1. after fdic 2-factor pseudo-requirement (they will slap your hand if a bank is audited and isn't using appropriate 2 factor and fraud risk management, they aren't going to check every bank), verisign reported 5X the normal queries from banks about 2-factor. is that 5X 20, 5X 100 ....? even without a rigid FDIC deadline, competition will force all banks to 2-factor, wait until BoA starts advertising like E-TRADE does. 2. PAYPAL may buy up to 1million tokens (VASCO almost certainly) from VERISIGN. Not soft tokens for cell phones from DIVERSINET, another VERISIGN partner, but hard tokens. This tells me that VERISIGN believes users are not ready yet or the infrastructure is not ready yet or the SIMM BASED CELLPHONES aren't ready yet for widespread use in the U.S and PAYPAL must be very concerned about potential fraud and wants a solution NOW and now=vasco. BANKS that are signed up with PAYPAL may say, hey, we already use VERISIGN for secure login hosting, why not piggyback onto PAYPAL's soon to be developed user directory for token i.d.s and use the same tokens that PAYPAL is using, that way they can possibly use the same actual token that their customer is using for PAYPAL? Just a thought, but possibly the PAYPAL deal may trigger a lot of bank purchases of VERISIGN/VASCO tokens. Or maybe not. 3. I am intrigued by the brief mention of software sales during the CC. Is this cell phone, virtual digipass, something new? 4. They mentioned they don't have the complete set of security products that banks may eventually be required to need by the FDIC, I assume they are referring to at least software that detects unusual transaction patterns that would indicate fraud, which can still occur with tokens but is usually done by an insider. maybe hinting at an acquisition? 5. Thee REBET(?) deal was a surprise, i think they barely mentioned it and i don't think there were any questions. Whole new market, big or small? 6. BARCLAYCARD is doing another pilot with reaers, must be a different reader than last time, 3.5 million internet users at BARCLAY's I think. 7. Record sales/backlog in their historically slowest qtr., europeans take the summer off. 8. CC's are getting less revealing, don't know if good or bad. They seem to have stopped hyping e-gov and cellphones. My guess is they are getting tired of stupid analyst questions. Whenn the stock was < $8, analysts were in love with them, they could recommend vasco in their sleep. now > $10, they seem to want vasco to hold their hands and promise them they will grow 150% and make their jobs oh so easy.
The holy grail for paypal+verisign would be to roll out a "one token many services" service somehow, although i doubt they will succeed. They have google breathing behind their back with Google Base for classifieds and rumoured payments system and need to defend their service, extra security could be a worthwhile improvement.
The "virtual digipass" mentioned on CC: they were talking about sending you the 6-digit code via SMS from the server. I dont see why they arent selling this solution more though, it seems like a very cheap and natural door for them to get into banks since they could start a bank with virtual ones (no hard token costs) and then sell a fancier model which will use the same back-end infrastructure.
No info on this, but perhaps Barclay is trying one of the readers from acquired Hagenuk readers which werent in Vasco portfolio before.
This is not a new thought, but as more two-factor security grows there should eventually be a war among online sites to be the most popular security portal. The idea that consumers would tolerate a bunch of separate hardware tokens in their pockets/home for their various secure transactions won't happen. It seems more logical that secure portals will have cross agreements with other security transaction minded sites so a user would only need to logon once to get to lots of secure commerce sites. Since Paypal/EBAY are very aggressive/innovative, they are probably well on their way with their strategy roadmap, but I don't think the big banks will take it lying down once they realize what opportunity they may be neglecting. What have been the latest thoughts with the knowledgeable on this secure portal idea?
I think with FDIC deadline so soon Paypal has missed its chance of portalship, for banks at least (there may be other clients, paypal is notoriously against gambling though, so nothing there). They should have started on this idea a couple of years ago, then they would be sell banks on their experience with it + established client base of token holders. Paypal is also a poorly established brand. A friend of mine has a business, 100% of his clients are web-savvy enough to find him on the internet, but most have no clue what paypal is.
I am not sure also how far banks would be able to outsource login security. Some of the big CC# leaks were from processors, so FDIC may not be satisfied if an external firm handles secure logins for a bank since it falls outside of their domain of regulation and control.
The big big question is where Chase and Citibank will go and where Google will go if they roll out a payment scheme.