Wednesday, April 25, 2007
Dumb uses for smart ID cards - Brief Article
In the wake of the 11 September terrorist attacks, the US Congress has become increasingly enamored with the idea of issuing chip-enabled national ID cards that could store all sorts of identifying data, from the carrier's birth date and Social Security number to a DNA sample.
Law enforcement agents and airport security staff could supposedly fight terrorism by using devices to scan the cards and match the card data against a centralized database with the same information to verify the cardholder's identity.
Civil rights and privacy advocates understandably went out of their minds, fearing the abuses that such a system would invite. Under a smart ID card system, the government could easily track a person's travel, purchases, political affiliations and reading material, and correlate that data into a profile for whatever purpose the police saw fit.
Australia is currently having the same debate. Elsewhere in Asia, smart national ID cards have already arrived. Malaysia began issuing smart ID cards with fingerprint data in September last year. Last month, the Macau government launched its own smart ID card plan. Meanwhile, Hong Kong is going ahead with plans to launch its own smart ID card system in mid-2003.
Advertisement
In each case, these cards are expected to double as debit cards and possibly function as driver's licenses or library cards at the cardholder's request. The Hong Kong government plans to issue free digital certificates with each card in a bid to encourage online commerce.
But are smart ID cards a smart move even for countries that have already adopted them, much less for other countries considering doing the same? That depends on what you really want to use them for. The technology behind smart ID cards is pretty reliable now, and is getting better all the time. But like all technology, it's only useful if it accomplishes what you want it to do.
Solutions searching problems
For example, Hong Kong's idea of including free digital certificates with smart ID cards is a novel idea, but whether it would significantly drive e-business is debatable. Just because you have a free digital certificate doesn't mean you're going to trust it or the third-party authenticator that issued it. That will take time. That said, the ID card would serve as a good mechanism for getting them out in the public, so perhaps it's a start.
If you want to use smart ID cards to prevent atrocities like the 9/11 attacks in the US, however, forget it. The terrorists on those airplanes could have had either valid ID cards or faked ones good enough to fool airport security. Smart ID card proponents vehemently disagree with this, but smart cards can be forged. In the US, for example, people working for the state government departments that issue driver's licenses have been caught making and selling fake licenses showing the cardholder is old enough to buy beer. If you wanted to get a smart ID card for the same purpose, one key crony or easily bribed official in the local immigration bureau is possibly all you'd need to get one.
This problem also applies to just about everything else a smart ID card could be used for. Even a digital signature won't prevent someone with the right connections or skills from using a duplicate card (provided the original cardholder doesn't know it's been duplicated) or a card made for "someone" who only exists because the central database says so.
Privacy vs convenience
Of course, none of this is any reason to reject smart ID cards altogether. If we refused to use any technology with a security flaw, the Internet wouldn't exist and we'd all still do all our banking at teller windows. Smart cards work and work well for things like access to campus buildings and prepaid debit cards. I use both types in Hong Kong and mainland China, and they're convenient to use.
The idea of a national ID card may go against the grain of privacy advocates, but in countries that already have national ID cards (which, incidentally, outnumber those that don't) it's less of a concern. The convenience factor alone will probably drive acceptance of smart ID cards for certain things. People routinely give up privacy for convenience or security, which is why we hand out our ID numbers to service providers we want to do business with, or let airport security staff X-ray our bags.
Sure, the potential for data abuse exists, but that's true today with credit card data and existing analog ID cards. That doesn't make it right, but rather than a ban on smart ID cards, what we really need are enforceable privacy policies that require transparent data processing, prohibit unauthorized third-party sales and allow people to access their own files.
Law enforcement agents and airport security staff could supposedly fight terrorism by using devices to scan the cards and match the card data against a centralized database with the same information to verify the cardholder's identity.
Civil rights and privacy advocates understandably went out of their minds, fearing the abuses that such a system would invite. Under a smart ID card system, the government could easily track a person's travel, purchases, political affiliations and reading material, and correlate that data into a profile for whatever purpose the police saw fit.
Australia is currently having the same debate. Elsewhere in Asia, smart national ID cards have already arrived. Malaysia began issuing smart ID cards with fingerprint data in September last year. Last month, the Macau government launched its own smart ID card plan. Meanwhile, Hong Kong is going ahead with plans to launch its own smart ID card system in mid-2003.
Advertisement
In each case, these cards are expected to double as debit cards and possibly function as driver's licenses or library cards at the cardholder's request. The Hong Kong government plans to issue free digital certificates with each card in a bid to encourage online commerce.
But are smart ID cards a smart move even for countries that have already adopted them, much less for other countries considering doing the same? That depends on what you really want to use them for. The technology behind smart ID cards is pretty reliable now, and is getting better all the time. But like all technology, it's only useful if it accomplishes what you want it to do.
Solutions searching problems
For example, Hong Kong's idea of including free digital certificates with smart ID cards is a novel idea, but whether it would significantly drive e-business is debatable. Just because you have a free digital certificate doesn't mean you're going to trust it or the third-party authenticator that issued it. That will take time. That said, the ID card would serve as a good mechanism for getting them out in the public, so perhaps it's a start.
If you want to use smart ID cards to prevent atrocities like the 9/11 attacks in the US, however, forget it. The terrorists on those airplanes could have had either valid ID cards or faked ones good enough to fool airport security. Smart ID card proponents vehemently disagree with this, but smart cards can be forged. In the US, for example, people working for the state government departments that issue driver's licenses have been caught making and selling fake licenses showing the cardholder is old enough to buy beer. If you wanted to get a smart ID card for the same purpose, one key crony or easily bribed official in the local immigration bureau is possibly all you'd need to get one.
This problem also applies to just about everything else a smart ID card could be used for. Even a digital signature won't prevent someone with the right connections or skills from using a duplicate card (provided the original cardholder doesn't know it's been duplicated) or a card made for "someone" who only exists because the central database says so.
Privacy vs convenience
Of course, none of this is any reason to reject smart ID cards altogether. If we refused to use any technology with a security flaw, the Internet wouldn't exist and we'd all still do all our banking at teller windows. Smart cards work and work well for things like access to campus buildings and prepaid debit cards. I use both types in Hong Kong and mainland China, and they're convenient to use.
The idea of a national ID card may go against the grain of privacy advocates, but in countries that already have national ID cards (which, incidentally, outnumber those that don't) it's less of a concern. The convenience factor alone will probably drive acceptance of smart ID cards for certain things. People routinely give up privacy for convenience or security, which is why we hand out our ID numbers to service providers we want to do business with, or let airport security staff X-ray our bags.
Sure, the potential for data abuse exists, but that's true today with credit card data and existing analog ID cards. That doesn't make it right, but rather than a ban on smart ID cards, what we really need are enforceable privacy policies that require transparent data processing, prohibit unauthorized third-party sales and allow people to access their own files.
Cyber alert! These simple tools can keep your business safe from payment fraud
E-TAILERS BEWARE: Internet fraud is alive and well in cyberspace. According to a November 2004 survey about online payment fraud conducted by CyberSource, a Mountain View, California, provider of electronic payment and fraud-prevention solutions, U.S. merchants expected to lose an estimated $2.6 billion to online fraud in 2004, $700 million more than in 2003.
Hardest hit, according to the survey, are midsize companies--those with annual online revenues between $500,000 and $5 million. This group said it expected to lose up to 2.5 percent of online sales to fraud, compared to 1.9 percent in 2003. The reason for this increase is twofold, according to Bruce Cundiff, an analyst at Jupitermedia Corp. "One is the increasing organization among the fraudster community that allows for more efficient fraud perpetration," he says. "In addition, larger businesses tend to be among the first to implement more stringent security measures. Fraudsters will always choose the path of least resistance." Smaller businesses with out sufficient fraud protection mechanisms in place risk being exploited.
You can fight back against payment fraud using a basic fraud-detection service, such as an address verification system, which matches street numbers on a customer's billing address with the address on file with the credit card company. A mismatch may indicate that the person making the transaction is not authorized to use the card.
Another prevention method uses credit card verification codes--the four digits printed on the front of an American Express card or the three digits on the back of a Visa or MasterCard. Buyers enter this code when making purchases, so in theory, buyers need more than just the card number to buy online; they need the actual card to read the code.
Utility Safeguard LLC , a Southampton, Pennsylvania, company that sells construction supplies to industrial companies, distributors and consumers online, has found these solutions to be very effective. Last year, the company had sales of $1.5 million and is on target to reach $3 million in sales this year. Utility Safeguard uses a fraud-detection service called Payflow Pro from VeriSign. The service is integrated into its NetSuite e-commerce software platform.
With this solution, a new customer cannot check out until he or she has entered all the proper credit card information and the card has been cleared. "I have not had one bad credit card transaction since I began using the system in 2002," says founder Jim Graham, 43, who implemented the system.
Many experts, however, say that address and card verification systems are only a first step. Merchants selling valuable products that are easily resold, such as electronics, should also invest in the advanced fraud protection services offered by gateway providers. These services generally use fraud filters to screen for suspicious activity in real time. They cost an additional $30 to $1,500 per month, depending on the level of customization, along with additional setup and transaction fees.
Another logical way to protect your business is to make sure the freight carrier obtains a signature before delivering the product. Graham also insists international customers prepay through wire transfer. Says Graham, "We do not take foreign credit cards because if there is a problem [overseas], it's hard to get your money back."
Smart Design
Before implementing fraud-protection services, however, web merchants should design websites that are more fraud-resistant, says Vic Dolcourt, senior product manager for risk products at CyberSource. He recommends designing the checkout process so that after a consumer presses the "buy" button, the "back" button on the web browser no longer responds. Also, thank the customer for the order without indicating whether the card has been accepted. Says Dolcourt, "This way, the site doesn't serve as a tester for fraudulent account numbers."
Hardest hit, according to the survey, are midsize companies--those with annual online revenues between $500,000 and $5 million. This group said it expected to lose up to 2.5 percent of online sales to fraud, compared to 1.9 percent in 2003. The reason for this increase is twofold, according to Bruce Cundiff, an analyst at Jupitermedia Corp. "One is the increasing organization among the fraudster community that allows for more efficient fraud perpetration," he says. "In addition, larger businesses tend to be among the first to implement more stringent security measures. Fraudsters will always choose the path of least resistance." Smaller businesses with out sufficient fraud protection mechanisms in place risk being exploited.
You can fight back against payment fraud using a basic fraud-detection service, such as an address verification system, which matches street numbers on a customer's billing address with the address on file with the credit card company. A mismatch may indicate that the person making the transaction is not authorized to use the card.
Another prevention method uses credit card verification codes--the four digits printed on the front of an American Express card or the three digits on the back of a Visa or MasterCard. Buyers enter this code when making purchases, so in theory, buyers need more than just the card number to buy online; they need the actual card to read the code.
Utility Safeguard LLC , a Southampton, Pennsylvania, company that sells construction supplies to industrial companies, distributors and consumers online, has found these solutions to be very effective. Last year, the company had sales of $1.5 million and is on target to reach $3 million in sales this year. Utility Safeguard uses a fraud-detection service called Payflow Pro from VeriSign. The service is integrated into its NetSuite e-commerce software platform.
With this solution, a new customer cannot check out until he or she has entered all the proper credit card information and the card has been cleared. "I have not had one bad credit card transaction since I began using the system in 2002," says founder Jim Graham, 43, who implemented the system.
Many experts, however, say that address and card verification systems are only a first step. Merchants selling valuable products that are easily resold, such as electronics, should also invest in the advanced fraud protection services offered by gateway providers. These services generally use fraud filters to screen for suspicious activity in real time. They cost an additional $30 to $1,500 per month, depending on the level of customization, along with additional setup and transaction fees.
Another logical way to protect your business is to make sure the freight carrier obtains a signature before delivering the product. Graham also insists international customers prepay through wire transfer. Says Graham, "We do not take foreign credit cards because if there is a problem [overseas], it's hard to get your money back."
Smart Design
Before implementing fraud-protection services, however, web merchants should design websites that are more fraud-resistant, says Vic Dolcourt, senior product manager for risk products at CyberSource. He recommends designing the checkout process so that after a consumer presses the "buy" button, the "back" button on the web browser no longer responds. Also, thank the customer for the order without indicating whether the card has been accepted. Says Dolcourt, "This way, the site doesn't serve as a tester for fraudulent account numbers."
Tuesday, April 24, 2007
Cheap frills - online brokers and what services and commissions they offer the investor - includes information of commissions and services
Online brokers were heavily engaged in a game of one-upmanship last year, testing how low they could go. The commission-slashing seems to have settled down for now--at rates unimaginable just a couple of years ago. Commissions at the top ten online firms have plummeted from an average of $32.19 early last year to just $15.77 early this year, according to an analysis by Piper Jaffray.
But even that's high for our winner this year. The cheapest guy on the Net, Brown & Co., will execute your market order for a mere $5.
Although low commissions Create the buzz about online brokers, it's not the only thing to consider when choosing and using one. A firm that's fine for active stock traders who want to do their own research may not fit the needs of buy-and-hold investors who want to keep stocks and funds in the same account or for investors who trade exclusively in their IRAs. That's why we didn't crown a "best overall" among the 16 online brokers in our survey. Instead, we picked the winner in each of seven different categories---not only for commissions but also for fees, margin rates, products and services, mutual funds, IRAs and investor tools.
Because there are more than 80 (and counting) online brokers, we left out the small niche players and brand new firms--some of which are likely to be gobbled up by banks and larger brokers. We also left out discount brokers that haven't made a big foray onto the Internet.
Advertisement
BROWN BEST FOR COMMISSIONS
At Brown, $5 gets you a market order for up to 5,000 shares of any stock listed on a major exchange or on Nasdaq. Add $10 for a limit order and Brown's $15 combo is the lowest for any firm on our list--but only slightly lower than Suretrade's $15.90 for a market and limit order on up to 5,000 shares. George Brown, head of the company that bears his name, keeps costs low by limiting customer perks; for example, his is the only firm that doesn't offer even the most basic research tools on its Web site. (Evidently, overhead is low, too: When we called for an interview, he answered his own phone.) Brown says business has increased 50% since the firm lowered its commission to $5 in March. "But I don't plan on reducing it any more," he says.
The highest trading costs in our survey are at Accutrade and Charles Schwab: Each firm charges $29.95 for each market or limit order up to 1,000 shares.
BEYOND THE LIST PRICE. Ameritrade and Web Street Securities do not set a limit on the number of shares covered by the basic commission, but elsewhere, high rollers can get nicked by additional charges for large trades. The other firms charge for each share beyond the limit, except Datek, which charges an additional basic commission for every 5,000 shares.
Depending on how it is applied, that charge of 1 or 2 cents per share (3 cents in Schwab's case) can sabotage the rates you signed on for. Discover Brokerage Direct and Waterhouse Securities recompute the entire order at the excess share price. So at Waterhouse, for example, a $12 market order for up to 5,000 shares jumps to $50.01 for 5,001 shares. And at E*Trade, the extra commission is figured on the whole order and then added to the basic commission (hiking the cost of a 5,001-share market order from $14.95 to $64.96).
Options traders are out of luck at American Express Financial Direct and Datek. The other brokers trade options at minimum commissions ranging from $14.95 plus $1.75 per contract at Web Street to $40 at DLJDirect.
BEST BETS FOR BONDS. Commissions for buying one Treasury bill range from $25 at Web Street to $60 at American Express. For ten NYSE-listed corporate bonds, commissions range from zero at DLJDirect to $50 at Accutrade, E*Trade, Quick & Reilly and Suretrade. Ameritrade, Bull & Bear, Datek, Discover, National Discount Brokers (NDB) and Waterhouse sell neither Treasuries nor corporates online. American Express and Fidelity will buy Treasuries for you but not corporate bonds.
BULL & BEAR BEST FOR OTHER FEES
The brokers in our survey don't go slap-happy with extra fees. Bull & Bear gets the laurels in this category for applying only one fee out of the seven we checked: $15 for an outgoing wire transfer. Of the other firms that charge only one of the seven fees, Waterhouse charges $25 for the same service; Datek charges $50 to issue a stock certificate--the highest fee for that service, which many online investors aren't concerned about. American Express and E*Trade charge five of the seven fees.
But even that's high for our winner this year. The cheapest guy on the Net, Brown & Co., will execute your market order for a mere $5.
Although low commissions Create the buzz about online brokers, it's not the only thing to consider when choosing and using one. A firm that's fine for active stock traders who want to do their own research may not fit the needs of buy-and-hold investors who want to keep stocks and funds in the same account or for investors who trade exclusively in their IRAs. That's why we didn't crown a "best overall" among the 16 online brokers in our survey. Instead, we picked the winner in each of seven different categories---not only for commissions but also for fees, margin rates, products and services, mutual funds, IRAs and investor tools.
Because there are more than 80 (and counting) online brokers, we left out the small niche players and brand new firms--some of which are likely to be gobbled up by banks and larger brokers. We also left out discount brokers that haven't made a big foray onto the Internet.
Advertisement
BROWN BEST FOR COMMISSIONS
At Brown, $5 gets you a market order for up to 5,000 shares of any stock listed on a major exchange or on Nasdaq. Add $10 for a limit order and Brown's $15 combo is the lowest for any firm on our list--but only slightly lower than Suretrade's $15.90 for a market and limit order on up to 5,000 shares. George Brown, head of the company that bears his name, keeps costs low by limiting customer perks; for example, his is the only firm that doesn't offer even the most basic research tools on its Web site. (Evidently, overhead is low, too: When we called for an interview, he answered his own phone.) Brown says business has increased 50% since the firm lowered its commission to $5 in March. "But I don't plan on reducing it any more," he says.
The highest trading costs in our survey are at Accutrade and Charles Schwab: Each firm charges $29.95 for each market or limit order up to 1,000 shares.
BEYOND THE LIST PRICE. Ameritrade and Web Street Securities do not set a limit on the number of shares covered by the basic commission, but elsewhere, high rollers can get nicked by additional charges for large trades. The other firms charge for each share beyond the limit, except Datek, which charges an additional basic commission for every 5,000 shares.
Depending on how it is applied, that charge of 1 or 2 cents per share (3 cents in Schwab's case) can sabotage the rates you signed on for. Discover Brokerage Direct and Waterhouse Securities recompute the entire order at the excess share price. So at Waterhouse, for example, a $12 market order for up to 5,000 shares jumps to $50.01 for 5,001 shares. And at E*Trade, the extra commission is figured on the whole order and then added to the basic commission (hiking the cost of a 5,001-share market order from $14.95 to $64.96).
Options traders are out of luck at American Express Financial Direct and Datek. The other brokers trade options at minimum commissions ranging from $14.95 plus $1.75 per contract at Web Street to $40 at DLJDirect.
BEST BETS FOR BONDS. Commissions for buying one Treasury bill range from $25 at Web Street to $60 at American Express. For ten NYSE-listed corporate bonds, commissions range from zero at DLJDirect to $50 at Accutrade, E*Trade, Quick & Reilly and Suretrade. Ameritrade, Bull & Bear, Datek, Discover, National Discount Brokers (NDB) and Waterhouse sell neither Treasuries nor corporates online. American Express and Fidelity will buy Treasuries for you but not corporate bonds.
BULL & BEAR BEST FOR OTHER FEES
The brokers in our survey don't go slap-happy with extra fees. Bull & Bear gets the laurels in this category for applying only one fee out of the seven we checked: $15 for an outgoing wire transfer. Of the other firms that charge only one of the seven fees, Waterhouse charges $25 for the same service; Datek charges $50 to issue a stock certificate--the highest fee for that service, which many online investors aren't concerned about. American Express and E*Trade charge five of the seven fees.
Manufacturer, Researchers Develop Fiber-Optic Fraud Buster - Brief Article
U.K. optical lens vendor Optical Antenna Solutions, working in conjunction with researchers at Warwick University, developed and is trialing an optical device it says will help reduce credit-card fraud. The new optical lens and antenna reportedly can capture data signals from wireless phones more efficiently, over greater distances and at greater capacities. When wireless subscribers are ready to make purchases using their handsets and credit card accounts, the antennas, inserted in mobile phones to read as part of the infrared port, will be pointed toward cash registers, where similar infrared ports are located. Personal security codes are then entered into the phones, at which point the OAS antennas capture light signals carrying the data required to authorize the transactions. When the information is verified, handshakes take place, completing the purchases. South Korea is testing the system, which also will be trialed in Japan, the United Kingdom and the United States
Subscribe to Posts [Atom]
