Reuters is running a story about how Visa and MC are looking to further penetrate emerging countries.  Makes sense, but it would make even more sense if one of them would step up to the plate and offer a "truly" secure way for consumers to make online purchases.  Debit has overtaken credit, Brick and Mortar is reeling in the wake of the economy...yet eCommerce is still growing.  PIN Debit is the most popular form of payment even though signature debit is being pushed.  So put it all together and what do you have?   A PCI 2.x Certified 3DES DUKPT encrypted solution designed for credit,  debit and PIN debit eCommerce transactions.  How do you get it into the hands of consumers?  Co-op distribution via your financial institutions who would benefit from Secure Two-Factor Authenticated log-on to their online banking sites and eliminate the threat of phishing, cloned bank websites and DNS hijacking.  Now you've got everything you need to put together a real-time bill payment program, secure P2P and B2B real-time money transfer platform and the most secure eCommerce transaction in the business.  Carpe Diem!

NEW YORK (Reuters) - Visa Inc (V.N) and MasterCard Inc (MA.N), the world's largest credit card networks, are counting on foreign markets for the growth that recession-bound U.S. consumers have been unable to provide.

Overseas markets have contributed to the bottom line at both Visa and MasterCard with double digit revenue growth rates in recent years, helped by a shift among consumers worldwide to using plastic where they once used cash and checks.

But foreign markets became truly crucial last year -- sustaining the revenue and earnings of both firms, despite a steep decline in credit card use in the United States -- still by far the largest market for both companies.

In comparison, emerging countries from Mexico to South Korea -- and even economies such as Japan and Germany that are developed, but are underpenetrated by credit and debit cards -- could become the engines of growth ahead.

"In Russia, in Brazil, in the United Arab Emirates, in Taiwan, even in China and Japan, while we see some good activity or strong activity, it's potentially much stronger when those economies start to do better," Visa's Chief Executive Joseph Saunders said in an interview.

"We are very entrenched in every one of those places and we are looking to get a lot more of attraction."

Continue Reading

Related articles by Zemanta

• Debit Surpasses Credit for the1st Time in Visa History (Volume & Transactions) (pindebit.blogspot.com)

Commerce Commission and Visa reach agreement to settle credit card interchange fee proceedings
Release no 16, Issued 12 August 2009

The Commerce Commission has signed an agreement with the Visa International Service Association and Visa Worldwide Pte Limited (Visa) settling the Commission’s claims against Visa in relation to credit card interchange fees. The Commission’s proceedings allege that the rules of the Visa scheme providing for the payment of multilateral interchange fees, together with related rules, breached the restrictive trade practices provisions of the Commerce Act.

As a result of the agreement, Visa will make changes to the way the Visa scheme rules will apply in New Zealand. Those changes are:

• Creditcard issuers will now be able to individually set the interchange ratesthat will apply to transactions using their credit cards, subject tomaximum rates determined by Visa. These rates will be publiclyavailable.
• Merchantswill no longer be prevented from applying surcharges to payments madeby credit cards or by specific types of credit cards. Merchants willalso be able to encourage customers to pay by other means.
• Visahas confirmed that non-bank organisations or companies who might wishto provide acquiring services to merchants are permitted to join theVisa network as acquirers if they meet relevant financial andprudential criteria.

“The Commission considers that the agreed changes to the Visa rules will, over time, improve competition between companies that provide credit card services to retailers in New Zealand. Those changes are in the long-term best interests of both New Zealand consumers and retailers,” said Commerce Commission Chair Dr Mark Berry. “The Commission considers that this increased transparency will assist retailers and customers in making decisions about their payment choices.”

“The Commission welcomes Visa’s initiative in approaching the Commission with a forward looking resolution to the competition concerns that the Commission’s claim raised. This has enabled a resolution to be reached which supports the Commerce Act’s goal of promoting competition for the long term benefit of New Zealand consumers,” said Dr Berry. The agreement also reinforces the Commission’s stated approach to resolving issues in the most timely, cost-effective way.

Visa has agreed to contribute NZD 2.6 million towards the Commission’s costs to date in bringing these proceedings.

On the basis of the settlement agreement the Commission will be seeking leave to discontinue its proceedings against Visa in the High Court.

The Commission’s claims against ANZ National Bank Limited, Bank of New Zealand, Westpac New Zealand Limited, ASB Bank Limited, Kiwibank and TSB Bank Limited in relation to interchange fees in the Visa scheme continues, as does its claim against those banks, MasterCard and The Warehouse Financial Services Limited in relation to the MasterCard rules. The Commission’s remaining claims will be heard at the High Court in Auckland in October this year.

The Commission will be making no further comment at this time, due to the remaining claims yet to be heard.

A public version of the settlement agreement can be found attached to this media release on the Commission’s website.

International action on interchange fees. Interchange fees have been scrutinised by many international regulatory agencies. In 2003, the Reserve Bank of Australia moved to regulate the level of interchange fees, reducing the fees over time from 0.95 per cent of transaction value to less than 0.50 per cent. Public and private competition enforcement actions have also been brought in respect of interchange fee arrangements in numerous jurisdictions, including the United States and the UK.

Background

Interchange fees. Eachtime a New Zealand Visa or MasterCard cardholder makes a purchase, thecard accepter (usually a retailer or service provider) pays a fee totheir own bank as part of the payment authorisation process. That feeis comprised mainly of the interchange fee, which is paid to thecardholder’s bank.

Visa and MasterCard purchases occur in a four-party card system, which operates as follows:

• Cardholder purchases goods or services from a merchant;
• Merchant sends the transaction details to its own bank (acquiring bank);
• Acquiring bank sends the transaction details to the bank or financial institution that issued the card (card issuing bank);
• Card issuing bank pays the acquiring bank the retail price of the goods or services less the interchange fee;
• Acquiring bank pays the merchant the retail price less a merchant service fee;
• Card issuing bank debits the retail price from the cardholder’s account.
  
  

Theretailer or service provider that has incurred the interchange fee isnot allowed to recover the fee from the cardholder, so must average outthe cost of that fee across all of their sales. This increases the costof every item or service sold by businesses which accept Visa orMasterCard. All customers of those businesses bear that averaged fee,regardless of whether the customer pays by credit card, cash, EFTPOS oranother payment method.

Figure of Flow of Payments in a Credit Card Transaction (see top of the page)

Credit card usage in New Zealand. Transactionson New Zealand Visa and MasterCard cards totalled $19 billion in 2004.(NB: This figure covers transactions made anywhere in the world, butthe Commission’s action concerns only payments made in New Zealand.) In 2004 there were approximately 2.1 million Visa cards and 900,000 MasterCard cards in use in New Zealand. In 2004 Visa had 61 per cent of the New Zealand credit card billings, and MasterCard had 29 per cent of the market.

Relevant sections of the Commerce Act. Theproceedings are brought under sections 27 and 30 of the Commerce Act1986. Section 27 prohibits contracts, arrangements or understandingsthat substantially lessen competition. Section 30 prohibits pricefixing, which is when people or businesses that are in competition witheach other agree to control, fix or maintain the prices for the goodsor services that they supply. Price fixing is deemed to substantiallylessen competition under section 27 of the Commerce Act.

Penalties.The Commerce Act provides for penalties for price-fixing of up to thehigher of $10 million per breach, or either three times the commercialgain resulting from the breach or 10 per cent of a company’s turnover.

National Retail Federation Poll: Small Retailers Struggling To Understand PCI

Nearly 86 percent are familiar with PCI, but nearly half can't demonstrate their compliance with the payment card standard

Aug 11, 2009 | 03:46 PM By Kelly Jackson Higgins
DarkReading

First the good news: Most small retailers say they know about the Payment Card Industry's Data Security Standard (PCI DSS). But the bad news is they don't necessarily understand it, nor can many of them prove their compliance with it, a new study by the National Retail Federation (NRF) says.

The big surprise was the high number of small businesses that are aware of PCI -- 86 percent -- and those that say PCI compliance makes them more secure -- 80 percent, according to Heather Foster, vice president of marketing for ControlScan, a PCI compliance vendor that conducted the survey along with the NRF and the PCI Knowledge Base. "A year ago, most of the small businesses we were talking to had never heard of PCI," Foster says. "We were pleasantly surprised with the [level] of awareness out there now."

"One of the first simple steps merchants can take on the road tocard data security is to check that they are using a secure paymentapplication or PED terminal that has been validated by an approvedlaboratory and is listed on our Website," Leach says.

But there's a gap between small businesses' PCI awareness and their perception of risk, the study found: Among the small merchants who had never suffered a breach, 72 percent said they think their risk of data hack is "low" or "not possible." Small merchants that had experienced data breaches not surprisingly saw things much differently, with 67 percent saying they are at a high or medium risk of attack.

"My biggest concern is that while these merchants [who haven't been breached] are at least making progress thinking that PCI is a good thing to do, they're not thinking they're at risk. They think they're invulnerable," Foster says.

The study, which surveyed 220 small retailers in ecommerce, retail stores, and mail/order telephone order businesses, also found that many of these enterprises are perplexed about PCI when it comes to better understanding it, implementing it, and the cost complying with it.





David Hogan, chief information officer for the NRF, says small retailers are understandably overwhelmed with compliance. "Until industry service providers and the PCI Security Standards Council make compliance easier to understand and less complex to implement, many small merchants will likely continue to be frustrated and bewildered, causing some of them to abandon the idea of compliance altogether," Hogan said in a statement.

The PCI Security Standards Council, meanwhile, is working on better educating small retailers about PCI and its implementation, says Troy Leach, technical director of the PCI Security Standards Council. Aside from working with the PCI vendor, payment, and small business community, the PCI Council also offers a priority approach framework, self-assessment questionnaires, and other PCI other resources.

"One of the first simple steps merchants can take on the road to card data security is to check that they are using a secure payment application or PED terminal that has been validated by an approved laboratory and is listed on our Website," Leach says.

Continue Dark Reading

Related articles by the PIN Payments Blog

• PCI Compliance FAQ (pindebit.blogspot.com)
• Data Sniffing Costs Heartland Bigtime (pindebit.blogspot.com)
• Heartland Reinstated to Visa's List of PCI DSS Providers (pindebit.blogspot.com)
• HomeATM at FinovateStartup09 Today (pindebit.blogspot.com)

The Atlanta Federal Reserve Bank’s anti-fraudcooperative is designed to bring together thought leaders in thepayments space to improve security. (from the Portals and Rails Blog)  Portals and Rails, a blog sponsored by the Retail Payments Risk Forumof the Federal Reserve Bank of Atlanta, is intended to foster dialogueon emerging risks in retail payment systems and enhance collaborativeefforts to improve risk detection and mitigation. We encourage youractive participation in Portals and Rails and look forward tocollaborating with you.

Collaboration to address payments risks and fraud

In the world of payments, all players share an interest in seeingthat risks are detected and mitigated quickly and effectively. However,when threats emerge, is it everyone for themselves? How does thevariety of interests and goals among all the players converge? In aprivate marketplace mixed with government actors, how can we workbetter together?

Participants at a 2008 conference hosted by the Retail Payments Risk Forum discussed these issues and described the challenges and potential solutions. A year later, the findings of this forum are worth revisiting.

Information sharing
Real or perceivedinformation-sharing limitations among financial institutions,regulators, law enforcement, and others can substantially impedeaddressing retail payments risks on a timely and effective basis.Examples include inconsistent or incomplete payments data, varyingsuccess levels of intra- and interagency collaborations, varied andoverlapping jurisdictions, an incomplete network of memoranda ofunderstanding (MOUs), privacy restrictions, perceived barriers beyondlegal restrictions, competitive interests, costs, and trust.Suggestions for improvement in this area focused on:

• collection, consistency, and commonality of paymentsdata, better understanding of its utility, and analysis tools. Whiledata needs vary, a first step would be to focus on data elements ofshared interest. A working group could facilitate ongoing payments datacompilation and analysis efforts;
• formal and informal dialogue among various agencies and others, including simple measures such as shared contact lists;
• developmentof a “matrix” of various roles/responsibilities/information sources forshared use to facilitate more timely location of information andexpertise available; and
• a more systematic, organized mechanism for informationsharing, perhaps by establishing “brokers” for relevant informationsuch as payments data.

Policing bad actors
Many noted that communication about bad actors is often ad hocand that information is too widely dispersed to be useful and timely.Individual agency efforts, published enforcement actions, SAR filings,interbank collaborations, and industry self-regulatory efforts, whileall worthwhile, have not fully promoted effective information gatheringand sharing among all the parties who can have an impact. Suggestionsfor improvement in this area included:

• better understanding of risks across paymentchannels, both for front-end access point(s) and back-end processing,to mitigate fraudster arbitrage of vulnerabilities;
• publishing enforcement actions and related settlements more effectively as a deterrent;
• establishing a central “negative list” or “watch list” of bad actors;
• extendingregistration requirements for third parties participating in paymentsnetworks beyond existing targeted voluntary efforts;
• strengthening and clarifying regulatory guidance, such as that for counterfeit checks and consumer account statements;
• better educating consumers and banks regarding common issues;
• a more direct means of compensating victims;
• mining specific activity reports and other existing agency databases such as consumer complaints data; and
• potential new SEC codes within ACH to better track risks.

Collaboration
Participants identified collaborative efforts to help detect and/ormitigate retail payments risk issues and identified benefits and gaps.Examples included bank regulatory groups (intra- and interagency),national and regional law enforcement partnerships, interstatecollaboration, federal-state working collaborations, jointinvestigative task forces, examination- or case-driven ad hoc efforts, and industry data-sharing efforts. Potential avenues for improved collaborative action included:

• a law enforcement/regulatory payments fraud working group;
• a virtual collaborative forum via Web sites, e-mail lists, or regular phone calls;
• greater attention paid to requests for comments on proposed NACHA rules;
• examiner and law enforcement training opportunities;
• participation in and/or support for industry database sharing efforts;
• engagement with industry groups to improve best practices;
• a Web-based resource for consumers supported by all (“fraud.gov”);
• implementation of further MOUs among agencies; and
• efforts to identify fraud patterns across agencies, such as the federal government’s Eliminating Improper Payments Initiative.

Substantive areas of concern
Participants were asked to describe substantive retail payments riskissues that keep them up at night. Some common themes emerged,including:

• strengthening the oversight of third-party payments processors and others not covered by the Bank Service Company Act;
• quantifying and better managing the misuse of remotely created checks;
• understanding and mitigating risks associated with “cross-channel” fraud;
• “Know Your Customers’ Customer” due diligence, compliance, andassociated risks and potential liabilities for frauddetection/mitigation purposes;
• establishing a common means of redress for consumers regardless of the payment channel; and
• improving the clarity of consumer account statements by instituting standards and reducing jargon.

Progress has been made on a number of these ideas in the past year,including the formation of new working groups and other collaborations.The Retail Payments Risk Forum continues to explore opportunities andimplement solutions to help foster collaborative action to addressthese and other industry concerns. Your input in the form of commentsto Portals and Rails on these or other topics is welcomed!
By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed.

RBS WorldPay to offer VeriFone's end-to-end encryption solution

San Jose, Calif., Aug. 11, 2009--VeriFone Holdings, Inc. (NYSE: PAY) today announced that RBS WorldPay, the fastest growing top ten payment processor in the US, has agreed to work jointly and expeditiously towards marketing VeriFone's VeriShield Protect end-to-end solution for encrypting payment card data.

RBS WorldPay is the first merchant acquirer to endorse a commercial end-to-end encryption solution. By encrypting the card number on swipe, right at the point of sale, RBS WorldPay merchants who choose the VeriShield Protect solution will be able to dramatically reduce both their own risk and that of their customers as well.

"RBS WorldPay merchants and prospects are telling us they want to significantly reduce the impact of PCI compliance on their business - and they want a solution their processor endorses," said Ian Stuttard, president and CEO of RBS WorldPay. "VeriShield Protect will easily integrate into multi-lane retailers' existing systems and networks."

VeriFone's VeriShield Protect eliminates usable cardholder data from the merchant's POS applications, networks and servers, using AES-level encryption that preserves existing card track data formats so it works transparently with retailers' existing payment infrastructure.

"RBS WorldPay is taking a leadership position in addressing merchant concerns with potential liability over data breaches and the complexity of complying with card issuer requirements," said Douglas Bergeron, VeriFone, CEO. "Using VeriShield Protect's true hardware-fortified end-to-end encryption, usable card data can be removed from the merchant environment, eliminating the leading source of compromise."

With end-to-end encryption, even in the event of a breach of the retailer's system, any stolen data would be unusable. Because VeriShield Protect preserves the format of the card data there is no need to redesign the POS applications to deal with a new data format. In addition to encrypting card data, VeriShield Protect monitors all systems in real time at the device level via VeriShield Secure Device Management Service (VSDMS), so if a breach occurred the retailer would be immediately alerted. In addition, data encryption keys can be managed remotely as part of the device management service.

About RBS WorldPay, Inc.

RBS WorldPay, Inc. is a leading, single-source provider of electronic payment processing services - including credit, debit, EBT, checks, gift cards, e-commerce, customer loyalty cards, fleet cards, ATM processing and cash management services.

RBS WorldPay is the US-based payment processing division of the Royal Bank of Scotland Group plc. For more information, please visit www.RBSWorldPay.us .

About The Royal Bank of Scotland Group (RBS)

The RBS Group is a financial services company providing a range of retail and corporate banking, financial markets, consumer finance, insurance, and wealth management services. The RBS Group operates in the Americas, Asia and the Middle East serving more than 40 million customers. For more information, please visit www.RBS.com .

About VeriFone Holdings, Inc. (www.verifone.com )

VeriFone Holdings, Inc. ("VeriFone") (NYSE:PAY) is the global leader in secure electronic payment solutions. VeriFone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. VeriFone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.

Source: Company press release.

First Data renews PNC processing agreement

Denver, August 11, 2009--Global technology and payments processing leader First Data today announced that The PNC Financial Services Group (NYSE: PNC) has renewed and expanded its agreement for transaction processing services. Under the agreement, First Data will provide signature debit, PIN debit and ATM processing services, ATM terminal driving, credit card, small business and home equity loan processing, fraud and collections services, remittance processing, prepaid processing as well as plastic, statement and letter production services.

PNC will transfer some credit card processing not currently with First Data as well as adding PIN debit and ATM processing it had gained through its acquisition of National City Corp. PNC acquired National City on Dec. 31, 2008.

First Data has provided transaction processing services to PNC since 1992 and services more than 15 million total accounts on file for PNC. Financial terms of the agreement are not being disclosed.

About PNC

The PNC Financial Services Group, Inc. (www.pnc.com ) is one of the nation's largest diversified financial services organizations providing retail and business banking; residential mortgage banking; specialized services for corporations and government entities, including corporate banking, real estate finance and asset-based lending; wealth management; asset management and global fund services.

About First Data

First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit www.firstdata.com .

Source: Company press release.

Ukash virtual cash extends to Poland with epay

Poland, August 10, 2009--As Ukash, the online payment specialist, continues in its quest to make online shopping available to everybody, anywhere in the world, the company has signed a significant global deal with epay, a Division of Euronet Worldwide, Inc. – a leading provider of payment services and technology – to extend the availability of its e-cash vouchers to epay retailers across Poland.

The Ukash partnership with epay enables Ukash to expand into 6,000 epay locations across Poland, and the deal offers all internet users the opportunity to pay, play and shop online using cash without having to pay for a prepaid card.

With the growth of the e-commerce market in Poland – one that is dominated by payment methods of cash on delivery and bank transfers – the Ukash deal with epay allows online merchants to tap into the large base of consumers preferring to use cash as a safer method for online purchases.

Unlike some other financial products in Poland, Ukash vouchers do not attract a service or convenience fee. Consumers simply exchange their cash for a unique 19-digit code to use online. This provides them with a secure payment system where they don’t need to reveal any financial information, enabling those without access to credit or debit cards that can be used online – or those with fears of online fraud – to enjoy online shopping.

Mark Chirnside, chief executive officer Ukash, explained, “Given that a significant number of banked customers in Poland cannot use their cards online – as many cards are not accepted on the internet – this country is a key growth market for Ukash and we are pleased to be able to extend the availability of our product to physical points of purchase. By partnering with epay we are able to reach a huge number of potential new customers and expand our global footprint to allow more consumers in Poland to pay, play and shop online using cash.”

“This deal also opens the virtual door for many online retailers as they can now offer alternative payment methods and attract the cash consumer, as well as eliminate any risk of online fraud.”

“epay is pleased to be able to partner with Ukash in Poland, thereby combining the strengths of both businesses to offer consumers more convenient locations to obtain Ukash vouchers – a safe and alternative method of online payment,“ said Piotr Adamek, Country Manager, epay Poland. “Utilising our Polish cash collection network, we can deliver a value-added service to Ukash customers, further extending our payment service and technology offering.”

From today, Ukash vouchers will be available at 6,000 physical point of sale terminals operated by epay at independent supermarkets, petrol stations, call shops, drug stories and convenience stores in Poland. The vouchers will be available in PLN 20, 25, 100, 200, 500, 750 and can be combined, split and/or converted.

Ukash is undergoing a period of rapid global growth and in the last few months has expanded its offer in Germany, Australia and Spain with epay. This deal is expected to lead to further new countries being added in the coming months.

About Ukash®

Ukash® is a globally-recognised e-commerce payment method to enable online purchases using cash, providing freedom from credit and debit card fraud, repudiations and charge-backs, and protecting personal identity. Ukash® is regulated by the UK Financial Services Authority (FSA) and operates as one of the only a small number of Electronic Money Institutions, a status that allows a single maximum online cash payment transaction of up to £500/€750. Uniquely numbered Ukash® vouchers are widely available through payment terminals in retail outlets across Europe and South Africa. And from spring 2009, Ukash vouchers will also be issued online from the company’s website in most European territories.  The technology behind Ukash is protected by several patents registered across the Smart Voucher database and functionality and is, as such, protected by Patent Law in all the major economies of the world. Ukash® is a registered trademark of Smart Voucher Ltd. In 2008, Ukash® established a strategic partnership with South African payments giant Blue Label Telecoms to develop the brand’s services.  For more information please visit www.ukash.com

About epay

epay, a Division of Euronet Worldwide, Inc. (NASDAQ: EEFT), is a global business with a retail network of approximately 227,000 locations across a number of international markets including the UK, Germany, Spain, Italy, Australia, New Zealand, USA, Poland, Romania, Austria, Switzerland and Ireland. epay enables service providers to deliver electronic payment products and services to consumers through an extensive worldwide retail network. epay’s proprietary payment technology is backed by a cash collection service that manages the payment of funds back to the service providers and a range of marketing solutions to assist both the retailer and service provider to maximise their sales opportunities. In 2008 epay processed over 700 million payment transactions with a total face value of $11 billion. epay’s product portfolio includes top-up or recharge services for prepaid mobile airtime, prepaid debit cards and e-wallets; payment services for bills, road tolls and money transfer; and marketing and distribution services for gift cards, digital content and transport tickets. epay’s commitment to customers is supported by a strong roadmap of innovative new epayment products to bring to market. epay’s corporate headquarters is located in London, United Kingdom. For more information please visit www.epayworldwide.com or contact Angela Wong, Global Marketing Manager on awong@epayworldwide.com or +44 (0) 7787 225 164.

Source: Company press release.

Report on the benefits of electronic B2B payments

Boston, August 11, 2009--With current economic conditions forcing enterprises to focus on cost containment, top-performing organizations are driving efficiencies within the final phase of the accounts payable process to unveil a wealth of cost and time benefits, according to a new research study published by Aberdeen Group, a Harte-Hanks Company (NYSE: HHS).

The E-Payables: Electronic Payments research report, which examined the strategies, intentions, and performance of over 140 enterprises, found that nearly 70% of enterprises place a critical / high-priority level on improving overall payment processes and procedures, a figure that reinforces the notion that overall financial success within the enterprise rests on the operational shoulders of the accounts payable department.

"Top-performing enterprises realize the value in automating the final phase of the A/P process," said Christopher Dwyer, research analyst and author of the study, Aberdeen. "By leveraging electronic payment methods, such as ACH, commercial cards and wire transfer, they have significantly cut payment-processing costs in addition to reducing the risk of payment fraud."

In addition to driving payment-processing costs that are nearly 14.6-times lower than all other organizations, leading enterprises utilized a core set of A/P capabilities and technologies to achieve superior performance. These organizations are:

• 53% more likely to have electronic payments requirements established as a standard means of conducting business with key suppliers
• 43% more likely to integrate payment solutions with existing A/P systems
• 42% more likely to have standardized payment processes 

A complimentary copy of this report is made available due in part by the following underwriters: SunGard, SunTrust, and Visa. To obtain a complimentary copy of the report, visit: http://www.aberdeen.com/link/sponsor.asp?cid=5984 .

For additional access to complimentary Global Supply Management Research, please visit http://research.aberdeen.com/index.php/-global-supply-management

About Aberdeen Group, a Harte-Hanks Company

Aberdeen provides fact-based research and market intelligence that delivers demonstrable results. Having queried more than 30,000 companies in the past two years, Aberdeen is positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen for insights that drive decisions.

As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen or call (617) 854-5200, or to learn more about Harte-Hanks, call (800) 456-9748.

Source: Company press release.

Duringa recession... shift happens. New research shows membership in creditcard rewards programs is decreasing significantly while debit cardrewards programs are gaining popularity.

Also, most consumers are notwilling to pay a higher interest rate for rewards and those that do areonly willing to pay slightly more.

The study by First Data CompetitiveIntelligence found that the number of cardholders holding a rewardscredit card declined from 71% in 2008 to 67% this year, while thenumber of cardholders holding a rewards debit card jumped from 34% lastyear to 45% this year.

Continue Reading

Related articles by Zemanta

• New Consumer Research Examines Credit Card Usage and Future Impact on the Credit Card Industry (prweb.com)
• Banks look to overdraft fees as credit card fees decline (dailyfinance.com)
• Credit Cards Increase Risk of Failure for Startups (gigaom.com)

HomeATM isn't the only company telling you that Https = HttBS.  Even Microsoft says so.  And it's ALL browsers that are weak.  That's why HomeATM and the PIN Payments Blog has spent such an inordinate amount of time trying to get across our point that no website is safe and that transactions MUST be done OUTSIDE the browser space. 


In what would provide the perfect segue for yet another dissertation on the "Don't Type" vs. "Swipe" mantra, I bring you this from Microsoft's research department...

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme.

During a research project "Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS Deployments(.pdf) concluded earlier this year, the Microsoft Research team discovered a set of vulnerabilities exploitable by a malicious proxy targeting browsers’ rendering modules above the HTTP/HTTPS layer.

Here’s the gist of the problem, as explained by the research team:

In many realistic network environments where attackers can sniff the browser traffic, they can steal sensitive data from an HTTPS server, fake an HTTPS page and impersonate an authenticated user to access an HTTPS server. These vulnerabilities reflect the neglects in the design of modern browsers — they affect all major browsers and a large number of websites.

According to a SecurityFocus advisory, attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible.

Affected browsers include Microsoft’s Internet Explorer 8, Mozilla Firefox, Google Chrome, Apple Safari and Opera.  

Originally, it was believed that this issue only affected Mozilla’s browsers but the advisory was update to reflect that the issue affects multiple browsers, not just Mozilla products.

Related articles by Zemanta

• Https = Httb.s. (pindebit.blogspot.com)
• If "Https://" is Really "Httbs//" Then How Do You Secure Online Transactions? (pindebit.blogspot.com)

Target going in-house for e-commerce

Target,the second-largest discount retailer in the United States, hasannounced that it will bring its e-commerce website, Target.com,in-house in time for the 2011 holiday season.

Since 2001, Target.com has been run in partnership with Amazon.com. The e-commerce giant's platform powers the Target.com website and Amazon.com handles much of the call center and fulfillment operations.

But a lot has changed since 2001. E-commerce has matured significantly and in this case, Target wisely realized how important the multi-channel experience is to its customers and decided that bringing its e-commerce operations in-house was the best way to deliver the desired experience.

According to Steve Eastman, president of Target.com, "To deliver a customized multi-channel experience for Target’s guests, we believe it is in Target’s best interest going forward to assume full control over the design and management of Target’s e-commerce technology platform, fulfillment and guest services operations".

With almost 7% of Target's non-GAAP profit coming from e-commerce, it's no surprise that Target wants to take control of its e-commerce platform, and as Sam Black of the Minneapolis/St. Paul Business Journal notes, "Target's decision mirrors a similar bring it in-house strategy that Target initiated last year when it decided to distribute its own food and groceries rather than rely" on a third party partner. Such moves make sense, especially in these tough economic times.

For Amazon.com, the loss of Target won't really hurt the bottom line as Target.com accounted for a small fraction of its total revenues. But one has to wonder how many of Amazon.com's other customers, which include Marks & Spencer and Timex, are at risk of leaving too. Target isn't the only customer to leave; Borders and Toys R Us are amongst those who have moved on, and not all have left on good terms. That's not exactly a surprise; Amazon.com could be looked at as a competitor by many of its retail customers.

If there's any take-away from this, it's that more and more traditional retailers are getting smarter and more comfortable with the internet -- enough so to bring their e-commerce operations in-house. While Amazon.com is still going to be a dominant force in online retail, pure-play pioneers don't have a monopoly when it comes to platforms and supply chains.

Related articles by Zemanta

• Target to End Ten Year Deal With Amazon.com in 2011 (shoppingblog.com)
• Target Plans to Separate Web Store From Amazon (thaibrother.com)
• Web Retailers Increase Quarterly Web Sales (pindebit.blogspot.com)
• How Do You Pay Online? (paymentsnews.com)
• Merchant Risk Council to Sponsor CNP Payment Forum (pindebit.blogspot.com)
• China UnionPay Expanding Online Payments (pindebit.blogspot.com)
• Amazon Wants to Reverse Google's Move (pindebit.blogspot.com)

EPX delivers tokenized end-to-end encryption

Wilmington, Del., August 10, 2009--Today Electronic Payment Exchange (EPX) became the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX’s BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants’ point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.

Encryption built into hardware and software at the point of sale provides strong protection against potential breaches before card numbers enter into the authorization process by immediately encoding credit card numbers upon the card swipe. Further securing the transactions, tokenization provides unsurpassed security against data breaches and identity theft after the initial card swipe by replacing account numbers with values that are meaningless to hackers and identity thieves.

EPX Chief Executive Officer Ray Moyer recognizes the significant advantage in using both tokenization and encryption in a true end-to-end payment processing solution. “There no longer needs to be any debate over encryption versus tokenization. Quite simply, the answer is to use both,” says Moyer. “Merchants deserve the best possible solution that incorporates the benefits of both technologies. Rather than creating regulation and expecting merchants to absorb the costs and burdens of securing payment data, we in the payment industry must lead the way in developing and delivering the most secure and cost-effective solutions to facilitate PCI compliance, to protect merchants, and to ultimately enhance consumer confidence.”

David Hogan, CIO and senior vice president of retail operations for the National Retail Federation (NRF), sees the value in EPX’s solution. "Protecting consumer's credit card data against today’s professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," states Hogan.

FasTraxPOS, a retail automation company offering point-of-sale solutions to more than 1,300 convenience and tobacco-related stores, is one of the first organizations to adopt EPX’s new tokenized end-to-end encryption solution. FasTraxPOS Chief Executive Officer Darren Schwartz recognizes the impact EPX’s solution will have on his merchant customers. “We realize the importance of protecting our customers from the costs and liabilities associated with compromised credit card information,” says Schwartz. “Using EPX’s processing with our new point-of-sale system will give our merchants affordable protection and virtually ensure PCI compliance.”

Dr. David Taylor, founder of the PCI Knowledge Base and a leading authority on PCI compliance, commented on EPX’s announcement. “Whether to use encryption or card number tokenization for true end-to-end card data security is one of the most active debates in the PCI compliance community. In light of major card data compromises at several retailers and a major US processor recently, this hybrid solution could become a significant leap forward. This kind of pragmatic solution seems to give merchants the potential of a lower-cost and more easily implemented alternative to protecting cardholder data along every inch of the transaction process. Our research among both large and smaller merchants suggests there is definite demand for solutions that encrypt data at the reader, then tokenize it through the rest of the transaction flow, so we expect this will generate a lot of interest in the market.”

About Electronic Payment Exchange

Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.

EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.

Source: Company press release.