What about online banks and merchants partnering to offer a more secure and less expensive eCommerce experience? Most online banks offer savings accounts to both consumers and businesses with higher interest rates offered by typical commercial banks. Here is a great opportunity for these banks to extend debit and credit services to their customers to shop online.
Web Merchants need to pay interchange fees to credit card companies with a variety of dependencies on rates being charged per transaction. However, the outstanding issue of security still lingers in the minds of “window shoppers”, internet savvy consumers that visit web merchants’ sites to check and compare prices, but with no appetite to disclose credit card information.
So what does the PayTC offer? Enabling online bank customers with the PayTC will allow Web Merchants to capture new customers and pay lower interchange fees. Online banks expand their financial product suite with a safe and secure device for its customers to do online ecommerce. Consumers benefit from the safest online transaction experience and the convenience of online shopping.
As an add-on, online banks may offer their customers the capability of the PayTC to be used for online banking authentication, expanding the PayTC to use its BankTC capabilities for a two-factor authentication experience.
This week I’d like to comment on how the industry recommends to consumers what to do when it comes to online shopping and to safely shop online.
In my blog I have argued that most of the burden is placed on the consumers to research the web sites they visit and where they are planning to buy an item. I have also mentioned that in the present environment, consumers must disclose personal information to online sites, including credit information.
Well, as you will see from this video from AARP, the American Association of Retired Persons, a Google engineer recommends and advises consumers to be aware of the dangers of shopping online, and although shopping online is a good experience, she goes on advising consumers to make sure they research the online merchant site, and that personal computers must be protected with security software before purchasing online.
In the end, in my opinion this is not the real solution. Just watch and listen to the video.
Now that we are gearing up for the end of year celebrations, I suspect millions of consumers will use their credit card or bank accounts to shop online and buy gifts for relatives and friends. This is the time of year as well when identity theft and fraud are at their peaks. Consumers open more accounts with online merchants, and they may also open accounts with PayPal, BillMeLater and so on.
In the process of doing so, consumers disclose private information to all these intermediaries, including credit card number, bank account number, date of birth, last 4 digits of Social Security Number, etc. We consumers hope that the systems where all this information is stored is secure and protected against malicious attacks, both internal or external.
Well, unfortunately that is not the case. In November 2007 more than 250,000 computers were compromised in the Los Angeles area ( see Botmaster attack ) by a hacker who managed to intercept messages between compromised computers and PayPaland other sites. As a result, thousands of bank accounts and credit cards were stolen from unsuspected consumers.
Breaches of merchants’ systems are even bigger. In March 2007 it was reported that TJX Companies Inc. ( see TJX cards stolen ) of Massachusetts was attacked for a period of 18 months and that more than 45 million credit and debit cards were stolen. Such is the magnitude of this breach that Visa and MasterCard suspect that these cards will be “sold off for a period of time in the future”.
The effects of these occurrences are not only fraud, but also the theft of thousands of identities for malicious purposes. Integrity Identity International ( see story ) reports that 10 million people are victims of identity theft every year, and the vast majority of losses occur from physical thefts of portable computers, drives and disks, or unauthorized use of data by employees.
Our method of payment, the PayTC, is a deterrent against identity theft. There is no disclosure of credit, debit or private information to anybody. Only pay for the transaction and rest assured that only the financial institution that issues the PayTC accepts or rejects the transaction. It’s that simple.
This past week I have received a few messages on the PayTC™ article I wrote. Although the product is in a prototype stage, the interest comes from worried consumers about the exposure of credit and private data to unauthorized users. Certainly the internet is a big part in this debate.
When I began researching on how the industry and consumers were looking into online fraud and identity theft, I came across the multiple methods that credit card companies use (Verified by Visa, MasterCard SecureCode®) and how consumer groups provide guidelines for consumer protection.
Industry guidelines expect consumers to shop online with specific online merchants whom have signed to the credit cards companies’ security programs, and who follow specific audit and data protection guidelines. However, millions of credit cards are stolen every year from these merchants ( see 4.2 million credit and debit cards stolen ), and complaints of fraud amounted to $240M in 2007, $41M higher than in 2006 ( see complaints of fraud ).
For consumer protection, the Identity Theft Resource Center (ITRC - www.idtheftcenter.org ) provides compelling guidelines in the use of credit cards online. Similarly, Consumers Union (www.consumersunion.org) just published tips for paying online as the shopping season approaches. These are great articles and well intentioned, but it seems to me that the onus is in the consumer to do the research on the merchant, ensure that the consumer has installed a personal firewall, and if anything happens, call my bank and report the incident possibly to the authorities.
We developed and tested the PayTC™ with all these things in mind: to protect the consumer from identity theft and eliminate fraud by non disclosing credit data to intermediaries. Of course it is convenient to conduct an online transaction with the credit card, but if the credit card has enhanced capabilities embedded in a token that protects my personal information, and only my credit issuer can unlock that personal information, then I can argue that the PayTC is the credit card to use for online transactions.
Welcome to my blog. Over the last few months we at KanataIT have focused our efforts in developing an alternative online payment system. Unlike all the other online payment systems consumers find in the internet, ours is defined quite simply as the replacement of the plastic credit card.
With many years in the the IT security business, I found myself uncomfortable disclosing my credit card number, card expiration date and all the other credit information that every online merchant requests when I opened an online account. We all know the risks: credit data gets stored in these online merchant systems and two things could happen: either the online merchant storage is hacked, or an inside job is done, and bingo -thousands of credit cards are open to fraud and identity theft.
Solutions to this problem are numerous, and many alternative online payment methods have flourished. But once again, consumers must disclose some form of credit or private information to these alternative systems. Not with the PayTC.
The PayTC is issued by a bank or the credit card issuer, so when a consumer completes an online transaction, the only system that verifies the credit data is the system owned by the bank or credit card issuer. No intermediary system stores credit data information. In fact, there is no need for any intermediary system to have my credit data anyways - they already have my name and address to send me the book or the airline ticket that I buy online.
I invite you to visit the “how it works” page at our site and see for yourself how the PayTC will truly revolutionize the way online payments should be done: http://www.kanatait.com/paytc_howitworks.html.
Welcome to the KanataIT Online Payments Blog. Keep coming back for new information and discussions regarding online fraud, identity theft and online payments.
