ProPay and VeriFone have partnered to bring merchants simple, secure and affordable credit card processing on the iPhone. With a simple online signup process individuals can sign up for a merchant account, download the software application and begin accepting credit cards the same day.

Included in PAYware Bundle:

• PAYware Card Reader for iPhone 3G or 3Gs
• ProPay Merchant Account $199.95 annual fee
• Rates as low as 1.89% for all qualified transactions

The best part? The PAYware Card Reader for iPhone (was $149.95) is included FREE. All you pay is $14.95 shipping and handling!  Read more on ProPay’s website.

Join the cool kids and accept payments over your iPhone!  The VeriFone sled is very sleek and very cool and will make you the envy of all of your friends!

At the turn of the 19^th century in Russia, revolutionaries were stirring the pot and advocating the overthrow of the Tsarist regime.  Often, propagandists would travel to the rural areas of Russia and attempt to stir up the peasantry by regaling them with a long list of evils perpetrated by the Tsar and his men.  The revolutionaries could not seem to understand that their passionate pleas to rise up against the oppressive regime were most often met with a shrug of the shoulders and perhaps a pitying shake of the head.  The response from the peasants was very often, “God is in His Heaven and the Tsar is far away.”  In other words, bring me something relevant.  Why should I care that the Tsar has created some policy that impacts urbanites and pretend intellectuals in Moscow when I have crops to harvest and mouths to feed?  Unless the Tsar or God is going to come here directly and force me to do it, why should I?  It wasn’t until Tsarist policies began to impact agriculture and the subsistence of the Russian peasantry that revolutionary zeal was seen in the outlying regions.  In short, it wasn’t until the Tsar actually was in their neighborhood that the peasants decided to act.

What does the Russian revolution have to teach us about payment security?  Very simply, that the sentiment of the Russian peasantry is roughly equivalent to the attitude of many Level 4 Merchants, and with good reason.  The Level 4 Merchant is often a very small business, trying very hard to maintain their margins in an economy that is increasingly difficult.  When confronted with a standard that contains more than 220 data security requirements and they are told that they must comply, they often simply shake their heads.  “God is in His Heaven and the Tsar is far away.”  In more contemporary language:  “The card brands are on the coasts and my acquirer is in New York.” 

In essence, the industry has presented to small merchants a problem without a solution. The Level 4 merchant may or may not be required to validate their compliance, depending upon the needs of their acquirer.  If they are not required to validate compliance – well, then the Tsar is far away, indeed.  There is little or no enforcement until an event occurs that brings the merchant to the attention of the acquirer or the card brands.  On the other hand, how can an acquirer with a portfolio of thousands (or tens or hundreds of thousands) of merchants realistically manage their compliance?  All the revolutionary fervor in the world cannot convince a small business person to spend hard-won margin on security measures that bring an intangible benefit.

In the vein of the Russian peasantry in the late 1800s, let’s bring them something that is relevant.  Help the Level 4 Merchant cultivate an environment that is secure and does not take money out of their cash registers.  Payment security is due a revolution.  The industry has seen some initial forays into real innovation that can affect security for everyone, but in looking at these solutions we must remember that enterprise level companies are not the only constituents in the industry.   The Level 4 Merchant is, in fact, an extremely important demographic in the industry and to overlook their concerns with respect to data security and operational viability would be short-sighted.

Heather Mark, PhD; SVP Market Strategy  SFVVEWUY77NY

Javelin Strategy & Research released a report today on the Identity Theft Protection market – a market estimated at $2.4 billion in annual revenue.  One of the interesting findings of the report is that, while identity theft has seen a 12.5% increase in 2009, the use of ID theft protection services has seen a 42% decline.  Analysts for Javelin speculate that many consumers may not perceive ID theft protection or monitoring services as a “must have,” particularly in the present economic environment.  The main objective of the report was to evaluate and rate providers of ID theft protection services to identify “best in class” providers.  In the course of the research they discovered some interesting findings, including the fact that only about 40% of Gen Y consumers are enrolled in any type of ID protection program. 

 While the Javelin report notes that the economic conditions have led to a reduced level of participation in ID theft prevention programs, the report maintains that enrollment in these programs is extremely beneficial.  The fact remains, though, that when incomes are tight, services such as these can easily be considered a luxury.  So how can one continue to monitor their credit situation without paying a monthly fee? 

First, and most simply, check your statements.  Often people check the balance alone, but it is important to check the transactions, as well.  A common practice of credit card and identity thieves is to attempt small transactions to see if they are detected.  If they are not detected, they will attempt larger transactions.  If you see something, even if it seems inconsequential, that appears unusual or unfamiliar, check it out.  Call the merchant or call the bank if you don’t recognize it at all. 

Secondly, individuals are entitled to a free credit report on an annual basis. Keeping track of your credit score can certainly assist in identifying accounts that you didn’t open, perhaps, or attempts to change the address on an account.  For more information on obtaining free credit reports, you can visit the Federal Trade Commission’s website.    It’s also a good idea, as referenced in an earlier post, to monitor your children’s credit reports. 

In some cases, you may want to place a freeze on your credit.  This makes it a little more difficult for you to open new accounts, but it makes it significantly more difficult for an identity thieve to open an account in your name.  In this case, you can contact the three major credit bureaus and ask them to place a “freeze” on your credit.  Any time that you try to open a new account, there will be a delay, as the freeze will require confirmation from you personally before a new account can be opened.  In most cases, this means that the creditor will have to contact you at your home phone number in order to verify that you do, in fact, want to open the account.  There may be some costs associated with placing a freeze on your credit, depending upon whether or not you are the victim of an identity theft attempt and your state of residency.  A guide to credit freezes can be found here.

If you do decide that it’s easier to simply enroll in an ID theft protection program, it’s still worthwhile to monitor your statements and accounts.  You know better than any organization what is a typical or expected spending behavior for you and your family.  Don’t forget about your credit, simply because you’ve enrolled in one of these programs. 

Also, while I’ve focused here on individual identity theft, it’s important to realize that business identity theft is one of the fastest growing crimes today.  The Better Business Bureau provides some resources for businesses on how to protect your business from identity theft.

Heather Mark, PhD, SVP of Market Strategy

Numerous articles have recently been written about the Stuxnet worm that has infected industial control applications.  The article on CNN provides a good overview of the malware and how it works.  In short, Stuxnet is arguably the most highly developed piece of malicious software every identified.  Experts speculate that it is so advanced that it must be the product of a national government.  Additionally, while its purpose is not yet known, Stuxnet appears to be infections appear to be disproportionately affecting computers within industrial facilities in Iran. According to Symantec it would take 5-10 people about six months to develop an application similar to Stuxnet.   The application takes controls of a system within an industrial appilication and then communicates with a remote system which allows for a person to remotely control the application.  In an industrial facility this could have very far ranging and adverse impacts.  Consider a nuclear facility’s cooling system that had been turned off. This would present a significant danger.

While the vast majority of malware is designed to steal data or perform other functions Stuxnet appears to be the first identified cyberwarfare malware.  The product is not designed to steal information it is designed to allow someone (we don’t know who yet) to control the industrial facilities of another nation.  This is very scary stuff.

Read this article  to learn more about ProPay’s new service LenderPay.  LenderPay was developed to enable lenders (credit unions, banks, etc.) to accept credit, debit and charge cards as payment for loans without incurring transaction costs to the lender and without having to run the transaction as a cash advance.  This service allows lenders to accept ‘ontime’ payments as well as delinquent payments.  Mountain America Credit Union is one of the first organizations in Utah to use this service.  You can read more in this post.