August 19, 2009

TJX Hacker Charged With Heartland, Hannaford Breaches

Amazing story of Gonzalez and the hacks into TJMaxx, Hannaford, 7-Eleven, others. He cut his teeth on Dave & Busters, then worked for the Feds, then went back to hacking more corporations. This our government did for us? Two articles one from Wired and one WSJ. The Wired one by Zetter is great. Also reveals SQL-injection attack on web servers was route in...The Tiger Woods of Cyber Crimes. Content from Wired, WSJ and NewsHour.

Here is the Wired report
Source article

TJX Hacker Charged With Heartland, Hannaford Breaches
By Kim Zetter August 17, 2009 | 2:34 pm | Categories: Breaches

The constellation of hacks connected to the TJX hacker is growing.

Albert “Segvec” Gonzalez has been indicted by a federal grand jury in New Jersey — along with two unnamed Russian conspirators — on charges of hacking into Heartland Payment Systems, the New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed national retailers, according to the indictment unsealed Monday. Gonzalez, a former Secret Service informant, is already awaiting trial over his involvement in the TJX hack.

According to the court document, the hackers allegedly stole more than 130 million credit and debit card numbers (.pdf) from Heartland and Hannaford combined. Prosecutors say they believe these breaches constitute the largest data-breach and identity-theft case ever prosecuted in the United States. They’re investigating other breaches and have not ruled out Gonzalez’s involvement in even more intrusions.

“We’re not seeing a huge array of hackers capable of doing this, but rather a more select group, [and that] demonstrates that there is a level of sophistication involved in these hacks,” said Assistant U.S. Attorney Erez Liebermann of the Justice Department’s New Jersey district office.

But these are just the latest in a string of high-profile breaches that have been connected to Gonzalez. He and 10 others were charged in May and August 2008 with network intrusions into TJX, OfficeMax, Dave & Busters restaurant chain and other companies. Jury selection is slated to begin Sept. 14 in one of those cases. With regard to the Heartland-Hannaford cases, Gonzalez and the two unnamed Russian hackers have been charged with one count of conspiracy to commit computer fraud and one count of conspiracy to commit wire fraud.

They each face a maximum penalty of five years in prison and a possible maximum fine of $250,000 on the computer-fraud count and an additional 30 years and $1 million fine on the wire-fraud count, or twice the amount they gained from the offense, whichever is greater.

Attorneys for Gonzalez were not available for comment.

According to the New Jersey indictment, Gonzalez, 28, and an uncharged conspirator identified only as “P.T.,” allegedly found their targets on a list of Fortune 500 companies and then did reconnaissance to determine the payment-processing systems they used and uncover vulnerabilities. The hackers used computers they leased or controlled in California, Illinois and New Jersey as well as in Latvia, Ukraine and the Netherlands to store malware, launch their attacks against the networks, and receive the stolen numbers.

Using a SQL-injection attack, the hackers allegedly broke into the 7-Eleven network in August 2007, resulting in the theft of an undetermined amount of card data. They allegedly used the same kind of attack to infiltrate Hannaford Brothers in November 2007, which resulted in 4.2 million stolen debit and credit card numbers; and into Heartland on Dec. 26, 2007. Of the two unnamed national retailers mentioned in the affidavit, one was breached on Oct. 23, 2007, and the other sometime around January 2008.

Liebermann declined to identify the two national retailers, or state the amount of data stolen from them, because he said they have not gone public with their breaches.

Once on the networks, the hackers installed back doors to provide them with continued access at later dates. According to authorities, the hackers tested their malware against some 20 different antivirus programs to make sure they wouldn’t be detected, and also programmed the malware to erase evidence from the hacked networks to avoid forensic detection.

“The fact that they were able to evade antivirus software that was running on the environment by testing it and programming the malware to erase itself suggests a degree of sophistication,” said Assistant U.S. Attorney Seth Kosto of the New Jersey office. “If it were just a case of getting onto the network, the card data would probably not have been exfiltrated.”

Heartland disclosed last January that hackers had installed sniffing software on its network that allowed them to capture unencrypted credit card data as transactions were being authorized in its system.

The thieves captured card account numbers and expiration dates and, in 20 percent of cases, the customer’s name as well. The company has never disclosed the number of cards compromised, although the company’s website indicates that it processes about 100 million transactions a month for about 250,000 businesses.

According to Liebermann, Heartland accounts for the “vast majority” of the 130 million numbers mentioned in the New Jersey indictment.

Heartland reported in May that the breach had cost it $12. 6 million so far, which includes legal costs and fines from Visa and MasterCard, who say the company was not compliant with payment-card–industry rules.

Heartland’s CEO Robert Carr told Wired.com recently that the initial breach into the company’s network in December 2007 was confined to the company’s corporate network, which Carr said was separate from its card-processing network. But by May 2008, the hackers had jumped to the processing network. Carr wouldn’t say how they accomplished this.

Heartland caught the breach of the corporate network, but was unaware the hackers were sitting on its system for months conducting reconnaissance. Trustwave, a computer security firm, conducted its 2008 audit of Heartland on April 30 and deemed it compliant with Payment Card Industry Data Security Standards (PCI DSS). But shortly thereafter, the intruders began stealing batches of unencrypted card-track data from Heartland’s network, and continued doing so for months before being discovered.

Gonzalez was a Secret Service informant who once went by the nickname “Cumbajohnny.” He was a top administrator on a carding site called Shadowcrew when he was arrested in 2003. Authorities discovered his connection to Shadowcrew and soon put him to work undercover on the site, setting up a VPN for the carders to communicate, which was controlled out of the Secret Service’s New Jersey office.

That undercover operation, known as “Operation Firewall,” led to the arrest of 28 members of the site in October 2004. After the site went down, Gonzalez changed his nick to “Segvec” and moved to Miami where he allegedly resumed his life of crime under the nose of authorities who were in pursuit of “Segvec,” while being ignorant of the fact that he was their old informant.

Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.” As Wired.com previously reported, he spent $75,000 on a birthday party for himself and once complained to associates that he had to manually count $340,000 in stolen $20 bills after his counting machine broke.

Stephen Watt, a 25-year-old programmer who was working for Morgan Stanley, created a sniffing program dubbed “blabla” that Gonzalez’s gang used to allegedly siphon credit and debit card numbers from TJX and other companies and is facing sentencing this month. The indictment doesn’t charge Watt with writing the malware used in the Heartland and Hannaford breaches.

Photo: Albert Gonzalez/Courtesy U.S. law enforcement




Here is the WSJ story

Source article

By SIOBHAN GORMAN

A 28-year-old American, believed by prosecutors to be one of the nation's cybercrime kingpins, was indicted Monday along with two Russian accomplices on charges that they carried out the largest hacking and identity-theft caper in U.S. history.

Federal prosecutors alleged the three masterminded a global scheme to steal data from more than 130 million credit and debit cards by hacking into the computer systems of five major companies, including Hannaford Bros. supermarkets, 7-Eleven and Heartland Payment Systems Inc., a credit-card processing company.
[Photo of albert gonzalez released to wired.com by secret service] U.S. Secret Service courtesy of wired.com

Photo of Albert Gonzalez released to wired.com by Secret Service

The indictment in federal district court in New Jersey marks the latest and largest in at least five years of crime that has brought its alleged orchestrator, Albert Gonzalez of Miami, in and out of federal grasp. Detained in 2003, Mr. Gonzalez was briefly an informant to the Secret Service before he allegedly returned to commit even bolder crimes.

Authorities have previously alleged that Mr. Gonzalez was the ringleader of a data breach that siphoned off more than 40 million credit-card numbers from TJX Cos. and others in recent years, costing the parent company of the TJ Maxx retail chain about $200 million.

Mr. Gonzalez is in federal custody in Brooklyn, N.Y., awaiting trial for alleged efforts to hack into the network of the national restaurant chain Dave & Buster's Inc. He also faces charges in Boston in the TJX matter.

The alleged thefts in Monday's indictment took place from October 2006 to May 2008.

Mr. Gonzalez is "a very important player in a sophisticated ring that has real results at the street level of bank, retail, debit- and credit-card fraud," said Seth Kosto, an assistant U.S. attorney in New Jersey who specializes in computer fraud.
More

* Text: DOJ Indictment | Statement
* Q&A: What Consumers Should Know
* Earlier: Card Data Breached, Firm Says

Journal Community

* Discuss: How secure is credit card information? Have you been a victim of identity theft?

The indictment, interviews and recent court documents in the cases pending against Mr. Gonzalez paint him as a rising star in the cyber underground. He launched what he called "operation get rich or die tryin," targeting Fortune 500 companies with his data-theft operations, according to a sentencing memo filed in federal district court in Massachusetts in the TJ Maxx matter. These documents say he threw himself a $75,000 birthday party and at one point lamented he had to count more than $340,000 by hand because his money counter had broken.

Such large sums, primarily in $20 bills allegedly stolen from ATMs, proved tough to manage, the sentencing memo says. He was considering investing in a club, but told one of his co-conspirators in the TJX heist that he would only be able to pull together $300,000 in a "legitimate appearing form" like a check, according to the documents.

Federal investigators say Mr. Gonzalez is a high-school graduate and self-taught programmer who cut his criminal teeth as a leader in the self-styled Shadowcrew, an online credit-card hacking ring. In 2004, 26 leaders of the 4,000-person ring were arrested and convicted. "He was one of the key leaders," said Scott Christie, a former U.S. prosecutor who worked on the case.

Mr. Gonzalez wasn't charged when he was arrested in 2003 because he agreed to become an informant for the Secret Service following his arrest, say Justice Department officials. In November 2004, the government permitted him to move from New Jersey to Florida. Much of the subsequent hacking took place there, according to court records. He was arrested in conjunction with the Dave & Buster's hacking scheme in May 2008 and has been in detention since.

Subsequent investigations into breaches at Heartland and others led investigators back to Mr. Gonzalez. They found that he and his co-conspirators in Russia, which the indictment does not name, staged their crime on a network of computers spanning New Jersey, California, Illinois, Latvia, the Netherlands and Ukraine that would infiltrate the computer networks of the victim companies.

In computer attacks lasting more than a year, the trio allegedly scooped up credit- and debit-card numbers and installed so-called back doors in the victims' computer networks to enable them to steal more data in the future, the indictment said. They also installed "sniffer" programs to capture card data and send it to the hackers.

The indictment didn't estimate the losses associated with the alleged activities, nor did it spell out how the alleged co-conspirators may have made money off the stolen numbers. Typically, hackers sell batches of credit-card data online -- the current asking price in online forums is $10 to more than $100 per account profile, depending on the account's limit.

The trio made extensive efforts to conceal their activities, registering the computers they used under false names and communicating online under a variety of screen names, the indictment alleges. Mr. Gonzalez often used the online alias "soupnazi," an apparent reference to a character in the sitcom "Seinfeld."

The three were charged with gaining unauthorized access to computers, computer fraud and conspiracy to commit wire fraud. Mr. Gonzalez faces up to 25 years in prison and $500,000 in fines. His lawyer did not return phone calls Monday.

"We're pleased that the authorities have aggressively pursued this case to be in a position to bring an indictment against the alleged perpetrators," said Michael Norton, a spokesman for Hannaford Bros. Heartland commended the government's sleuthing in the case; 7-Eleven declined to comment.

Wire fraud, conducted in cyberspace because wire transfers now use networks that connect to the Internet, has exploded in recent years. The Treasury Department recently reported that of the more than 55,000 incidents of wire fraud since 1998, more than half of them occurred in the past two years.

"The financial sector may be more secure than most, but it's hemorrhaging," said Tom Kellermann, a former cybersecurity official with the World Bank who is now a vice president with Core Security Technologies, a cybersecurity company. "For too long a time they have not paid enough respect to the sophistication and organization of the underground economy."
—Robert Tomsho, Joseph Pereira and Timothy W. Martin contributed to this article.

Write to Siobhan Gorman at siobhan.gorman@wsj.com


Nice writeup on StorefrontBacktalk
link here


Interview on Newshour with Zetter of Wired and VISA

Record-setting Cyber Theft Stirs Questions on Security

The Justice Department indicted three men on Monday for stealing more than 130 million credit and debit card numbers by hacking into the computer systems of five major companies. Cyber-securiity experts discuss the case with Ray Suarez.








RAY SUAREZ: It's a case the Justice Department is calling the largest credit and debit card data breach in U.S. history. Twenty-eight-year-old Albert Gonzalez and two Russian co-conspirators are charged with stealing more than 130 million card numbers between October 2006 and May 2008.

The trio allegedly hacked around the firewalls of several companies' computer systems, including card payment processor Heartland Payment Systems, supermarket chain Hannaford Brothers, and convenience store chain 7-Eleven.

It's a record-setting breach, breaking the previous mark held, federal prosecutors say, by the same Albert Gonzalez. The Miami man was already in federal custody. He previously had been charged in identity theft cases involving the restaurant chain Dave & Buster's and the retailer T.J. Maxx.

With this latest cybersecurity breach, consumers are asking themselves, how safe is my financial information?

For some answers, we turn to Kim Zetter. She's been covering this story for Wired.com. And Rosetta Jones, she's vice president for corporate relations at Visa.

Kim Zetter, how does the government say Albert Gonzalez did what they're saying he did?

KIM ZETTER, Wired.com: Well, he worked with some co-conspirators who -- they chose their targets by looking at Fortune 500 company lists. And once they found their target, they did sort of reconnaissance to find out what kind of processing system they used for processing their credit and debit cards. Once they knew that, they were able to look at what kind of vulnerabilities might exist in the system.

In the case of Heartland and Hannaford and 7-Eleven, I think we know that they used a SQL injection attack on all of them. And a SQL injection attack is a pretty kind of standard attack that can be prevented if the server is configured correctly. And in these cases, it's showing up over and over again that many companies aren't configuring their servers correctly.

RAY SUAREZ: So they did the digital equivalent of casing these places before trying the attack?

KIM ZETTER: Yes, exactly. In some cases, they went onto the Web site of the company, and the Web sites gave them information that helped them infiltrate the companies. The Web sites can tell them what kind of processes they're using and that kind of thing.

And in the case of Heartland, you know, Heartland is a credit card, debit card processor, so it's sort of the middleman between retailers and banks. And so if you hit a processor like that, then you're getting millions of cards, as they did in this case.

RAY SUAREZ: Rosetta Jones, the program, according to the government, that these fellows were using burrowed into the systems and then started exporting the data they were finding there to places outside the United States, to some places inside the United States, but also to Latvia, Russia, the Netherlands. Why?

ROSETTA JONES, Visa: Your question was why they were exporting data?

RAY SUAREZ: Well, why to those places? Is it harder to investigate, harder to prosecute once you ship the data off to somewhere else in the world?

ROSETTA JONES: We think there's ample opportunity for the government to be involved to help international cooperation in catching the criminals. We think that is an important opportunity and a significant area where the government can be involved.

RAY SUAREZ: Have the two sides been learning from each other, the hackers and the institutions that are trying to fend off these attacks? Do they look for breaches and then exploit them and then your side tries to build new defenses?

ROSETTA JONES: Well, I think, as long as card data remains valuable, criminals are going to continue to seek that information. What we have to do as an industry is to work with financial institutions and with merchants to protect that card information. And we have to make sure that they're adhering to strict industry data security standards.

I think as an industry we also have to explore new ways to make that card data not valuable to criminals. And we're looking at things like the introduction of dynamic data into the transaction. We think that has a good opportunity to help prevent fraud.



Background of a hacker
RAY SUAREZ: Kim Zetter, Albert Gonzalez was already known to federal law enforcement before he was arrested, wasn't he?
KIM ZETTER: Before he was arrested this time? He's already in custody at this point, but, yes, he was known -- he's been known to authorities since at least 2003. He was arrested in 2003, and authorities discovered that he was the top administrator on a carding forum called ShadowCrew. It's basically an online community or was an online community where credit card thieves gathered and sold their goods.

And when they arrested him and found out that he was administrator, they flipped him to become an informant for them, and he worked out of the Secret Service New Jersey office from I think it was about late 2003, early 2004, until they brought down ShadowCrew in October 2004.

And he convinced the carders on that forum to use a special virtual private network for communicating, and that network was controlled by the Secret Service, so they were able to read all the communications that was going through there.

When the bust was over, he went back to his criminal ways, and he changed -- his online nick at that point was "Cumbajohnny," and he changed it to "Segvec," and he continued to commit crimes as "Segvec," and authorities were actually chasing this person named "Segvec" without knowing that he was the former informant for the Secret Service. And then he...

RAY SUAREZ: While he was working as an informant, was he learning things that he could then turn around and use against places like card processing services and retailers?

KIM ZETTER: He probably was. And of course, he was making connections during that point, as well, because also on ShadowCrew and other forums that were connected to it were, you know, Russian criminals from the Russian hackers. And those are, you know, pretty much the top ones in this field, are coming from Ukraine and Russia.

And in this case, on the indictment that came down yesterday, there are two unnamed Russian co-conspirators who helped him hack into the systems. So those connections were probably made at that period and thereafter, as well.


Fraud rates
RAY SUAREZ: Rosetta Jones, are there a lot of people who know how to do this? Would it be happening more often if this wasn't such highly technical work?
ROSETTA JONES: Well, I think what you have to keep in mind is that, although you might read about hundreds of millions of accounts being compromised, that we know from our investigations less than 5 percent of those accounts are ever used fraudulently.

So while criminals might be trying to seek this information, the industry, Visa, and financial institutions are able to reduce fraud through effective monitoring of fraudulent transactions in the system.

And the fraud rate within Visa is actually at historic lows. It's just 6 cents out of every $100 transacted, and that's about half of what it was 10 years ago.

So, yes, we have more work to do to protect card information, but we know as an industry we're doing a good job at keeping fraud at bay.

RAY SUAREZ: So there's less fraud today than during the old days of running a card through one of those pressing machines and having carbon copies?

ROSETTA JONES: Today, using credit and debit cards remain one of the safest way to pay, especially over cash and checks. It's just the reality. Zero liability today exists for cardholders, so if there is fraud on your account, that you do not have to pay for that fraud. That's a protection that exceeds cash and checks.


Protections for consumers
RAY SUAREZ: But if you're reading the news and you see that there's been this latest breach, what can you be doing in your own interest? What should you be doing to protect yourself and check that your identity isn't being stolen, that your information isn't being used fraudulently?
ROSETTA JONES: Well, I think, first and foremost, again, it's important to remind consumers that you have important protections with using credit and debit cards. Zero liability is one of them.

But, of course, consumers should always monitor their accounts. We encourage consumers to have online banking and check their accounts real time and check their statements for fraudulent activity, and if they notice anything suspicious, to call their financial institution right away.

RAY SUAREZ: Kim Zetter, what do you think about the position of the consumer? Are people more vulnerable than they realize? Or, as you just heard Ms. Jones suggest, really the problem is with the credit card companies and they're the ones bearing the cost?

KIM ZETTER: Yes, I mean, I should point out that consumers, at least in the case of credit cards, we know there's zero liability. What's happening to our debit is that debit cards are being taken, as well. And, of course, when a debit card is stolen and, in some cases, PIN numbers are being grabbed, as well, then, you know, it allows an attacker to basically drain your bank account.

And in some cases, we're finding that consumers, it's not so easy for them to get that money back. They have to prove that they didn't use the card in many cases, and it can take months. In some cases, people aren't getting it back if it's, for instance, a business account instead of a personal account.

But, you know, I want to point out that even if consumers have zero liability, retailers are the victims in this, as well as the banks, the card issuers who have to reissue, you know, millions of new cards to customers whose numbers have been breached.

And there are lawsuits because of this, you know, against Heartland, TJX. You know, when they have unsecured systems that are breached, the cost, you know, is passed down to the retailers for the fraudulent transactions and then also for the people who have to reissue the cards.

RAY SUAREZ: We'll have to end it there. Kim Zetter, Rosetta Jones, ladies, thank you both.

ROSETTA JONES: Thank you.

KIM ZETTER: Thank you.

Posted by staff at 08:02 AM

October 07, 2008

Tim Hortons to install restaurants and kiosks at U.S.-based Tops supermarkets

Tim Hortons expands into U.S. market via Tops. Western New York, Rochester and PA locations.

OAKVILLE, Ont. — Tim Hortons (TSX:THI) has made further inroads into the United States by signing a deal for 82 full-service restaurants and self-serve kiosks at Tops Friendly Markets grocery stores.

The agreement will put new locations of the iconic Canadian coffee and doughnut retailer in Western New York, Rochester, Central New York and northwestern Pennsylvania, the company said Tuesday.
Financial details of the agreement were not disclosed.

The rollout includes 20 full-service restaurants and 62 self-serve locations, Tim Hortons said.

The company expects some of the self-serve spots will expand into full restaurants in the future.

In some Tops locations there will be two Tim Hortons spots - both a restaurant inside the supermarket, and another self-serve location in the nearby Tops-branded gas station, a Tim Hortons representative said.

"Tops is an ideal fit for our continued strategy to build our brand and convenience for customers through both stand alone stores and non-standard full-serve and self-serve formats," said U.S. and international chief operations officer David Clanachan in a release.

Under the deal, Tim Hortons will now have 488 locations in the United States.

Posted by staff at 10:06 AM

July 01, 2008

Security - Citbank ATM breach reveals PIN problems

atm_breach_small.jpgSAN JOSE, Calif. - Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record. The other part of interest is what about the 2000 supposed Vcom units installed at 7-Eleven? [picture of unit]

Citibank ATM breach reveals PIN security problems - Yahoo! News

he scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs — the numeric passwords that theoretically are among the most closely guarded elements of banking transactions — by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption — which means encoding them to cloak them to outsiders — some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.
atm_breach_caps113.jpg
"PINs were supposed be sacrosanct — what this shows is that PINs aren't always encrypted like they're supposed to be," said Avivah Litan, a security analyst with the Gartner research firm. "The banks need much better fraud detection systems and much better authentication."

It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March of this year and was first reported by technology news Web site Wired.com. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores throughout the U.S., but it doesn't own or operate any of them.

That responsibility falls on two companies: Houston-based Cardtronics Inc., which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc., which operates the others.

A critical issue in the investigation is how the hackers infiltrated the system, a question that still hasn't been answered publicly.

All that's known is they broke into the ATM network through a server at a third-party processor, which means they probably didn't have to touch the ATMs at all to pull off the heist.

They could have gained administrative access to the machines — which means they had carte blanche to grab information — through a flaw in the network or by figuring out those computers' passwords. Or it's possible they installed a piece of malicious software on a banking server to capture unencrypted PINs as they passed through.

What that means for consumers is that their PINs were stolen from machines that showed no signs of tampering they could detect. In previous PIN thefts, thieves generally took steps that might draw notice — sending "phishing" e-mails, for example, or installing false-front keypads or even tiny cameras on ATMs.

Getting the PINs is a key step for identity thieves. It lets criminals encode stolen account information onto blank ATM cards and withdraw piles of cash from compromised accounts.

Don Jackson, director of threat intelligence for SecureWorks Inc., said he has seen an "alarming" spike in the number of attacks on back-end computers for ATM networks over the past year.

"This was fairly large, but I don't think it's anything out of the ordinary — these kinds of scams go on every day," Jackson said. "What makes this case unique is the sheer luck of happening upon these guys and catching them red-handed. But there are a whole lot of other ATM and PIN compromises going on that aren't reported."

The alleged plot is outlined in court papers supporting the prosecution of three people — Yuriy Rakushchynets, Ivan Biltse and Angelina Kitaeva. They were indicted in March on two counts each of conspiracy and fraud. Prosecutors say their activities generated at least $2 million in illegal profits.

Defense lawyers for all three people did not return calls for comment, and it was not clear where they had been living. The main defendant, Rakushchynets, was described as having Michigan and Florida's driver licenses in a February FBI affidavit for an arrest warrant.

Citibank, part of Citigroup Inc., has declined to comment on the technique or how many customers' accounts were compromised. It said it notified affected customers and issued them new debit cards.

"We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts," the bank said in a statement.

Cardtronics said it is cooperating with authorities but otherwise declined to comment. Fiserv spokeswoman Melanie Tolley said the intrusion didn't happen on Fiserv's servers.

"Fiserv," she said, "is confident in the integrity and security of our system."

related article on Cardtronics takeover of Vcoms

Posted by staff at 02:53 PM

June 06, 2007

Acquisitions - Cardtronics takes over ATMs at 7-Eleven

....Of the over 5,500 machines in the 7-Eleven(r) U.S. ATM network, approximately 2,000 are Financial Services Kiosk or "Vcom(r)" terminals. Vcom units provide advanced functionality options including check cashing, bill payment and money transfer in addition to traditional cash dispensing and balance inquiry. In addition, the 2,000 Vcom machines will soon start accepting image deposits for participating financial institutions.....

Cardtronics to Acquire ATM Portfolio from 7-Eleven

HOUSTON, June 5, 2007 (PRIME NEWSWIRE) -- Cardtronics, Inc. ("Cardtronics") announced today that it has entered into definitive agreements to acquire the U.S. ATM operations of 7-Eleven, Inc. This acquisition will add over 5,500 high volume ATMs to the Cardtronics portfolio, expanding the size of Cardtronics' network to over 30,000 machines, the largest in the world, with locations in every major U.S. metropolitan area, the U.K. and Mexico. The agreements will provide Cardtronics with a ten year exclusive right to operate all ATMs and advanced function financial self-service kiosks in 7-Eleven locations throughout the U.S., including any new 7-Eleven stores. Purchase consideration will consist of $135 million in cash, plus or minus a possible adjustment for working capital balances as of the closing date. The acquisition is subject to various conditions including customary regulatory approvals, including the expiration or termination of the applicable waiting period under the Hart-Scott-Rodino Antitrust Improvements Act of 1976.

Of the over 5,500 machines in the 7-Eleven(r) U.S. ATM network, approximately 2,000 are Financial Services Kiosk or "Vcom(r)" terminals. Vcom units provide advanced functionality options including check cashing, bill payment and money transfer in addition to traditional cash dispensing and balance inquiry. In addition, the 2,000 Vcom machines will soon start accepting image deposits for participating financial institutions.

"Acquiring the 7-Eleven ATM portfolio is a natural extension of our strategy to partner with major retailers in high-traffic locations," said Jack Antonini, president and CEO of Cardtronics. "7-Eleven is a world-class organization. This acquisition will provide a significant boost to Cardtronics' transaction volume while simultaneously moving Cardtronics into a leadership position in offering advanced, non-traditional financial services via the advanced functionality kiosks."

Brian Archer, Cardtronics executive vice president, stated, "The 7-Eleven footprint nicely complements our existing base of deployed machines and strengthens our presence in key geographies while further solidifying Cardtronics' position as the ATM provider of choice for national merchants, thanks to our quality of service, unmatched scale and unique bank branding and surcharge-free offerings."

As part of the agreement with 7-Eleven, Cardtronics will assume ownership or operation of all ATM and Vcom equipment currently owned or leased by 7-Eleven as well as maintenance, cash replenishment, processing, customer service, 24 hour monitoring and other operational functions for the ATMs. Cardtronics is targeting to close the transaction by the end of June 2007.

Cardtronics intends to finance the transaction with a combination of bank debt and other debt securities, and expects its leverage level to be moderately higher at closing as a result.

About Cardtronics, Inc.

Headquartered in Houston, Texas, Cardtronics is the world's largest non-bank owner/operator of ATMs with more than 25,000 locations. We operate in every major U.S. market, at over 1,500 locations throughout the UK, and at 500 locations in Mexico. Major merchant-clients include A&P(r), Albertson's(r), Hess Corporation(r), BP(r) Amoco, Chevron(r), Costco(r), CVS(r)/pharmacy, ExxonMobil(r), Duane Reade(r), Rite Aid(r), Sunoco(r), Target(r) and Walgreens(r). Cardtronics also works closely with financial institutions across the U.S. to brand ATMs in these major merchants and provide convenient access for their customers and the ability to preserve and expand their markets. For more information about Cardtronics, please visit http://www.cardtronics.com.

Posted by staff at 01:48 PM

May 22, 2007

Financial Service Kiosks -- ExxonMobil

exxon_kiosk_mar28.jpegExxonMobil Expands Availability of ''ewiz'' Financial Services Kiosks at on the Run Convenience Stores; ewiz Kiosks Provide Convenient Way to Pay Bills and Conduct Other Financial Services.

TIO Networks and ExxonMobil extend strategic alliance

“New Agreement extends contract through 2012"

Burnaby, BC - May 22, 2007 – TIO Networks Corp. (TIO), North America’s leading automated bill payment and financial services network (TSX-V: TNC), today announced a five-year extension to its strategic alliance with ExxonMobil. The relationship, which began in 2004, has been extended through 2012.

Under the terms of this agreement, TIO Networks will roll out the TIO services through the E-WIZ branded kiosks and hybrid ATMs in all corporate owned On the Run and Tigermarket stores. The deployment is expected to be substantially complete by the end of 2007.

TIO’s self-service program will also be available to ExxonMobil’s franchise dealers and distributors who will now have the ability to purchase E-WIZ systems and derive recurring revenues from consumer driven transaction fees.

E-WIZ is an ExxonMobil branded self-service automated bill payment and financial service kiosk program that empowers their customers to securely and conveniently pay their wireless, cable, utility and other bills in cash, purchase prepaid products, gift cards, Prepaid MasterCard®, purchases and reloads, and benefit from additional value added financial services.

The E-WIZ program serves consumers who prefer to use alternative financial service providers for convenience or the lack of direct banking relationships.

ExxonMobil, Exxon, On the Run and Tigermarket are trademarks of Exxon Mobil Corporation or one of its subsidiaries.

About TIO Networks Corp.

TIO Networks Corp. is North America’s largest multi-retailer network of non bank financial services for the ‘cash preferred’ consumer marketplace. The Company operates in more than 2000 locations and provides safe secure access to bill payment and other key financial services. For more information, please visit www.TIOnetworks.com
Behshad Hastibakhsh, Media Relations – TIO Networks

Tel: 604.298.4636, Ext. 250

Toll Free: 888.679.3322

Email: pr@TIOnetworks.com


John Lewis, Business Development - TIO Networks

Tel: 416-364-2266

Email: jrlewis@TIOnetworks.com

Posted by staff at 10:52 AM

November 26, 2006

Financial Service -- Hybrid ATM Kiosk machines

TIO with over 1,000 machines in Circle K and Exxon Mobil and running 850,000 transactions a month on its network is going to "branch out" into new hybrid ATM Kiosks. To date, diluting the ATM transaction with other services has proven problematic at best. Once heralded as the next mousetrap, it has gone by the wayside reduced to a yearly press release maybe on the now-old VCom and others. TIO has proven itself very resourceful and smart. It'll be interesting to see how they couple the two.

News

TIO Plans To Start Hybrid ATM-Kiosk Deployments by Start of ‘07

(November 22, 2006) The concept of an ATM that also serves as a kiosk for bill payment and other financial services may be getting closer to reality. TIO Networks Inc., a Burnaby, B.C.-based operator of bill-payment kiosks that serve primarily the underbanked, will begin deploying hybrid ATM-kiosk machines by the start of 2007, says John Lewis, business development executive for the company.

Lewis refuses to say where the new machines will be installed, citing “sensitivity” about their locations. Nor will he be specific about how many of the devices, which are being developed by ATM maker Tranax Technologies Inc., are in the plans. “We expect to see some pretty strong deployments early next year,” he says. TIO had expected to begin operating some 40 hybrid devices this spring in conjunction with ATM deployer Cardtronics Inc. (Digital Transactions News, March 2). The company has had to delay the project as it works through negotiations and waits for current ATM installation contracts at target locations to expire, Lewis says. “Everybody’s making money with their ATMs, so there’s some jockeying going on,” he notes. The company has also switched manufacturers since March, when it was working with Tidel Technologies Inc.

TIO currently drives about 1,000 kiosks hooked up in convenience stores that allow consumers to pay bills by inserting cash into a bill acceptor. TIO’s links to the accounting systems at utilities, telecommunications companies, and other billers—including Cingular Wireless and Qwest Communications—allow users to receive real-time electronic account updates. Merchants housing the machines include Circle K Stores Inc. and ExxonMobil Corp., which deployed 100 kiosks this fall in as many of its On the Run and Tigermarket stores in Texas. TIO also drives around 200 clerk-assisted bill-payment terminals.

Banks historically have shied away from dual-function ATM kiosks, fearing that customers wanting to withdraw from or deposit to accounts would grow frustrated while waiting for other people to complete bill payments or phone-card top-ups. At the same time, the two functions serve two often separate demographic groups. TIO’s kiosks are aimed largely at Hispanics, and draw mostly customers without bank accounts who do business in cash. By contrast, ATM users are generally accountholders at banks. But TIO, which earlier this year changed its name from Info Touch Technologies Corp., hopes the dual functionality could help it introduce its kiosks to users who might not have encountered them otherwise, allowing it to drive up usage faster. TIO charges a flat fee for bill payments, which it shares out to retailer and biller partners.

Currently, TIO is processing 850,000 transactions a month on its network. That volume is growing at a 10% rate quarter-to-quarter, Lewis says. How much of a difference the new hybrid machines might make, he says, is impossible to forecast. “It would be just some wild, crazy guess,” he says.

Posted by staff at 08:05 PM

March 04, 2006

Circle K Financial Bill Payment Kiosks

EL PASO, Texas – Twenty-five ZapLink kiosks from Info Touch Technologies Corp., owners of the TIO Network, are being installed in select Circle K convenience stores in El Paso, Texas..

El Paso Circle K Stores Get 'Zapped'

Through this expansion, Info Touch and Circle K will now offer cash-preferred customers secure and convenient access to bill payment and financial transactions at self-service automated kiosks, 24 hours a day.

"Zaplink and the TIO Network is an important part of Circle K's strategy to empower our customers with convenient and hassle-free ways to pay bills and manage personal finances,” said Dan Stiel, manager of financial services for Circle K. "Our customers in El Paso will discover our self-service Zaplink kiosks to be fast, friendly and reliable."

The kiosks enable cash-preferred customers to securely access personal accounts and view balances on select billers without the need to have an account number present. They can also pay a host of bills including wireless, utility and cable and update their accounts in real time. Payments are made by inserting the cash directly into ZapLink kiosk's bill acceptor. Once the cash is accepted, the payment is immediately posted through Info Touch's TIO network. Circle K customers can navigate through bill pay and other TIO applications in either English or Spanish and complete financial transactions by either printing or e-mailing their receipt to an e-mail address of their choice.

"Market research indicates that nearly half of the Hispanics are unbanked and more than 78 percent of the population [in this market] is Hispanic,” said Hamed Shahbazi, chairman and CEO of Info Touch Technologies. “This data confirms there is market demand for non-traditional financial solutions. By delivering convenient access to affordable financial services, we improve the quality of life for residents of El Paso and execute on our recurring revenue transaction business."

Since September 2001, Info Touch and Circle K have launched approximately 300 Zaplink kiosks in Arizona, Florida, New Mexico, North Carolina, South Carolina and Texas.

Posted by keefner at 09:27 AM

August 09, 2005

Thortons Adds New Touchscreen Kiosk to SubWorks program

Thorntons Inc., which operates 154 gasoline/convenience stores, one travel plaza and nine car washes in the Midwest, selected Xpedient Software for its SubWorks self-ordering kiosk systems, the company announced.

SubWorks, Thorntons' proprietary food program, features subs, burgers, pizzas and more, ordered via Xpedient's touchscreen kiosk. "Xpedient's kiosks add a whole new dimension to the quick-service restaurant industry," said Matt Thornton, CEO of Thorntons. "The new system gives us the opportunity to serve the perfect sandwich in 3 minutes or less, which is paramount to our success."

The Xpedient kiosk system allows Thorntons customers to personalize their order, making them aware of options including spicy mustard, spicy mayo and special toppings for signature sandwiches such as The Italian Special and The Kentucky Club.

Xpedient Architect is another key component of the kiosk software program that allows Thorntons, to customize screen content at the corporate, store, or individual kiosk level. Xpedient's Enterprise Manager provides reporting tools that show peak usage times and total sales, as well as product mix and other customized reports. Thorntons has currently launched the new system in six different markets.

"We feel this new self-ordering system will set us apart," said Matt Thornton." Xpedient's kiosks add to our SubWorks brand by creating a unique blend of time, great fresh food, all in a fun atmosphere."

Source: Thorntons Adds New Touchscreen Kiosk to SubWorks Program

Posted by keefner at 07:15 PM

May 25, 2005

Financial Services to Grocers and C-Stores

Convenience and grocery stores are in trouble. Long-standing revenue streams like cigarettes are disappearing in a puff of smoke. Intense pricing pressure from Wal-Mart has flattened margins for the foreseeable future.

An aging store asset portfolio drains available working capital. And the channels have blurred with Starbucks coffee at Safeway and gasoline at Wal-Mart.


story link

Convenience and grocery executives are desperately looking for new growth drivers. And smartly, theyre looking beyond physical products you can only stock the shelves with so much stuff and theyre finding success with services.

The success convenience and grocery chains are having with prepaid wireless has led them to look for other services beyond prepaid and to evaluate the consumers who are purchasing prepaid phones and refill. These chains are finding a plethora of deliverable services which, like prepaid wireless, are targeted toward the unbanked market people who through choice or necessity manage their finances outside of the traditional banking system. Some call this activity fringe banking.

The unbanked population, estimated at over 40 million strong, or over 30 percent of the U.S. population, is made up primarily of teens and young adults, minorities and the working poor. Theyre already shopping in convenience and grocery locations, yet these locations have not offered the services they need in order to manage and access their money, forcing them to make special trips to outlets outside of their daily routine.

Services expand
Convenience and grocery stores will now become banks for the unbanked. Theyll seek to offer point-of-sale or kiosk-driven services, which will allow unbanked customers to manage their money, pay their bills, purchase and consume products and services, and make their lives a bit simpler.

Prepaid wireless is one service already offered at many of these stores. This market has exploded from $4.5 billion in 2000 to over $23 billion in 2004 driven by youth, minorities and unbanked customers. Another service, prepaid debit cards, is currently a $600 million market. The Pelorus Group expects it to grow to over $5 billion by 2007. Next Estate Communications reports that 65 percent of prepaid debit users are under the age of 35 years.

Payroll check cashing can also be offered. The Financial Service Centers of America (FiSCA) reports that this $60 billion industry processes over 180 million checks a year, growing 10 percent annually. Walk-up bill payment would be another convenience for the unbanked. Checkfree, the online bill-payment service, reports that 20 percent of American households regularly pay their bills in person.

Offering money transfer service can be lucrative for convenience and grocery stores. Celent expects the global money transfer market to surpass $170 billion in 2006. InterAmerican Bank reports that over 60 percent of foreign-born U.S. Latino adults send money back home regularly.

Retailers look for partners
Overburdened convenience and grocery merchants will look to one-stop full-service distributors to carry the load bringing in the offers, enabling the transactions and developing the signage and display. For these distributors, banking services would allow them to establish deep relationships with the merchant from a product portfolio and technology perspective and would enable them to cash in for years to come.

Distributors of prepaid telecom have been playing a key role in the U.S. prepaid supply chain securing the locations, deploying the delivery technology, communicating the offer and enabling the transaction. But margins are getting squeezed; many of the best locations have been secured, competition is fierce and consolidation is rife. The addition of new revenue-driving products and services to the portfolio is crucial.

Offerings that appeal to the same consumer base as prepaid telecom, utilizing the same point-of-sale or kiosk-based delivery technology, make fringe banking, or banks for the unbanked, a natural for distributors to take on and for retailers to migrate toward.

To be successful in this space, distributors will need to:
develop the relationships with the necessary product and service providers to form the comprehensive bank for the unbanked offering
educate their retail partners as to the opportunity and the requirements
create the point-of-sale and/or kiosk delivery network necessary to successfully deliver the offering
design clear, concise and relevant marketing communications inside and outside the store to drive adoption and demand
develop a deep and continual understanding of the unbanked consumer, including who they are, what they need, how they want it delivered and how to reach them

Achieving critical mass
This year promises to be the year fringe banking breaks out. Circle K and 7-Eleven are rolling out check-cashing services to all stores. Stored value gift and debit cards are all the rage. Prepaid wireless continues to explode. Kiosks and multiapplication point-of-sale devices make product delivery possible. All of this is happening while the nation sees a continued explosion in Hispanic population, an increase in population living below the poverty level and a reduction in the number of traditional banking outlets.

Retailers, distributors, processors and product and service providers are all taking note, and many will develop a sense of urgency in 2005 to win in this space, to prosper and to survive. Will you?

The author is president of Tefisto Partners, a consultancy focused on the stored value and fringe banking space. He can be contacted at (602) 750-8055 or visit the company website at www.tefistopartners.com.

Posted by keefner at 02:40 PM

April 22, 2005

ExxonMobil Touchscreens

Exxon Mobil Corp. has selected Gilbarco Veeder-Root's Passport, a touchscreen point-of-sale system, for all of its Exxon-branded company-operated stores that have Gilbarco forecourt equipment.

story link
Exxon locations nationwide are currently upgrading their G-SITE POS systems to the Passport system, as well as bringing new sites on board.

We are very excited to be the POS of choice for these company-operated sites, said Martin Gafinowitz, president for Gilbarco North America. We continue to strengthen our relationship with ExxonMobil and to deliver new functionality that improves the performance of their stores.

The newest version of Passport is built on Microsoft's XP operations system and gives Exxon sites advanced security features and improved performance. Additional features include merchandising, fuel capabilities and car wash kiosk support.

The Passport is also available for purchase by Exxon or Mobil-branded distributors.

Posted by keefner at 06:19 PM

April 09, 2005

C-Stores and Digital Signage

Circle K Stores Inc., a division of Alimentation Couche-Tard Inc., has signed a contract with WMD Holdings Group Inc. to deploy Navitouch units in Circle K convenience stores throughout the company's West Coast regions.
Read more

Posted by keefner at 02:25 PM

January 04, 2005

Sheetz Rolls Out PayPass

Sheetz, Inc., announced that it will be accepting MasterCard PayPass across its entire chain of stores.

link

Sheetz Puts MasterCard PayPass to Work
January 4, 2005

ALTOONA, PA -- Sheetz, Inc., announced that it will be accepting MasterCard PayPass across its entire chain of stores. The convenience store chain said it's the first retailer in the nation to accept MasterCard International's radio-frequency (RF)-based payment option.

"Sheetz prides itself on being a pioneer in the convenience store industry, and being the first retailer to implement 'tap and go' payments across the entire chain is yet another example of our mission to continually improve our customers' shopping experience," said Louie Sheetz, executive vice president of marketing for Sheetz. "MasterCard PayPass leads the way in the RF-based payment segment and will provide Sheetz customers with more convenience and time savings at the checkout than ever before."

All 305 Sheetz locations will be equipped and ready to accept MasterCard PayPass in-store by March 1. Sheetz will be expanding PayPass acceptance to all of its stores' gas pumps throughout the spring of 2005.

MasterCard PayPass cardholders can pay for purchases at Sheetz by tapping their PayPass-enabled payment card on a specially equipped terminal that utilizes an RF chip to complete a payment transaction, said Sheetz, eliminating the need for customers to hand over their payment card to a merchant or manually swipe it through a reader. Moments after the cardholder taps his or her PayPass-enabled card, account details are communicated to the terminal and then processed through the MasterCard network for clearing and settlement.

According to Sheetz, the MasterCard PayPass streamlines customers' shopping experience by eliminating the need for customers to sign their payment card receipts for all sales under $25. Currently, more than 80 percent of convenience store transactions are less than $25.

Posted by Craig at 02:24 PM

July 15, 2004

Prepaid and Cstores

Andrew Chung owns and operates Fairway One Stop #14, a c-store located off of I-85 South in Thomasville, N.C. The location includes a gas station and a Subway franchise inside. The store reports gas sales of 200,000 gallons per month and inside store sales of $85,000 per month, of which prepaid sales are $5,000 monthly.

Point of sale
By: Theresa Ward

Editors note: This is the first in a continuing series of retailer profiles. If youre a retailer and are interested in sharing your experience in selling prepaid products, please send an e-mail to info@intelecard.com.

Andrew Chung owns and operates Fairway One Stop #14, a c-store located off of I-85 South in Thomasville, N.C. The location includes a gas station and a Subway franchise inside. The store reports gas sales of 200,000 gallons per month and inside store sales of $85,000 per month, of which prepaid sales are $5,000 monthly.

Chung has been selling scratch prepaid cards for about five years. It was only last year that he began offering a POSA system that now allows him to sell a multitude of prepaid products.

He made the decision to switch to POSA so he would no longer be limited to carrying prepaid cellular cards from one carrier. He says customers were coming in and asking for cards he wasnt carrying, and he couldnt service them. "Since I started offering a POSA system," Chung says, "I can offer customers different products, and I can provide better customer service. Since then, business has picked up quite a bit."

He says hes getting repeat business from the same customers, and he also has new customers coming in and out since he is located off an interstate. Many repeat customers frequent Chungs location to refuel and have also grown accustomed to adding time to their prepaid cards or cell phones.

Spectrum Wireless, Chungs wholesaler, provides him with a turnkey POSA system and PINs for wireless and long distance. The company also provides Chung with signage, counter mats, window clings and other collateral materials.

Chung carries a full range of prepaid wireless programs including Cingular, the No.1 seller in the region. He currently is selling a promotional refurbished program with Cingular that is selling very well. He also sells Verizon, AT&T, Alltel, TracFone and T-Mobile, which doesnt operate in the region, but travelers coming through will buy additional minutes while roaming on Cingular in North Carolina. The one reseller program Chung is carrying is Omni.

Matching customer needs

Assisting customers in selecting a prepaid wireless program, Chung asks questions to help determine their needs. "Sometimes customers want fewer minutes; some are on a limited budget and want to spread out fees even if the price per minute is high. It also depends on the handsets. There are some customers who want a small phone, but it also depends on the per-minute rates. Some want lower rates, and that will drive the handset purchase decision."

A key determiner of the handset purchase is based on the customers budget, Chung says. "If the customers budget is tight," he says, "he will veer toward a cheap handset vs. an expensive one. If the customers budget is sufficient, he is looking for a nicer handset. It really depends on how much money the customer has in his hand."

Spectrum Wireless, Chungs wholesaler, is responsible for keeping a steady supply of handset inventory in place. Todd Grindstaff, executive director, Spectrum Holdings LLC, says its his companys job to ensure Chung is aware of the newest programs and products. "We're introducing Chung to new reseller wireless programs. He's taking the time to learn about them as well as the underlying carrier for each of the programs," Grindstaff says.

As the owner and operator of Fairway, Chung says he doesnt want to carry a large quantity of certain handsets. He prefers to try a couple of them, see how customers respond and then hell order accordingly. "Spectrum Wireless does a good job of stocking inventory so I can receive handsets on time instead of having a customer wait," he says.

Grindstaff notes that in the case of selling Cingular service, its a direct relationship whereby Spectrum handles the customer service. To activate service, the customer calls Spectrum and not Cingular. "This helps us sell phones to the c-stores because were adding that extra value service," Grindstaff says. Chung knows the customer will be taken care of once the purchase is made. "Not many people come in complaining, but if there is an issue, we will make an exchange," Chung says.

Customer preferences

While prepaid wireless is a large draw at this store, Chung also must carry traditional scratch prepaid phone cards. He says that repeat customers, many of whom are Hispanic, are brand loyal and will return to his store to buy new cards. He hasnt seen a move from this particular consumer base to switch to mag-stripe rechargeable phone cards.

When asked why this customer is reluctant to try a rechargeable phone card, Chung thinks its a matter of habit, and he says theyre not comfortable with a mag-stripe card. At the same time, he says that many Hispanic customers are interested in prepaid wireless. "Some Hispanic customers do not have home phone service, and they want a good rate to call their homeland using their prepaid cell phone. I explain the rates to various destinations from the various wireless carriers."

He also points out that some immigrants still prefer scratch cards to call their homeland because international rates on prepaid wireless plans are higher. Many will buy scratch cards with their prepaid wireless handsets. Chung is definitely seeing increased usage of prepaid wireless. "Prepaid wireless revenues will definitely go up instead of long distance because of the trends Im seeing right now. Prepaid wireless is definitely eating the long distance markets, especially international long distance cards."

On the subject of customer purchasing habits, Chung says it varies. Some customers specifically come in to buy prepaid cards, and some buy on impulse at the counter. Customers can also come in to buy a sandwich at Subway or purchase a money order and notice the prepaid products, he says.

"Its probably half and half as far as impulse buy vs. destination," Grindstaff says. "Chung has an interstate location, and customers come in to buy a sandwich and remember they need to buy a new Cingular card along with a pack of cigarettes," he says.

More products

With the POSA system in place, Chungs store is able to offer additional prepaid services including prepaid MasterCard. Grindstaff says that at the present time, there isnt a large demand for the product. "Demographically, its just not taking off," Grindstaff says. But he explains its important to carry it, as other competitors are offering it. He says that some store customers are doing from $500 to $1,000 a day, but he says that its the extreme and not the norm. "We, as providers," says Grindstaff, "make very little money on the MasterCard program, and it increases our back-end costs because we have to ACH and debit daily rather than twice a week like we normally would do. But we recognize there is a value in carrying the prepaid MasterCard product."

The POSA system also supports home dialtone, which Grindstaff describes as a "neighborhood" product, one that sells in a location frequented by local traffic. He says that product is selling well.

Other ancillary products offered are roadside assistance and ring tones, which Grindstaff says are just beginning to be marketed. All products reside on the POSA device, and its up to Grindstaff to keep Chung and other retail customers informed as well as to develop promotions to drive usage.

Grindstaff explains that mom and pop locations see POSA as a profit center that has a core base business of prepaid wireless and prepaid long distance, and the other products are gravy.

Accessories

"Wireless accessories are big items for us," Chung says. "Theres a huge profit on them as well. When we sell the prepaid wireless handsets, we can also offer customers additional accessories, so it works out well."

Distributors role

When asked ways in which Spectrum can help his business, Chung says its important that he be kept informed of new products that can translate into additional profits. He says its important for him to be educated on new products and how they work so he can tell his customers.

Spectrum sends out newsletters informing its retailers about new products and updates from the carriers. Also, the company is finishing up a complete printed catalog of all of its offerings. In addition, at Spectrums headquarters, which is about 30 minutes away from Chungs store, there is a showroom with product demos including the POSA delivery method. In addition, all the different prepaid wireless carriers products are displayed in cases, and prepaid long distance rate posters are displayed on the walls.

For now, Chung continues to build his c-store operation by staying informed about new products that can improve his bottom line. With prepaid wireless going up in sales, its a sure thing hell be keeping an eye on new prepaid programs. ICN

retailer feedback

Andrew Chung, owner and operator of Fairway One Stop #14, shares his preferences and observations:

Best time for sales to visit: in the morning after rush-hour traffic

A distributor/sales person should wait until hes finished handling any customer in the store

If the store is busy, a distributor/sales person can leave a note letting him know when hell come by again or when hell be calling

Prepaid card providers come in once a week and discuss new products not associated with Spectrum Wireless

$10 denomination scratch cards are most popular

Among Hispanic users, scratch cards still most popular

To call internationally, Hispanic users still using prepaid long distance cards in conjunction with prepaid wireless handset

Prepaid wireless taking over prepaid long distance cards Reseller prepaid wireless programs offer better margins than carrier plans

Intelecard News Online | Feature Stories

Posted by Craig at 02:35 PM