Tuesday, October 31, 2006

Touching solution to ID

With Pay By Touch reporting the 3,000,000th enrollee for its biometric checkout system fingerscans look set to become even more commonplace – both in store and online

by Penelope Ody* - Retail Bulletin - UK


A few years ago the taking of fingerprints was something associated with more with the criminal fraternity than with shopping or using computers. Today, helped perhaps by “homeland security” and a willingness to be fingerprinted on arrival at one’s holiday destination, fingerprint ID is not only an acceptable payment mechanism, but increasingly replacing codes and passwords for computer access.

Last month, Pay By Touch – now used at around 2,500 locations in the US as well as at several branches of Midcounties Co-op in the UK – announced that the three millionth shopper (they now report 3.3 Million enrollees) to enroll fingerprints in the system had signed up at a Jewel-Osco grocery store in Chicago. The excited shopper (rewarded with $1,000) declared that her kids believed the payment system was “cool” and it was all a great deal safer and easier than debit cards of “digging through my purse” in search of cash.

Pay By Touch has followed with the launch of an Internet fingerprint ID technology called TrueMe that can be used to access websites and web accounts securely. Working with biometric security solutions provider UPEK, Pay By Touch is providing a USB plug-in finger sensor where the technology is not yet incorporated into PCs.

To sign up, users touch the finger sensor which encrypts information about the print and this – along with the device ID – is sent to central TrueMe servers for authentication.

When users then want to access a particular web account all they need do is touch the sensor and details of both sensor and print are again authenticated by the TrueMe systems before a secure connection notifies the website or service concerned that the user is indeed genuine.

“With the continued growth of identity theft, credit card fraud and phishing scams, security on the Internet is more important than ever,” says John Rogers, chairman and ceo of Pay by Touch. “TrueMe brings the security and protection of biometric services to the Internet, providing a new layer of privacy and convenience for PC users everywhere.”

The technology would certainly be a boon to Internet Retailers, when shoppers who often abandon carts – or indeed fail to enter retail websites – because they forget passwords or disable cookies on their PCs.

Using a Pay By Touch approach for Internet purchases could also reduce online card fraud. Last year cardholder-not-present fraud rose by 21% to £183.2million, according to APACS, while a YouGov survey commissioned by Computer Associates in the summer suggested that only 21% of online shoppers trusted e-tailers to manage cardholder data securely.

With the difficulties of achieving PCI DSS compliance likely to remain a major ongoing concern for many retailers for some time to come, it seems inevitable that public perceptions of online security and rising rates of CNP theft will continue for some time.

A growing number of laptops and desktop PCs are being equipped with fingerprint sensors which will help drive the TrueMe service. Lenova (which bought IBM) has certified TrueMe for millions of it's laptops including their ThinkPads.

The Pay By Touch technology is also being applied to in-store devices such as EPoS terminals and kiosks. For example, both NCR’s FastLane is already equipped with Pay By Touch technology to help drive security on their popular self-checkout machines.

With partners that include NCR, IBM, Discover, Accenture, Retalix, Radiant Systems, Lenova, Verifone, Ingenico, and more, look for 2007 to be the "year of biometrics".

Monday, October 30, 2006

And the Password Is:

6. Giving out passwords, tokens or smart cards

The password problem is as old as computers themselves. Despite years of trying, however, no one has come up with a workable solution, however, one might not be far away as online payment vendors Pay By Touch and UPEK earlier this month unveiled a finger-sensor payment service, TrueMe, which lets users access account information through a biometric fingerprint scanner..

In a study published just this week by global research firms Nucleus Research and KnowledgeStorm, companies' attempts to tighten IT security by regularly changing and increasing the complexity of passwords is having no effect on security.

Despite years of IT warnings to the contrary, about one in three people still write down their computer passwords somewhere near the machine, either on a piece of paper or in a text file on a PC or mobile device, the researchers said.

"This is really a lot like Mom and Dad buying a great new security system for the house, and Junior leaving the combination under the doormat," said David O'Connell, senior analyst at Nucleus Research, in a published interview. "Passwords are high maintenance: People forget them; people lose them; they have to be reset."

Some experts also say that employees can be too trusting of acquaintances, colleagues and family members who may "borrow" their passwords or authentication tokens, exposing them even more broadly to loss or theft. This is a particular risk among telecommuters or road warriors who may give out their passwords to help a friend or relative. "You might trust the employee, but you have to draw the line at friends and family," says one expert.

The researchers at Nucleus Research and KnowledgeStorm suggested that enterprises should look to increasingly improving authentication technologies, such as single sign-on and biometrics, as potential answers to the age-old problem of password management.

To read the entire Forbes Article click the link below:
The Ten Most Dangerous Online Activities

Friday, October 27, 2006

UK Gaining Biometric Momentum

Video News: Pay By Touch Interview Retail Soutions 2006

BIOMETRICS GAINS BRITISH APPROVAL

3 in 4 people now say they would welcome its use

The UK
public is now overwhelm-ingly in favour of wider biometrics use. Seventy-six percent 76% are more in favour of biometrics than they were one year ago. The striking opinion change comes after a year in which the UK has thwarted an airline terrorist plot and 15 months after the London transport bombings of July 2005.

Vote By Touch?

A column by Kevin Leininger
Elections must be secure
We should do whatever it takes to ensure they are

Which is more important: voting or buying cat food?

That admittedly bizarre question came to me the other day when I noticed something new in the checkout lane of the Scott’s Food & Pharmacy store in the Village at Coventry: a scanner that will allow customers to pay their bills simply by having their finger scanned.

The American Civil Liberties Union has not yet made its feelings known about Scott’s new alliance with Pay by Touch, a San Francisco-based, high-tech, consumer-identification company. Its system compares 40 different points on the fingers of shoppers who choose to sign up for the service. But where selecting our leaders is concerned, the organization has made it clear even 160-year-old technology has no place.

With close, bitterly contested elections becoming the rule, not the exception, the results of those elections must be as reliable as possible. Consider this: Of the 228,580 registered voters in Allen County, about 32,400 are considered “inactive,” meaning they have not voted recently, have moved or, perhaps, even died. And, of course, there are more than 12 million illegal immigrants in this country.

With the technology available today, requiring a photo ID is the very least government should do to assure fraud-free elections. A grocery check-out lane shows how much more is possible.

Imagine a system allowing you to vote from home – or from anyplace in the world – simply by scanning your fingerprint into a database.

For now, though, that kind of common-sense convenience and security is available only at your neighborhood store
. Gotta keep our priorities straight, you know.

Editors Note: People buy groceries every week. They vote once every 2-4 years. That isn't to say that maybe one day we'll see the Pay By Touch biometric technology making elections, like financial transactions, more secure. Imagine how many more people would vote if they could do it using their TrueMe (tm) sensor right at home. I personally have to use an hour or two of my life today to pick up an absentee voter form, as I will be out of state on this years elections. l would welcome the convenience of being able to vote "securely" online. For now it's on the backburner, but with another election looming in less than two weeks, there's sure to be more complaints of voter fraud or inproprieties that some will claim make the election results questionable.

So who knows? Maybe in 2008, but more likely after that, we'll see www.votebytouch.com emerge. Then again, profitability is the priority, so, unless we could charge, say $1 to vote, because of the convenience and time saving element, maybe not.

Thursday, October 26, 2006

Atlanta Retailer Adopts Bio-Pay By Touch

Crook's Marketplace & Hit N' Run Embrace Popular Biometric Payment System to Offer Faster, Safer, More Private Transactions

Georgia residents now can conveniently and securely pay for groceries, snacks and gasoline with the touch of a finger at Crook's Marketplace and Hit N' Run in Senoia. Powered by Pay By Touch(TM), the leader in integrated biometric authentication, personalized marketing and payment solutions, the new finger scan payment system is the first of its kind in the Atlanta metro area.

"The finger scan system debits a shopper's checking account just like writing a check or using a debit card. The difference is that finger scans are more secure than paper checks, and there is no need to fumble with a wallet or purse," said Greg Crook, Owner of Crook's. "Since account numbers are not exposed, the service gives shoppers greater privacy and offers faster checkouts."

As a special introductory offer, shoppers who enroll in the 'BioPay'- branded* finger scan system at Crook's will receive a free half gallon of Mayfield ice cream and get $5 off their next purchase when they spend $25 or more using the system. Those that enroll at the Hit N' Run will get a free fountain drink and candy bar at enrollment and, after their third use, a free 12-pack of Coke or Pepsi products. Customers also will receive a 3-cent off discount on each gallon of gas purchased using the system through the end of November.

Signing up is easy with a picture ID, voided check and simple finger scan. The system is free, and customer information is never sold. Once enrolled, shoppers can immediately make purchases with the touch of a finger at any retailer offering the BioPay-branded service.

In addition to increased speed and convenience, finger-scan payments provide the ultimate in privacy and security. No one -- not even the store associate -- sees shoppers' account numbers, or which payment method they used to make purchases.

"Paying with the touch of a finger is a win-win for consumers and merchants alike," said John Rogers, founder, chairman, and CEO of Pay By Touch. "Shoppers can make faster, more private purchases with full confidence that their personal information remains secure before, during, and after the transaction."

About Crook's
Crook's is family owned and has proudly supported the local community since 1913 years. Crook's operates the Marketplace Supermarket and the Hit N Run convenience store in Senoia, GA.

*Editor's Note: Pay By Touch, which recently acquired substantially all assets of BioPay, operates the BioPay-branded biometric payment network throughout the country.

Tuesday, October 24, 2006

Pay By Touch Installing at 18 Scotts





Marilyn Surfus realized last weekend that she’d forgotten her checkbook at home. But the slip didn’t stop her from buying groceries. She simply placed her finger on the scanner pad in the checkout lane at Scott’s Food & Pharmacy. The device compared hundreds of pre-selected points on her fingerprint for comparison with her data already on file. And the sale was approved.

Scott’s is piloting the Pay by Touch system at four of its Fort Wayne stores: the Dupont, Coventry, Georgetown and Stellhorn locations. Rick Zahm, Scott’s vice president of merchandising and operations, said the first units were installed last week. Company officials plan to install the devices in the chain’s 14 remaining northeast Indiana stores in about two weeks.

Krista Thomas, Pay by Touch spokeswoman, said Scott’s is the first company in northeast Indiana to adopt the high-tech payment system. Touch payments are accepted in 2,400 retail outlets in 44 states; 3.3 million people have enrolled in the system, Thomas said.

The technology allows consumers to enroll at a bright green kiosk near the front office. That process – which involves presenting a driver’s license, a voided check and making that initial finger scan – is all done electronically and takes about three or four minutes.

Afterward, the customer can simply touch the scanner at a checkout to have a purchase covered with money withdrawn from the customer’s checking account. The technology also allows for payments with debit and credit cards but, so far, Scott’s has opted to offer only Automatic Clearing House withdrawals from checking accounts. Such transactions have lower fees for merchants than debit purchases. Either way, the money is taken from the customer’s checking account.

After a person has enrolled in the system, he can use it to pay for purchases at any retailer that offers the option. Thomas said participating businesses include gas stations, convenience stores, banks and check-cashing companies.

Scott’s processed about 40 Pay by Touch transactions last weekend, including the one by Surfus, the company’s supervisor of bookkeeping and customer service. She previously enrolled in the system while visiting another grocery in Chicago. Scott’s has concentrated on signing up employees so that they can become familiar with the system and more easily explain it to curious customers.

Zahm, the Scott’s vice president, describes the system as the wave of the future – but one that will be quickly embraced in the present by customers who like to get in and out of stores quickly. “We can tell it’s going to be successful, based on signups,” Zahm said.

He declined to give exact numbers for competitive reasons. He also declined to put a dollar amount on installing the technology. Zahm said, however, that Pay by Touch shared the cost with the company.

Lindsay Hancock, spokeswoman for The Fresh Market, said the Greensboro, N.C.-based chain hasn’t adopted the technology and isn’t considering it, as far as she knows. Some consumers have been reluctant to embrace the high-tech process. Thomas, of San Francisco-based Pay by Touch, acknowledged that some people are hesitant to register because they don’t want their fingers scanned. But soon, even they realize how safe the transaction is compared to writing checks or using debit cards.

“There’s usually an initial concern about security and privacy,” she said. “And we respond that we have the most robust security that can exist.” (see Contactless Cards Provide Contacts and Numbers) to read about real flaws in privacy)

The company works with IBM and doesn’t store any of the data at retail locations. In fact, the cashier doesn’t even see the customer’s checking account number, adding a layer of security, Thomas said.

Pay by Touch has talked to participants and found that older adult women appreciate not having to carry their purses, which could be lost or stolen, Thomas said.

Pay By Touch Introduces New Kiosk

Introduces Rapid Enroll Kiosk to Improve Loyalty Program Enrollment
Internet-Enabled System Expedites Enrollment, Reduces Processing Costs, Improves Customer Experience

SAN FRANCISCO, Oct 24, 2006 /PRNewswire via COMTEX/ -- Pay By Touch, the leader in integrated biometric authentication, personalized marketing and payment solutions, today announced the immediate availability of its Rapid Enroll Kiosk(TM). The new Internet-enabled retail kiosks speed and streamline enrollment for loyalty and rewards programs. The system allows for quick and easy customer sign up, and reduces enrollment processing time and expense for grocers and retailers.

"Pay By Touch is committed to providing retailers with innovative solutions that improve the customer experience and make business sense," said John Rogers, founder, Chairman and Chief Executive Officer of Pay By Touch. "The new Pay By Touch Rapid Enroll Kiosk simplifies loyalty program enrollment for customers and reduces costs associated with enrollment for merchants."

The Rapid Enroll Kiosk was developed by Pay By Touch's Personalized Marketing division, which helps businesses manage loyalty and reward marketing programs with a full range of enrollment and database services.

"Virtually all of today's retailers have created a loyalty program because it has proven to be a valuable marketing and customer retention tool. However, paper enrollments are slow, error prone, and overwhelm customer service personnel," said Jeff Grider, vice president, Pay By Touch personalized marketing. "Pay By Touch Rapid Enroll Kiosks automate enrollment, thereby enabling stores to enroll customers into their programs faster and more accurately -- often reducing the store processing time from weeks to minutes."

With the new in-store, Internet-enabled enrollment kiosks, customers can sign up quickly, accurately and securely using an integrated 'phone number look-up' application. To use the system, customers simply enter their phone number and a secondary identifier -- such as the last three letters of their last name -- and their address information is populated automatically. Customers can also choose to manually enter their information through a simple touch-screen process.

The direct input of customer data using the Rapid Enroll Kiosks prevents common enrollment processing issues, including application handwriting legibility, false applications, forgotten stickers and application loss.

The Rapid Enroll Kiosk offers multiple financing options available for retailers of all sizes. Pay By Touch Personalized Marketing can create custom reward and loyalty programs for retailers with no established program or under-performing programs in need of revitalization. Future enhancements to the kiosk will enable consumers to enroll their biometric information, ultimately eliminating the need for a card.

For more information, go to
www.paybytouch.com/cr.

Monday, October 23, 2006

Contactless Cards Provide Contacts (and Numbers)

From the NY Times

AMHERST, Mass. — They call it the “Johnny Carson attack,” for his comic pose as a psychic divining the contents of an envelope.

Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to his computer.
Within moments, the screen showed a garbled string of characters that included this: fu/kevine, along with some numbers.

Mr. Heydt-Benjamin then ripped open the envelope. Inside was a credit card, fresh from the issuing bank. The card bore the name of Kevin E. Fu, a computer science professor at the
University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.

The demonstration revealed potential security and privacy holes in a new generation of credit cards — cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. Tens of millions of the cards have been issued, and equipment for their use is showing up at a growing number of locations, including
CVS pharmacies, McDonald’s restaurants and many movie theaters.

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information.
American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.”

But in tests on 20 cards from Visa,
MasterCard and American Express, the researchers here found that the cardholder’s name and other data was being transmitted without encryption and in plain text.

They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150.


And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. “Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?” Mr. Heydt-Benjamin, a graduate student, asked.

Companies that make and issue the cards argue that what looks shocking in the lab could not lead to widespread abuse in the real world, and that additional data protection and antifraud measures in the payment system protect consumers from end to end.

The finding comes at a time of strong suspicion among privacy advocates and consumer groups about the security of the underlying technology, called radio frequency identification, or
RFID. Though the systems are designed to allow a card to be read only in close proximity, researchers have found that they can extend the distance.

The actual distance is still a matter of debate, but the claims range from several inches to many feet. And even the shortest distance could allow a would-be card skimmer to mill about in a crowded place and pull data from the wallets of passersby, or to collect data from envelopes sitting in mailboxes.

“No one’s going to look at me funny if I walk down the street and put a flier in everybody’s mailbox,” Mr. Heydt-Benjamin said.

The experiment was conducted by researchers here working with RSA Labs, a part of
EMC, an information management and storage company. The resulting paper, which has been submitted to a computer security conference, is the first fruit of a new consortium of industry and academic researchers financed by the National Science Foundation to study RFID.

Security experts who were not involved in the research have praised the paper, and said that they were startled by the findings. Aviel D. Rubin, a professor of computer security at
Johns Hopkins University, said, “There is a certain amount of privacy that consumers expect, and I believe that credit card companies have crossed the line.”

The companies, however, argue that testing just 20 cards does not provide an accurate picture of the card market, which generally uses higher security standards than the cards that were tested. “It’s a small sample,” said Art Kranzley, an executive with MasterCard. “This is almost akin to somebody standing up in the theater and yelling, ‘Fire!’ because somebody lit a cigarette.”

Chips like those used by the credit card companies can encrypt the data they send, but that can slow down transactions and make building and maintaining the payment networks more expensive. Other systems, including the Speedpass keychain device offered by
Exxon Mobil, encrypt the transmission — though Exxon came under fire for using encryption that experts said was weak.

Though information on the cards may be transmitted in plain text, the company representatives argued, the process of making purchases with the cards involves verification procedures based on powerful encryption that make each transaction unique. Most cards, they said, actually transmit a dummy number that does not match the number embossed on the card, and that number can be used only in connection with the verification “token,” or a small bit of code, that is encrypted before being sent.

“It’s basically useless information,” said David Bonalle, vice president and general manager for advanced payments at American Express. “You can’t steal that data and just play it back and expect that transaction to work.”

While the researchers found that these claims were true for some of the cards they tested, other cards gave up the actual credit card number and did not use a token or change data from one transaction to another. They also took data in from some cards and transmitted it to a card-reader in the lab and tricked it into accepting the transaction. Mr. Heydt-Benjamin, in fact, was able to purchase electronic equipment online using a number skimmed from a card he ordered for himself and which was sealed in an envelope.

(None of the cards transmits the additional number on the front or back, known as the card validation code, that some businesses require for online purchases; Mr. Heydt-Benjamin chose a store that does not require the code.)

Mr. Kranzley said the MasterCard-issuing banks decided how much security they wanted to implement, but said that with 10 million of the company’s chip-bearing cards on the market, some 98 percent of them used the highest standards.

“Today, there’s an extremely small percentage of cards that have the characteristics that RSA has looked at in this report,” he said. Visa and American Express representatives said all their cards conformed to the highest security standard.

Beyond the security on the cards themselves, the companies said, they have deployed fraud detection and prevention measures that block suspect purchases. And each company stressed that cardholders were not liable for fraud.

Dr. Fu acknowledged that the research involved a small sample, and added, “We would be happy to examine cards that have better security so that we can verify these claims.” He added, however, that all of the cards they tested were issued this year, and all were felled by at least one of the attacks that they attempted.

Tom O’Donnell, a senior vice president at Chase, the largest issuer of the new cards, said that the attacks described in the paper would be too cumbersome in the real world. And the researchers said that other kinds of fraud, like so-called phishing scams in which criminals trick people into revealing credit card information through misleading e-mail messages and Web sites, were currently more effective.

Still, John Pescatore, vice president for Internet security at Gartner, a technology market research firm, said he was surprised by the lack of security in transmitting personal data. He said it was a mistake that companies often made in rolling out early versions of a technology.

“It’s the classic ‘Let’s depend on security through obscurity — who’s going to look?’ ” he said. “Then, whoops! As soon as somebody does look, you roll out the security.”

All of the card companies said that they were in the process of deleting names from the stream of data transmitted to the card readers. “As a best practice, issuers are not including the cardholder name,” Mr. Triplett of Visa said.

Saturday, October 21, 2006

Pay By Touch in Zagara's Marketplace

Here's a story from NewsChannel 5 in Cleveland Heights about the launch of Pay By Touch in Zagara's Marketplace....

CLEVELAND HEIGHTS, Ohio -- Say goodbye to your debit cards, credit cards and checks: purchasing power is now at our fingertips with new technology you could soon see everywhere.

One local grocery store is on the cutting edge of science, being the first to offer fingerprint scanning as a payment method, NewsChannel5 reported. Pay-by-touch is new to Zagara's Marketplace and to northeast Ohio. It is a free service that allows you to pay for your purchases by scanning your fingertip at checkout. When you register, your fingerprint is linked to your checking account, eliminating the need to carry cards, checks or cash. Store owner John Zagara researched the technology for two years before bringing the scanners to his Cleveland Heights store.

He said it's not only for customer convenience, it's to keep them safe.

"Shoppers are always looking away from their shopping cart, inside their shopping cart is their purse. Someone grabs their purse, they don't know who it was. This is way more secure," Zagara said. "You don't even need your purse."

I was talking to a police officer who was doing some shopping and he said, "this has got to be the safest transaction that he's seen out there". Criminals or ID thieves would shy away from this system all day long he said. "I've got to get my dad in here and get him signed up."

Friday, October 20, 2006

Pay By Touch Video Story - WKYC




Click Here or the Picture to Watch Pay By Touch Newstory from Cleveland

At the checkout line at one, local grocery store you can pay by cash, check, credit or index finger.

Channel 3's Paul Thomas shows us how this unique process works.At the checkout line, we dig, we swipe and sometimes, rummage around a little more. But customers at Zagara's Marketplace in Cleveland Heights are letting their finger do the walking to pay for their groceries.

Video Play Video

NRF CIO Hogan Likes Pay By Touch

Cleveland allows customers to Pay By Touch of a finger
Friday, October 20, 2006
Mary Vanac - Plain Dealer Reporter





The latest technology at Zagara's Marketplace definitely has
"the cool factor," in the words of store manager Dan Gradijan.

This week, the Cleveland Heights grocer became the first retailer in Northeast Ohio to offer the Pay By Touch Wallet -- a point-of-sale system that enables customers to pay for groceries by scanning their index fingers and keying in a number. There's no need for checks, credit or debit cards, or cash, all of which can be stolen. "Nobody can steal your fingerprint," Gradijan said. The biometrics system that verifies your identity and enables you to write an electronic check on your account also is less costly to use -- for both consumers and retailers.

Store director John Zagara approached Pay By Touch about a year ago, Espinosa said. Zagara had read about the finger-scan technology. "He's an innovative guy," Espinosa said of Zagara, whose grandfather, Charles, opened the first Zagara's on Kinsman Road in 1936. Zagara was unavailable for comment on Thursday.

"I give them a lot of credit" for installing the Pay By Touch technology, said David Hogan, chief information officer for the National Retail Federation in Washington.

Convenience and speed are the likely reasons why customers at grocery stores, and perhaps convenience stores and gas stations, might adopt biometric checkout technology, Hogan said. "If you're a parent and you've got a toddler on your hip, you can scan your finger and punch in a number, and you're on your way," he said.

Pay By Touch, which bought its nearest competitor, BioPay, earlier this year, is the clear leader in biometric point-of-sale technology, the retail federation's Hogan said. In some form, biometrics probably is coming to a store near you. "A lot of retailers are finding payment solutions with biometrics very appealing," Hogan said.

About David Hogan

David Hogan was named Senior Vice President and Chief Information Officer for the National Retail Federation (NRF), the world's largest retail trade association, in 2002. He directs numerous internal and retail industry IT initiatives and manages NRF's CIO Council, a committee of retailing's most prominent chief information officers. Dave also provides oversight for the Association for Retail Technology Standards (ARTS), dedicated to creating an international, barrier-free technology environment for retailers.

Hogan is a former member of the NRF's CIO Council and has spent his entire career in retail. Prior to joining NRF, he served as Vice President and CIO of international retailer, Duty Free Americas. He has held senior level positions with The Limited Inc. serving as Business Unit CIO for their Lane Bryant division and Vice President of MIS for specialty footwear retailer, The Kobacker Company.

Back to the Story...

Security of private financial information also is an adoption factor, Espinosa said. Pay By Touch patrons don't use checks, or debit or credit cards, so their account numbers aren't visible to clerks or other shoppers. Patrons also don't use a personal identification number that is tied to their checking accounts.

Sophisticated technology underneath each checkout counter encrypts customers' digitized fingerprints and search numbers, Espinosa said. This information is sent to a high-security data center managed by IBM. Pay By Touch generally subtracts your grocery bill from your checking account overnight.

The Pay By Touch technology might help speed customers through Zagara's already speedy checkout lines. "Our wait time and checkout time is 1½ minutes," on average, store manager Gradijan said.

Zagara's customers can start their finger scans after the clerk scans their first grocery item. By the time all of the grocery items are scanned, the customer can approve the payment amount by hitting the "yes" button on the touch pad at the cashier's station.

The electronic check transaction that results is free to the customer, Espinosa said. The e-check transaction costs less than half of what a credit card transaction would for the retailer, Gradijan said.

The California company's system is installed in about a dozen stores in Ohio, including a few Sunflower Markets in Columbus and a Biggs Hypermarket in Cincinnati, Espinosa said.

Pay By Touch also makes other financial systems, including one that uses biometrics to authenticate people who cash their payroll checks at grocery stores, Espinosa said.

To reach this Plain Dealer reporter:
mvanac@plaind.com, 216-999-5302

Thursday, October 19, 2006

Pay By Touch, Paypal & Google Pose Genuine Threat to Card Companies





CHICAGO, Oct 19, 2006

The days of merchant-subsidized credit card rewards programs, rapid increases in interchange fees, and confusing fee structures for credit card purchases are numbered, according to new research by Diamond Management & Technology Consultants, Inc.

Consumers are already seeing popular "cash back" and other reward programs being curtailed. Banks are fearful of losing a large fraction of their $19 billion in interchange fees that fund these programs. And if merchants successfully steer customers to competitive payment types, banks stand to lose a significant slice of the transaction volume that drives their card interest income, usually estimated as 70 percent of total credit card revenue.

"Merchants are unhappy with what they consider unreasonable credit card fees and are beginning to take serious steps to minimize their expenses," said Carl Hugener, a partner in Diamond's financial services practice.

"Left untreated, the landscape of the $150 billion card industry could be altered drastically in the next three to five years and end up costing issuing banks and card associations billions."

As for payment alternatives, Automated Clearing House (ACH) payments appear capable of siphoning payment volumes away from credit cards and instilling bargaining power with merchants at the expense of card issuers and associations.

Emerging competitors like Pay By Touch, PayPal, and Google Payments pose a genuine threat to dominant card operations.

At one level a credit card is simply an authentication device that proves who its user is and gives access to the consumer's account. The process through which the user is authenticated begins the routing of the transaction over the card network. But separating authentication from the card would allow merchants to drive consumer payments to low-cost avenues.

"History tells us that once models are taken apart this way, more and more alternatives arise, and the systems eventually fall apart," Hugener said.

The credit card business has been a bonanza for banks over the past several decades. It will continue to be a great business if the industry recognizes the coming change and adapts before emerging competitors do," Hugener said.

Former Verus CEO Joins Pay By Touch




Payment Industry Veteran Ron Carter Named President of Pay By Touch Payment Solutions

Executive Brings Operational Expertise in Banking and Financial Services to Biometrics Pioneer

Pay By Touch, a leader of biometric authentication, personalized rewards and payment solutions, today announced that Ron Carter, credit card industry veteran and former President and Chief Operating Officer of Verus Financial Management has joined the company as President of Pay By Touch Payment Solutions, LLC.

Carter brings more than 35 years of experience in general management and operations for the banking and financial services industries to Pay By Touch. As President of Pay By Touch Payment Solutions, he will report directly to Pay By Touch's President and Chief Operating Officer, John Morris.

In his new role, Carter will be responsible for the day to day operations of the company's payment services divisions, which serve more than 138,000 retail clients and processes more than $18 Billion annually.

"Ron Carter is a proven leader and hands-on operator who brings deep financial services and payment processing expertise to Pay By Touch," said John Morris, President and COO, Pay By Touch. "We look forward to working with Ron to make electronic transactions both more secure for consumers and more cost effective for merchants, one touch at a time."

"I am thrilled to be joining such an innovative and dynamic company with a growing reputation for service in the merchant community," said Ron Carter, President of Pay By Touch Payment Solutions. "I look forward to working with John Rogers, John Morris and Pay By Touch's world-class management team to provide merchants everywhere with more secure and convenient transaction solutions."

At Verus Financial Management, a company that provides credit card and check payment processing services to small and mid-sized merchants, Carter managed the acquisition and successful integration of six companies and oversaw day-to-day operations as President and COO.

Previously, Carter served as Executive Vice President of Vital Processing Services, where he was responsible for all lines of business, customer relations, sales, operations and information technology. He had served as president of BUYPASS Corporation, a division of Electronic Payment Services, which was acquired by Concord in 1999.

About Pay By Touch

Pay By Touch is wowing the world one touch at a time as the leader in biometric authentication, personalized marketing and payment solutions. To date, the company's patented biometric services enable 3.3 million shoppers to quickly and securely access personal accounts using a finger scan to identify themselves, make purchases, earn rewards and cash checks at 2,400 locations nationwide. It also provides robust payment processing solutions for ACH (electronic checking), card-present and card-not- present debit and credit transactions for 138,000 retail clients and manages personalized rewards programs for 130 million opt-in consumer profiles. Founded in 2002 and headquartered in San Francisco, Pay By Touch employs 700 professionals and holds 50 patents worldwide on secure, convenient and cost- effective transaction solutions.

Monday, October 16, 2006

Advantage: Pay By Touch

The TrueMe technology brings authentication services to individuals instead of limiting the process to a specific machine, said Goelz.

"This will have a huge advantage to e-commerce on the Internet," he added.

The same finger sensor used for online authentication can also be used to protect the data on the computer, the company said.

In addition, multiple users can share the same computer by registering their individual fingers on the TrueMe sensor without compromising security. With other security devices, sharing is nearly impossible, and local data protection is not addressed, UPEK maintained.

The innovative technology eliminates the risk factor for online merchants, Goelz pointed out. "It answers the question all online merchants ask, that is, 'How do I know the true identity of my customer?' For online merchants, it reduces risk and thus lowers the cost of doing business on the Internet."

The new on-demand service, which targets both individuals and businesses, will free Internet users from setting up separate passwords for different purposes.

"With TrueMe, a simple touch of the finger gives chief
security officers the security they demand while giving users the simplicity they desire," said Jon Siegal, executive vice president of Pay By Touch. The new technology will put individual and corporate authentication on a higher security level, said UPEK.

"The same level of hardware-based security and convenience UPEK provides to millions of users for their personal and business computers can now be extended over the Internet by creating a trusted path between businesses and their customers," noted President and CEO Alan Kramer.

Thursday, October 12, 2006

HyVee Joins Pay By Touch Bandwagon

One of the Nation's Largest, Most Innovative Supermarket Chains Rolls Out Biometric Payment Program Service to Improve Customers' Shopping Experience

"Hy-Vee prides itself on innovation and customer service. We are personally committed to providing great value and the best possible shopping experience," said Eric Smith, vice president, management information systems, Hy-Vee, Inc.

"Pay By Touch gives us the opportunity to help shoppers move quickly through the checkout line with the touch of their finger -- no need to remember PIN numbers, write checks or fumble for credit cards. We are very excited that the new program is underway and are looking forward to customer feedback."

"Pay By Touch is thrilled to join forces with Hy-Vee to give shoppers a more secure, private and convenient way to pay at the checkout line," said Pete Espinosa, vice president, Pay By Touch. "Hy-Vee has achieved regional and national recognition for its laser focus on superior customer service, making our efficient and easy-to-use payment solutions a perfect match."

About Hy-Vee, Inc.

Hy-Vee, Inc., headquartered in West Des Moines, is an employee-owned corporation operating 225 retail stores in seven Midwestern states. For 2005, the company recorded total sales of $4.9 billion, ranking it among the top 20 supermarket chains and the top 35 private companies in the U.S.

Wednesday, October 11, 2006

More On TrueMe and UPEK

"Biometrics, properly applied, would seem to be the answer to this troubling user security problem. As a result the TrueMe service enters a market in dire need of the capability it provides." -Rob Enderle, Principal Analyst for the Enderle Group.

TrueMe offers UPEK secure on-demand biometric authentication service over the Internet UPEK, Inc. has announced that its biometric solutions have now been extended to the Internet. This hardware and software offering is being utilized by the new TrueMe(tm) service, a secure on-demand biometric authentication service available over the Internet.

A San Francisco, Calif.-based integrated biometric authentication solutions provider, Pay By Touch Inc., has introduced TrueMe, a biometric authentication service delivered over the Internet.

The solution aims to solve the issue of password protection and management, not to mention credit card fraud and identity theft, in a world where RSA Security said password security and management is considered problematic at 88 percent of organizations it surveyed in recent months

Information about the user's finger is encrypted inside the finger sensor and combined with the unique device ID before it is sent to the TrueMe authentication servers.
The user's information is never exposed to the computer operating system or the public Internet.

The TrueMe authentication servers then decrypt and process the information, authenticate the user, and ensure he or she is authorized to use the specified device. The user's authenticated identity is sent through a secure connection to the website or service that the customer is trying to access. If the person is identified as an authorized user, he or she is immediately granted access.

TrueMe could also enable businesses to provide customers, partners, and employees with secure, authenticated access to their computers, desktop applications and password-protected Web sites and services such as banking and Internet service providers (ISPs). The solution's protection also extends to enterprise applications like Salesforce.com's no-demand business services, officials said.

With the TrueMe service, the data on the computer can be protected with the same finger sensor used for online authentication. In addition, multiple users can share the same computer by registering their individual fingers on the TrueMe sensor without compromising security, the company said.

"TrueMe brings the security and protection of our industry-leading biometric services to the Internet for the first time, providing a new layer of privacy and convenience to PC users everywhere," said Jon Siegal, executive vice president, Pay By Touch. "A recent Visa survey says consumers are more concerned about the loss of personal and financial data than they are over terrorism.

"Clearly this is an issue of concern to consumers and businesses alike. Our solution provides greater security and benefits to both the user and businesses than other solutions out there, and it does so without expecting the user to jump hoops all to get perhaps minimally better security than what is presently offered."


To that end, Salesforce.com, PC maker Lenovo, (who bought IBM) and biometric security solutions provider UPEK are among the first providers supported by TrueMe. TrueMe has certified the integrated finger sensors on the Lenovo ThinkPad T60 and X60.

Pay By Touch also announced that it has teamed with UPEK to offer a TrueMe-branded and certified USB finger sensor for users that do not have sensors built-in to their PCs.

The company is also certifying millions of UPEK sensors that are already embedded in laptops and USB devices. TrueMe uses secure hardware to provide finger-to-server security, greatly reducing identity theft threats, such as phishing and Trojan horse attacks.

Our vision has always been for our authentication technology to evolve from securing the device to securing the network to securing the service," said Alan Kramer, CEO, UPEK.

"Our success protecting computers and networks has laid the foundation for protecting the Internet experience, and
we are delighted to deepen our collaboration with Pay By Touch as they expand from innovating how transactions occur in stores to innovating how transactions occur online."

"We are working with UPEK to drive a fundamental paradigm shift in the way people prove and secure their identities online," stated Jon Siegal, Executive Vice President, Pay By Touch.

"The hardware-based security architecture under UPEK's sensors is ideal for our TrueMe service, and we are pleased to be working together to launch the industry's first on-demand biometric authentication service."

"We've known for decades that usernames and passwords are neither secure nor convenient enough to protect a user's identity or a company's assets", said Rob Enderle, Principal Analyst for the Enderle Group.

"Biometrics, properly applied, would seem to be the answer to this troubling user security problem. As a result the TrueMe service enters a market in dire need of the capability it provides."

Tuesday, October 10, 2006

TrueMe Is A Precursor to Online PIN Debit

TrueMe ID Is a Precursor to Online Payments, Pay By Touch Says

Pay By Touch Inc., which on Monday introduced a new, personal-computer-based authentication service based on fingerprint identification, plans to couple the new service with online payments and loyalty programs some time in the first half of 2007.

The new product, called TrueMe, relies on the San Francisco company’s technology, along with fingerprint sensors from UPEK Inc., Emeryville, Calif., to authenticate consumers when they log into Web sites.

Pay By Touch says it expects TrueMe to help combat phishing, keylogging, and other frauds plaguing the Internet. “Home users are the most targeted attack sector [for fraudsters],” says Jon Siegal, executive vice president at Pay By Touch. “It’s a big problem.”

The first Web site to adopt the product is Salesforce.com, a provider of customer-management systems that has half a million users. Siegal says more sites are in the pipeline, including an application involving remote deposit capture, the process by which paper checks are truncated into electronic image files for processing.

At the same time, Pay By Touch has certified fingerprint sensors already built in to the X60 and the T60 laptops made by Lenovo Group Ltd. For users with machines that lack integrated sensors, Pay By Touch has arranged with UPEK to produce USB-enabled external devices.

TrueMe is the first of a series of online applications Pay By Touch, which specializes in authenticating point-of-sale payments for supermarkets and other stores, plans to introduce over the next 12 months, Siegal says.


He says an online version of Pay By Touch’s payments product will arrive during the first half of next year and will rely on TrueMe to authenticate users. In February, Pay By Touch announced a product for Web-based payments, called Pay By Touch Online, that included sign-in and multifactor authentication applications (Digital Transactions News, Feb 6). Siegal says TrueMe is essentially these two components of Pay By Touch Online.

“This is the first service made available under Pay By Touch Online,” he says. “This is the first chapter of the story.”

Siegal says the company originally intended to introduce the sign-in and authentication components in the spring, but found the technologies behind the product needed more work.

This included the technology behind the fingerprint sensors. “We weren’t able to deliver in the spring time,” he says, adding Pay By Touch wanted to make sure “the technologies and user experience were where they needed to be.” He says, though, that the company’s plan all along was to introduce serially the Pay By Touch Online components as stand-alone products.

“It’s safe to say we expect within 12 months to have millions of users of our Internet-based services,” including the yet-to-be-introduced payments and loyalty components, Siegal says.

Wow, that's a very powerful statement, but remember, Pay By Touch gets a big boost when Microsoft's Windows Vista, is released in early 2007.

Pay By Touch is an integral part of a "who's who in payments" consortium with Microsoft Vista financial services platform called "PASS" (Payments as a Secure Service) which will boost PBT enrollment on both the business and personal end. The PASS services are expected to be fully implemented by the time Vista launches early in 2007.

In addition to combating phishing and other online frauds, TrueMe will help banks meet stringent guidelines issued last year by the Federal Financial Institutions Examination Council, Pay By Touch says.

By the end of 2006, financial institutions must have in place a workable plan to authenticate online-banking customers by means more robust than standard user-name/password combinations, according to the guideline.

We absolutely believe TrueMe satisfies the FFIEC guidance,” Siegal says. “It presents a significant business opportunity for us.”

Pay By Touch, which recently reached the 3-million mark in consumers enrolled for its POS service, has installed its system in 2,400 stores. In addition, it processes card transactions for some 125,000 merchant locations and Web sites as a result of its acquisition last year of CardSystems Inc., a merchant-acquiring processor.

The plan is for the company to continue to sign on new merchants while forging a market presence in Canada and the U.K. in the coming weeks.

And one of its units, ATM Direct Inc., is marketing an online-payments service, unrelated to Pay By Touch Online (until later...) that lets consumers use their PIN debit cards to pay e-commerce sites.

That's when this unit will ring like a cash register for Pay By Touch and it's shareholders.

Monday, October 9, 2006

Coming Soon...Secure Web Transactions

Online biometric authentication service unveiled



by Liam Lehey - Canadian Bureau


A San Francisco, Calif.-based integrated biometric authentication solutions provider, Pay By Touch Inc., has introduced TrueMe, a biometric authentication service delivered over the Internet.

The solution aims to solve the issue of password protection and management, not to mention credit card fraud and identity theft, in a world where RSA Security said password security and management is considered problematic at 88 percent of organizations it surveyed in recent months.

The Pay By Touch online authentication service is powered by technology from biometric fingerprint security solutions provider UPEK, vis-à-vis the latter's secure fingerprint reader, embedded in notebooks or deployed as part of a Pay By Touch solution at participating retail outlets in the U.S.

Moreover, the two companies teamed up to produce a TrueMe-branded and certified USB finger sensor for users that do not have sensors built-in to their PCs.

"We're continuing to see an explosion of interest and adoption of our technology whether on notebooks or other PC peripherals," said Greg Goelz, vice president of marketing for UPEK. "Now we're seeing that proliferate into trusted services as a means of providing a securely linked, end-point system in a hosted application environment.

"This effectively eliminates the need for consumers to use a credit card, they can use their fingerprints at the point of sale."

TrueMe is designed to provide PC users with an easy and secure means to identify oneself, interact and transact on the Web, via the use of fingerprints. By sliding a finger on a TrueMe-certified finger sensor, users can securely access a Web-based bank account or credit card account, thereby eliminating the need to remember IDs, passwords and account numbers.

"TrueMe brings the security and protection of our industry-leading biometric services to the Internet for the first time, providing a new layer of privacy and convenience to PC users everywhere," said Jon Siegal, executive vice president, Pay By Touch. "A recent Visa survey says consumers are more concerned about the loss of personal and financial data than they are over terrorism.

"Clearly this is an issue of concern to consumers and businesses alike. Our solution provides greater security and benefits to both the user and businesses than other solutions out there, and it does so without expecting the user to jump hoops all to get perhaps minimally better security than what is presently offered."

Pay By Touch said more than three million Americans have enrolled in it's biometric payment network through 2,400 retail locations across 44 states to date, Seigal said. These customers can use their finger to make private, secure purchases wherever they see the Pay By Touch logo and the plan is for the company to continue to sign on new merchants while forging a market presence in Canada and the U.K. in the coming weeks.

TrueMe could also enable businesses to provide customers, partners, and employees with secure, authenticated access to their computers, desktop applications and password-protected Web sites and services such as banking and Internet service providers (ISPs). The solution's protection also extends to enterprise applications like Salesforce.com's no-demand business services, officials said.

To that end, Salesforce.com, PC maker Lenovo, and biometric security solutions provider UPEK are among the first providers supported by TrueMe. TrueMe has certified the integrated finger sensors on the Lenovo ThinkPad T60 and X60.

Pay By Touch also announced that it has teamed with UPEK to offer a TrueMe-branded and certified USB finger sensor for users that do not have sensors built-in to their PCs. The company is also certifying millions of UPEK sensors that are already embedded in laptops and USB devices. TrueMe uses secure hardware to provide finger-to-server security, greatly reducing identity theft threats, such as phishing and Trojan horse attacks.

When signing on to a TrueMe enabled system, a user touches a finger sensor built into a computer or attached as a USB device. Information about the user's finger is encrypted inside the finger sensor and combined with the unique device ID before it is sent to the TrueMe authentication servers. The user's information is never exposed to the computer operating system or the public Internet.

"What we provide is a very personal and secure service, it is not a public experience," UPEK's Goelz said. "It's a faster transaction, consumers are finding it very convenient, and for people concerned about identity theft, this technique thwarts that threat."

The TrueMe authentication servers then decrypt and process the information, authenticate the user, and ensure he or she is authorized to use the specified device. The user's authenticated identity is sent through a secure connection to the website or service that the customer is trying to access. If the person is identified as an authorized user, he or she is immediately granted access.

With the TrueMe service, the data on the computer can be protected with the same finger sensor used for online authentication. In addition, multiple users can share the same computer by registering their individual fingers on the TrueMe sensor without compromising security, the company said.

TrueMe would be available in late October, with pricing based on a per-user, per year basis.

Pay By Touch Unveils TrueMe (tm)




Pay By Touch(TM), the leader in integrated biometric authentication, personalized marketing and payment solutions, today announced the debut of TrueMe(TM), the first secure, on- demand biometric authentication service on the Internet.

TrueMe (
trueme.com) gives PC users a fast, easy and secure way to identify themselves, interact and transact on the Web using their fingerprints. By simply sliding a finger on a TrueMe-certified finger sensor, users can securely access their Web-based accounts with no need to remember IDs, passwords or account numbers. TrueMe is quick and easy to use and, most importantly, safe.

"With the continued growth of identity theft, credit card fraud and phishing scams, security on the Internet is more important than ever," said John Rogers, founder, Chairman and Chief Executive Officer of Pay By Touch. "TrueMe brings the security and protection of our industry-leading biometric services to the Internet for the first time, providing a new layer of privacy and convenience to PC users everywhere."

The debut of TrueMe is a significant milestone in Pay By Touch's continued growth and expansion into new markets. Already, more than three million Americans have enrolled in Pay By Touch's biometric payment network through 2,400 retail locations across 44 states.

TrueMe enables businesses to provide customers, partners and employees with secure, authenticated access to their computers, desktop applications and password-protected Web sites and services such as online banking, e-commerce and Internet service providers (ISPs). TrueMe's protection also extends to enterprise applications such as salesforce.com's on-demand business services.

Salesforce.com, PC industry giant Lenovo(TM) and biometric security solutions provider UPEK(R) will be among the first providers supported by TrueMe, which is being demonstrated today at salesforce.com's Dreamforce conference.* Pay By Touch selected ThinkPad notebooks for the layered security components they offer, including Lenovo's ThinkVantage Technologies and Client Security Solution.

"When we announced AppExchange, we knew that many innovative applications would follow -- from both inside and outside salesforce.com," said Marc Benioff, Chairman and CEO, salesforce.com. "We are thrilled to see TrueMe integrated with salesforce.com's on-demand business services. It brings an unprecedented level of security and convenience to our customers with minimal effort on their part."

"With TrueMe, a simple touch of the finger gives Chief Security Officers the security they demand while giving users the simplicity they desire," said Jon Siegal, Executive Vice President, Pay By Touch. "TrueMe satisfies both needs without the hassle of multiple User IDs and passwords."

Pay By Touch certified the integrated finger sensors on select Lenovo ThinkPad(R) T60 and X60 notebooks for meeting security, reliability and support criteria. "We have already shipped more than three million notebooks with fingerprint readers and our customers are excited about the added security now available on their ThinkPads using TrueMe," said Marc Godin, vice president of Marketing, Notebook Business Unit, Lenovo. "With the holiday gift-giving season approaching, Lenovo customers using biometrics will benefit from a level of security previously not available in the industry, and can feel confident that their financial information is protected while they shop online."

Teaming with UPEK to Deliver a Compatible TrueMe Finger Sensor

Pay By Touch also announced today that it has teamed with UPEK to offer a TrueMe-branded and certified USB finger sensor for users that do not have sensors built in to their PCs. The Company is also certifying millions of UPEK sensors that are already embedded in laptops and USB devices to provide finger-to-server security.

"TrueMe is integrating our unique finger security solutions into a ground- breaking authentication service" said Alan Kramer, UPEK President and CEO. "The same level of hardware-based security and convenience UPEK provides to millions of users for their personal and business computers can now be extended over the Internet by creating a trusted path between businesses and their customers."

How TrueMe Works

1. When signing on to a TrueMe enabled system, a user simply touches a TrueMe certified finger sensor built into a computer or attached as a USB device. Information about the user's finger is encrypted inside the finger sensor and combined with the unique device ID before it is sent to the TrueMe authentication servers. The user's information is never exposed to the computer operating system or to the public Internet.

2. The TrueMe authentication servers then decrypt and process the information, authenticate the user, and ensure that he or she is authorized to use the specified device. The user's authenticated identity is sent through a secure connection to the website or service that the customer is trying to access. If the person is identified as an authorized user, he or she is immediately granted access.

3. With the TrueMe service, the data on the computer can be protected with the same finger sensor used for online authentication. In addition, multiple users can share the same computer by registering their individual fingers on the TrueMe sensor without compromising security. With other security devices, sharing is nearly impossible and local data protection is not addressed.

The TrueMe service is available on a per-user, per year basis. To learn more, please visit
http://www.trueme.com/ .

Editor's Note: Jon Siegal, Executive Vice President, Pay By Touch, will demonstrate the new TrueMe service at the salesforce.com User and Developer Conference Monday, October 9th, 12:30 p.m. Expo Hall, Presentation Theater A. He will demonstrate TrueMe during the rest of the conference in the AppExchange Partner Pavilion.