ALTO GLOBAL PROCESSING: Consumers Blame Merchants For Data Breaches

What’s Next In Payments®
7:15 AM EDT June 30th, 2014

With recent news of major security breaches involving retailers like Target and Sally Beauty populating media sites around the nation, merchants and issuers are likely wondering how this is affecting U.S. consumer behavior as a whole – and rethinking their own security strategies. Just how aware are consumers of these incidents, who are they putting at fault?

To get more insight on these questions, TSYS released an infographic titled “Consumer Insecurity About Data Insecurity,” highlighting the results of a survey conducted with more than 1,000 respondents.

WHO IS AWARE OF RECENT DATA SECURITY BREACHES?

About 83 percent of respondents said that they were aware of these incidents and 75 percent said they heard about them through media coverage.

WHO DO CONSUMERS HOLD RESPONSIBLE?

Consumers, about 64 percent, indicated that they held merchants responsible for these breaches, while 28 percent said the banks and card networks were at fault. However, 67 percent said they expected their banks and card networks to notify them when these incidents occur. And when it comes to making up for the damage and making the situation right, 61 percent of consumers said that it was up to the banks and card networks.

HOW ARE CONSUMERS RESPONDING?

Of those who responded to the TSYS survey, 88 percent said that consumers should play a role in protecting themselves against these breaches. Some, about 31 percent, said that they were willing to pay for added security features. In addition, half of the cardholders surveyed were interested in a specific four of these features.

Respondents who said they would switch banks for one that offered better security features totaled to 63 percent, and 71 percent said they’d switch banks for one that guaranteed all losses would be reimbursed.


Learn more about the study and get a prescription for issuer success in the TSYS white paper available in late July. 

Source: http://www.pymnts.com/news/2014/consumers-blame-merchants-for-data-breaches/#.U7F8zY1dWkY

Please visit http://www.pymnts.com/ for more payment news!

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing

Please visit Alto Global Processing

Follow us on Twitter

Like us on Facebook

 

Alto Global Processing: State Of The Art Microchip Technology Can Save American Merchants And Consumers Over USD190bn Per Year

By  of  Paymenteye

De Sonneville International has announced it has filed two US patent applications that are the solution to end the systemic US credit card fraud epidemic. According to Forbes and a 2009 Lexis Nexis study –  The True Cost of Fraud, the United States loses an estimated USD190bn per year to credit/ debit card fraud, which is more than the country spends on energy.

In recent years, certain technological advances have been introduced to combat the counterfeiting of payment cards. Such advances include the introduction of Chip and PIN, which is also known as EMV. It is apparent from works such as the University of Cambridge’s Chip and Pin is Broken, and the BBC’s Newsnight’s new flaws in chip and pin system revealed, that Chip and Pin is far from fool proof, let alone a firm security and defence against fraudsters. Such sophisticated fraudsters continue to find ways to circumvent the Chip and Pin protocol, and defraud people of billions of dollars every year.

In the case of SIM cards, the same is taking place. Sophisticated fraudsters have discovered ways to by-pass the security features and gain access to mobile networks to commit crimes under assumed identities and to use the network without payment. According to the Communications Fraud Control Association (CFCA), ‘Experts estimate 2013 fraud losses at USD46.3bn, up 15% from 2011 and the main reason for the relative increase in fraud is due to more fraudulent activity targeting the wireless industry.’

As recorded and filed in De Sonneville’s US patent application on April 9th, 2014, its microchip self-authenticates before it can perform any subsequent action or function. Simply put, if the chip does not authenticate itself, through the authentication circuit, it does not allow the chip to proceed to process a payment at a point-of-sale (POS) or, in the case of a SIM card, to access the mobile network. This has obvious benefits in protecting against the counterfeiting of payment cards and SIM cards.

Also, conveniently, De Sonneville has developed its’ self-authenticating SIM card as an encrypted payment SIM card that can be accepted at any radio-frequency (RF) or NFC POS. The self-authenticating SIM cards contain the same payment data as a payment card (in an encrypted form), and are operable to a contactless POS. Currently, contactless transactions are limited to an average of approximately USD50 per transaction. De Sonneville’s payment cards and payment SIM cards will be used for any amount that the user’s payment limit allows.

“Convenience does not have to be a choice over security,” said De Sonneville’s Chairman and technology co-inventor Dennis van Kerrebroeck.“Companies have become accustomed to payment card fraud as a cost of doing business, which is wrong. In this day and age, merchants and consumers have the right to be assured by their payment network providers that their payment card purchases are conducted without compromise. According to the study conducted by Lexis Nexis, (The True Cost of Fraud – 2009), in the US, over the next 10 years, the payment card fraud losses will equate to more than USD1.9 trillion, unadjusted, and that is simply not acceptable. Ultimately, these costs are passed on to the consumers and the merchants; we want to eliminate these costs by giving consumers and merchants a better option.”

The payment account information on De Sonneville’s chips cannot be intercepted. If the chip does not perform its’ patent pending self-authentication, the card does not allow itself to transmit the payment data through to the POS and then on to the network, and therefore would instead terminate the attempted transaction as counterfeit. This eliminates pre-play attacksman-in-the-middle attacks, cloning and the like.

Before a De Sonneville SIM card can gain access to its mobile network, it must first perform its patent pending self-authentication, therefore ensuring the SIM, the subscriber, the communication or a mobile payment is authentic. This stops call and text message interception. Other applications include ID cards, passports, and access systems. De Sonneville’s payment SIM cards protect the payment data in the same manner as its’ traditional payment card. In the future, and as required, the Company would be able to seamlessly integrate digital currency transactions throughout its payment network, POS terminals, payment cards, and SIM cards.

It is the mission of De Sonneville and its potential partners in banking, wireless communications, networking and large retailers, to build a new global payment network that will include encrypted payment cards and encrypted POS terminals all the way through to bank settlements, thus working towards eliminating payment card and SIM card counterfeiting, as well as the subsequent fraud that accompanies it.

Current global payment networks process in excess of USD6 trillion annually. The average merchant discount in the United States is 1.9%, and the average interchange fees break-down as 0.1% goes to the acquirer, 1.7% to the issuer, and 0.09% to the network.

There are currently approximately 6 billion SIM cards in use in the world. The Company is currently in the process of selecting an investment bank to represent its private capital needs for development of its technology, and in an anticipated subsequent initial public offering.

Source: http://www.paymenteye.com/2014/04/29/state-of-the-art-microchip-technology-can-save-american-merchants-and-consumers-over-usd190bn-per-year/?utm_source=PaymentEye+Daily+Newsletter&utm_campaign=c7973ffb82-29_04_2014&utm_medium=email&utm_term=0_3bd2a3a3c5-c7973ffb82-14476705

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing Please visit Alto Global Processing

Follow us on Twitter
Like us on Facebook

Alto Global Processing: Target Breach Widens, Neiman Marcus Also Admits to Attack by CardNotPresent.com

011314-Target-Breach-Widens-Neiman-Marcus-Admits-to-Attack

On Friday, Target disclosed that the security breach it originally said exposed the payment-card information of up to 40 million U.S. consumers, may end up affecting more than 70 million. The retailing giant acknowledged on Friday that, in the course of its investigation of the original breach, the company uncovered 70 million accounts where names, mailing addresses, phone numbers and emails were compromised. The company acknowledged that overlap between the two breaches—that is some customers whose credit-card numbers were stolen also had their names, emails and other information hacked as well—was “likely.”

And, this weekend, Dallas-based luxury department store Neiman Marcus also admitted it had been hacked during the holiday season. In a statement, the company said it had been informed by its processor in mid-December of “unauthorized payment card activity.” The retailer has not disclosed any guesses on the size of the breach and has enlisted both the U.S. Secret Service and a third-party forensics firm to investigate.

A Reuters report yesterday suggested three breaches that hit “well-known” but unnamed retailers earlier in the year were tests for hackers for the big holiday breaches. Sources told Reuters the techniques used in the smaller attacks were similar to the ones that hit Target and Neiman Marcus. The sources suspect the attacks were carried out by the same criminals but cannot be sure.

Please visit CardNotPresent.com for more news

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing Please visit Alto Global Processing
Follow us on Twitter
Like our brand new Facebook

Alto Global Processing: Credorax Banks $40M for International Expansion

By Deborah Gage of The Wall Street Journal

Source: http://blogs.wsj.com/venturecapital/2013/08/27/credorax-banks-40m-for-international-expansion/

Software and hardware are changing so rapidly that multi-billion dollar industries are being disrupted, but it’s still hard for a small startup with new technology to get that new business when it appears.

Consider Credorax Inc., which raised $40 million from FTV Capital to modernize how payments are made, taking its total funding to close to $100 million, as VentureWire reported today.

“The payments world is changing so fast, there are all kinds of services you need today that 10 years ago nobody would have thought of,” said founder and Chief Executive Benjamin Nachman, who started Credorax in 2008. He said he hopes to take the company public in about three years.

Credorax is known in the banking world as an acquiring bank, meaning that it processes credit and debit card payments for merchants. It competes with huge, global publicly traded banks like J.P. Morgan Chase & Co. and Citigroup Inc., but uses modern technology and has superior ways of detecting fraud, according toDavid Blumberg, managing partner of Blumberg Capital, which is Credorax’s first investor.

Since it went to market in the third quarter of 2011, the company has been growing so fast that a wary Visa Inc. required millions of dollars in escrow before it would do business with Credorax, Mr. Blumberg said. Blumberg Capital provided the money, which Credorax didn’t have, in exchange for more equity, making Credorax its largest single investment. In the last 18 months, the value of those warrants has quadrupled, he said.

Mr. Blumberg compared Credorax to ITA Software Inc., which Google Inc. acquired in 2011 to process travel reservations, thereby disrupting competitors in the travel industry that relied on mainframe computers developed as early as the 1960s. Credorax, like ITA, uses commodity hardware to conduct massive parallel processing of transactions, which is fast, flexible, scalable and cheap.

So far, Credorax is licensed and regulated in nearly 30 countries, including all countries in the European Union. The goal is to get licensed in all major global markets. In international transactions where a merchant might require five or six acquiring banks—some of them running in different countries and using different technologies that require data to be reconciled at the end–Credorax can do it all, Mr. Nachman said.

To evaluate potential fraud, for instance, Credorax can analyze multiple pieces of data–time zone, Internet Protocol address, shopping history and so on–and notify Visa or Mastercard if warranted. If the transaction is not fraudulent but is in a riskier geography, the local merchant could have the confidence to close it anyway, raising sales.

“Fraud is huge internationally…Some merchants accept no credit cards from the Middle East. They’re cutting off everybody because they cut with an ax instead of a scalpel,” Mr. Blumberg said.

Mr. Blumberg called the company “modestly valued” in the latest round of financing and said the valuation was in the hundreds of millions of dollars, though he and other investors declined to be more specific.

Write to Deborah Gage at deborah.gage@wsj.com. Follow her on Twitter at @deborahgage 

 Please visit The Wall Street Journal for more news!

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing Please visit Alto Global Processing
Follow us on Twitter
Like our brand new Facebook

Share this:

 

Alto Global Processing: Facebook – New Pilot Not a PayPal Competitor

Source: CardNotPresent.com

The payments world took notice recently of a report indicating Facebook was testing a payments service that would put it in direct competition with PayPal. The technology publication All Things D cited “sources familiar with the company’s plans” who said the product would allow any shopper who has previously provided Facebook with their credit-card details to make purchases on partnering e-commerce mobile apps without entering billing information. It seems the report, which was widely cited by other publications last Thursday and Friday, might have been premature.

On Friday, Facebook cleared up the matter with a statement that denied its new service would be competitive to PayPal. Under the new service, Facebook would not process payments, but simply use payment information already stored in the cloud to automatically fill in the payment fields in a mobile app when making a purchase. Whatever payment provider the individual app uses is the one that processes the payment.

Facebook’s statement, in full, read:

“We are working on a very small test that lets people populate their payment information already on file with Facebook into the checkout form of a mobile phone app when they are making a purchase. The app then processes and completes the payment. The test makes it easier and faster for people to make a purchase in a mobile app by simply pre-populating your payment information.  It will be a very small test with 1-2 partners.

We continue to have a great relationship with PayPal, and this product is simply to test how we can help our app partners provide a more simple commerce experience. This test does not involve moving the payment processing away from an app’s current payments provider, such as PayPal.”

Please visit http://cardnotpresent.com/news for more news!

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing Please visit Alto Global Processing

Follow us on Twitter

Like our brand new Facebook

Alto Global Processing: Visa, MasterCard Offer Common Debit Solution

Written by writers of Card Not Present

Last week, Visa and MasterCard said they have partnered to offer a common debit solution in the U.S. Debit networks in the U.S. have been working for nearly two years toward a solution that would address inconsistencies between the debit network routing requirements of the Durbin Amendment and limitations of the chips in chip & PIN cards and the rules of EMVco—the organization that administers EMV standards. With migration to the EMV standard underway in the U.S., several groups had been working on the problem, with some consensus among debit networks, but no buy-in from Visa and MasterCard.

On Tuesday, Visa and MasterCard, which each had offered separate solutions earlier this year, said they have made proprietary EMV technologies available that would enable a debit chip transaction originating from a single-chip application to be routed by the merchant to Visa, MasterCard or any other U.S. PIN debit network that elects to participate in the solution.

While yesterday’s decision by a federal judge overturning the Durbin Amendment eventually may render the need for such a solution moot, a working group formed bythe Secure Remote Payment Council (SRPc) that includes most U.S. debit and ATM networks has been seeking the creation of a common application identifier (AID) that would solve the issue. Visa and MasterCard have been part of those discussions, but neither has committed to the common AID, apparently hoping proprietary technology would give them a competitive advantage in routing debit transactions.

Members of the working group are interested in Tuesday’s announcement from Visa and MasterCard, but further evaluation would be necessary to determine if signing on with the solution is fair, according to Paul Tomasofsky, president of the Secure Remote Payment Council.

“The announcement is an interesting one on the surface but of course more information is needed to determine how other networks would fit into the picture,” Tomasofsky said. “Before that, it would be helpful to understand how Visa and MasterCard will work together from an operational viewpoint. The SRPc Chip-and-PIN working group members have always advocated a solution that allows all participating networks equal access to technology, a voice in governance, appropriate business terms and the ability to compete and innovate on future enhancements. In short, our solution calls for a multilateral solution and not a bilateral one.”

Read more at http://cardnotpresent.com/news/default.aspx?id=1576

Please visit http://cardnotpresent.com/ for more  news!

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing Please visit Alto Global Processing

Follow us on Twitter

Like us on Facebook

Alto Global Processing: Payments Players Face Four Key Decisions As EMV Shift Nears

Source: http://www.pymnts.com/

Visa, MasterCard and Europay formed EMVCo in the 1993 to combat and reduce fraud internationally, but in the United States, the slow transition to this new standard is causing problems of its own.

To date, more than 1.62 billion payment cards have been upgraded to comply with the standards set by EMVCo. This accounts for nearly 45 percent of all cards globally – most of which are in use outside the United States.

As this figure continues to climb, domestic financial institutions (FIs), merchants and consumers face an increasing threat of fraud, which is increasingly likely to occur in nations where the financial infrastructure has fewer safeguards in place. With the U.S. EMV liability shift four years away, what does the road to compliance look like, and what steps do acquirers, issuers and merchants need to take to prepare?

This is the subject of a new white paper released by global management consulting firm Accenture. Entitled “Payments Transformation – EMV comes to the US,” the release outlines four key decisions facing those in the payments ecosystem.

In this PYMNTS.com Data Point, we’ll take a closer look at two of the four decisions Accenture highlights in its research.

Offline Or Online Authentication?

According to Accenture, FIs first need to determine how they will verify the authenticity of EMV cards. This process can occur online or offline. Either way, authentication validates the EMV card before a payment occurs while providing additional safeguards against fraud.

Offline authentication – The card is verified by the merchant’s POS terminal, which reads information and certificates embedded in card’s chip. With this option, the terminals manage the payments brands they will accept.

Online authentication – The card is approved by the issuer using cryptographic certificates created by a card or mobile phone. This removes the need for important information to be housed on the physical card

How To Verify The Cardholder?

In an EMV system, cardholders verify their identity through three Cardholder Verification Methods (CVMs). These are a PIN, a signature or no CVM. The second decision facing FIs is selecting one of these options. Factors that could influence this decision include the level of fraud reduction desired by the issuer and customer attitude toward PINs.

Chip & PIN – Since much of Europe has elected to use PIN technology over concerns of the use of signatures, EMV cards are sometimes known as “chip-and-PIN cards” overseas. Read by dipping the card into a POS, the chip-and-PIN is more secure, but alters the traditional customer experience.

Chip & Sign – The chip & sign method may lead to a smoother adoption of EMV cards in the United States because this process is similar to the one used currently with magnetic-stripe cards. However, these transactions are less secure, and may make consumers vulnerable to fraud and theft: one of the main issues the EMV transition could help the United States solve.

No CVM – In this choice, neither a signature nor PIN is used to verify transactions. By making this choice, issuers would need a merchant POS structure to support this feature. No CVM is best suited for low value transactions, such as unattended terminals ie mass transit, as an example.

For more insights from Accenture, read the full white paper here.

To access the Accenture Payments Transformation Series, visit Accenture here.

Email Accenture with questions at paymentservices@accenture.com.

Direct Link To Article: http://www.pymnts.com/briefing-room/security-and-risk/online-and-cyber-fraud/2013/payments-players-face-four-key-decisions-as-emv-shift-nears/

For more information on this please feel free to contact Luca Bizzotto, CEO of Alto Global Processing Please visit Alto Global Processing

Follow us on Twitter

Like our brand new Facebook