'URLZone' calculates just how much money to steal from a victim's account without raising suspicion
Sep 30, 2009 | 04:08 PM
By Kelly Jackson Higgins
DarkReading
A next-generation Trojan recently discovered pilfering online bank accounts around the world kicks it up a notch by avoiding any behavior that would trigger a fraud alert and forging the victim's bank statement to cover its tracks.
The so-called URLZone Trojan doesn't just dupe users into giving up their online banking credentials (passwords) like most banking Trojans do: instead, it calls back to its command and control server to specific instructions on exactly how much to steal from the victim's bank account without raising any suspicion, to which money mule account to send it the money, and forges the victim's on-screen bank statements so the victim and the bank don't see the unauthorized transaction.
Well, it's official...Clampi, Zeus and Conficker are NOT alone. I said in earlier posts that it would only be a matter of time before another threat to online banking reared it's ugly head. No I had to update my War of the World Wide Web graphic to include this one...(below)
I must admit, I didn't think it would happen this quickly. Again...it avoids detection (see what I mean about prevention being better?) and it takes advantages of the inherent weaknesses in the browser...and the fact that we stupidly (sorry...naivete is no longer an excuse) continue to "type" versus "swipe" when we authenticate ourselves online.
Introducing URLZone, a NEW Banking Trojan. You know what IT does? It steals the user's online bank account log-in information, accesses your account, begins draining it and rewrites the code to cover it up. You think I'm kidding right?
Oh...but I'm not...
New Malware Re-Writes Online Bank Statements to Cover Fraud
According to Wired, the malware, called URLZone, infects a computer when the user visits a compromised site, or a site set up by hackers.
Then, the program steals the user's bank account log-in information (because it is TYPED) and begins draining funds that it then sends to other designated accounts. However, the victim doesn't realize the money is missing because the program rewrites the text in the html code. So, when the browser displays the page, it looks like either no money has been stolen or just a small amount has been transferred.
Think it's time to start accessing our online bank accounts without typing yet? No? Read on:
The new Trojan, called URLZone, features a number of innovations not widely seen in Internet crime. For example, the Trojan can estimate precisely how much money to steal based on how much dough you have in your account, and can even siphon money in small increments to evade detection.
"It's a next generation bank Trojan," Yuval Ben-Itzhak, chief technology officer at Finjan, a cyber-security firm, told CNET News.com. "This is part of a new trend of more sophisticated Trojans designed to evade anti-fraud "detection" systems.
The infected machines ended up with a bank Trojan – in this case, the URLzone bank Trojan. This nasty piece of crimeware has the following features:
It logs credentials and activities of bank accounts
It takes screenshots of webpages served by the websites mentioned before Installed on the victims’ machines, it steals money from the compromised accounts
It hides its fraudulent transaction(s) in the report screen of the compromised account
Its C&C server sends instructions over HTTP about the amount to be stolen and where the stolen money should be deposited
It also logs and reportson other web accounts (e.g., Facebook, PayPal, Gmail) and banks from other countries
A Trojan horse is a type of malware -- or malevolent software -- that allows criminals unauthorized access to the user's computer system. Details of URLZone appear in a new report by Finjan's Malicious Code Research Center.
URLZone takes advantage of vulnerabilities in web browsers, including Firefox and Internet Explorer, then executes a program on Windows systems -- which means if you're running a Mac, you're safe. For now!
The world wide web is under attack. There are two distinct ways we can fight back. Our chances to win are SLIM and None. Your Choice. You can choose between what is pictured on the left or you can choose what is pictured on the right. It's your World Wide Web, ask your financial institution to put a SLIM into your hand and you will eliminate the environment in which the attackers flourish...
The PIN Payments Blog has spent a lot of time on Zeus and Clampi, two Bank Trojans. However, before anyone heard of either Zeus or Clampi, Conficker has made news for almost a year. (really just noise, because nobody knows what it's going to do)
Conficker is analagous to having extremely large UFO's appear and then simply hover over every major metropolitan city in the world. There's really nothing we can do. It may simply be the the mother-ship for Clampi and Zeus who have been sent down to explore how to perpetrate the most damage.
According to PandaLabs, 60% of computers worldwide are now infected with malware, there is a list of 4500 Financial Institutions, that, when visited, alert the Bank Trojans to steal log-in credentials. So what do we do?
Well, in War of the Worlds, it was the environment that killed the threat. The environment we are using (typing) is allowing the threat to "flourish"...
There are two environments enabling all threats. 1. The Browser. (solution: Conduct Financial Transactions "outside" the browser with a separate machine such as HomeATM's SLIM) 2. "Card Not Present" Fraud. (solution: Eliminate the CNP environment by Swiping instead of Typing) Therefore, it only makes sense, that if we want to save the World (Wide Web) from being taken over by Hackers, we need to change the environment into one where they cannot survive.
How do we do that? We eliminate typing and we start "swiping"...they cannot swipe what they cannot see. With 2FA 3DES DUKPT E2EE PCI 2.x Certfied PIN Entry Device, they would need to put a camera in every home in order to steal our cardholder data.
And guess what. That is NOT gonna happen. In the meantime, we can only watch in horror as it gets worse...and worse it will get.
Here's a clip from an article written by KJH at Dark Reading about Conficker:
Conficker Showdown: No End In Sight
Reinfected machines likely part of the 5.5 to 6 million-strong Conficker headcount
Sep 29, 2009 | 04:44 PM By Kelly Jackson Higgins - DarkReading
Security researchers have picked it apart, vendors have banded together to fight it, and most users have at least heard of it after it made the mainstream media for a possible April 1 activation that never happened -- but the Conficker worm just won't go away. Its bot count has remained steady at around 6 million machines since this summer. And no one really knows what its operators have in store for all of that firepower.
"We continue to see infection rates at a very high level, especially for the A and B variants [of Conficker]," says Andre DiMino, director of the Shadowserver Foundation, which tracks Conficker infections for the Conficker Working Group. "We've done a good job at getting a grasp on Conficker itself and its architecture, and have also had great response from groups within the Conficker Working Group. Now we just need to be a little more aggressive in remediation and with more awareness to really make a concerted effort to get this thing cleaned up."
What concerns security researchers is that despite all of the resources and attention being poured into eradicating Conficker -- Microsoft even offers a $250,000 bounty to catch the people behind the worm -- infections just keep coming worldwide. "It continues to be a giant engine idling, and we wait and see what they're going to do with it," DiMino says.
HomeATM Ranks Tops at Preventing Identity Fraud with Two-Factor Authentication. (2FA) It's great to detect Identity Fraud, but isn't it better yet, to PREVENT it? I know this might "sound" a little "sardonic" but really, it isn't. Some consider hackers to be the equivalent of a cancer on the web. So I ask you...
If hacking is a cancer, would you rather be on a regimen aimed at preventing" the cancer from occurring...or one that "detects" it after it's too late? Last I heard, cancer treatment (even after "early" detection) wasn't a whole lot of fun.
Well, neither are the steps necessary to "cure" the problems associated with Identify Fraud. So, given the two choices...I choose Prevention over Detection all day long. And You?
With 2FA:
1. What you have (your card) is SWIPED. What they (Hackers) have is your card NUMBER. (which, was also "swiped" albeit a different kinda swipe, as it was stolen) All they have to do it "type it" or "enter it".
2. What YOU know is (YOUR PIN). What they (Hackers) know, is that in a "card not present" environment, they don't need it. Therein lies the problem. There's not an OUNCE of prevention. So we are left with detection. Speaking of detection, if that's the best choice I am left with, then let me at least detect something meaningful...
I detect that we're doing it wrong... Here's a definition. I added the part in blue: detect - discover or determine the existence, presence, or fact of; "She detected high levels of lead in her drinking water shortlybefore she died of lead poisoning"
Here's Discover's Press Release:
Discover ranks tops in detecting identity fraud. What does that mean exactly?
Riverwoods, Ill., Sept. 22, 2009 -- Discover ranks best in identity fraud detection among the top 25 U.S. credit card issuers in Javelin Strategy & Research’s yearly assessment of identity safety in the credit card industry.
In addition to the top rating on detection, Discover came in second overall on the fifth annual Card Issuers’ Identity Safety Scorecard by Javelin, a leading independent provider of financial services research and analysis. The scorecard also rates issuers on identity fraud resolution and prevention.
“Discover makes a constant effort to anticipate, create and deploy methods of protecting the identities of our cardmembers,” said Carlos Minetti, executive vice president of cardmember services and consumer banking. “Effective fraud detection is important in preventing customer disruption, as well as helping authorities track down criminals in the act. Our cardmembers and merchants depend on us for protection; it’s a responsibility we don’t take lightly and an effort that demands continuous vigilance and improvement.”
Discover has ranked among the top-scoring issuers since Javelin began the Identity Safety Scorecard five years ago.
Researchers score issuers on more than 40 criteria across the prevention, detection and resolution spectrum, including the establishment of various forms of authentication, transaction alerts and 24/7 account suspension and customer service.
Available security features for Discover cardmembers include:
$0 fraud liability
Secure online account numbers for Internet transactions
Discover Financial Services (NYSE: DFS) is a leading credit card issuer and electronic payment services company with one of the most recognized brands in U.S. financial services. Since its inception in 1986, the company has become one of the largest card issuers in the United States. The company operates the Discover card, America's cash rewards pioneer, and offers student and personal loans, as well as savings products such as certificates of deposit and money market accounts. Its payments businesses consist of Discover Network, with millions of merchant and cash access locations; PULSE, one of the nation's leading ATM/debit networks; and Diners Club International, a global payments network with acceptance in 185 countries and territories. For more information, visit www.discoverfinancial.com .
Plus: Register by October 9 with priority code EBPENN for a chance to win a pair of tickets to Penn & Teller.*
Concerned about cloud computing, next-stage virtualization and cost optimization?
Right now, you're tasked with securing real business value for the organization. That means understanding the impact and application of fast-developing technologies and trends, and knowing the best route to take to optimize costs without sacrificing the performance of your data center.
Get the guidance you need at the Gartner Data Center Conference.
It's a must-attend that couldn't come at a better time. You'll have in-hand innovative solutions as you plan your 2010 budget and prepare to:
Deliver lower TCO and higher quality of service.
Organize and staff in tough times.
Maximize the productivity of existing systems and services.
Rein in burgeoning power, cooling and space requirements.
Apply the concept of "lean IT" to your infrastructure and operations.
Manage virtual server sprawl.
... and much more.
Expect the focus and resources you need to do more with less in the year ahead.
More than three days of step-by-step best practices to save you the time and frustration of going it alone. We deliver on the issues you're grappling with right now.
You'll be at the center of information-rich exchanges with top experts, your own data center peers and our team of highly accessible analysts. Book your Analyst One-on-One sessions and Analyst/User Roundtables early to lock in the analyst and topic of your choice. Registration for both opens October 8.
*A limited number of tickets are available, so register soon!
Register today and save
Register by October 9 and receive a $200 early-bird discount.
Register by October 9 to get your $200 early-bird discount, plus a chance to win a pair of tickets to Penn & Teller when you use priority code EBPENN.*
Newly announced Gartner invited end-user case studies: AAA Northern California, Nevada & Utah, GE, U.S. Defense Systems Information Agency and United Technologies Corp.
Secure your place at Analyst One-on-One sessions and Analyst/User Roundtables. Registration opens October 8.
Visit the Agenda Builder and map out your conference experience.
Secure your place by October 9 at the Gartner Data Center Conference and receive a $200 early-bird discount. Go to gartner.com/us/datacenter or call 1 866 405 2511.
The most enduring source of data center knowledge with unmatched breadth and depth.
Ken Lewis stepping down as CEO of Bank of America on January 1st 2010.
According to the New York Times, "
"Mr. Lewis held a phone call with the bank’s board earlier Wednesday to tell them that he had decided to retire, said two people briefed on the situation. The board accepted his decision but did not name a successor. The board will continue evaluating possible successors.
Mr. Lewis, 62, has been under immense pressure since the bank merged with Merrill Lynch at the start of the year. He struck a deal to purchase the investment bank last fall, a move that pushed Bank of America toward a second bailout from the government in January.
Bank of America, which has received $45 billion in taxpayer bailout money, last week announced several measures to cut its reliance on federal aid. Shareholders, upset about the second bailout and the dilution of their shares caused by the deal, voted in the spring to strip Mr. Lewis of his chairmanship. That was a major blow to Mr. Lewis, but he showed no signs at the time of a willingness to depart."
Just when it seemed it could not get any worse, the future of typing in username's and passwords for online banking looks more dim than ever. A new PandaLabs Report says worldwide computer malware infections grew 15% in ONE MONTH and now stands at 60%. WOW! Seems to me, it's not only online banking authentication with a big problem, it is also eCommerce sites and online shopping.
As if that is not bad enough, they report that U.S. computers are infected with the most dangerous malware strain... Banking Trojans. Those are the ones that steal online banking credentials...including log-in details, credit and debit card numbers and one-time passwords. There are currently three, (that we know of) Clampi, Zeus and Conficker. Arguments abound about which one is the worst, although everyone is in agreement that all three are present a clear and unprecedented danger. (When three tornadoes hit, and all three are F-5's I don't see the need to determine which one is more dangerous)
The problem is simple: Browsers, and the fact that consumers use them to log-in. I want to be "as clear" as the username and password data that travels through the web. Anything that utilizes the web browser for security is USELESS! (See what Gartners' Avivah Litan has to say on the subject matter)
I am NOT implying that banks are not making an effort to secure their customers log-in. They have been...and they've wasted...(sorry, I meant) "spent" millions of dollars on software-based solutions.
What I AM implying is that the (software) band-aid approach is (was) the wrong way. It never fixed anything, it only temporarily patched it.
Every time hackers come up with a new way to get in...banks can attempt to patch it with a band-aid solution, but what about the risk of infection? (ooops.!)
Besides, even without the risk of "infection"...patching a leak in the roof only provides the opportunity for water (hackers) to find the path of least resistance...(i.e.) it only buys time until hackers figure out how to bypass...it does not SOLVE the problem. Therefore by adding another layer of non-security (another question, a one-time password, etc.) banks only "delayed the inevitable." The inevitable has arrived. A 15% GAIN in ONE MONTH. Only 40% to go. 60% of computers worldwide are now infected with malware. The U.S. is infected with Bank Trojans. Guess what? The Hackers won. Game Over.
Now we need a whole new roof. HomeATM (which authenticates the user "outside" the browser) is that roof. We need a new way to authenticate online banking customers, and there's no better way to do it than to replicate the same way entrusted by banks and consumers alike to gain access to their bank account via an ATM.
It's is Time. It is a No-Brain-er. I know it, you know it, banks know it, everybody knows it...even (some of the) media knows it.
Fortunately for banks and their customers, it just so happens that our SLIM device also enables person-to-person, account-to-account and person-to business (online bill pay) transfers in real-time. It also enables the bank to derive income from transactions conducted by online shoppers. The best news is that it would cost banks $25.00 and banks give away $50-$200 dollars to gain new customers already. (see Useless Bank Promos)
Let me try and Oversimplify the Solution to this Gigantic Problem
If online banking authentication (and online shopping) were done "outside" the browser, then what's "inside" the browser really doesn't matter.
• Average number of worldwide infections grew 15 percent over last month
• Global infection ratio hits all time high this year at nearly 60 percent
PandaLabs, Panda Security’s malware analysis and detection laboratory, today announced that it has detected a 15 percent increase in the total number of malware-infected computers in September in comparison to the previous month of August. According to data gathered from users that scanned and disinfected their computers with the free Panda ActiveScan online antivirus, the average infection ratio rose to 59 percent, the highest rate this year.
In comparison to the infection rates of 29 countries, the U.S. ranks ninth with an infection ratio of 58.25 percent, just below the worldwide average. Taiwan has the most infected PCs, with a 69.10 percent corruption, followed by Russia and China at 67.99 percent and 61.97 percent, respectively. The country with the least infections is Norway at 39.60 percent. To view a table that outlines the percentage of infected computers by country, please visit: http://www.flickr.com/photos/panda_security/3963144168/.
According to Luis Corrons, Technical Director of PandaLabs, “There is a false sense of security, as users perceive there to be no real danger at the moment. When their computers get infected, they rarely notice any symptoms.”
Panda’s study revealed that U.S. computers are infected by the most dangerous malware strains: Trojans, followed by adware, worms and viruses. To see the number and types of malware on infected computers in the U.S., please visit:http://www.flickr.com/photos/lithium-/3963437003/sizes/o/.
“This is a clear sign that hackers are becoming more and more sophisticated,” explains Corrons. “Cybercriminals have found news ways to spread their creations, frequently exploiting the latest news stories to launch attacks through social networks, videos, and email. The huge amount of Trojans in circulation is due to the spectacular increase in the number of banker Trojans aimed at stealing user's (online banking) data.”
Cred-Ex, a leading provider of alternative payments to Online Retailers, and TheShoeMart.com reached a definite agreement to add Cred-Ex's online payment method to their website.
Secaucus, New Jersey (PRWEB) September 30, 2009 -- Cred-Ex, a leading provider of alternative payments to Online Retailers, and TheShoeMart.com reached a definite agreement to add Cred-Ex's online payment method to their website. Cred-Ex's instant credit solution will be enabled through CardinalCommerce's Centinel® payment platform.
"Cred-Ex gives us another way for our customers to pay," said Dan Zapatka, TheShoeMart.com's Internet Operations Manager. He adds, "Their proven platform will give our customers deferred billing options and instant credit enabling our customers to pay on their terms. Cred-Ex was an attractive choice for TheShoeMart.com in delivering an alternative payment solution to our customers. Through our alliance with Cred-Ex, TheShoeMart.com is further enhancing our customers' shopping experience," said Zapatka.
George Eubank, Senior Vice President, Sales, said, "Cred-Ex is very excited about working with TheShoeMart.com. Being family owned and in business for over half a century, TheShoeMart.com understands their customers' need for instant credit and deferred billing options, especially in an economic environment where credit granters are slashing credit limits and raising fees."
TheShoeMart.com will enable the Cred-Ex solution through CardinalCommerce's flagship product, Cardinal Centinel®, the worldwide leading authentication and alternative payment platform. Cardinal Centinel offers merchants multiple payment brands through one single streamlined integration. Once integrated to the patented Centinel platform, TheShoeMart.com will have the ability to offer their customers over twenty-five secure payment options, including Cred-Ex, quickly and easily.
About TheShoeMart.com:
TheShoeMart.com is an online retailer of the most sought-after brands of shoes, such as Alden shoes. Styles are available for men, women, and children. They are a family-owned business that has served customers for more than 45 years. For more information on the latest styles of shoes and to find one in the size you're looking for, please visit http://www.TheShoeMart.com or call 800-850-7463.
About Cred-Ex:
Cred-Ex (www.cred-ex.com) is the main brand of Emerging Payments Technologies, Inc. that has been a leader in alternative billing for over 10 years. Emerging Payments Technologies, Inc. began developing the Cred-Ex platform and brand in 2004 to lead the trend in online billing, e-Commerce, and now m-Commerce. Express Verifiable Authorization is the corner stone of the Cred-Ex process. Patented in 2007*, it allows Cred-Ex to identify applicants and make instantaneous credit decisions in less than 5 seconds. Cred-Ex's owners have built several major companies and are recognized leaders in Europe in the main stream and alternative payments industry.
*Patent #US 7,177,837,B2
About CardinalCommerce:
CardinalCommerce Corporation is the global leader in enabling authenticated payments, secure transactions and alternative payment brands for both e-Commerce and mobile commerce. Cardinal Centinel®** enables payment brands such as Verified by Visa, MasterCard®, PayPal™, Google™, Amazon, eBillme™, Cred-Ex®, and more to a network of over 50,000 merchants.
Cardinal's mobile platform, Cardinal MAX™, makes it easy for merchants to sell through the mobile channel by linking them directly with consumer mobile phones. Cardinal's proprietary and easily deployable technology provides consumers, merchants, credit/debit card issuers, and processors with the ability to conduct authenticated Internet, wireless, and mobile transactions safely and securely.
Headquartered in Cleveland, Ohio, with facilities in the United States, Europe, and Africa, Cardinal services a worldwide customer base. For more information, visit www.cardinalcommerce.com.
**Patent #US 7,051,002 B2
Cred-Ex contact: George Eubank, Senior Vice President, Sales
Electronic Payments Council says 7-Eleven was Deceptive and Bends the Truth. Petition Not What it Appears to Be..."Tricked" Consumers into Signing It...
Washington D.C., Sept. 30, 2009 -- In response to the press conference held by 7-Eleven and the National Association of Convenience Stores regarding their petition, the Electronic Payments Coalition issued the following statement:
"It is the height of irony that a convenience store, which regularly marks up their products by as much as 500 percent for 'convenience sake,' doesn't want to pay for the convenience of accepting cards. They want their customers to pay for that convenience, too. Enough is enough.
"This petition is not what it appears to be. 7-Eleven used deceptive language to trick their customers into signing something they thought would save them money. How many would have signed a petition that said, 'sign here if you want to pay more to use your debit or credit card, so we can profit?'
"Merchants understand that when they accept debit and credit, their sales go up by as much as 50 percent, their profits increase, and they relieve themselves of significant risk and bookkeeping headaches. But some merchants, like 7-Eleven, think that their customers should pay for this service instead, and that's not fair.
"We urge Members of Congress not to be fooled by this convenience store stunt - a clear and obvious attempt to line their pockets."
New Survey Results Reveal Serious Concerns About 7-Eleven Petition Consumers Say Merchants Should Pay Their Own Bills for Payment Card Acceptance, and Not Pass Those Costs on to Their Customers
They Also Say No to Interchange Legislation When They Understand How it Would Impact Their Wallets
Purchase, N.Y, September 29, 2009 - Three quarters of respondents in a new consumer survey believe the fees merchants pay for accepting credit cards are just a cost of doing business, and that merchants should pay those fees. These consumers recognize that merchants receive significant benefits from accepting payment cards, and that merchants should pay for those benefits.
“Electronic payments provide extraordinary value to consumers, merchants and the economy,” said Chris McWilton, President, U.S. Markets at MasterCard Worldwide. “Consumers appreciate that the ability to use a payment card is a win-win for them and for the merchants they visit. It’s undeniable that electronic payments drive value for all merchants.
“It’s surprising that 7-Eleven, a company that prides itself on convenience, would mount such an aggressive campaign against the most convenient form of payment. Even 7-Eleven itself has said many times that accepting payment cards increases their sales, enhances safety and convenience for store operators, and improves customer satisfaction,” said McWilton.
Over the summer, 7-Eleven and other convenience store operators ran a highly questionable petition drive, encouraging their customers to support legislation that would regulate the fees merchants pay for the many benefits they receive from accepting credit and debit cards.
Recent research found, however, that many consumers may have been duped into signing the petition. While initially many consumers said they would support legislation to regulate merchant fees, that support dramatically shifts to opposition once consumers understand the truth. A full 75% of consumers said they would oppose the legislation once they understood that it would cost them more through higher fees to use their payment cards.
“When you look closely at the petition, it looks like 7-Eleven sold consumers a bill of goods by implying consumers would save money if Congress regulates merchant fees,” McWilton said. “7-Eleven never mentioned what really happens when you regulate interchange fees and consumer support for their petition evaporates once they understand its consequences. Congress should not allow 7-Eleven and other merchants to use legislation to shift their costs to consumers.”
Shawn Miles, Head of Global Public Policy at MasterCard stated: “To understand what would happen to American consumers if 7-Eleven got its way, you only need to look at what happened when the government of Australia artificially lowered interchange. Consumers there are now paying significantly higher fees to use their credit cards and receiving fewer benefits, while no one has found any real evidence that merchants lowered prices. Merchants simply pocketed the savings, and consumers were disadvantaged. None of that, however, was explained in 7-Eleven’s petition.”
A report on the consequences of the Australian regulation by an economist with the London-based economics group CRA International found that fees on some cards have gone up almost 80%, benefits have been reduced, and some customers face excessive surcharges when they choose to use their cards.
The consumer research, which was designed to assess consumer opinion on card acceptance fees and consumer perceptions of the recent counter-top petition promoted by 7-Eleven and other convenience store operators, found that three in four consumers are opposed to being charged more for using a credit card and 73% agree that the debate over fees is really just a fight between merchants and banks.
Highlights of the research include1:
Even among initial supporters, three in four (75%) oppose the legislation when it would end up increasing the fees they pay for their payment cards; including 55% who strongly oppose it.
Almost three in four (73%) say that “the cost of accepting credit card payments” is something merchants should pay as part of their costs of doing business.
Almost three in four (71%) agree that it would not be fair for consumers to pay the merchants’ cost of operating a credit card system.
Almost three in four (73%) agree that paying for card acceptance is a good investment for merchants because accepting credit cards helps their business.
Support for 7-Eleven’s petition was associated with a fundamental misunderstanding of the impact of reduced merchant fees on consumers. Of those consumers who were inclined to sign the petition, 80% mistakenly believed that consumers would directly and immediately benefit from a reduction in merchant fees.
“What is clear from the results of this survey is that not only do consumers believe that merchant fees are a reasonable cost of doing business and something merchants should pay, but they also recognize that a retailer’s acceptance of payment cards is an investment in growing their business,” said Miles.
Eric Grover, a principal at Intrepid Ventures, a leading payments industry consultancy, said: “In my view 7-Elevens’s campaign was willfully deceptive. It invited unsuspecting consumers to petition for government regulation that will cause higher card fees and a reduction of the benefits they take for granted. Would people have signed a petition asking them to pay additional fees on their credit and debit cards and give up benefits so merchants could pay lower fees? I doubt it. I find it troubling that merchants want Washington to get involved in what their fees are, rather than letting competition determine them.”
Editor's Note: Touche'
About MasterCard Worldwide
MasterCard Worldwide advances global commerce by providing a critical economic link among financial institutions, businesses, cardholders and merchants worldwide. As a franchisor, processor and advisor, MasterCard develops and markets payment solutions, processes approximately 21 billion transactions each year, and provides industry-leading analysis and consulting services to financial-institution customers and merchants. Powered by the MasterCard Worldwide Network and through its family of brands, including MasterCard®, Maestro® and Cirrus®, MasterCard serves consumers and businesses in more than 210 countries and territories. For more information go to www.mastercard.com.
Convenience Store News wrote an article on MasterCard's new survey which revealed that three-quarters of respondents believed that fees paid by merchants are a cost of doing business. The war rages on.
By Barbara Grondin Francella - CSN
September 29, 2009 - DALLAS -- MasterCard Worldwide fired back against convenience store chain 7-Eleven Inc. yesterday, stating the c-store operator's recent consumer petitioning against 'unfair" credit card fees was "misleading" to customers, who actually believe merchants should pay the costs of accepting credit and debit cards.
According to survey results released by MasterCard, three-quarters of respondents believed the fees merchants pay for accepting credit cards are a cost of doing business and merchants should pay those fees. "These consumers recognize that merchants receive significant benefits from accepting payment cards, and that merchants should pay for those benefits," MasterCard said in a statement.
MasterCard President, U.S. Markets Chris McWilton said: "It's surprising that 7-Eleven, a company that prides itself on convenience, would mount such an aggressive campaign against the most convenient form of payment. Even 7-Eleven itself has said many times that accepting payment cards increases their sales, enhances safety and convenience for store operators, and improves customer satisfaction."
In response, 7-Eleven spokeswoman Margaret Chabris told CSNews Online the c-store chain is "in favor of plastic -- it is a convenience for our customers. We don't oppose transaction fees. We just want them to be fair."
The credit card company called 7-Eleven's petition drive "highly questionable" and said "consumers may have been duped into signing the petition."
While initially many consumers said they would support legislation to regulate merchant fees, that support dramatically shifted to opposition once consumers "understood that it would cost them more through higher fees to use their payment cards," MasterCard said.
Brookfield, Wis., September 30, 2009 - PIN Payments News Blog - Fiserv, Inc. (NASDAQ: FISV), the leading global provider of financial services technology solutions, today unveiled iCom 4.0, the newest version of its market leading, web-based cash supply chain management solution.
iCom from Fiserv helps financial institutions minimize cash holdings and reduce expenses, while maximizing the availability of cash for customers. The enhanced usability and efficiency of the iCom solution includes a new enterprise dashboard and new tools for managing ATM and branch cash.
"The need for financial institutions to reduce non-earning assets and optimize revenue is critical in today?s market," said Nicole Sturgill, research director, Delivery Channels, TowerGroup. "Using a cash supply chain management solution will allow financial institutions to reduce cash handling, transportation and ATM outage costs, while still providing a world class customer service experience."
An example of the Fiserv core competency in payments, iCom is a web-based cash management solution for branches, ATMs, vaults and transportation providers that is designed to deliver cash inventory and expense reductions . Scalable for any size institution, iCom is designed to allow cash supply chain data and tools to be securely accessed, managed and shared ? from any desktop, at any time and from any location. iCom is available as an in-house installation or Software as a Service (SaaS) model, with clients of any size choosing the SaaS model for its scalability, budget flexibly and cost savings.
"iCom from Fiserv has had proven success over the past eight years with more than 120 implementations, in more than 23 countries and 12 languages. Our clients have effectively lowered the cost of delivering cash to their customers while maintaining high levels of availability, by centralizing and automating the cash management process with iCom, among other things. We've changed the way people do business in this industry," said Brian Jorgenson, director of Cash & Logistics Product Management, Fiserv. "iCom 4.0 is a real milestone for us and shows our continued commitment on product leadership and innovation. iCom 4.0 is not just a new face; we're introducing enhancements in all facets of the product. We've listened to our customers and created the next generation cash supply chain management solution to deliver additional value to our customers."
Using the latest technology to create a rich user experience, iCom 4.0 is designed with the user in mind. Mailboxes, dashboards and email alerts empower the user to make quicker decisions and integration to eiManager and TrackPoint from Fiserv provides the user with real-time device status updates and the ability to track orders and shipments for greater visibility and accountability. iCom 4.0 introduces advanced order management tools with greater flexibility and automation to further drive down cash handling costs and improve availability for customers.
About Fiserv
Fiserv, Inc. (NASDAQ: FISV) is the leading global provider of information management and electronic commerce systems for the financial services industry, driving innovation that transforms experiences for financial institutions and their customers. Ranked No. 1 on the FinTech 100 survey of top technology partners to the financial services industry, Fiserv celebrates its 25th year in 2009. For more information, visit www.fiserv.com.
Find out how our patented technology can empower your financial institution.
Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)
There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.
Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."