Updated: Friday, March 7, 2014
Discover offers free Transact 14 admissions for ISOs
I n advance of the Electronic Transactions Association's Transact 14 international tradeshow next month, Discover Financial Services is sponsoring free admission to the three-day conference for 10 first-time attendees from the ISO community. The deadline for registration is today.
"ETA is grateful for Discover's support to ensure that more ISOs can attend the year's largest and most important payments industry event," said Jason Oxman, Chief Executive Officer of the ETA. "Transact 14 is a unique educational and networking opportunity to engage with Discover and thousands of payments and technology innovators from around the world."
Discover has been vocal in its willingness to partner with ISOs of all sizes and encourages ISOs to visit Discover's exhibit booth at the show.
Transact 14, which will take place at the Mandalay Bay Hotel in Las Vegas from April 8 to 10, will feature an entire track devoted to ISOs.
To win free registration to the event, go to www.electran.org/events/transact14/discover/ .
SEAA welcomes voice of payments
Friday, March 7, 2014
T he Southeast Acquirers Association's annual conference slated for March 24 to 26, 2014, at the Omni CNN Center in Atlanta could break history on many levels. "This is the fastest that we've ever sold out our room block, which is amazing because usually when we go to Atlanta there are so many locals," said John McCormick, Vice President of General Credit Forms Inc. and founding member of the SEAA. "We're hoping that this is going to be the show that hits the 700 total participant mark for SEAA."
On opening day, Mark Dunn, President of Field Guide Enterprises LLC, will present the Field Guide Seminar, which will focus on how to manage ISO businesses. Topics covered will include how to increase portfolio valuation, international acquiring opportunities, when to take risks, business-to-business merchant services, how to apply metrics in attaining goals, and how to put social media to work for merchants. Also, the Women's Network in Electronic Transactions' Atlanta LINC will host an afternoon event; a general reception will follow in the evening.
ETA's Oxman to keynote
Keynote speaker Jason Oxman, Chief Executive Officer of the Electronic Transactions Association, will make his debut appearance at a regional acquirers' conference. He plans to discuss the ETA’s efforts in Washington, D.C., and educational opportunities for ISOs at Transact 14: Powered by ETA coming up April 8 to 10 in Las Vegas.
"There is so much going on legislation and regulation wise impacting the industry that we asked Jason if he could speak about that," McCormick said. "ETA is a very important organization for the industry. Each show lately we've tried to incorporate some of their items into the show, including the CPP [Certified Payments Professional] program. It will be great to have his perspective on some of the key things that are going to be impacting us."
The SEAA will also host panel discussions on such topics as cloud-based POS and mobile payment processing, selling against and working with aggregators, and a status report on Europay/MasterCard/Visa chip-based payment migration in the U.S. market.
There will be plenty of opportunity to network, as well. According to McCormick, about 96 tabletop exhibitors will showcase products and services at the conference. "We try to limit it to that," he said. "If we go much more than that, there's just not enough time for people to get around to everyone, and we want the exhibitors to have a positive experience."
Tablet-based and mobile processing solutions providers will be integral in the vendor lineup. "There are definitely new technology vendors coming to the show that I think are going to be very exciting," McCormick said. "We've had several people tell us that they plan on showing new products."
The venue for SEAA 2014 is centrally located in downtown Atlanta adjacent to Centennial Olympic Park, a 21-acre public park built to commemorate the 1996 Summer Olympic Games held in that city. While vendor space is sold out, attendees are still welcome to attend for a nominal fee of $75.
DOJ probes PNC's merchant services practices
Monday, March 3, 2014
P NC Financial Services Group Inc., a leading provider of merchant services and one of First Data Corp.'s top five alliance partners, revealed today that it has been subpoenaed by the Consumer Protection Bureau of the U.S. Department of Justice. The Bureau is "seeking information concerning the rate of return rate for certain merchant and payment processor customers" that have depository relationships with PNC, the company stated in its filing today with the U.S. Securities and Exchange Commission.
"We believe the subpoena is intended to determine whether, and to what extent, PNC may have facilitated fraud committed by third parties against consumers. We are cooperating with the subpoena," the statement concluded.
A spokesman for PNC, Fred Solomon, declined to comment beyond the statement, which appeared in the Pittsburgh-based banking company's latest 10K filing with the SEC. PNC is no stranger to federal investigators. In its latest 10K filing, the company also discussed subpoenas it had received from the U.S. Attorney's Office for the Southern District of New York regarding sub-prime lending and foreclosure activities by National City Corp., a Cleveland-based bank PNC acquired in 2008.
In December 2013, PNC agreed to pay $35 million to settle fair-lending violations by National City involving minority borrowers. That marked the first fair-lending case to be pressed jointly by the Justice Department and the Consumer Financial Protection Bureau.
Mt. Gox, Pony and other bitcoin troubles
Friday, February 28, 2014
T he rollercoaster ride continues for virtual currencies like bitcoin. Mt. Gox, the Japan-based bitcoin exchange operator and one of the first such providers of the controversial cryptocurrency, abruptly closed its doors on Feb. 24, 2014, and filed for bankruptcy a few days later. Meanwhile, security firm Trustwave disclosed a new fraud scheme called Pony that targets the digital wallets of virtual currency users.
In early February, Mt. Gox stopped its users from withdrawing funds from the exchange as a precautionary measure in light of cyber attacks on its network. But three weeks later, with Mt. Gox still struggling to resolve its issues, the exchange took a more drastic step and stopped all activity on its network. "In light of recent news reports and the potential repercussions on Mt. Gox's operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users," the exchange said.
Following that, media reports surfaced indicating Mt. Gox is insolvent and unable to fulfill its role as an exchange. Thus, bitcoin users who traded bitcoin on the site may be unable to recover their investments if they held bitcoin balances on the exchange. Since the bitcoin economy is largely unregulated, bitcoin users have no financial protections if their bitcoin holdings are stolen or should disappear if an exchange goes dark and is unable to pay its obligations.
On Feb. 28, 2014, the hammer finally fell on Mt. Gox as it filed for bankruptcy protection. At a news conference held at the Justice Ministry in Tokyo, Mt. Gox Chief Executive Officer Mark Karpeles stated that the exchange had lost almost 750,000 of its users' bitcoins and around 100,000 additional bitcoins of its own. The total value of the stolen bitcoins is worth approximately $473 million on the open market.
Trustwave initially discovered the Pony fraud scheme in December 2013, in which user credentials were stolen from a variety of stored online accounts, including approximately 2 million websites, social networks and email programs. It is called the Pony botnet because the scheme involved a collection of malware infected computers (a botnet) that take instructions from the hacker's command-and-control server. Botnets are used to perform distributed denial of service attacks, for instance, which inundate websites with web traffic that effectively shuts them down.
More recently, Trustwave uncovered another Pony botnet. This scheme was more sophisticated than the first in that the malware had been upgraded to search infected computers for virtual wallets that stored cryptocurrencies on individuals' computers. Over 700,000 credentials were stolen between September 2013 and mid-January 2014 using this new scheme.
The attack seemed to target users in Europe, specifically Germany. But Ziv Mador, Security Research Director at Trustwave, said the researchers do not know where the scheme originated. Mador noted that the new Pony malware infected over 100,000 end user computers and scanned the operating systems to find virtual wallets. A tiny percentage of those computers contained digital wallets, simply because only a relatively few individuals today are involved in buying and selling cryptocurrencies.
Nonetheless, as of Feb. 24, the new Pony variant had netted the fraudsters about $220,000 worth of virtual currency from 85 wallets. The haul included 355 bitcoin and 280 litecoin, trading at about $600 and $14, respectively.
The key to protection
In Look What I Found: Pony is After Your Coins!, a Feb. 24 blog post written by members of Trustwave's SpiderLabs ethical hacking and research unit, said fraudsters are beginning to focus on virtual wallets because of their inherent vulnerabilities. Namely:
- Users are anonymous.
- Wallets are the property of whoever knows the private encryption key.
- Most users do not enable password protection.
Trustwave said that, since virtual currency transactions are conducted anonymously, they are irreversible. Because buyers and sellers of virtual currencies are anonymous, if bitcoin owners recognize bitcoins are being illicitly transferred out of their wallets to other wallets, there is no way to determine who owns those wallets. And since the bitcoin marketplace is unregulated, there is no authority to contact to reverse transactions or freeze accounts.
Also, hackers that obtain the private keys to mobile wallets become as much the owners of those wallets as their legitimate users, once again because all cryptocurrency users are anonymous. "Even if the person who created the wallet finds the person who took it, there is no way to really prove which one of them is the true owner," the researchers said.
And by not enabling passwords to safeguard the private keys of wallets, users are easy targets for hackers. Mador explained that a virtual wallet is enabled with two keys: one public, one private. The public key is shared between the local application and an exchange, for example, in order to conduct transactions over a network. But Mador said the private key stored on a user's computer should never be visible to anyone but the user.
"Basically the public key is the identity of the wallet, and what allows someone to generate transactions using that wallet," Mador said. "If I get someone's wallet but I don't have the private key, I cannot do anything. I need a private key in order to identify myself as the owner of the wallet. And then I can generate transactions."
Therefore, by encrypting private keys via passwords, the contents of those wallets are safe, Mador said. "Even if the criminals would be able to get to their machines, they will not be able to generate fraudulent transactions with those wallets."
USPS weighs plunge into crowded GPR pool
Tuesday, February 25, 2014
A s mail volumes and concurrent revenue continue to plummet, the U.S. Postal Service has proposed that a general-purpose reloadable (GPR) prepaid card be created that would help to bolster profits at the struggling quasi government agency. Along with a so-called Postal Card, small-dollar loans and money transfers could be offered to unbanked customers at postal locations, according to a Jan. 27, 2014, USPS report.
"Around the world, financial services are the single biggest driver for new revenue for postal operators, and conditions may be ripe for similar success for the U.S. Postal Service," said the Office of Inspector General: United States Postal Service. "If just 10 percent of the money underserved Americans currently spend on alternative financial services were instead spent on more affordable products from the postal service, it could generate some $8.9 billion in new revenue."
The report noted that the USPS could become a more affordable alternative to payday lenders, which charge substantial fees for their services. The USPS said it would not become a bank or compete with banks, but instead partner with banks to offer alternative financial services.
The postal lifeguard solution
The whitepaper, Providing Non-Bank Financial Services for the Underserved, cited 2011 Federal Deposit Insurance Corp. research that reported over a quarter of all U.S. households (about 34 million) have limited or no access to the traditional banking system. The USPS said that these households, representing about 68 million unbanked consumers, "are treading water very close to the economic edge."
The USPS feels it would be a natural fit to provide this demographic with financial services, since it already offers money orders and international money transfers. It said it already holds a 70 percent market share in domestic money orders and processed 109 million money orders in 2012. Via the GPR card, the USPS could offer "new ways of transferring money both domestically and internationally, and perhaps even include small loans that would help customers overcome unexpected expenses."
The USPS also made the case that banks are becoming less convenient for the unbanked. In 2012 alone, banks closed nearly 2,300 branches, the report said. But these closings are not spread evenly; most of them occurred in low-income communities, including rural and inner-city neighborhoods, where unbanked consumers live.
The USPS said 93 percent of bank branch closings since 2008 have occurred in ZIP code areas where household income levels were below the national median. In contrast, the USPS said 59 percent of its postal network is in ZIP codes with no bank branches, or only one. Being embedded in these communities translates into brand identification and trust, the agency added.
Sink or swim
The report characterized the proposed Postal Card as the linchpin to the USPS's ambitions. Such a card would reduce the agency's overhead costs associated with cash and check payments and provide the unbanked with a full-service financial product that could be used to make mobile, online and in-store purchases, as well as facilitate bill payments, ATM money withdrawals and money transfers.
Madeline Aufseeser, Senior Analyst at Aite Group LLC, believes that the USPS has the distribution network for a successful GPR card program, but that the postal service's goals are impractical. "I don't think they really have a clue as to what it's going to take," she said. "And I think their expectations are not exactly realistic."
Aufseeser said the USPS has not factored in the additional operational costs, such as more staffing and increased business hours, needed to support a GPR card product. But, according to Aufseeser, the biggest mistake the USPS made is the projection of the revenue potential for its financial services proposal.
"They think they can generate 10 percent of the total revenue that that [unbanked] population derives today," she said. "And I think that's extremely overly optimistic."
Aufseeser noted that the GPR card market is a mature one, with Green Dot Corp., NetSpend Holdings Inc. and H&R Block dominating over 60 percent of the U.S. market. And newer players like American Express Co. and JPMorgan Chase & Co. have added their GPR products to the already crowded field.
"It's going to take [the USPS] years until they can achieve the same level of market share that these other players have," Aufseeser said.
The USPS apparently also failed to take into account that the GPR card market is ripe for consolidation. Aufseeser said that too many program managers and processors are vying for slices of the prepaid pie. "The concentration of the business is such that the market cannot support all these players, and the margins on this business are razor thin," she said.
Aufseeser added: "For them to think they are going to get 10 percent of the market share on mature markets, it just does not seem credible to me."
View prior breaking news