US to Hand Over Control of the Internet ‘Address Book’ to ICANN

A tiny branch of the U.S. Commerce Department is preparing to hand over control of the Internet’s “address book”—the highest level of the Domain Naming System, or DNS—to the Internet Corp. for Assigned Names and Numbers, a Los Angeles-based international nonprofit, effective Oct. 1, Ars Technica reports.
Republican lawmakers have tried to block the move, with the attorneys general for Arizona, Oklahoma, Nevada and Texas filing a lawsuit in a Texas federal court Wednesday, according to Politico.
The lawsuit contends that the transition amounts to the illegal giveaway of U.S. government property. The plaintiffs also fear that ICANN could prohibit speech on the Internet and revoke the U.S. government’s exclusive use of .gov and .mil domains.
Republican presidential candidate Donald Trump’s campaign weighed in on the issue, according to Ars Technica:
The Republicans in Congress are admirably leading a fight to save the Internet this week, and need all the help the American people can give them to be successful. Congress needs to act, or Internet freedom will be lost for good, since there will be no way to make it great again once it is lost.
Ars Technica also reports comments that Sen. Ted Cruz (R-Texas) made in a recent speech on the Senate floor:
Today our country faces a threat to the Internet as we know it. … If Congress fails to act, the Obama administration intends to give away the Internet to an international body akin to the United Nations. I rise today to discuss the significant, irreparable damage this proposed Internet giveaway could wreak not only on our nation but on free speech across the world.
ICANN says that these assertions by Republicans are unfounded.
“The US government has never, and has never had the ability to, set the direction of the (ICANN) community’s policy development work based on First Amendment ideas,” ICANN said in a statement, as reported by Ars Technica. “Yet that is exactly what Senator Cruz is suggesting. The US government has no decreased role. Other governments have no increased role. There is simply no change to governmental involvement in policy development work in ICANN.”
The change has been characterized as a symbolic takeover. The only thing that changes, according to Ars Technica, is that the U.S. will not have oversight over a contract between ICANN and Virginia-based company Verisign over the maintenance of the Internet’s global DNS.
Facebook,, Google and Twitter are some of the bigger tech companies that back the change, according to Ars Technica. They say it is imperative that Congress not block it.

‘Digital ID’ Is the Solution for EMV’s Online Blind Spot

In order to successfully and scalably combat card-related fraud and digital payments hacking, organizations need to rely less on standards like EMV and PAN/PRN, and recognize today’s currency is no longer just about money.

Instead, digital identity has emerged as a new form of currency, and it requires protection too.

Counterfeit fraud, card-not-present fraud, fraudulent applications, card-not-received fraud, and lost and stolen fraud have all contributed to the digital payments fraud so many U.S. organizations and consumers are experiencing.

Additionally, hackers have become adept at compromising user account data, rendering protective tactics like PAN (i.e. the personal account number or the 16 digit number on credit cards) and PRN (i.e. the provisional receipt number or a unique 15-digit token) nearly useless.

What is digital identity? Previously, money was transacted via highly tangible items such as coins, symbols or even farm animals. But in the 21st century, money has become increasingly digital. The way people interact online directly affects their digital reputation, and that resulting digital identity gives people access to their bank account, allows them to apply for peer-to-peer loans, and enables them to participate in our shared economy.

A helpful way to consider digital identity is to think of it as the bridge between physical identities and online user identities. Digital identities are unique and impossible to fake, as they leverage the infinite number of connections users create when they transact online, so they work well to ensure legitimate users are recognized and provided with seamless online experiences. At the same time, digital identities can help accurately detect fraudsters using stolen or spoofed identities before the fraudulent transaction is processed.

In order to facilitate advanced fraud protection and accurately authenticate valid users, organizations need to capture and fully understand the complete digital makeup of each of their individual users. There are a variety of unique data points that make up a user’s digital DNA, including the following five elements:

User Credentials: This includes any/all associations between an individual’s accounts and email addresses with anonymized, non-regulated, personal information. This data might include user names and telephone numbers, or even more advanced intelligence relating to devices, locations and online behavior.

Trust Tags: Trust tags are digital labels that can be applied to various combinations of entities within a user’s persona to indicate their trustworthiness. Trust can be associated dynamically with any combination of online attributes such as devices, email addresses, or card numbers, allowing for trusted users to be quickly recognized.

Persona ID: This element captures connected entities such as email addresses, transactions, accounts, devices, IP addresses, geolocations, proxies, and physical addresses relating to an individual.

Links and Associations: Leveraging persona IDs, organizations can benefit from real-time linkage of a current transaction to related transactions through a matrix of attributes associated with the user, device and connection.

Behavioral Biometrics: Behavioral biometrics evaluate current user and device interactions, and compare that information to historical user and device interactions and to known bad behaviors.

The reality of today’s business landscape is that all customers are digital, and unfortunately it’s becoming harder and harder to verify the authenticity of these valued, online customers. Organizations are growing more adept at adapting their business to a more online-centric user experience, but in terms of preventing digital payments fraud, the majority remain focused on the wrong problem.

So much of digital payments security is focused on the protection of networks and devices, however determined and persistent hackers are usually undeterred by such safety measures. Organizations should instead focus their valuable resources on the digital identities that hackers may have already stolen. By stitching together verified customer data points such as location, payment details, websites visited, login credentials or typical transaction behavior, organizations can more effectively identify and transact with legitimate users, and at the same time thwart nefarious hackers in real-time.

After Years of Retreat, Payments Fraud Has Come Roaring Back, AFP Survey Shows

For years, the wave of fraud receded like an outgoing tide for companies that accepted electronic payments from consumers and other businesses. But last year, a tidal wave crashed on shore.

Fully 73% of companies reported they had suffered actual or attempted payments fraud in 2015, up 11 percentage points from 2014 and 13 points from 2013, according to the latest annual survey released Tuesday by the Association for Financial Professionals Inc.

As it does every year, the Bethesda, Md.-based AFP surveyed its members on their experience with fraud via checks, cards, wire transfers, automated clearing house transfers, and other payment methods. This year, the January survey yielded 627 responses from members across a wide range of industries and company sizes.

Between 2009 and 2013, the actual and attempted fraud rate slid from 73% of reporting members to 60%, then ticked up in 2014. The results for 2015, with fraud back at 2009 levels, show that uptick was an ominous sign. “We’ve seen a trend break here,” Magnus Carlsson, the AFP’s manager for treasury and payments, tells Digital Transactions News. “I think [our members] are surprised to see such a large increase in one year. That is a big surprise.”

Even the AFP report itself is blunt about the matter. “In last year’s 2015 AFP Payments Fraud and Control Survey Report [documenting 2014], we noted that the downward trend of payments fraud reversed, although by just a few percentage points. The situation has since deteriorated further,” says the report.

Still, while fraud rates took off, actual dollar losses remain muted. A solid majority—72%—of companies that sustained fraud exposure reported no actual losses at all, while another 14% reported actual losses totaling less than $25,000. In contrast to fraud exposure, “actual losses are quite different,” says Carlsson. Similarly, 49% reported no costs to manage, defend against, or clean up after actual or attempted fraud, while another 35% spent less than $25,000.

The study also found fewer organizations reporting an expected impact from the move to EMV chip cards, as indicated by investment in software, hardware, and training, as well as fraud losses after the liability shift. That shift took place in October and placed responsibility for counterfeit card losses on the shoulders of merchants that couldn’t accept EMV cards. In the 2013 survey, just 11% reported they expected “no impact,” but by January, three months after the shift, that number had risen to 35%.

Delays in getting hardware and software certified for EMV, which have frustrated many merchants and have already led to a federal class-action suit, are a separate matter. “Obviously, that’s an issue,” notes Carlsson. “I can understand the frustration.”

While checks remain the payment method most targeted by criminals, it’s fraudulent wire transfers fueled by an explosion in highly sophisticated phishing attacks that have spiraled upward in recent years, according to the report. In 2009, just 3% of companies that had experienced actual or attempted fraud reported they had been hit by wire fraud. Last year, that rate was 48%, leaving fraudulent wires ahead of fraud on corporate and commercial credit and debit cards (39%). The check-fraud rate, meanwhile, was 71% in 2015, but that’s actually down from the high of 93% in 2010.

Actual and attempted fraud on ACH credits (11%) and debits (25%) remain low and stable relative to the other payment methods surveyed.

The AFP membership comprises corporate finance executives worldwide.

The CFPB Weighs in With Guidelines to Protect Consumers Using Faster Payments

The federal Consumer Financial Protection Bureau on Thursday issued nine guidelines summarizing its vision for faster payments as banks, payment processors, tech companies, and other government regulators continue work on proposals for improving U.S. payments.

“Companies developing new financial technologies should be building systems from the outset with consumer protections in mind,” CFPB Director Richard Cordray said in a news release. “It is a lot easier to build something right from the start than it is to retrofit it. The CFPB will continue our work to help ensure that financial-services marketplaces are safe and transparent for consumers.”

The guidelines include strong consumer control over payments; privacy and data protections; fraud error-resolution procedures; transparency in transaction status, receipts and pricing; and affordable costs. Still others address access to payment systems; funds availability—meaning that consumers be made the primary beneficiaries of faster clearing and settlement, not just banks or third parties; use of technologies to enhance security, and accountability mechanisms to curb misuse of payment systems.

With all non-cash payments, according to the CFPB, there can be a delay of several hours to several days between the time the consumer initiates the transaction and the time the financial institutions involved complete it. In most cases, particularly with regularly scheduled transactions such as direct deposits and recurring bill payments, existing payment services “generally suffice,” the CFPB said.

“Still,” the preface to the guidelines says, “consumers may prefer faster transfers for certain situations, such as a transfer to another person like a relative or repair person, a last-minute bill payment, or a retail payment where both the consumer and merchant want to settle a transaction immediately.”

The CFPB noted that it has been involved in recent efforts to improve U.S. payments, including submitting comments to automated clearing house governing body NACHA on its plans for same-day ACH transactions, and by participating in the Federal Reserve’s broad payment-system improvement initiative.

A creation of 2010’s Dodd-Frank Act with a broad mandate, the CFPB often is a lighting rod for critics of government regulation. Last November, the CFPB proposed 800-plus pages of new prepaid card rules.

That brief but controversial history has some observers predicting that the guidelines released Thursday could evolve into more detailed regulations. “At some point, this will become the rules of the road,” Eric Grover, principal at Minden, Nev.-based payments-advisory firm Intrepid Ventures, tells Digital Transactions News.

Grover questions whether there is a need for consumer guidelines. “It doesn’t strike me that there’s an obvious problem,” he says. “First of all, faster payments barely exist. Why [is the CFPB] weighing in? They have the power to.”

But the Bureau advocates that consumers should be the ultimate beneficiaries as U.S. payments become faster and more secure. “Given the potential benefits to consumers, the Consumer Financial Protection Bureau has been advocating for the development of faster and safer consumer payment capabilities in both new and existing payment systems,” the CFPB said.

Square Marketing Highlights the Value of Data-Driven Retention

Square’s expansion into email marketing seemed like a surprise move for the company best known for its mobile point-of-sale system for small businesses.

Upon closer analysis, however, it’s a natural next step for the company, and one that reinforces the importance of data-driven retention marketing for all businesses, not just within e-commerce.

Historically, email marketing is tough for local businesses with physical storefronts. Small business owners run cafés, boutiques, restaurants, yoga studios, and much more; their primary focus is on day-to-day operations, not technology partners or building complex digital marketing strategies.

At the same time, it’s crucial for small businesses to use the channels available to them to encourage repeat business. While some restaurants (mostly chains) have robust email marketing programs in place, small merchants have largely struggled to find a sophisticated way to reengage existing customers. Getting in on the email marketing game can pay off in a big way—most e-commerce businesses can still attribute up to 45% of their revenue to email.

What’s more, Square’s offering brings data-driven intelligence to merchants that don’t have access to the kinds of information e-commerce companies collect on the daily. As a point-of-sale platform, Square can incorporate the data their system collects, including transactions and frequency of visits,  to help merchants better identify their high-value customers.

It might be puzzling why so much attention is being given to Square’s product launch, given that email marketing is well established by this point. Wouldn’t it be more helpful to introduce capabilities for marketing channels that are considered “hot,” like social media or mobile advertising? Although there’s lots of noise surrounding these newer platforms, email marketing is still the most effective marketing tactic from a revenue generation perspective. According to a 2014 report by Gigaom Research, 56% of marketers still rank email marketing as the most effective strategy.

Think of how often e-commerce businesses send promotional emails or offers. Now Square is giving small businesses easy access to that valuable real estate to notify customers of deals and encourage return visits. Effective email marketing also helps build relationships and brand loyalty with their customers.

Will Square Marketing add value to local businesses? Yes, as long as local merchants embrace the features and fully utilize them. Square’s move underscores the importance of retention marketing, and the effect customer retention has on the bottom line. Even in this unprecedented age of information, small businesses still struggle to understand their current customers. Square’s move helps bring data-driven marketing to businesses outside e-commerce, which is a win for all parties involved.

Apple Pay Tries to Solve a Problem That Really Isn’t a Problem

I recently bought a cup of coffee, but I did not have any cash handy. I used a credit card, and the result was a veritable dystopia that will surely haunt my sleep forever.

First, I had to reach into my back pocket and remove my leather wallet. Then I had to pick out a plastic card, taking care not to pull out my driver’s license or Metro fare card. Somehow I managed to succeed on the first try. Then I swiped my credit card on a device positioned near the cash register. (Should the magnetic strip face right or left? That was my horrific choice.) Then I returned the plastic card to my wallet and went on with my day, scarred yet unbroken. I understand my credit card company will be including the $2.25 I owe them for that coffee on some sort of invoice later in the month, the receipt of which will surely will be yet another brutal reminder of the burdens of that day.

I kid, of course. Charging a cup of coffee or pretty much anything else is not a big deal. At most stores it is a remarkably seamless process, particularly now that most retailers have gotten out of the habit of requiring signatures for smaller purchases. But that’s not how Tim Cook sees it.

Tim Cook introducing Apple Pay on Tuesday in Cupertino, Calif. The system would replace credit cards.

Mr. Cook, the Apple chief executive, introduced a new mobile payments service Tuesday as part of the company’s big product rollout. The idea is that instead of experiencing the misery of fishing around for a credit card, you put your phone up to a transponder and touch the screen, and your transaction is complete.

It’s a dangerous business to bet against Apple’s ability to make a product that you didn’t think you needed as part of your daily life. But “Apple Pay” looks as if it may be one of those offerings that don’t live up to the company’s hype. It would seem that in Mr. Cook’s mind, the current process of a retail transaction is something actually resembling the series of horrors described above. The core challenge Apple faces is that buying things with a credit card isn’t nearly as onerous a process as they make it out to be.

Mr. Cook showed a video at the product rollout of a woman burrowing in her purse for a credit card, navigating past a box of Tic Tacs — Tic Tacs! — and struggling to open her wallet in order to find her card, then being asked to show her driver’s license before completing the transaction. It had a lot in common, actually, with those infomercials in which actors manage to horribly bungle the most basic tasks until some new product solves a nonproblem.

Apple Pay does appear to be more secure than plastic credit cards. As Mr. Cook pointed out in the presentation, a credit card reveals all the necessary information for a thief to exploit and go on a shopping spree, whereas Apple Pay requires the purchaser’s fingerprint to run a charge. The only problem from Apple Pay: The costs of fraud are borne by credit card issuers, and sometimes retailers themselves. Just ask Target, and now Home Depot, both of which have faced huge data breaches and are paying the price.

So you can see how banks and retailers will be enthusiastic about switching to a more secure way of paying. Indeed, Apple has already lined up giant banks — including Bank of America, Chase and Wells Fargo — and giant retailers, including McDonald’s, Walgreens and Macy’s, to use the service.

Times technology columnist Molly Wood says consumers may see a rise in the use of mobile payments now that the iPhone has a chip that will work at tap-to-pay payment terminals. So Apple Pay certainly has the potential to revolutionize how people buy goods. But security chips widely in use in Europe are gradually becoming available in American credit cards. The recent breaches are only making that process more urgent for card issuers.

But the bigger question for Apple Pay is whether consumers find it handy enough to convert from credit and debit cards.

All Merchants Have to Comply with EMV

Don’t succumb to complacency; become EMV compliant today! Make sure you are informed and prepared with EMV-capable point-of-sale devices to protect against counterfeit-card fraud.

The October 2015 liability shift set by the major card networks to implement the Europay-MasterCard-Visa (EMV) chip card standard will leave unprepared merchants vulnerable to counterfeit fraud for the first time. Merchants that have not installed EMV-capable point-of-sale terminals within the next three years will assume liability for counterfeit-card transactions conducted in their stores.

Acquirers that sell EMV to small merchants will not have an easy task. It is important to stress that this deadline is real and is coming quickly. Even if a merchant’s acquirer isn’t yet ready to process EMV transactions, the merchant can install the equipment now and then be ready to download the EMV application software to the existing device.

Let VeriFone be your guide and partner with us during this transition. We have years of experience helping thousands convert to EMV worldwide and offer an unmatched line of EMV-compliant hardware and software – as well as training and support – to deliver complete solutions for meeting migration plans.

The newest EMV contact and contactless-complaint solution is the VX 805 PIN pad. This powerful, fast PIN pad provides everything needed to securely accept payments and other transactions, with the agility to quickly embrace future technological change, including NFC, mobile commerce and EMV.  It also offers the latest security protections – including full compliance with PCI PTS 3.0 – plus EMV Level 1 and 2 Type Approval.

Click here to find out more about VeriFone’s EMV-compliant hardware and software solutions.

Source: Oct. 3, 2012.