Wednesday, March 9, 2011

An Open Letter to the Industry and Consumers

Today is a wake-up call to consumers and the payments industry. Restaurants across the nation make it very easy for anyone to use credit cards for payment. Seems like a great idea, but there is a serious security flaw that they have overlooked that places consumers in dire risk.

In less than 5 minutes, any unscrupulous waiter can "skim" – or steal – a consumer's financial and personal information right off the card. How do we know? We did it. We posed as a waiter in a local restaurant, and when it came time to pay the bill the customer used a credit card. After handing the card to our agent, they were able to walk away, copy down the card information, and return it to the customer without their knowledge.

Let me explain how easy it is to exploit the vulnerability.

A criminal gets a job at a restaurant. They can then illegally collect personal and financial data from the face of a payment card. It's shockingly simple.

The issue is that customers should be careful who they give their payment card to.

There are hundreds of thousands of these waiters floating out there and more are hired every day. And because anyone can get a job at a restaurant, anyone can masquerade as a legitimate waiter and swipe your payment card. Your card data is then instantly and illegally captured to a notepad, un-encrypted – and voila, you're a fraud victim.

Consumers who hand over their plastic to merchants are unwittingly putting themselves in danger.

Don't take our word for it. See for yourself by going to a restaurant, and watch as the waiter leaves your presence with your payment card.

Today we are handing a copy of our research over to Visa, MasterCard, Discover, American Express, and JP Morgan Chase, and we invite their comments.

Consumer trust is what's really at stake. If the industry allows restaurants and other similar attempts to short-circuit security best practices, it will seriously jeopardize the integrity and security of the payment infrastructure and financial systems developed over the last three decades.

Secure payment systems, like those provided by credible providers which adhere to the highest level of security practices, are critical in protecting consumers, merchants and banks. Without this protection, all commerce – conducted with plastic or mobile devices – is a catalyst for massive personal and institutional financial loss.

There is great promise in the future of mobile payments and our innovations will help drive the industry forward. It is our hope that both consumers and merchants will take it upon themselves to become educated on the security risks involved with some of these experimental payment acceptance methods, and make informed decisions to protect themselves and their customers.

We take security very seriously. Securing payment transactions is what we do, and yes – calling attention to and protecting against these types of security threats to consumers, merchants and banks is our responsibility.

We call on waiters to do the responsible thing and stop accepting payment cards in their establishments.

Friday, May 7, 2010

If you don't cannibalize your own products, someone else will

You need to be the one cannibalizing your own products. Too many companies make the mistake of trying to protect their one great idea from anything that might threaten it. In doing so they prevent themselves from innovating.

Monday, May 3, 2010

Apple's Unsung Innovation - Micro-payments

Apple has done a lot of things right with the iPhone / iPad over the past 3 years. However one thing that I haven't heard a lot of talk about is the iTunes payment system.

It might be a stretch to call it an innovation on Apple's part, but Apple certainly seems to be the first to get it right.

The success of the App Store I think is very strong evidence that people will pay for things if:
  1. They think it is a good product
  2. It is reasonably priced
  3. The purchase process is easy and fast
  4. They trust the store with their payment info
I think the ability to get customers to actually part with their money has drawn a lot of developers to the App Store. Sure I can write a quick flash game and toss it up on a website, but how to I get paid? Adds seem to be the only thing going, but it doesn't seem like there's a lot of independent software developers making a living off web based apps. Sure the big players can make it work, but for a lone developer with an idea to earn a living on the web usually requires venture capital, and years of planning. There are plenty of people making a living selling software in the App Store now, and they don't have VC partners to pay back eventually.

I think this also serves as strong evidence refuting some industry perspectives (RIAA/MPAA/etc) who think that the world is full of thieves, and only laws and technology will save their dying business models.

Wednesday, February 17, 2010

Microsoft Kneecaps Current Windows Mobile Users

Business Insider has an interesting graph showing the decline of Microsoft in the U.S. share of the smartphone market. Its been brought up that raw sales numbers should also be looked at. However regardless of what numbers you use, the announcement of Windows Phone 7 Series this week will have the following effects:

1. Sales of existing Windows Mobile phones will plummet.
2. Developers of current Windows Mobile OS apps will halt development and redirect efforts.
3. All current Windows Mobile phone owners will begin looking for a new phone.

The assumption that Microsoft is banking on is that people in the #2 and #3 groups above will all flock to Phone 7. However if that doesn't exist for 6 months at least, there's a lot of time for those groups to be looking at competitors.

Friday, February 5, 2010

What will the iPad compete against?

It's interesting to compare the iPad to other devices it will be competing with:



Saturday, January 30, 2010

Adobe should make tools to target HTML5

One thing Adobe could be doing – and I hope they are – is developing tools that target HTML5.

Adobe doesn't make money directly off of the Flash runtime (so far as I can tell). They make their money selling the development tools. I don't se any reason why Adobe couldn't re-target their development tools for HTML5 / Canvas / SVG etc.

HTML5 has a lot of capabilities, but developing for it is harder now than developing for Flash. Adobe seems able to create development tools that are approachable by a large audience, why not use this skill to target an open standard environment? They could still be first to market with a killer HTML5 development tool.

Friday, January 29, 2010

How Bad is the Web in Mobile Safari?

There's been a lot of complaining about how the new iPad doesn't support "the real web" because it doesn't support Flash. The implication is that Flash is so essential to the web, that not having it in the iPad makes the web browser useless.

There's a post at that attempts to drive this point home by showing some photoshop mockups of what they think web sites will look like on the iPad.

Rather than fake photoshop mockups, how do some of those sites look in mobile safari on the iPhone today?

Are there websites that don't work and are broken? Certainly. But implying that the lack of Flash makes sites like CNN, Disney, and Google Financials useless is just wrong.