a rel=nofollow target=_blank href=http://3.bp.blogspot.com/_wgns7r5yd8c/SkuHfkmX2xI/AAAAAAAAH6E/0LEdR1hDVcQ/s1600-h/Fight+Climbing+Interchange+Rates.jpg style=clear:left;float:left;margin-bottom:1em;margin-right:1em;/abr /div class=separator style=clear:both;text-align:center;a rel=nofollow target=_blank href=http://4.bp.blogspot.com/_wgns7r5yd8c/SkuSbpfgXEI/AAAAAAAAH6c/tVrLM04B3AE/s1600-h/Spider+and+the+Fly.jpg style=clear:left;float:left;margin-bottom:1em;margin-right:1em;img border=0 src=http://4.bp.blogspot.com/_wgns7r5yd8c/SkuSbpfgXEI/AAAAAAAAH6c/tVrLM04B3AE/s400/Spider+and+the+Fly.jpg//a/divbr /
The PIN Payments Blog has focused on eCommerce and security since it’s inaugural post in March of 2008. br /br /
As I have come to learn, some believe I do it to bash the industry for supporting products which encourage consumers to enter (type) their card number, or their username and password into boxes on the web, or click their mouse…but that’s not why I do it. br /br /
I do it because I understand that the information superhighway known as the web, is exactly that. An information superhighway. It’s also known as the web, and what a wicked web it is…hackers, keyloggers, screen scrapers, a rel=nofollow target=_blank href=http://en.wikipedia.org/wiki/Malwaredata stealing malware/a, zombies, etc.br /bbr //bbr /bThink of hackers as the big nasty spider and you financial data as the big meaty fly.nbsp; Get the picture?nbsp; If not, there’s one on the left.nbsp; /bbr /br /
When websites ask you to enter (type) your credit card or debit card numbers into a box, I know that it’s Pandorian in nature and I want to prevent you from boxing yourself in. Consumers cannot realistically expect that their card numbers are going to be safe. Sure it may seem convenient, but things aren’t always as they seem, are they? On the flip side, sometimes they are…and it sure seems that as time goes by, hackers get more advanced thus create more advanced programs designed to steal your financial information. Who knows what they’ll come up with tomorrow?br /br /a rel=nofollow target=_blank href=http://3.bp.blogspot.com/_wgns7r5yd8c/Skt7_2Wq-JI/AAAAAAAAH5s/aRI5mjeJ_Nc/s1600-h/Keep+Typing+Instead+of+Swiping.jpg style=clear:right;float:right;margin-bottom:1em;margin-left:1em;img border=0 src=http://3.bp.blogspot.com/_wgns7r5yd8c/Skt7_2Wq-JI/AAAAAAAAH5s/aRI5mjeJ_Nc/s400/Keep+Typing+Instead+of+Swiping.jpg//aThis much I do know. When I started this blog, it was safer to type your cardholder data into the web than it is today. And it’s safer today than it will be tomorrow. Therefore, the day after tomorrow seems to be the day when everyone will understand that what we are trying to do here on the blog is come from help…not anger industry insiders, nor do we want to be perceived as viciously criticizing so-called competitors.nbsp; br /br /
What we try to do here is best represent the truth on this blog…and the truth is, IT IS NOT SAFE TO TYPE YOUR CREDIT CARD NUMBERS INTO A BROWSER.nbsp; Albeit, sometimes the truth hurts…but if the truth hurts what anyone is trying to accomplish, I say… the truth is what it is. nbsp;nbsp; br /br /
Speaking of competitors (and truth)nbsp; HomeATM created a software-based PIN platform years ago, and contrary to a YouTube video floating around out there on the web, it was not a so-called competitor, but b style=background-color:yellow;HomeATM/b, who b style=background-color:yellow;conducted the first software-based PIN debit transaction on the web/bspan style=background-color:yellow;./spannbsp; We did it in 2005, (i style=color:#444444;documentation available upon request/i) in front of a bunch of Intel higher ups who in addition to asking if we were crazy, (like PC’s they know the risks inside and out) practically laughed us out of the room.. .That experience instigated our engineering department to re-evaluate how PIN transactions should be conducted on the web, and there is only one way.nbsp; Outside the Browser Space. (OBS)br /br /
So, we scrapped the software PIN debit thingy and went to work on creating a secure terminal with a built-in PIN Pad…and lo and behold, b style=background-color:yellow;color:red;HomeATM/bspan style=background-color:yellow;color:red;/spanb style=background-color:yellow;span style=color:red;conducted the first end-to-end-encrypted PIN Debit application using the Internet/span./b (using a secure 3DES, protected by DUKPT hardware device, just like they do it in the stores!)br /br /a rel=nofollow target=_blank href=http://3.bp.blogspot.com/_wgns7r5yd8c/SkuHfkmX2xI/AAAAAAAAH6E/0LEdR1hDVcQ/s1600-h/Fight+Climbing+Interchange+Rates.jpg style=clear:left;float:left;margin-bottom:1em;margin-right:1em;img border=0 src=http://3.bp.blogspot.com/_wgns7r5yd8c/SkuHfkmX2xI/AAAAAAAAH6E/0LEdR1hDVcQ/s400/Fight+Climbing+Interchange+Rates.jpg//abr /
Now, there were btwo more tasks/b at hand.nbsp; The first one was achieved last March 17th, ironically while HomeATM Chairman and CEO, Ken Mages and I were listening to PCI General Manager, Bob Russo speak.nbsp;nbsp; named b style=background-color:yellow;color:red;HomeATM was certified as the first manufacturer in the world with a PIN Entry Device specifically designed for eCommerce usage asnbsp; PCI 2.x Certified and listed us on their website./bbr /br /bFinal task/b.nbsp; Get our manufacturing costs down to a price point where distribution to the masses is feasible.nbsp; bbr /br /The mountain/b:nbsp; Credit/Debit Card Terminals cost $500.00+ and PIN Pads cost $150.00+ (and encrypting the PIN Pad costs an additional $25.00+)br /br /bThe result/b:nbsp; span style=color:red;bspan style=background-color:yellow;HomeATM becomes the first company in the world to manufacture and offer a credit/debit card terminal with integrated PIN Pad for less than $25.00!/span/bnbsp; /span(including PIN Pad a rel=nofollow class=zem_slink target=_blank href=http://en.wikipedia.org/wiki/Encryption title=Encryptionencryption/a!)br /br /
The end result?nbsp; b style=color:red;HomeATM Knows PIN/b.nbsp; That said, I suspect, (k)no(w), make that know, that yesterday’s doubting Thomas’ will become tomorrows believers/customers…especially as new reports, like the one released by a rel=nofollow class=zem_slink target=_blank href=http://www.trendmicro.com/ title=Trend MicroTrend Micro/a (below) state what we have stated from day one.nbsp; It’s a dangerous and scary world (wide web) out there!br /br /
If that’s not scary enough, here’s more…did you know that a signature debitnbsp; transaction is at least 10 times LESS secure than a PIN Debit transaction?nbsp; That’s in the brick and mortar world.nbsp; So how many times LESS secure is a card not present (no signature) debit transaction vs. a PIN Debit transaction?nbsp; Yet signature debit is being pushed by issuers over PIN debit.nbsp; Why?nbsp; All in unison!nbsp; Because they make more money!nbsp; Yup, the less secure the transaction, the more money they make.nbsp; At whose expense?nbsp; Two guesses.nbsp; If you said consumers and/or merchants your right.br /br /
In it’s a rel=nofollow target=_blank href=http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary/data_stealing_malware_focus_report_-_june_2009.pdfbfirst Focus Report/b/a, Trend Micro examines the growth of data-stealing malware, the most dangerous of web threats today.nbsp; Growth of this threat is unprecedented and you are in exponentially MORE danger today, than when the PIN Payments Blog first started emphasizing the inherent dangers of conducting eCommerce on the web.br /span style=font-size:large;br //spanspan style=color:black;font-size:large;According to a rel=nofollow class=zem_slink target=_blank href=http://en.wikipedia.org/wiki/Anti-Phishing_Working_Group title=Anti-Phishing Working GroupAnti-Phishing Working Group/a (APWG) statistics, /spanspan style=font-size:large;b style=color:black;span style=background-color:yellow;the number of sites infecting PCs with password-stealing crimeware reached an all time high of /span/bb style=color:red;span style=background-color:yellow;31,173/span/b/spanspan style=background-color:yellow;font-size:large; in December 2008—u style=color:red;an 827 percent increase/u from January/spanspan style=color:#660000;font-size:large;b style=color:black;/b/spanbr /br /
While the term data-stealing malware is a relatively new one, its
sole purpose for existence is a b style=color:red;familiar story/b:nbsp; To steal proprietary
information such as online banking credentials, credit card numbers,
social security numbers, passwords, and more from compromised networks
and PCs in order to fuel an underground cyber crime economy driven by
profit-seeking criminal networks that cross geopolitical boundaries.bbr /br //bbr /div class=separator style=clear:both;text-align:center;a rel=nofollow target=_blank href=http://3.bp.blogspot.com/_wgns7r5yd8c/SkuMCzZ6coI/AAAAAAAAH6U/uBxHqioHJ8M/s1600-h/Stop+Trojans+Dead+in+the+Tracks.jpg style=clear:right;float:right;margin-bottom:1em;margin-left:1em;img border=0 src=http://3.bp.blogspot.com/_wgns7r5yd8c/SkuMCzZ6coI/AAAAAAAAH6U/uBxHqioHJ8M/s400/Stop+Trojans+Dead+in+the+Tracks.jpg//abTrojans: The Rising Star in Data-Stealing/ba rel=nofollow target=_blank href=http://3.bp.blogspot.com/_wgns7r5yd8c/SkuMCzZ6coI/AAAAAAAAH6U/uBxHqioHJ8M/s1600-h/Stop+Trojans+Dead+in+the+Tracks.jpg style=clear:right;float:right;margin-bottom:1em;margin-left:1em;br //a/divbr /Trojans are the fastest growing category of data-stealing malware,
according to data from TrendLabs, Trend Micro’s global network of
research, service, and support centers committed to constant threat
surveillance and attack prevention. Trojan attacks pose a serious
threat to computer security. True to their name, they typically arrive
disguised as something benign such as a screen saver, game, or joke.
Based on TrendLabs research:br /ullispan style=font-size:large;In
2007, span style=color:red;52 percent /spanof data-stealing malware were Trojans; in 2008, that
number increased to span style=color:red;87 percent/span; as of Q1 2009, ub style=color:red;93 percent /biof
data-stealing malware were Trojans.br /br //i/u/span/lilispan style=font-size:large;Trojans and Trojan spyware
are the predominant type of data-stealing malware in all regions
monitored by TrendLabs, including Australia, Asia, Africa, South
America, North America and Europe./span/li/ulb/bbr /br /br /br /br /fieldset class=zemanta-relatedlegend class=zemanta-related-titleRelated articles by Zemanta/legendul class=zemanta-article-ulli class=zemanta-article-ul-lia rel=nofollow target=_blank href=http://pindebit.blogspot.com/2009/04/if-is-really-then-how-do-you-secure.html If Https:// is Really Httbs// Then How Do You Secure Online Transactions? /a (pindebit.blogspot.com)/lili class=zemanta-article-ul-lia rel=nofollow target=_blank href=http://information-security-resources.com/2009/06/03/online-bankings-innate-security-flaws/ Online Banking’s Innate Security Flaws /a (information-security-resources.com)/lili class=zemanta-article-ul-lia rel=nofollow target=_blank href=http://information-security-resources.com/2009/05/14/3des-dukpt-e2ee-explained/ 3DES, DUKPT amp; E2EE Explained /a (information-security-resources.com)/li/ul/fieldsetdiv class=zemanta-pixiea rel=nofollow class=zemanta-pixie-a target=_blank href=http://reblog.zemanta.com/zemified/3658b8bc-039c-4f62-a1af-f52d938440a6/ title=Reblog this post [with Zemanta]img alt=Reblog this post [with Zemanta] class=zemanta-pixie-img src=http://img.zemanta.com/reblog_c.png?x-id=3658b8bc-039c-4f62-a1af-f52d938440a6//aspan class=zem-script more-related/span/divdiv class=blogger-post-footerimg width=’1′ height=’1′ src=’https://blogger.googleusercontent.com/tracker/3566135301187709004-843918511194368077?l=pindebit.blogspot.com’//divdiv class=feedflarea rel=nofollow target=_blank href=http://feeds.feedburner.com/~ff/HomeatmBlog?a=LPl820wvjFk:cvIxNt7ZoyU:yIl2AUoC8zAimg src=http://feeds.feedburner.com/~ff/HomeatmBlog?d=yIl2AUoC8zA border=0/aa rel=nofollow target=_blank href=http://feeds.feedburner.com/~ff/HomeatmBlog?a=LPl820wvjFk:cvIxNt7ZoyU:63t7Ie-LG7Yimg src=http://feeds.feedburner.com/~ff/HomeatmBlog?d=63t7Ie-LG7Y border=0/aa rel=nofollow target=_blank href=http://feeds.feedburner.com/~ff/HomeatmBlog?a=LPl820wvjFk:cvIxNt7ZoyU:dnMXMwOfBR0img src=http://feeds.feedburner.com/~ff/HomeatmBlog?d=dnMXMwOfBR0 border=0/aa rel=nofollow target=_blank href=http://feeds.feedburner.com/~ff/HomeatmBlog?a=LPl820wvjFk:cvIxNt7ZoyU:KwTdNBX3Jqkimg src=http://feeds.feedburner.com/~ff/HomeatmBlog?i=LPl820wvjFk:cvIxNt7ZoyU:KwTdNBX3Jqk border=0/aa rel=nofollow target=_blank href=http://feeds.feedburner.com/~ff/HomeatmBlog?a=LPl820wvjFk:cvIxNt7ZoyU:l6gmwiTKsz0img src=http://feeds.feedburner.com/~ff/HomeatmBlog?d=l6gmwiTKsz0 border=0/a/divimg src=http://feeds.feedburner.com/~r/HomeatmBlog/~4/LPl820wvjFk height=1 width=1/