Editor's Note:  This article from CPIFinancial, provides some good insight as to why a software based solution for online payments is not a good idea. 

It repeatedly hits the nail on the head enough times to drive home the importance of consumers "taking matters into their own hands" when it comes to protecting their card data, especially debit. 
Of course, one way is to swipe their own card in the privacy of their own home... instead of having it swiped by would be cyber-criminals.

I have emboldened parts of the article in an effort to embolden you with the knowledge that, plain and simple, HomeATM's personal swiping device (albeit, maybe not the sexiest) is the best looking approach when it comes to protecting consumers and their card data.


A "peripheraless" approach may be more attractive to retailers or EFT networks, but, unfortunately, it also is more attractive to fraudsters... (in fact,  it will attract them like flies.

As the article states, the biggest weakness is the PC, and if that is compromised, it doesn't matter what ANYBODY does...end of story.  Actually here's the beginning...


By: Mike Gallagher


Martin Dolan is CR2’s Chief Executive Officer. Dolan has over 20 years of experience in the banking software industry. During his three years as Director of Global Services at Kindle, he significantly expanded the Professional Services organization. In 1995, he became Director of Corporate Accounts where he was responsible fordeveloping business with existing large corporate clients.


There was a big scandal recently when it turned out that a lot of ATM cards and machines had their security compromised. Given that we are in an emerging market; it wasn’t entirely unexpected, was it?

Card fraud is highly lucrative, but what everybody forgets is that banks focus on fraud part time, but criminals focus on fraud full time. Criminals go after cards because it gives instant access to cash.

So where is the weakness in the banks?

The weakness is not in the banks. If you look at the internet banking side of it, the biggest weakness is your PC. If the PC is compromised, it doesn’t matter what the banks do to a large extent.

(Editor's Note:  Which is why I have, since day one, stated that a software based solution to PIN debit is NO SOLUTION, it is a marketing ploy, plain and simple.  It's giving people what they want, not what they need to solve the fact that online transactions are not secure and fraud will continue to grow.  Fraudsters ability to be constantly "swiping" consumers card data is solved by consumers "Swiping their own card" into their own personal secure SwipePIN device.

When we come to cards it is a different issue. If you look at the statistics you will learn a lot. The fraud rate on cards is around less than one per cent. It is 4.7 cents per $100. The macro economics for banks is that fraud doesn’t matter because they are hit by less than one per cent and their transaction fee and share of their revenue is phenomenal. Debit card revenue is worth around $9 billion a year. Fraud is a much smaller fraction of that.

Why is that important?

It is important because you can get some sense of it when you look at the economics. There are two types of debit cards. One is where you put in a card and add your PIN and the PIN is verified; and the other is where you simply sign a receipt. The key factor when you sign is that they normally don’t check online to make sure that you have the money in your account.


Fraud on a signature-based card is thought to be two-and-a-half-times that of PIN-based debit cards.

Yet, if you look at the revenue side for the bank, the profits that you get for a signature-based transaction for a bank is much higher than the revenue it gets from a PIN-based one. If you look at the reward schemes and incentives for the banks, then the banks are actually being given an incentive to get you to use signature-based cards over PIN-based cards because they make more money.

But the fraud is higher.

Exactly, there is an imbalance in the system. What the banks don’t seem to realize
(Editor's Note: oh they realize it)  is that while they are exposed to less than one per cent of fraud, the customer is exposed to 100 per cent.


If I have a fraudulent transaction on my debit card as opposed to my credit card, it is interesting to look at the difference. They clean out my debit card account - 100 per cent of my wealth could be taken through a debt card fraud. In this part of the world that is grievous. If I wrote a check for my rent and it bounced, I could end up in prison. The banks will inevitably take so long trying to sort it out and figure out whose fault it was, that you can imagine the rest.


It is different on a credit card because the credit card company pays up the money. They will send me the bill and I will look at it and say “I didn’t do those transactions” and I will send the bill back to them.

"So credit card fraud is much less important to customers than debit card fraud. Debit card fraud is crucial to customers." Editor's Note:  (and why they should be swiping their card data themselves instead of providing their personal account numbers to anyone lurking around waiting to "swipe" them.)


Most people eventually have their problems settled, although it could take anywhere between six weeks to six months. Try to think of all the stress and strain that you will go through over that period.


So there is a liability shift?

Absolutely. The bank reckoned that the liability shift, the cost of fraud by not checking the PIN, was a good equation for themThe whole issue is that fraud is based on economics and some of the economics are skewed.

Banks are being given an incentive by the fee system to get customers to use a less secure mechanism on cards.

The fee structure on a PIN-based card is less advantageous to the bank. There is another side to signature-based cards, and if you look at the US it is called NSF revenues. That means Non Sufficient Funds from revenues. If you swipe your card, you pay. The bank gets the transaction fee and when it comes in, your account goes into overdraft and they absolutely fleece you for fees, so they get more revenue.  That means the signature-based method can have even more financially edged advantages than just the interchange-based method.

So what happens to all this money? Where does it go?

There is thought to be something like $6 billion in fraud annually through cards and it ends up funding fraudsters and terrorists. No one is looking at the equation...



(continue reading, will open in a new window



Reblog this post [with Zemanta]

Posted by John B. Frank Thursday, November 20, 2008

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers