Debit Growth Is Still the Story As Visa And MasterCard File Results


The bank card networks have weighed in with their latest earnings reports, and operating statistics within them show debit continues to boom while the unprecedented, recession-induced credit contraction over the past year may be nearing its...



Visa's eCommerce Initiatives

In its earnings call last October, Visa CEO Joseph W. Saunders mentioned a new ecommerce solution being developed by Visa. He called it Right Click by Visa. On Wednesday's earnings call this week, he was asked by Dan Perlin of RBC Capital for an update. According to the earnings call transcript made available on Seeking Alpha, he said: Well I think the enhance checkout is something that we are pretty excited about and we intend to roll that out in a very big way in about six weeks. So, I think I'll leave that until Investor Day presentation [to be held in March- ed]. But I will tease you by telling you we are extremely excited about it, I think it'll be a big deal."



Wanted: Defense Against Online Bank Fraud

Wall Street Journal "Small businesses are really in a bind," says Avivah Litan, an analyst at Gartner Inc. "They need to protect themselves." Hackers often take aim at small



'Cloud Computing': What Exactly Is It, Anyway?


Wall Street Journal Finally, companies should know that they can kick the tires before they sign on for cloud services. Most providers, such as Salesforce.com, ...



TD BANK SLAMMED AFTER HACKERS STEAL $378,000 FROM POUGHKEEPSIE

Officials from Poughkeepsie have criticised TD Bank after hackers broke into the US town's account, stole $378,000 and transferred it to the Ukraine.  



HomeATM Developing Mobile Payment Card Reader

Card readers that attach to mobile phones suddenly have become a hot industry topic, and HomeATM ePayment Solutions is about to throw its own device into the mix, PaymentsSource has learned. Read More >>



PayPal Halts Payments to India

PC Magazine by Chloe Albanesius PayPal has suspended personal payments in India amid "questions" from business partners and other stakeholders.



Security chip that does encryption in PCs hacked

SAN FRANCISCO — Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks. Read article »



Spicing up the mobile pizza experience

KMWorld Magazine Zpizza will use the technology to provide its customers with a secure mobile commerce solution. The company also will be able to distribute customized



Mercator Looks at the Economics of Debit Acquiring

Mercator Advisory Group has published a new report titled "The Economics of Debit Acquiring". The report "provides an overview of the costs associated with enabling merchants to accept debit cards for payment. This report evaluates EFT network pricing trends and provides an in-depth analysis on the implications these trends will have on acquirers. This report also offers the U.S. market share for the top companies in payment acquiring, discusses ways in which share can be measured, and analyzes PIN debit's role in skewing market share depending on which metric is used."



Ex-MasterCard Execs Get Processor Set for US Web Gambling


Digital Transactions (February 9, 2010) In expectation that legislation regulating online gambling in the US will pass, the United Kingdom-based payments-processing company UC





Featured Article;




Are You Ready for the Risk of Mobile Malware?

Security Experts Warn: Mobile Phones, Services are the Next Big Targets

February 8, 2010 - Linda McGlasson, Managing Editor



The recent news that Nexus One smartphone owners were unable to send or receive data is just a precursor to what security experts say is the next big threat to mobile phones and services - mobile malware. According to Dr. Markus Jakobsson, a noted security expert in the field of phishing and crimeware, mobile phones -- especially smart phones -- pose the next big headache for security professionals. And financial institutions should be particularly concerned about risks to mobile banking.



"Hackers target data that can be turned into cash, and mobile banking services are a prime spot for them to target," says Jakobsson, principal scientist at the Palo Alto Research Center (PARC), a commercial innovation center. User behavior is part of the challenge. People who won't open a strange attachment to an email on their PC don't take the same precautions with their phones. "People have not connected that phones are computers, and that means they can get infected," Jakobsson says. "Especially since it is a social device, users get things from their friends so much more often on a smart phone." The other issue is pure security. "Cell phones are a higher risk because they aren't well protected," he says.



How Risky?



At present, the possibility of malware infecting mobile phones is low. "There is no mobile malware to speak of," Jakobsson says. "But once the magnitude of the problem goes up, the traditional measures used to detect malware on Macs and PCs will not be able to handle the load without draining a cell phone's battery."



Worse, he says, the smart phone platform will surpass the regular Windows platform on computers and become the biggest target for hackers within three years.



The projection by Credit Suisse analysts in 2009 saw the smart phone market expected to balloon to around 1.5 billion units. By comparison, worldwide unit sales of all mobile phones in 2009 were about 1.2 billion, and worldwide unit sales of all PCs in 2009 was projected to be about 300 million. These numbers mean that the malware writers will seize the opportunity to target mobile phones, Jakobsson predicts.



"Malware writers are just crooked businessmen," he says. "I imagine they are working overtime to create malware for the smart phone platforms." There are already malicious applications being spread by hackers for the android and iphone platforms, trying to steal banking credentials from unsuspecting users.



Potential Solutions




There are currently two kinds of countermeasures that could be used to detect malware on a smartphone. The first is signature-based. "Think of it as a party, and you have a bouncer looking at everyone's ID's before they can get in the party," Jakobsson says. "If their ID shows that they've behaved poorly as a previous party, they won't let them in." The second is a behavioral detection model that can be compared to looking at what people are doing while they are standing in line to get into a party. "If they are fighting or throwing up, the behavioral detection model will not allow them in." The drawback to these countermeasures is both are extremely taxing on a phone's batteries, and will drain them if they have to check every attachment coming in, Jakobsson notes. Software-based attestation has been researched for several years by several teams of computer scientists. Yet, all prior software-based attestation methods have proven unsuitable for use on handsets. Solutions designed for embedded devices for example, do not work on handsets. "The reason is that a malware agent on an embedded device cannot establish a radio connection to an external resource in order to cheat, whereas a malware agent on a handset can do that," he says. Other solutions require too much computation for handsets, and are only practical on powerful computers. "And most of [the potential solutions] have been found to have some security flaw," Jakobsson says.



Experts: Mobile Security 'Meltdown'




Jakobsson isn't alone, warning of the potential dangers of unsecured smart phones. Dr. Larry Ponemon, head of the Ponemon Institute, a noted privacy and information security research firm, also sees trouble ahead for entities seeking to secure their mobile phones. "Smart phones are computers with the capacity to capture and store significant amounts of information including network connection credentials," Ponemon says. "Our research shows that end-users of smart phones are more susceptible to surreptitious downloads -- including dangerous data stealing malware and botnets." Also, organizations are finding it difficult to prevent end-users from downloading strange applications -- especially when the device is owned by them. "In short, this is a perfect storm for a security meltdown," Ponemon says.



The kinds of mobile malware being seen today exhibit anomalous or aggressive behavior, says Srinivas Mukkamala, Chief Technology Officer at CAaNES, a private research arm of New Mexico Tech. He sees mobile malware evolving to be more stealthy and intelligent. "It is trying to steal sensitive data that's stored on mobile devices. The 'next generation' mobile malware-infected devices will show no obvious signs of infection, which makes detection harder," Mukkamala says. "Next gen will be more polymorphic and metamorphic in nature where they will have inbuilt capabilities to change and evolve rapidly to avoid detection (signatures are required to detect every time a variant is created)," he adds. They will also try to hide in the operating systems or bind to system files, making them harder to remove.



Mobile malware is going to become a fact of life, says Tom Wills, Security, Fraud & Compliance Senior Analyst at Javelin Strategy and Research, a security research firm based in San Diego, CA. "We don't yet have the mass consumer uptake that has happened on the online side," he says. "Many banks still don't offer fully functional online banking, yet. All you can do in many cases is find an ATM or check your balance. You often can't move money. The equation changes when you can move money." Wills agrees that the richest environment for mobile malware is smart phones, and while that's a very fast-growing segment of the market, he sees most Americans are still using older-generation handsets. He says that's because smart phones often use web browsers (i.e. mini-online banking), and browsers are more vulnerable to malware than are dedicated applications. The hacksters -- what Wills calls hackers and fraudsters who commit data theft -- will always follow the path of least resistance, and today that's still with the online channel - not mobile. "As soon as it becomes mobile, they'll be all over it," he predicts. He sees this happening within 18-24 months, when mobile banking and payments on smart phones become a mass market service, and when they commonly feature the ability to move money.


Posted by John B. Frank Wednesday, February 10, 2010

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers