All Top Banking

Is Your False Sense of Security Insecure?

Posted by John B. Frank Tuesday, July 28, 2009


Are PIN debits coming soon to e-commerce transactions?
by Neil Moncrief on July 28, 2009

In a blog post written by Neil Moncrief of CreekFinancial, he writes about PIN Debit for eCommerce transactions.  He makes a couple key points, which I have emboldened in red.  The one point he misses out on, is the difference between "perceived" security and "authentic" security.  I'm sure you've heard the term: "perception" is reality, but I can guarantee you that "perceived" security and reality can be  and this case are, completely dissparate. 


Every so often, I’ll have an e-commerce client ask me “Will I ever be able to accept PIN-based debits online?” Although many companies have tried to devise a solution, I never seriously believed it would happen.

After all, how could a consumer enter a 4-digit PIN from a personal computer and still meet the high encryption standards required for Payment Card Industry (PCI) compliance?  (Editor's Note:  They Cannot)

Nevertheless, the topic is resurfacing again, and online PIN debits may finally be just around the bend.

The primary reason e-commerce merchants want to accept PIN debits is the savings. As I explained in this article I posted several months ago, brick-and-mortar merchants with high-dollar average sales can save considerable amounts by requesting PIN numbers from customers.

But the PCI rules requiring that the debit card be swiped through a magnetic card reader and that the PIN number be encrypted have kept online merchants from participating. 
(Editor's Question:  What has changed?)

In her June 2009 article for Transaction Trends magazine, Julie Ritzer Ross profiles software and hardware developers that are on the leading edge of finding a workable solution. PaySecure, from Atlanta-based Acculynk, is currently being tested by some of the largest players in the debit network business: ACCEL, NYCE, and Pulse. PaySecure’s software will place a floating “keypad” on a shopper’s screen, receive the PIN, scramble and encrypt it, and then pass it along to the appropriate network. 

Hardware developer, HomeATM ePayment Solutions, recently introduced Safe-T-PIN,
a small and inexpensive USB PCI 2.x certified card reader with integrated PIN Pad, that allows consumers to swipe their own credit cards (and securely enter their PIN)  while shopping online. 

Editor's Note:  HomeATM's system does not need to be "tested" since it 100% replicates the existing PIN Debit transaction done in the brick and mortar world.  In fact it has been "tested" by the Payment Council Industry, (Visa, MasterCard, Discover, AMEX and JCB) and is PCI 2.x certified.  HomeATM also recently went through a TG-3 audit and has been told they will receive their certification imminently.  After going through both the PCI 2.x certification process and a TG-3 PIN Audit, HomeATM becomes the first and only eCommerce payments company in either hemisphere to be certified by one or the other...and we have BOTH.

When this technology finally does make its way into the homes of America’s shoppers, it will be a day for merchants to celebrate.
It’s rare that something comes along that benefits business owners more than consumers or credit card companies. And with the struggles of the past year, it’s about time merchants caught a break!

Read the Entire Article at the Creek Financial Blog


Reblog this post [with Zemanta]

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio