Banks Say Heartbleed Poses No Threat, But Experts Raise Doubts

Editors note: This is the free edition of Payments Insider, a newsletter on all things payments produced by BI Intelligence.

Click here to subscribe to Payments Insider and receive it in your inbox everyday.

BANKS REASSURE ON HEARTBLEED, BUT QUESTIONS REMAIN: The American Banking Association says that most Internet banking websites and apps are not affected by the Heartbleed security flaw, and most major banks have issued statements to similar effect. “To date, we are not aware of any U.S. banks that have been exploited using this vulnerability,” FDIC spokesman Greg Hernandez tells us. But such assurances are “meaningless,” says Richard Kenner, vice president of AdaCore, the software firm that works primarily with the highly security-sensitive aerospace and defense industries. Any bank using the affected encryption software, one of two programs widely available for securing information stored on Linux servers, would have no way of knowing if it had been attacked, Kenner tells us. “Banks historically have been good at making safes, but they have not been good at securing their software,” he adds. (Keith Griffith for BI Intelligence)

Meanwhile, the first confirmed reports of Heartbleed attacks have landed, from the Canada Revenue Agency, and a UK parenting website. “Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the Canadian tax agency said in a statement. Site administrators of Britain’s Mumsnet were advised by hackers that their user accounts had been compromised. (CRA, BBC)

QUOTE OF THE DAY — “It was a simple programming error in a new feature, which unfortunately occurred in a security-relevant area.” Dr. Robin Seggelmann, the software programmer who wrote the code containing the Heartbleed encryption flaw. (Sydney Morning Herald)

PEER-TO-PEER PAYMENT APPS WILL SPUR MOBILE PAYMENT ADOPTION: Retailers and payments providers alike would like to see consumers use smartphones to make payments instead of cash or credit cards. For retailers the data gleaned from these services can be used to up-sell or cross-sell products to their customers. For payments companies smartphones offer an opportunity to carve out market share of an industry in flux. The problem? Consumers aren’t adopting mobile payments because they don’t offer compelling advantages to cash and credit cards. As we explain in a new report, an emerging category of peer-to-peer payments services that allows consumers to transfer money to one and other is going to take off across the globe, and once it does — consumers will inevitably move to other forms of mobile payments. (BI Intelligence)

MORE ON FACEBOOK’S PAYMENTS PLAY: BI Intelligence reached out to London-based online money transfer firm Azimo, which according to the Financial Times was approached with a $10 million deal from Facebook for an online payment service partnership. A company spokesman neither confirmed nor denied the Financial Times reports, except to say that Azimo preferred to keep partnership offers to itself. — For more information read the original article here.