Archive for the 'Industry News' Category

From Verifone CEO Doug Bergeron:

VeriFone Holdings, Inc. on Monday, April 10, announced a definitive agreement to acquire Lipman, the Rosh Haayin, Israel-based provider of electronic payment systems. We are very excited with this acquisition and the opportunities it presents. Customers of both companies will benefit from a stronger, more reliable, more innovative and better connected company that will deliver the VeriFone Difference in ways not possible prior to the acquisition.

As we move into this new era, I want to assure you that the continuity of your business is first and foremost and we are fully committed to supporting and aggressively growing the Vx Solutions, Nurit and Omni product lines going forward. In fact, with a dramatically expanded product portfolio, customers can now seamlessly experience the VeriFone Difference with:

* Unmatched portable solutions encompassing CDMA, GPRS, Wi-Fi and Bluetooth wireless technologies that open up new market opportunities and bring electronic payments directly to the consumer wherever they may be.
* A full range of highly secure consumer-facing devices that promote the usage of online debit and enhance merchant-to-consumer messaging and promotion.
* A full range of dial, IP-based, single or multi-application countertop systems that are easy to sell and provide numerous merchant benefits that drive up-selling opportunities.
* A secure family of payments-enabled Electronic Cash Register systems that open up new possibilities for convergence of retail management and payments for small merchants.
* A full range of secure self-service, kiosk and ATM solutions that will allow you to capitalize on the growing trend for electronic payment acceptance in unattended environments.

In addition, customers of both companies can expect enhanced support, service, responsiveness and innovative thinking from the combination of the best, brightest and most experienced personnel from two of the leading companies in our industry.

VeriFone and Lipman are the fastest growing among the leading providers of point of sale electronic payment technologies and this acquisition will extend VeriFone’s leadership in many countries around the globe. Geographically the two companies are complementary, and will be the number one player in North America and Emerging Markets and number one or two in most key markets worldwide. Following the acquisition, VeriFone will become the largest global provider of electronic payment solutions and services. This scale will allow VeriFone to capitalize on the accelerating growth in the emerging markets, as well as demand for increased security, and IP-based and wireless payment systems both domestically and abroad.

We are working quickly to finalize the composition of our larger sales force and support infrastructure going forward, but you should continue to rely on your existing relationships. Any changes or transitions will be communicated to you well in advance.

Closing is expected to occur in VeriFone’s fiscal fourth quarter ending October 31, 2006.

Authorize.net, the most popular payment gateway provider, announced that it saw a spike in fraudulent transactions pass through its systems this past weekend. The transactions, which ranged from $500 – $700, were billed to all major credit cards for users across the country.

All of the fraudulent transactions were processed through web hosting companies that use the Authorize.net payment gateway services. The hackers who did this apparently stole quality credit card data and used security holes in the web hosts’ systems to run the sales. The money for these transaction were sent to the webhosts. The hackers used the sales to verify whether the credit cards were valid. With the transactions being successful they are expected to use them in other fraudulent transactions very soon.

The web hosts and Authorize.net are at odds over where the security breach occurred. The web hosts are blaming Authorize.net. Authorize.net claims it cannot be there services fault as they just act like a credit card terminal and the blame as to be on the hosts for using flawed software.

On Sunday about 1,500 transaction were run through in a 90 minute period early Sunday morning totaling just under $1 million to one account! A total of three webhosts were used in this attack. In all cases the information put through the system included a valid credit card number, expiration date, cardholder name, and cardholder address. The successful transactions proves all of the information is accurate and correct.

From CNet News

A popular software that retailers use to control debit-card transactions may inadvertently store sensitive customer information, including PIN codes, says Visa.

Two versions of cash-register software made by Fujitsu Transaction Solutions are under scrutiny, according to a warning Visa issued to the companies that process card transactions for some of the nation’s largest retailers. A Visa representative confirmed that the warning was sent.

Some of Fujitsu’s retail customers include Best Buy, Staples and OfficeMax, but it is not known which companies use the software Visa claims is flawed.

Visa’s warning, which was first reported by The Wall Street Journal on Friday, has raised eyebrows in the financial and retail sectors. The software was flagged at a time when thousands of debit-card holders across the country have reported unauthorized withdrawals from their accounts.

Bank of America, Washington Mutual and Citibank are among the financial institutions that have replaced more than 200,000 debit cards in the past two months and have told customers that thieves obtained vital debit-card information as a result of a security breach at a large merchant.

One commonality among the fraud victims, according to law enforcement and banking officials, is that most had shopped at one of Fujitsu’s clients: OfficeMax.

The office-supply retailer has said that it has found no indication that it suffered an illegal intrusion. Fujitsu, which did not return repeated phone calls from CNET News.com on Friday, denied that its software has had anything to do with any alleged security breach. A representative for the company told the Journal that customer data, such as PIN codes, could not be stored using just its software. Other software tools would have to be added.

Major credit-card companies have banned the storing of customer data and can fine merchants who do store such data. The fear is that customer information may be a sitting duck for hackers should it be left in a company’s computer system.

What may be more worrisome for consumers is that it’s not uncommon for merchants to accidentally stockpile their customers’ data, says Branden Williams, a principal consultant at computer-infrastructure firm VeriSign.

One of VeriSign’s offerings is that it will assess a company’s computer systems to ensure they meet security standards required by the big credit-card firms.

During his white-glove inspections, Williams said, he has often found software that would trap customer data, including PIN information, without the retailer’s knowledge. Big companies working with complex systems are more prone to such slipups he said.

“You could totally understand how they could forget to turn off some switch,” he said.

But Williams said there’s no reason for the problem to go unchecked. Not only are there companies like VeriSign that will monitor system security, but Visa also offers a list of software products proven not to store data.

Neither one of the Fujitsu products, RAFT and GlobalStore, is among the products approved by the major credit card companies. This doesn’t mean that the software doesn’t meet industry standards. It only means that the software hasn’t undergone the review process needed for sanctioning by the group, according to a note on Visa’s site.

“It’s really the responsibility of a company doing business to protect their customers,” said Williams. “Especially when you consider what’s at stake: identity theft, bad public relations and potential fines. Software vendors should also have their applications checked for any vulnerabilities that could lead to a security breach.”

In what seems like an annual ritual, Visa and MasterCard have raised rates effective April 1st, 2006.

Visa made relatively few changes to their Interchange levels. Only a few minor increases to several corporate card categories were made. On the other hand, MasterCard made many changes to key Interchange categories. This includes their Merit III category which affects standard credit cards in a swiped environment. They also changed how their quick serve cards are handled.

The expected increase to be passed along to merchants is 2 to 3 basis points (.02% – .03%).

In an effort to encourage more participation in its SecureCode program, MasterCard is reducing its Interchange rates for online sales that are transacted with the program. Merchants can lower their transaction costs by as much as 59 basis points with SecureCode and by as much as 10 basis points with Verified by Visa which is Visa’s implementation of the same service.

MasterCard’s SecureCode and Visa’s Verified By Visa program shift liability to the issuing bank, away from merchants and their acquiring bank. Both products use an extra code or password, known only to the cardholder and issuing bank, that is entered after the other card information. This code is confirmed at the time of purchase. Because this code is known only to the cardholder it is assumed that the cardholder is making the purchase and reduces the likelihood of fraud dramatically.