchise and the customers who use it.



Continuing Education: Attendance verification for CE credits provided upon request.



HIGHLIGHTS

•    Debit card security update:  End-to-End (E2E) Encryption vs. Tokenization vs. EMV

•    Regulatory Update:  Title IV of the CARD Act and PCI

•    Fee income threats:  Bank of America, overdraft opt-in for one-time debits, shift to PIN

•    Resolving debit errors:  hold-triggered overdrafts (signature vs. PIN)

•    Deputizing customers in the fight against fraud:  one- and two-way mobile text alerts

•    The future of debit:  online PIN debit, EMV and P2P

•    Next steps:  top 5 debit moves for 2010



WHO SHOULD ATTEND?

This informative session is designed for bank management; operations/marketing officers; and staff responsible for managing credit/debit card programs and other payments services/initiatives.



MEET THE PRESENTER


Lee Wetherington

Profit Stars    


Place: 
Webinar
Date: 
Jul 8 2010

Posted by John B. Frank 0 comments

Visa Debit logo
Finextra reports:



Antitrust: Commission market tests Visa Europe's commitments to cut Multilateral Interchange Fees (MIFs) for debit cards transactions - frequently asked questions.

Interchange fees are charged by a cardholder's bank (the 'issuing bank') to a merchant's bank (the 'acquiring bank') for each sales transaction made at a merchant outlet with a payment card.
Interchange fees are either agreed bilaterally, between one issuing and one acquiring bank, or multilaterally, by a number of issuing/acquiring banks or by means of a decision binding all banks participating in a payment card scheme. The industry refers to these multilateral interchange fees as "MIFs". A MIF can be a percentage, a flat fee or a combined fee (percentage and flat fee).
When a customer uses a payment card to buy from a merchant, the merchant receives from his bank (the acquiring bank) the sales price less a 'merchant service charge', the fee a merchant must pay to his bank for accepting the card as means of payment for that transaction. A large part of the merchant service charge is determined by the interchange fee. The customer's bank (the issuing bank), in turn, pays the acquiring bank the sales price minus the MIF and the sales price is deducted from the customer's bank account. The MIF is therefore a cost that is finally charged to the merchant (through the reduction of the purchase price) who passes the costs on to consumers in the price level of the good or service.
What are the Commission's competition concerns as regards interchange fees?
Continue Reading at Finexrtra
Reblog this post [with Zemanta]

Posted by John B. Frank 0 comments

Visa Debit logo
Finextra reports:



Antitrust: Commission market tests Visa Europe's commitments to cut Multilateral Interchange Fees (MIFs) for debit cards transactions - frequently asked questions.

Interchange fees are charged by a cardholder's bank (the 'issuing bank') to a merchant's bank (the 'acquiring bank') for each sales transaction made at a merchant outlet with a payment card.
Interchange fees are either agreed bilaterally, between one issuing and one acquiring bank, or multilaterally, by a number of issuing/acquiring banks or by means of a decision binding all banks participating in a payment card scheme. The industry refers to these multilateral interchange fees as "MIFs". A MIF can be a percentage, a flat fee or a combined fee (percentage and flat fee).
When a customer uses a payment card to buy from a merchant, the merchant receives from his bank (the acquiring bank) the sales price less a 'merchant service charge', the fee a merchant must pay to his bank for accepting the card as means of payment for that transaction. A large part of the merchant service charge is determined by the interchange fee. The customer's bank (the issuing bank), in turn, pays the acquiring bank the sales price minus the MIF and the sales price is deducted from the customer's bank account. The MIF is therefore a cost that is finally charged to the merchant (through the reduction of the purchase price) who passes the costs on to consumers in the price level of the good or service.
What are the Commission's competition concerns as regards interchange fees?
Continue Reading at Finexrtra
Reblog this post [with Zemanta]

Posted by John B. Frank 0 comments

Internet.com is reporting that "a number of bogus Web sites that appear to be the official pages of a pair of credit unions used by military personnel are actually phishing traps designed to steal soldiers' identities."



Phishing can be eliminated. What they are "phishing" for are online banking passwords and usernames. Get rid of the antiquated login process and start "really" getting serious about authentication.



Replicate the same trusted process to disperse cash "in real time" from an ATM and two-factor" authenticate the online banking session by having customers swipe their bank-issued card and enter their bank-issued PIN.  



Start doing that, and banks will eradicate the "phishing" problem...because there will be nothing left to phish phor.



The money banks spend "phighting" phishing can be spent providing their customers with a PCI 2.1 Certified PED resulting in the complete eradication of the threat posed.  (it would also provide an ROI to the issuing bank via interchange revenue derived from usage of the device for eCommerce purchases)



Whats the phake phishing site going to ask people to do? Swipe their card and Enter their PIN?  Worthless move.  It's instantly 3DES DUKPT encrypted inside the device and guess who "doesn't" have the encryption key? If you said the phisher you're right.  If you said the online banking customer you are also correct.  The way it's done now, the customer does have the information being phished phor.  



Translation: No more username/passwords.



Even the customer him/herself does NOT have the "information" the phishers are looking for so they cannot be "duped" into providing it.



Make sense?  When swiping the card and entering the PIN "outside the browser and inside the box" and there isn't "ANY phishable" information.






That's why Eugene Kaspersky of Kaspersky Labs last week called for "MASS adoption of peripheral card readers for ALL internet banking customers. (see top left...and click the top right sidebar graphic for the complete story)



May 28, 2010  By Larry Barrett


Phishers don't play favorites and their latest intended victims are the men and women in uniform.









As eSecurity Planet discovered, several clever phishing traps have popped up online in the past year with almost the exact same look and feel of a pair of popular credit unions primarily used by folks serving in the U.S. military.


Security software experts are warning customers of both USAA, an insurance and financial services firm, and the Navy Federal Credit Union to be especially vigilant before divulging their Social Security numbers, passwords, account numbers and other personally identifying information.
Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URLs have been used to spoof other online brands as well.

U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps to be on high alert for a new phishing scam that targeting customers at a pair of credit unions catering to servicemen and their families.
Gen. Kevin P. Chilton, the STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. 

Read the full story at eSecurity Planet: 

Phishing Scam Targets Military Credit Unions





Reblog this post [with Zemanta]

Posted by John B. Frank Saturday, May 29, 2010 0 comments

Internet.com is reporting that "a number of bogus Web sites that appear to be the official pages of a pair of credit unions used by military personnel are actually phishing traps designed to steal soldiers' identities."



Phishing can be eliminated. What they are "phishing" for are online banking passwords and usernames. Get rid of the antiquated login process and start "really" getting serious about authentication.



Replicate the same trusted process to disperse cash "in real time" from an ATM and two-factor" authenticate the online banking session by having customers swipe their bank-issued card and enter their bank-issued PIN.  



Start doing that, and banks will eradicate the "phishing" problem...because there will be nothing left to phish phor.



The money banks spend "phighting" phishing can be spent providing their customers with a PCI 2.1 Certified PED resulting in the complete eradication of the threat posed.  (it would also provide an ROI to the issuing bank via interchange revenue derived from usage of the device for eCommerce purchases)



Whats the phake phishing site going to ask people to do? Swipe their card and Enter their PIN?  Worthless move.  It's instantly 3DES DUKPT encrypted inside the device and guess who "doesn't" have the encryption key? If you said the phisher you're right.  If you said the online banking customer you are also correct.  The way it's done now, the customer does have the information being phished phor.  



Translation: No more username/passwords.



Even the customer him/herself does NOT have the "information" the phishers are looking for so they cannot be "duped" into providing it.



Make sense?  When swiping the card and entering the PIN "outside the browser and inside the box" and there isn't "ANY phishable" information.






That's why Eugene Kaspersky of Kaspersky Labs last week called for "MASS adoption of peripheral card readers for ALL internet banking customers. (see top left...and click the top right sidebar graphic for the complete story)



May 28, 2010  By Larry Barrett


Phishers don't play favorites and their latest intended victims are the men and women in uniform.









As eSecurity Planet discovered, several clever phishing traps have popped up online in the past year with almost the exact same look and feel of a pair of popular credit unions primarily used by folks serving in the U.S. military.


Security software experts are warning customers of both USAA, an insurance and financial services firm, and the Navy Federal Credit Union to be especially vigilant before divulging their Social Security numbers, passwords, account numbers and other personally identifying information.
Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URLs have been used to spoof other online brands as well.

U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps to be on high alert for a new phishing scam that targeting customers at a pair of credit unions catering to servicemen and their families.
Gen. Kevin P. Chilton, the STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. 

Read the full story at eSecurity Planet: 

Phishing Scam Targets Military Credit Unions





Reblog this post [with Zemanta]

Posted by John B. Frank 0 comments

First 4 digits of a credit card
Hundreds of thousands of credit cardholders' accounts have been zinged in recent years by credit cardcompanies based in part on where consumers shopped, what they bought, who they bought from or who held their mortgages, according to a new federal report issued Friday.



The cardholders were hit with credit limit reductions, interest rate hikes or had their accounts closed by issuers who told federal regulators that decisions to clamp down on credit to these consumers were based on tracking their spending and loan data. Among the consumer shopping practices that triggered negative account changes:

  • The location of where transactions were made.

  • The identity of the merchant processing the transaction.

  • The type of credit card transaction.

  • Identity of the mortgage lender.

  • Use of such information in credit decisions 

The 72-page report, conducted by the Federal Reserve Board, was quick to point out that profiling card users' spending habits was rare among credit card issuers and actually affected a relatively small number of card users. Still, the report gives the first official glimpse at how some in the credit card industry have used a technique called behavioral modeling to mine spending data for clues about whether customers will default on their credit card loans.
Reblog this post [with Zemanta]

Posted by John B. Frank 0 comments

First 4 digits of a credit card
Hundreds of thousands of credit cardholders' accounts have been zinged in recent years by credit cardcompanies based in part on where consumers shopped, what they bought, who they bought from or who held their mortgages, according to a new federal report issued Friday.



The cardholders were hit with credit limit reductions, interest rate hikes or had their accounts closed by issuers who told federal regulators that decisions to clamp down on credit to these consumers were based on tracking their spending and loan data. Among the consumer shopping practices that triggered negative account changes:

  • The location of where transactions were made.

  • The identity of the merchant processing the transaction.

  • The type of credit card transaction.

  • Identity of the mortgage lender.

  • Use of such information in credit decisions 

The 72-page report, conducted by the Federal Reserve Board, was quick to point out that profiling card users' spending habits was rare among credit card issuers and actually affected a relatively small number of card users. Still, the report gives the first official glimpse at how some in the credit card industry have used a technique called behavioral modeling to mine spending data for clues about whether customers will default on their credit card loans.
Reblog this post [with Zemanta]

Posted by John B. Frank 0 comments



EVENTS RECENT



The Economics and Regulation of Payment Card Interchange Fees image
The Economics and Regulation of Payment Card Interchange Fees
  • Start Date:
    Wednesday, June 09, 2010

  • End Date:
    Wednesday, June 09, 2010

  • Time:
    8:30 AM - 1:00 PM

  • Location:
    Willard InterContinental

    1401 Pennsylvania Ave NW

    Washington, DC 20004

  • Add to Calendar:



This event is co-hosted by the The International Center for Law and Economics and the Mercatus Center at George Mason University.
This conference will bring together legal and economic experts—authors and interpreters of this literature—with the policy community to distill the academic literature and to discuss the implications of this literature for the ongoing legislative and policy debates surrounding the regulation of interchange fees and credit card markets more broadly.



Payment cards are widely used by consumers today, accounting for nearly a third of all consumer transactions in the US.  The payment systems that facilitate these transactions are complex, comprised of millions of consumers, thousands of banks, millions of merchants and a host of intermediary entities that facilitate the processing of card payments.  Without a penny in her pocket, a consumer today can walk into almost any store, hotel, or restaurant in the world and walk out with goods or services.  A consumer can buy a car with a credit card; without one, she might not even be able to rent a car.



At the heart of the system is a controversial fee—the interchange fee—usually charged by a consumer’s bank to a merchant’s bank in order to facilitate a payment card transaction.  Defenders of the fee argue that it plays a critical role in allowing card issuers to persuade individuals to carry the card brand and merchants to accept it.  Without the interchange fee, the evolution from a paper-based payments system to a more efficient electronic system—particularly one incorporating not only a payment function but also a credit function—would be dramatically impaired and both consumer and merchant benefits would be largely undermined.



But merchants claim that the fee, even if necessary, is excessive, totaling billions of dollars a year more than the direct administrative costs of operating payment card systems—the only costs these merchants believe they should bear.  Based on these claims, some merchants have supported the regulation of interchange fees, at both the federal and state levels, and have engaged in a pervasive and heated campaign to build public and political support behind their efforts.



This conference schedule will include a lively, moderated discussion of the central issues in the debate and how they will—and should—play out on the political stage.  And, we will also host a session by noted economic and legal experts, discussing the policy relevance today of some of the classic literature informing the current debate.  Our day concludes with lunch and a keynote presentation from Todd Zywicki of George Mason University Law School on “The Economics of Payment Card Interchange Fees and the Limits of Regulation.”



Conference Speakers include:
Thomas Brown, O'Melveny & Myers LLP

Sujit Chakravorti, Federal Reserve Bank of Chicago

Thomas Durkin, Former Senior Economist, Federal Reserve Board

Mike Konczal, Roosevelt Institute

Geoffrey Manne, International Center for Law and Economics

Megan McArdle, Atlantic Monthly

Tim Muris, former Chairman, Federal Trade Commission

Felix Salmon, Reuters

Steven Semeraro, Thomas Jefferson University

Fred Smith, Competitive Enterprise Institute

Joshua Wright, George Mason University Law School
To register for this conference, please register below or contact Megan Gandee atmmahan@gmu.edu or by phone at 703.993.4967.


Reblog this post [with Zemanta]

Posted by John B. Frank 0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers