The Chicago Federal Reserve Banks’ 2008 Payments Conference has just finished. The hot topic this time around was Payments Fraud: Perception versus Reality

There was significant discussion about the main entry points to fraudulent transactions. Surprisingly, perhaps, most fraud happens in situations other than data breaches.

When your information is readily available, it can be compromised by company employees or people in your circle of influence such as your family or friends. And physical proof of identity can be garnered by a stolen wallet or simply fishing your account information out of the garbage.

As was astutely pointed out at the conference by Jeff Schmitt, an independent consultant (and reported by Linda Elliot ), whether you like it or not, your information is out there. The aim of fraud protection ought to be to make that information useless to those who seek to make illegal use of it.

It’s a good approach and a necessary one. But yet again, it does not go far enough. It’s not too late to change the rules of the game.

• Have you ever questioned why your information has to be quite so available?
• Have you ever thought that you might not need to answer every question asked on that application form?
• Have you ever tried just to say NO! when asked for yet another piece of personal information that you weren’t sure was needed?

In short, we think more people should challenge the status quo of an information hungry culture. Try giving out less information, and fewer personal details. You’ll leave a smaller footprint to follow. And you’ll help reduce the incidence of payments fraud.

AT&T has settled a series of class actions suits over claims that their customers were billed for services they did not agree to purchase.

The agreement paves the way for AT&T Mobility customers to receive refunds for unauthorized services from D2C companies which appeared on their bills.

You can read more about the outcome of the case here and here.

The case could influence the outcome of similar US lawsuits currently pending for Verizon, Sprint and T-Mobile and could have long-term implications for the entire mobile content industry, requiring higher standards of consumer protection.

The whole issue could have been avoided if AT&T and each of the other operators had retained their core competency and forced the use of their existing state-of-the-art user authentication and payment authorization mechanisms for all transactions - even off-portal.

We recognize that this can be tricky when dealing with aggregators and other third parties.

There is a solution, though.

Using “Federation” and other online identity management concepts, a new commercial model is available that enables operators to use their existing secure authentication and authorization infrastructure for both off-portal transactions as well as off-off-portal transactions from the open web.

With ISPs, banks, and major content names already signed on to this model, there are significant market references validating this approach. The mobile industry can gain from this as well.

The model is called OneTouch Online Purchasing, and you can find out more here.

Identity theft is stealing the headlines as well as your personal information.

As the public becomes more aware of the dangers of identity hijacking, companies scramble to provide protection for consumers, and newspapers are full of revelations about what works and what doesn’t.

LifeLock, is a leader in consumer identity protection. They claim to offer a proven solution which stops identity theft in its tracks. In fact, they are so sure of their product that their CEO actually gives out his own social security number in a prominent position on the home page of the company’s website.

Well, that’s a bit like holding out a red flag to a bull. Sure enough, Todd Davis, LifeLock’s CEO, has had his identity stolen. His personal information has been used to take out a $500 loan.

Oops.

You can read the full story here.

In fairness to LifeLock, the company does not offer 100% protection against identity theft. That’s why they state the following in their Terms and Conditions:

If you are our client when someone accesses your personal identifying information and subsequently uses it without your authorization to commit a fraud, due to a failure or defect in our Service, and you have complied with this Agreement, subject to the terms herein, we will pay professionals to assist in restoring any such loss or recover such expenses, as required, provided however that the maximum limit of our Service Guarantee is $1 (one) million per lifetime for all incidents in the aggregate.

However, it’s still an embarrassment when their CEO gets his identity stolen.

Our approach to identity theft remains the same - and different from other companies in the identity theft arena.

If you don’t give out your identity in the first place, there is no information for thieves to steal. So if you want to buy downloads, your best bet is our flagship OneTouch Online Purchasing service. Using OneTouch you don’t have to reveal who you are.

  We’re back from a very successful presentation at the Tele Management Forum 2008 in Nice, France, where we were invited to introduce our answer to the problem of the crumbling walled gardens.At the Forum, we exhibited our solution to Tier 1 telcos in the Content Encounter, sharing a booth with Amdocs.

It was gratifying to see the thought leaders of the telecom industry respond so positively to our vision and innovative business model that uniquely enables Telcos to monetize the open web using their existing billing and customer care infrastructure.  

With over 3,600 registered visitors, including a wide representation of Tier 1 telcos and their suppliers, the TM Forum provided a cooperative atmosphere in which we began planning technical interoperability with the Telco back office systems of industry leaders such as Telcordia and others.

The interest in what we’re doing is far reaching and Telcos are beginning to recognize the potential of monetizing the off-off-portal marketplace. It is easy to appreciate a solution that allows Telcos to share a $15B boost in highly profitable revenue (2007 figures for content downloads) rather than the $6-700M they currently share in the walled gardens with a tenth of the effort.   

Our financial settlement partner is MACH S.a.r.l. in Luxembourg the largest clearing house for the mobile industry, serving 650 operators worldwide. So, we have a very strong foundation that uses existing settlement processes to further benefit merchants and Telcos.  One of the big differentiators of using this  payment processing strategy is that it allows internet commerce to extend past the current limited credit card solutions into the regions of the world such as China, India, Eastern Europe etc where international use of credit cards have not penetrated in any depth.  It also plays to the fact that some 2B of the current 3B mobiles are in developing countries and this will rise to 3B of the 4.25B projected for 2011.  

We will be following up on interoperability of our solution with the back office systems from this event in the following weeks.

 There’s a lot of buzz around about the adoption of contactless payments using mobile phones. It’s a more convenient payment method, it’s faster and it means we don’t have to walk around with all that small change in our pockets.

According to a recent study by Juniper Research, about 52 million consumers will be using the technology by 2011 to pay for everything from train tickets to candy.

Not everyone is thrilled about the contactless payment trend though.  Greg Day, at McAfee is sounding alarm bells at what he sees as the increasing temptation the technology will afford crooks.

“It makes me quite nervous. It’s to this type of contactless small payments arena that smart data criminals will turn: if they just take a fiver from everyone, rather than larger sums from fewer people, they’ll still make a fortune.” says Day.

The majority of mobile phone users (86% according to research conducted by DataMonitor and McAfee), are concerned about potential security breaches such as identity theft or fraud.

Yet, despite this, 79% of mobile phone owners polled knowingly used their mobile phones without activating any of the available security features. Another 15% didn’t know what security measures were activated on their phones.

We suggest that companies in the contactless payments arena devote some of their marketing budgets to educating consumers about mobile phone security. Ditto for the mobile phone manufacturers.    

We also suggest that consumers check out our OneTouch Online Purchasing service which allows them to pay for, and download digital content to their mobiles without revealing any personal or financial information whatsoever. Your identity can’t be stolen if no one knows who you are.

 Ed Kountz, in a recent post at Jupiter Research Analyst Weblogs notes that the alternative online payment marketplace is teetering on the edge of expansion into the mainstream.

We think he’s right. But he doesn’t look far enough outside traditional payment paradigms to see what’s at the leading edge, and to understand what consumers are really looking for.

According to a new Jupiter Research report, online purchasers are search for new payment options which are both secure and convenient. Kountz describes security as “not having to enter [credit] card information online.”

Well, we may be biased, but not having to enter your credit card information online hardly means that the payment method you use is secure. Anytime you give out your personal or financial information online, that information is potentially at risk. The merchant may not have your financial information, but some other online company does.

As for the other leading consumer want, convenience, well, yes, it’s not fast, and it’s not fun to stop what you’re doing in order to go fish out your credit card from the bottom of your other purse when you want to pay for something.

In addition to security and convenience, a major factor in the push for alternative online payment options is privacy. You can go into any store in the real world, pay cash, and leave without anyone knowing who you are. Your purchases won’t be tracked and no one will build a profile of your purchasing habits.

Why can’t you do that online? Well, the OneTouch Online Purchasing service takes alternative payment processing to another level. It’s completely secure, convenient and private. Consumers don’t have to give out any personal or financial information online, and payment is completed through an existing trusted biller such as their bank, ISP or telco.

The technology foundation for OneTouch is patent-pending and our online payment alternative is gaining traction quickly. In fact, we have a press release ready to go about a deal we’ve struck with one of the largest suppliers of mobile content worldwide.  And yes, our system works for mobile payments as well as for purchases made from a personal computer.

We can’t reveal more about that just yet, but while we appreciate the difficulty of “ensuring adequate merchant acceptance” while “generating enough consumer demand” as Kountz puts it, we are well on our way to making waves in the alternative online payments stratosphere.

 It used to be that when you walked out of the door, you’d be sure to take your wallet with you. And your credit card. And some cash.

That’s no longer true. In a recent IDC survey sponsored by Nortel, less than 30% of respondents worldwide chose their wallet when asked which item they would take with them if they had to leave their house for 24 hours.

Given a choice of their wallet, MP3 player, laptop or keys, over 38% of global respondents chose their mobile phone. In Latin America, specifically, that rose to over 50% of those who answered the question.

Those who were defined as hyperconnected chose their laptop over their mobile phone. Hyperconnected people are those who have a full range of communications devices and software applications for use in their business and private lives.

According to the survey, 16% of workers worldwide use a minimum of 7 communications devices for work, and at least 7 applications such as social networks, text messaging and chat software.

Closely following on their heels are the second group of 36% of workers who are “increasingly connected” rather than hyperconnected. They use at least 4 devices for work and at least 6 communications applications.

The study predicts that the percentage of hyperconnected business users will trend towards 40% in the next 5 years.

You can real the full details of the survey here.

So what does this trend mean for the world of ecommerce?

Simple really. Wallets are on their way out. Mobile phones and laptops are in. You don’t need a credit card or cash to pay for things anymore. Just whip out your phone or power up your laptop and you can buy pretty much anything you want.

And if what you happen to want is the latest digital download to supercharge your hyperconnected communications, you’ll find it quick and easy to pay for it using the OneTouch Online Purchasing application.

According to research by MultiMedia Intelligence, the worldwide market for mobile digital commerce services increased to $1.1 billion in 2007.

This market is expected to grow to $1.9 billion by 2012.

A couple of short paragraphs in the research summary caught my attention:

 ”Revenue leakage” is still an industry-wide problem across all geographic locations, especially in the off-deck space.

and

Digital commerce services companies are highly regionalized, with digital commerce companies heavily entrenched within the regional operators.

Firstly, using our OneTouch Online Purchasing application means that merchants are much better protected from revenue leakage than is the case with almost every other payment processing alternative. Transactions are only considered complete after verification of content download is received. The OneTouch Online Purchasing transaction log is available as an unbiased, third-party reference to resolve any disputes about the number of downloads processed.

Secondly, the OneTouch application is available internationally with no country restrictions and no need for telcos to establish relationships with each individual merchant. That leaves a lot of room for flexible marketing to niche markets all over the world.

You can check out our OneTouch online payment processing application here.

 We’re getting ready to exhibit at TM Forum Mangagement World 2008 in Nice, France, next week.Here’s how  the TM Forum describes itself:

The TM Forum is an industry association focused on transforming business processes, operations and systems for managing and monetizing on-line Information, Communications and Entertainment services. 

TM Forum thinks so too. We’ve been invited to showcase how our OneTouch Online Purchasing alternative online payment processing service can benefit telcos as the “walled garden” comes tumbling down and operators search for alternative ways to build revenue from the Internet.

You can find us at Forumville so please drop by  and find out how we’re helping telcos increase revenues from their existing billing infrastructure, merchants to make more sales, and consumers to buy safely, quickly and easily.

 If you’re an online merchant processing credit cards you’re almost certainly already familiar with the PCI Data Security Standards.

Just in case you’re not, here’s what you need to know in a nutshell:

The PCI (Payment Card Industry) Security Standard Council was founded by leading credit card companies including Visa, MasterCard and American Express and its mission is to develop and implement security standards to protect credit card account data.

So, if you’re selling online and processing credit cards, you really need to keep up to date on the latest PCI security standards and you need to make sure that you implement them.

The latest requirement, Best Practice 6.6, comes into effect on June 30^th, 2008.

This regulation demands that merchants who accept debit or credit cards strengthen their security by systematically reviewing application code and installing Internet application firewalls.

You can read more about the specific requirements here.

Compliance with credit card security standards is of paramount importance and a necessary step in reducing credit card fraud and identity theft occurrences.

But let’s be honest. The requirements are sometimes confusing and complicated, and they are likely difficult (not to mention potentially expensive) to put into practice, especially for merchants with a relatively small number of online orders.

As well as taking care of your credit card security, for your commercial peace of mind you should consider broadening the payment options you offer on your site.

Our OneTouch Online Purchasing application for digital downloads does not require you to accept any financial data from your purchasers. So, with no such data in your databases, there is no issue with data security - and no need to comply with the latest PCI Security Standards in order to benefit from our alternative payment service.

You can check it out here.