Increased attention to data breaches could provide a boost to a Montreal company that has developed a way for shoppers to use plug-in card readers with their home computers to make PIN debit purchases online.
HomeATM ePayment Solutions is preparing to test a reader that consumers can plug into a computer's USB port. When shoppers make a PIN debit purchase at participating merchants' Web sites, the checkout software prompts them to swipe the card and enter the PIN.
Kenneth Mages, HomeATM's chairman and chief executive, said in an interview last week that the SafeTPIN reader could make consumers more comfortable using their cards online and will enable merchants to process the payments at card-present interchange rates, rather than the more expensive card-not-present rates.
Several merchants, including a large U.S. airline, are considering participating in the upcoming test, Mr. Mages said, though he would not name them.
"It's a lot more acceptable now to plug something into the USB port," said John B. Frank, HomeATM's executive adviser. "Combined with all these breaches, it's time for people to make some new decisions."
The transaction processor Heartland Payment Systems Inc. reported last month that hackers breached its network last year and captured the account numbers and expiration dates of a number of debit and credit cards.
Since 2001, 72% of all payment card breaches have involved software at the point of sale, according to the Chicago data security company Trustwave Holdings Inc.; 23% occurred through online shopping carts, and 1% involved a hardware breach.
Analysts said they persuading consumers to use the readers will be a challenge.
Adil Moussa, an analyst at the Boston research company Aite Group LLC, said consumers are reluctant to use such devices. "People want easier and simpler things to use. Asking people to have another device on their desk for their online shopping is not really a way to achieve that."
Avivah Litan, a vice president and research director at the market research company Gartner Inc., routinely warns people not to use debit cards and PINs online.
"The Holy Grail for criminals is PINs and ATM cards," Ms. Litan said. "I would highly recommend [to any consumer] not entering their PIN anywhere on the Internet unless it was hardware-based."
Mr. Mages said HomeATM's device encrypts payment data moving between consumers' computers, HomeATM's data center, merchants, and processors. "We also encrypt the Track 2 data, which isn't done at" retailers.
Fidelity National Information Services Inc.'s eFunds Inc. will process HomeATM transactions.
Mr. Mages said lower interchange rates will appeal to merchants and hopefully will encourage them to distribute the readers to their customers.
According to Mr. Frank, merchants can save more than 75 basis points on card-present transactions compared with card-not-present ones. "That's a $7.5 million interchange savings for a $1 billion retailer converting its customers to a card-present environment."
However, HomeATM could face some hurdles in delivering the readers to consumers. The company plans to sell them to merchants, which would distribute them to customers. They cost about $15 to produce. Mr. Mages said lower interchange rates will attract merchants; the next step is securing merchants to distribute the device.
Ms. Litan said this is a classic "chicken-and-egg problem."
"Consumers will not start using these devices until merchants accept them, and merchants will not accept them unless there are huge incentives," she said. "The trick is finding someone with a big market presence that's willing to introduce something new to the market."
