ePayments Blog

Showing posts with label Personal identification number. Show all posts

80% of Phishing Attacks Use Hijacked Websites

Posted by John B. Frank Thursday, May 28, 2009 0 comments

I've blogged about this subject plenty of times over the last year, and my concern is specifically targeted towards the inherent weaknesses in the username/password systems used with online banking. If a consumer is tricked/phished into providing their username/ password, then the phisher is successful.

The average phishing attack results in a loss of $350 to a bank.

According to research firm,Gartner, banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks. (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.)

The average loss was $350 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved. (That's $196 to the banks and $154 to the consumers) "The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner. (Yes, the very same Avivah Litan who says "never" enter your PIN on the Internet unless it's hardware based)

Guess what? The HomeATM "SafeTPIN" device would not only eliminate "phishing attacks" but it would also eliminate the threat of "cloned cards," "cloned bank sites", AND provide "True 2FA." for online banking customers.

HomeATM provides a very simple cure to this maliciousness. Use a PCI 2.0 certified SwipePIN device and require online banking users to swipe their bank issued card and enter their bank issued PIN. The data is encrypted and is NEVER in the clear. So, in the event a consumer is tricked into swiping and entering their PIN, as opposed to typing in their log-in credentials, the phisher has nothing.

And nothing is something banks should want phishers to have.

More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites - DarkReading

More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites
New research from the Anti-Phishing Working Group shows how phishers are better covering their tracks -- and what to do when phishers compromise your Website

May 27, 2009 | 04:23 PM
By Kelly Jackson Higgins
DarkReading

It used to be that researchers could sometimes track a phishing exploit by the notorious cybercrime ring behind it, like the Rock Phish gang, but no more: New research from the Anti-Phishing Working Group (APWG) has found that most phishers are setting up shop on legitimate Websites to be inconspicuous when they steal valuable information from victims.

In the second half of 2008, roughly 57,000 phishing attacks worldwide targeted a specific brand or organization, up from around 47,300 in the first half of 2008, according to a newly released report (PDF) from the APWG. The attacks were waged on 30,454 different domain names, only 5,591 of which were domains the phishers set up themselves. The rest were from legitimate Websites they had hijacked to carry out their exploits.

The average amount of time a phishing site was up: 52 hours, according to the report.

Continue Dark Reading

Full Story

Gemalto Chippin' In with Venezuelan Bank Card Leaders

Posted by John B. Frank Friday, January 30, 2009 0 comments

Gemalto teams with Venezuelan bank card market leaders to accelerate EMV migration

Digital security provider Gemalto is teaming up with Corporación Cardtech, Venezuela’s largest supplier of magnetic stripe bank cards, and Newtech Solutions, a consulting and technical support organization that specializes in EMV to help banks in Venezuela move to the new, smart credit card that will better protect their customers from fraud and identity theft. Under the new agreement, banks in Venezuela working with the two companies will have access to expertise, consulting services, smart cards and technology from Gemalto. The partners estimate that eight million cards will be issued in the first year, starting in June 2009. Close to 16 million debit and credit cards are currently in use in Venezuela.

"Venezuelan banks are faced with constantly increasing card fraud, mostly due to illegal copying of magnetic stripe information to create “cloned” credit cards. The problem, that affects all of Latin America, has led to a liability shift which penalizes card issuers and merchants that do not issue or accept EMV cards. This liability change for non-EMV cards becomes effective in Venezuela starting July 2009."

EMV cards, also known as Chip and PIN, include a microprocessor and software with security features that work together with the payment transaction authorization network to prevent card fraud and identity theft. Unlike with magnetic stripe only cards, smart card based transactions cannot be easily cloned, which is a primary source of fraud throughout Latin America.

Editor's Note: While it's true that they can't be cloned and easily used" at a retail location, they certainly can be "easily" cloned and used online. This is because the magstripe is still present on the back of the smart cards and that is what is "lifted" when cloning a card.

That, in large part, is why UK Fraud is 14 times higher overseas, (see related stories below) and why 1 in 4 Brits have experienced credit or debit card fraud. (and why Gemalto wants EMV in the US.) Online Transactions (web based) are currently (and HATM can change that) Card Not Present transactions.

So in order to protect both online shoppers and online retailers, online (PIN) debit should be utilized. HomeATM is the only provider of such a solution which has been deemed both PCI 2.0 compliant, and offers "End to End Encryption" on all of it's PIN Based Transactions.

In addition, HATM is EMV ready and it's personal swiping device transforms Card Not Present transactions into Card Present transactions, adding a layer of security with two factor authentication. (what you have and what you know, the card and the PIN respectively)

HATM's end-to-end encryption protects the consumers PIN throughout the whole transaction, as it is NEVER in the clear.

For more information on how HomeATM's PIN Based Transactions can benefit your organization, visit www.homeatm.net

Full Story

PIN Debit and PCI Compliance

Posted by John B. Frank Tuesday, January 13, 2009 1 comments

Howard Riell, in an article written for Convenience Store Decisions, writes about PCI compliance. As you'll undoubtedly notice while reading the article, PIN entry devices, or PED's are an integral part of PCI certification. The long and the short of it is that all PED's must be certified by PCI-approved laboratories and encrypt PIN's with Triple DES. I know how that's done with a hardware device...(we're in the midst of getting our personal swiping device tested and approved for PCI compliance) but I'm not quite sure how it would/could/should be done with a software application. (See "Software Breach 92 Times More Likely Than Hardware")

Here's some snippets from from the CSN story, entitled: "The High Stakes Of Compliance:"

It was in September 2006 that the credit card companies formed the PCI Security Standards Council in the hopes of battling fraud. Today, all merchants who accept payment card transactions must comply with the PCI Data Security Standard or face sizable penalties. Indeed, the passing grade for PCI is 100%, which means failing even one of the criteria will bring consequences...

Editor's Note: So, it's obvious that these Triple DES mandates are an integral element of PCI compliance and in 5+ months TDES is required on "all debit transactions." Since Jan. 1, 2008, all newly manufactured debit card processing terminals must incorporate PIN entry devices that have been certified by PCI approved laboratories

By January 2009, newly installed fuel pumps that accept debit cards must feature PCI-compliant encrypted PIN pads. See "Triple DES for GAS"
Manufacturers have to begin installing key pads capable of implementing a new Triple Data Encryption Standard (TDES), which requires that data be encoded several times through an encrypted PIN pad.
By July 1, 2009, TDES will be required for all debit transactions and by
June 30, 2010, all fuel dispensers will need to be able to encrypt PINs according to the TDES.

The very next day, July 1st 2010, pumps that process debit transactions must be upgraded with encrypted PIN pads, and in-store POS terminals have to be certified as PCI-compliant. The devices must also process all debit transactions using TDES.

One of my favorite lines from the article comes from Bruce Snyder, manager of IP retail systems for 395-store Kwik Trip based in La Crosse, Wis“ who instead, sounds like a spokesman for Gemalto. (see: Gemalto Wants EMV in US) Apparently he doesn't like the implementation costs (retailers will need to replace outdated hardware) and thinks that as long as they have to get new equipment anyway, then V/MC and the banks should spend billions to implement EMV and when they're done, he'll replace Kwik Trip 'sexisting equipment with Chip and PIN readers. Problem is, it won't be Kwik...it'll be years, if they started today. (don't hold your breath)

"We have this silly little mag stripe that is so vulnerable and penetrable and we are building an infrastructure around it to protect the information, and a lot of people are making good money on that,” Snyder said. “With the new rulings on EPPs, if I want to continue to do debit we have to replace all of our dispenser doors and PIN pads at a huge expense to us to remain compliant. What we have to do is put in an encrypted PIN pad at the dispenser if we want to continue to do debit there.” But the new door and PIN pad will cost $1,500 per dispenser. (Ouch! Consumers can get our SwipePIN device for merely the cost of shipping and handling, which in the face of $1500...makes for a rather compelling value proposition)

“Start doing the math on that and now you have to make a decision: can we afford to do this? And what happens if we don’t?” Snyder said. “We need to change that method of presenting ourselves for a credit transaction and make it more secure so that we don’t have to build all of this stuff around it to try to protect a very flawed method...”

Read the complete story at Convenience Store Decisions

Full Story

Carpe Diem - Dominus Providebit

Posted by John B. Frank Thursday, January 1, 2009 0 comments

Today is the first day of the rest of the year!

"Seize the Day"

Dominus Providebit

Full Story

Mercator Report on Debit Rewards

Posted by John B. Frank Friday, October 31, 2008 0 comments

Debit Advisory Service

Re-examining Debit Rewards at the Top Fifty Banks

NEW RESEARCH REPORT BY MERCATOR ADVISORY GROUP

Financial institutions are expanding and diversifying debit reward program offerings as more consumers are using debit cards to pay for their everyday purchases than ever before. Forty of the Top Fifty banks currently have at least one reward program in place, and nearly half of these financial institutions offer multiple loyalty programs to debit cardholders. Most debit loyalty programs at top fifty banks only reward signature-based transactions, while a select few reward both signature and PIN based transactions. Most of the reward programs are funded by interchange revenue, which is substantially greater for signature than PIN debit transactions, but significantly less than credit card transactions. As such, most debit reward programs are less lucrative than their credit card counterparts. While traditional airlines, points-based and cash back programs are still common, a number of financial institutions are offering philanthropic rewards whereby cardholders can choose to donate their reward earnings to a cause of their choice. Such programs enable customers to give more painlessly, and allow financial institutions to benefit from tax deductions. Rewards that promote savings and cash back are the most popular, especially since many consumers are facing financial challenges given current unfavorable economic conditions. Banks are increasingly promoting business across product areas and rewarding customers for using multiple services at the same bank. For example, financial institutions are allowing their customers to earn reward points faster from multiple types of accounts with the same back, and redeem them for additional deposit or a reduction in fees.

Given the significant rise in debit card usage, there is certainly opportunity for continued growth in debit reward programs, however, the overall effectiveness of these programs in fostering customer loyalty is less clear. "It is questionable how much weight customers put on a debit reward program when choosing a new checking account, since they are often viewed as a feature of the account. Although banks aim to differentiate themselves from their competitors with perks such as reward programs, they become less distinguishing when most financial institutions offer them," notes Elisa Athonvarangkul, Analyst, International Advisory Service. "Banks should continue to develop more innovative reward programs to attract loyal customers and set programs apart from their competitors. Sometimes, the most attractive reward is not necessarily redeemable by points or cash back, but rather an efficient and pleasant customer service experience. A customer that feels valued and well treated is more likely to be a loyal customer over the long haul."

Full Story

The Benefits of Debit Cards by Bruce Cundiff via DebitFacts.org

Posted by John B. Frank Thursday, October 30, 2008 0 comments

DebitFacts.org - Ask The Expert

Ask The Expert
Bruce Cundiff
Javelin Strategy & Research

Paying and Accessing Your Money with Debit: A Safe and Convenient Alternative to Cash

The debit card has emerged as a payment method of choice for many American consumers, with 72 percent using debit cards for purchases in the past 12 months, according to Javelin Strategy & Research1. In 2007, there were nearly 31 billion debit transactions at the point of sale, totaling purchase volume of $1.2 trillion2. These statistics highlight consumers’ preference for using debit cards when making purchases at the point of sale, and with good reason. Debit cards provide a safe and efficient method of payment with multiple benefits over more traditional types of payments such as cash and checks.

Recent media coverage of debit card use among consumers has focused largely on the perceived lack of security when using debit cards. This article provides a factual source of information to enable consumers to make informed choices and make the most of their debit cards.

Safe and Secure Access - Reducing Fraud at the Point of Transaction

Debit card fraud is not spiraling out of control, as many in the media would have consumers believe.

Debit card networks, financial institutions that issue debit cards, ATM owners, and merchants that accept debit cards at their points of sale, are constantly making improvements to ensure that debit card transactions are secure, and that they quickly and efficiently remedy any issues that may arise - fraudulent transactions or otherwise. Despite reports to the contrary, fraud rates for debit cards remain relatively low. According to the 2008 Debit Issuer Study, commissioned by the PULSE® ATM/debit network, debit card fraud losses at ATMs were, on average, 2.5 cents per transaction in 2007. The fraud-loss rate was lower at the point of sale, with an average fraud loss of 2.1 cents per transaction when the cardholder used a signature and even lower - only half a cent - when the cardholder used a personal identification number (PIN) to complete the transaction.

Fraud Prevention and Assistance

Should consumers become victims of debit card fraud, however, financial institutions work hard to ensure that the cardholder is made whole again. Limited liability was developed with consumer protection in mind. Unlike with cash, limited liability means that if a consumer’s debit card is lost or stolen, consumers have a chance to get their lost funds back. With stolen cash, once it’s gone, there is little chance of recovering it.

The amount consumers are liable for depends on how quickly the financial institution is informed of the illegal activity. Consumers should check with their individual financial institution for specifics on the level of protection provided.

In most cases, debit card issuers often limit consumer fraud loss exposure to $50. Javelin’s Identity Safety Scorecard, a survey of the security mechanisms the top U.S. financial institutions have in place, indicates that most issuers effectively have a "zero liability" policy. This means that consumers are not responsible for any fraudulent transactions initiated on their accounts3, as long as they report the transactions within a given time frame - usually within 60 days of when the fraudulent transaction was discovered.

Limited liability highlights the benefits of debit over cash. With limited liability for a lost or stolen debit card, consumers have a measure of protection as compared to the "final" nature of lost or stolen cash - once it’s gone, there is little chance of recovering stolen cash.

Debit Cards as a Financial Management Tool

Given the current economic climate, consumers are increasingly seeking assistance from their financial institutions for help with financial management and spending control. Debit cards offer an element of control for consumers in that the money spent in a debit card transaction is drawn from existing funds in their account. Account holders often view debit cards as a vehicle to control their finances and spend responsibly. Since the funds from debit card transactions come out of a bank account or credit union and are not borrowed from a line of credit, it is important to keep track of account balances and how much is being spent to avoid overdrafts and associated fees.

With debit cards, though, keeping track of balances is easier than ever. In addition to available balance information provided on many ATM transaction receipts, online banking allows consumers to check balances and transactions 24/7. Many financial institutions also offer e-mail alerts that can be set up to notify consumers when their balances reach a certain threshold - often defined by the consumers themselves.

There are instances when using a debit card will cause a hold on funds in the account to cover the anticipated amount of the transaction. Financial institutions can place a hold on an account as a means of ensuring payment to the merchant. This "preauthorization" has attracted a significant amount of attention recently as consumers use their debit cards more frequently at gas stations, where holds are common. With gas prices rising dramatically over the past year, merchants are now submitting a preauthorization request to confirm that funds of $50 to $100 are available to cover the cost of a tank of gas.

Financial institutions that issue debit cards are responsible for actually applying the hold, as well as setting the length of the hold, which varies depending on how the debit card is used (PIN or signature transaction). The amount of money in the account available for use during the hold period is reduced by the amount of the hold. To avoid potential overdraft fees that could arise from a hold at the point of sale, consumers should check with their financial institution to determine its policy on the length of debit holds. If a hold lasts longer than an hour for a PIN transaction, or a few days for a signature transaction, ask why.

A Small Price for a Great Convenience

Contrary to some inaccuracies that have been reported, there is rarely a service charge passed on to customers when using debit cards to make purchases. In fact, less than 1 percent of cardholders in the U.S. are charged a fee by their financial institutions for using a PIN-based debit card for purchases.4

While some financial institutions are adding surcharge-free ATM access, most ATM owners charge a fee of $1 to $3 for withdrawing money from an ATM not owned by the account holder’s financial institution. This charge, like the premium paid for valet parking or to drive tollways, is for the convenience of getting cash from an ATM owned by an organization other than the debit cardholder’s financial institution.

To avoid the surcharge fee, consumers can use the cash-back option at available merchants or get cash from their financial institution’s ATMs.

Bruce Cundiff is Director of Payments Research and Consulting with Javelin Strategy & Research - a leading provider of nationally representative, quantitative research focused exclusively on financial services topics.

Full Story

U.K. Blames Abroad for Increased Fraud

Posted by John B. Frank Thursday, October 2, 2008 0 comments

Some people say there's a woman to blame, but I know...it's my own damn fault
- Jimmy Buffet

"PIN's Blame Abroad...They're Not Smart...Oui Are"

After 3 years of dismal results from the highly heralded Chip and PIN platform, which embeds circuits (Smart card) onto the card, is this the beginning of a propaganda-laced campaign by APACS aimed at deflecting criticism off their (what might be aptly renamed "Phish and Chip") program?

According to every published article I've read, the common denominator is "It's not their fault...it's the countries that haven't followed their lead and incorporated a Chip and PIN system". So they're waiting for everyone else to "get smart" cards and then it'll be OK. Unfortunately for APACS, the US has absolutely no designs on incorporating that system, thus it looks like APAC'SOL. "Sorry about that chief"...

Here's a collage of information from various UK media outlets spewing their spin on the failed ability of Chip and PIN to reduce fraud.

To see APACS report click here

According to APACS, fraud losses for debit and credit cards increased to £307 million in the UK - compared to £267 million over the same period last year. This is a 13 percent rise.

The total amount lost to the fraudsters reached a record £301.7 million in the first half of the year - more than before chip and pin security was introduced in 2006. £121.2million - or 40 per cent of the total - involved fraud committed on cloned or stolen UK cards using cash machines abroad, a 190 per cent rise in just three years.

The figures were boosted in particular by overseas fraud, which made up 40 percent of the total. Phone, internet and mail order scams were another pressure point, fraud from which rose 18 percent to £162 million.

While card fraud fell from £219.5million in 2005 to £209million in the first half of 2006 following the start of chip and pin, it rose to £263.6million in 2007.

Although the banking industry insisted that card fraud would have continued to rise sharply if chip and pin had not been introduced, in reality it has provided only a temporary halt, with fraudsters finding new - and more lucrative - ways to operate.

Last month, police warned that many gangs have installed fake chip and PIN readers in small shops and petrol stations to record the information on a credit card's magnetic stripe. A security camera then notes the customer's PIN before the card is cloned and used at a cash machine, usually abroad. Police suspect the money raised is not only fueling the activities of international criminal gangs involved in drug running and prostitution, but also terrorism

However, Sandra Quinn, of APACS, insisted: 'Criminals continue to target those areas where we do not currently have the security benefits of chip and pin, causing increases in fraud abroad and phone, internet and mail order shopping fraud.

"Fraud abroad will be more difficult for criminals to commit as more countries roll-out chip and pin. (Last I heard, the US isn't going to spend the billions of dollars needed to roll out that program, so I would translate that as "Fraud abroad will continue to be easy for criminals...)

"To help tackle online fraud, we urge shoppers to protect their computer with anti-virus software, only use secure websites and use systems that make cards more secure when shopping online."

Full Story

Credit, Debit Card Fraud and Skimming Cases Rise

Posted by John B. Frank Tuesday, September 2, 2008 0 comments

Pictured below is an ATM Machine with a camera placed on what initally appears to be an innocent brochure holder, but in reality, captures PIN numbers of consumers withdrawing cash at the ATM. What isn't shown, is the skimming device, which captures the information off the magnetic stripe and wirelessly sends it to the perpetrators ususally parked in a car with a laptop about a block away. Here's a story from the Ventura County Star reporting on the recent surge in credit and debit card fraud cases around the country.

Some local police are reporting an increase in credit and debit card fraud cases this year, with thieves using high-tech tools to steal confidential financial data from unwary customers at stores, restaurants and gasoline stations.

The number of cases has "really exploded in the last month and a half," said Jim Graham, a detective with the Thousand Oaks Police Department. "There's been a big jump in this from Bakersfield all the way down the coast of Southern California," he said.

Many of the thefts are reported to banks but not police, so exact counts of victims and dollar losses are hard to come by, he said. Authorities estimate worldwide losses to be in the billions of dollars annually.

Thieves have an array of devices to pilfer credit and debit card numbers, including "sniffer" software programs that capture PINs and other sensitive information.

One of the more popular devices being used in Ventura County is a "skimmer," Graham said. The gadget captures information on a card's magnetic strip, which then is cloned to withdraw money out of a person's account at an ATM or to buy merchandise.

Skimming machines were once bigger, but thieves are now making "some the size of a matchbox," Graham said. That makes it easier for thieves to place them on pumps at gasoline stations or at store terminals where shoppers swipe their cards.

Police say thieves return a week or so later to retrieve the skimmers and extract the data inside.
"If you figure they're getting $300 to $400 for every card, it's not hard to see how profitable it can be," Graham said.

It's also a hard-to-solve crime, said Rick Kline, an Oxnard police detective who investigates fraud. "We're solving maybe five out of 100," said Kline. (Editor's Note: Are they actually recruiting people to get into the game?)

While many stores, ATMs and gas stations have video surveillance cameras, "the quality of the videos is often very poor," Kline said. Also, thieves "generally wear a hat" or other disguise, "making it very hard to identify them," he said.

"Most of these crimes are solved when the victim has an idea of who's behind it," Kline said. Susan Nettles of Ojai has yet to find out who stole her debit card information and then used it three times at ATMs in Huntington Beach to withdraw almost $600 from her account, although she thinks she knows where her card was compromised.

"I think it happened at the Cost Plus store in Oxnard," Nettles said. Cost Plus announced in July that the electronic PIN pads at eight of its Southern California stores, including the one in Oxnard, might have been tampered with between February and April. Since then, Cost Plus has made numerous changes to improve security, including replacing some of the PIN pad machines, said spokesman Dan Gagnier.

"The newer machines are a lot harder to tamper with," Gagnier said. The company "wants its customers to feel comfortable using their cards at our stores." Cost Plus also is working closely with credit card companies, banks and law enforcement agencies "to ensure that any of its customers affected by this incident are identified." Nettles filed a police report, something authorities say many victims fail to do. She said she now is leery of using her debit card. "Now I try to use cash when I can," she said.

Thieves aren't the only ones availing themselves of high-tech tools. Credit card companies and banks are increasingly relying on sophisticated software to monitor customer spending habits. The software flags out-of-the-ordinary purchases or payments and alerts authorities. Robert Meyers, a Ventura County supervising deputy district attorney who investigates fraud, said such software has "generated many more cases" for prosecutors. But investigators said victims also should report the crimes to police. For starters, it would give investigators a better idea of the scope of the problem, Graham said. "We're able to see if there are patterns," he said, including whether a sizable number of victims might have purchased things at particular stores or places.

Full Story

All's Not OK in OK

Posted by John B. Frank Thursday, July 10, 2008 0 comments

It's payment related, it's web related, it's fraud related and it's PIN related, so I'll bring you this from 66 Federal Credit Union...

Local credit union works to shut down fraudulent Web sites

By Special to the E-E

A local credit union has submitted nearly 50 fraudulent Web sites and 40 phone numbers for shutdown in the aftermath of a scam that targeted financial institutions.

66 Federal Credit Union and several other financial institutions across the country were recently the subject of a widespread attack from fraudulent entities enticing members to disclose personal financial information.

The attacks were in the form of mass e-mails, automated and live phone calls, as well as text messages to members and non-members alike. Officials say the similar characteristic in all of the fraudulent messages is that it directed the recipient to respond and give their personal financial information including account numbers, credit card or debit card numbers, expiration dates and PIN numbers. The fraudsters appear to have obtained home phone numbers, cellular phone numbers and e-mail addresses from publicly available lists and are using this public information to obtain more sensitive account information, say officials.

“We are diligently pursuing all of these criminals, and in the last two weeks alone we have submitted over 45 illegal Web sites to be shut down, and over 40 phone numbers to be discontinued,” said Marty O’Connell, chief information officer for 66 FCU.

In addition to reporting suspicious activity to the credit union, individuals who suffer losses are encouraged to file a complaint with the FBI at their Web site https://complaint.ic3.gov, and call (800) VISA-911 to review and block transactions on their credit card.

“All members should be reassured that the database that stores our members’ e-mail and phone records is the same database that contains their financial information,” O’Connell said “And if our database was in fact compromised, then there would be no need for these criminals to send out fraudulent messages, since they would already have all the information that they are requesting.”

Members are advised not to respond to any phone call, e-mail, text message, or other communication asking for personal information such as user names, passwords, PIN numbers, or account numbers including credit or debit card information. If making any call to the credit union, members should only use the phone numbers listed on the 66 FCU Web site at www.66fcu.org, or call (918)336-7662 and (800)897-6991.

Full Story

Use PIN Debit to Buy Gas and Save Big!!!

Posted by John B. Frank Tuesday, June 10, 2008 0 comments

Editors Note: The following may sound crazy, but it's happening more and more every day, especially with rising gas prices. If you use your debit card to make a gas purchase, DO NOT pay at the pump! Pay INSIDE and use your PIN number.

Otherwise...the higher price of gas has resulted in both account freezes and a windfall of overdraft charges for banks.

Consider the following scenario: You have $100.00 in your checking account. Early one morning on the way to work, you make a $25 dollar gas purchase with your debit card and pay at the pump. You have $75.00 left. However, unbeknownst to you, the gas station implements a $75 dollar hold on your checking account.

Now it's lunchtime and you buy lunch at McDonalds ($5.00). You have $70.00 left right? On the way home, you decide to buy a pack of smokes ($5.00), you have $65.00 left in your checking account, right? You pull in the driveway and the wife sends you out for Milk and Bread ($5.00) You have $60.00 left in your account right? WRONG!!!

Reality Check: The $75.00 hold triggers a $35.00 overdrawn checking (debit) account fee on the $5.00 McDonald's purchase. Same result with the pack of smokes. Ditto on the $5.00 Milk/Bread purchase. You now have $105.00 in overdraft fees. When the $75.00 hold is lifted early the next morning, the three $35.00 overdrawn fees (or $105.00) are applied to your account, but you only have $65.00 so you're left with a negative balance -$-45.00 instead of +$60.00.

End result? The $25.00 gas purchase cost you $130.00.

Want to avoid this scenario? Pay the attendant inside with your debit card and enter your PIN number. PIN based transactions involve no hold because the amount is deducted immediately. This can save you BIG headaches.

Here's an article from The Charlotte Observer regarding this subject:

‘Freezes' by service stations above what's paid for gas can unpleasantly surprise people with low balances.

Some drivers paying for gas with a debit card are experiencing a different kind of pain at the pump. Gas stations concerned about collecting on automated debit-card transactions are freezing large amounts of money in consumers' checking accounts, causing financial headaches for some drivers who carry low balances.

In the past, when gas cost $2.00 per gallon, when a consumer swipes a card at a gas pump, most gas stations froze $1 as a confirmation that a valid checking account exists. That hold usually lasted for a few hours, but can stretch for a couple of days. The station later debits the actual amount of the gas purchased from the account. But as gas prices soar to record heights this week and fill-ups reach into triple digits, some stations in the Charlotte area and around the country are freezing much higher amounts, some local bankers say. Some of the consumer complaints have centered on Shell and Exxon stations, which are usually independently owned, though the practice could include other local stations. The consumer protection division of the N.C. Attorney General's Office has received more complaints this year about the practice, said spokeswoman Jennifer Canada.

The office doesn't keep statistics on the specific complaint, but “as gas prices rise, gas stations tend to do this more,” she said. For instance, one consumer reported to the Observer that she purchased $25 of gas using her debit card at the Shell station on Gold Hill Road in Fort Mill, S.C. But she had $90 frozen in her checking account for several hours, along with the $25 for the purchase.

The manager of the station did not immediately return a message. And several other managers reached at various gas stations said they didn't know what amounts were being held or how it was determined. Despite the big-time names, most gas stations that sell Shell, Exxon and other brand names are independently owned.

Hotels have been placing extra holds on debit and credit cards for years in case customers run up extra expenses before checking out, such as for telephone calls, mini-bar items or other services.

But it has been happening at stations because some fear banks won't cover increasingly large gas purchases if the money ends up not being in a consumer's checking account, said Red Gillen, an analyst with Celent, a Boston-based financial services research firm. “Because there's a time lag between pumping and paying, there's a lot of money at risk. You're going to see more and more gas stations doing this,” he said. The hold policies can cause financial headaches for consumers in several ways, said Nathan Tothrow, director of marketing for Charlotte Metro Credit Union: A debit-card transaction might be rejected even though drivers have enough money in their accounts for the gas they want to purchase. “They have enough money for the gas, but not for the hold,” he said.

The holds can tie up cash that can't be used for at least a few hours. Unsuspecting consumers can have other transactions incur an overdraft fee since there's a danger that the holds can stay on for longer than a few hours, which can result in other transactions causing an account to be overdrawn, triggering fees. Tothrow said the credit union has received complaints about excessive holds. The bank investigated and found several gas stations were freezing $75 and $90. “For a lot of folks, a $90 unexpected hold can cause a problem,” he said. “I really don't like that they are doing it to our members.”

The way to avoid holds is to use the debit card with a gas station attendant and enter your PIN number because there are no holds involved and the account is charged immediately for the exact amount, the N.C. Attorney General's Office says.

Most gas stations and merchants send in charges as one bundle at the end of the day, after most holds have fallen away, Tothrow said. But some stations have started sending in the charge for pumping gas quicker, even before the hold has worn off. That can put double financial pressure on a checking account, at least for a few hours.

Full Story

Latest Malta-Pull...PIN Replacing Signature Debit

Posted by John B. Frank Thursday, June 5, 2008 0 comments

Malta

The Bank of Valletta in Malta announced that it has issued the first EMV Chip and PIN Cards through its systems.

“This is an important milestone in the process that will see us issuing EMV Chip and PIN Debit and Credit Cards to our customers over the coming weeks,” said Tonio Depasquale, CEO at Bank of Valletta. “By the end of the current year, we would have replaced most of the existing cards with the new EMV Chip and PIN Cards,” he added, explaining that this is a complex logistical exercise that is seeing the bank implement this new technology for the benefit of its customers.

“We are delighted to have reached this stage whereby, over the coming weeks, we will be starting the process of replacing the debit and credit cards of our customers who will be able to benefit from the new generation cards that we will be issuing,” added Mr Depasquale.

The new EMV Chip and PIN Cards that Bank of Valletta will be issuing over the coming weeks offer customers a number of benefits over the cards that are currently in circulation, including improved security and a more efficient payment process. In fact, when using the new EMV Chip and PIN Cards, the cardholder authorizes the transaction by entering his PIN on the keypad of the Electronic Point of Sale Terminal (EPOS). This is faster and more secure than the system in place today where the customer signs a receipt generated by the EPOS to authorize the transaction. The new technology also provides additional security and process-related benefits to the merchants.

Malta, officially the Republic of Malta (Maltese: Repubblika ta' Malta), is a small and densely populated island nation comprising an archipelago of seven islands, three of which are inhabited. It is located in the Mediterranean Sea in Southern Europe just 93 km (58 mi) south of Sicily, giving the country a warm, Mediterranean climate, and 288 km (179 mi) to its south is North Africa.

Throughout much of its history, Malta has been considered a crucial strategic location due in large part to its position in the Mediterranean Sea.^[3] It was held by several ancient cultures including Sicilians, Romans, Phoenicians, Byzantines and others. The island is commonly associated with the Knights of St. John who ruled it. This, along with the historic Biblical shipwreck of St. Paul on the island, ingrained the strong Roman Catholic legacy which is still the official and most practised religion in Malta today.

The country's official languages are Maltese and English, the latter a legacy from Malta's period as a British colony – the United Kingdom is the most recent outside ruling power. Malta gained independence in 1964 and is currently a member of the Commonwealth of Nations, as well as the European Union which it joined in 2004.