Or rather the simulated cyber attack exercise dubbed Quantum Dawn 2. As reported by Lauren Tara LaCapra at Reuters, it’s an exercise that will run through most of the business day on June 28, simulating a significant cyber attack against several Wall Street banks.

Organized by the Securities Industry and Financial Markets Association, it will involve numerous banks, including Citigroup and Bank of America, the U.S. departments of Treasury and Homeland Security, the Federal Reserve and the Securities and Exchange Commission. At least three executives from each participating organization will take part.

It will start off at first with some seemingly random bursts of confusing information, followed by a pause that will give execs a chance to make decisions. Later on, it will accelerate, and conditions will appear to get a lot worse.

This is the sequel to 2011’s Quantum Dawn 1, which included in its scenario a group of armed gunmen running around lower Manhattan trying to gain access to various exchanges and attempting to blow stuff up.

In that exercise, all the participants were in a single conference room comparing notes and making decisions. This time around, they’ll be working from their own offices, much as they would during a real-world attack. The point is to create a more accurate “fog of war” situation.

The simulation comes as big banks in particular are being warned by federal regulators to improve their defenses against the threat of cyber attacks. BofA, J.P. Morgan Chase and Capital One Financial are known to have come under attack in recent years. A recent survey by Verizon found that 75 percent of cyber-security incidents at large companies were motivated by financial gain.

The push comes as government officials grow increasingly concerned about the ability of a cyber attack to cause significant disruptions to the financial system. Banks such as J.P. Morgan Chase & Co., Bank of America Corp. and Capital One Financial Corp. have been targeted by cyber assaults in recent years, including potent “denial-of-service” strikes that took down some bank websites off-and-on for days, frustrating customers. Banks have spent millions of dollars responding to or protecting against such attacks, including a wave of attempted online assaults targeting major banks beginning last year that U.S. defense officials say had the backing of the Iranian government.

Read the rest of this post on the original site »

The moves represent a big change from just a few years ago, when customers mostly used their phones to check bank balances or find the nearest branch. Customers now are manipulating their gadgets to deposit checks and move money between accounts.

Read the rest of this post on the original site »

That the new policy is expected this week implies that President Obama may devote a few words to the subject in his State of the Union address on Tuesday night. Or he may not. But the fact of the matter is that the headlines have been rife of late with news of hacking attacks against American banks, media organizations and others that appear not be coming from pranksters in a basement, but from parties that appear to be operating barely at arm’s length from governments in countries like China and Iran.

One provision would order government agencies to share more information about the nature of computer threats with private companies and give relevant executives of those companies the option to get proper security clearances to get briefed on certain classified information about the nature of the threats, and perhaps lay the groundwork for improved responses.

Republicans and business groups have generally opposed this approach, arguing that voluntary government standards essentially amount to implied regulations that they have to follow whether they want to or not. Additionally they say — correctly — that any government-set standards would quickly be overtaken by the fluid nature of cyber security threats, which are changing daily.

Compare the approach, however, to the European Union, which has its own proposal for cyber security rules on the table, this one more onerous. It would require certain companies, including search engines, energy companies, banks, transit hubs, stock exchange and others to report disruptions to the operations of their computing systems and networks — including anything from human error to full-blown cyber attacks — to government authorities. The expectation is that the proposal will become law within the 27-nation EU within two years. Nothing voluntary about it.

Given the difference, here’s an interesting thought: So often the targets of attacks are entities so large as to have global operations and global networks. An attack on Google’s operations in Europe, for example, one that under the EU scheme would have to be reported to government authorities there, amounts to an attack on its operations in the States. The same is certainly true for many banks that operate on more than one continent.

Sharing of information about cyber security incidents has always been a tricky thing. Large companies don’t like to advertise that they’ve been attacked and their operations disrupted — and when they do disclose it publicly, they do so only sparingly — and the same is true for countries. One country doesn’t like sharing what it knows about a cyber attack because it doesn’t trust what its neighbor might do with the information.

But the difference in approaches makes me wonder why there isn’t more cooperation generally between countries, especially between the U.S. and Europe. National borders mean nothing in the digital realm, and attacks are very often launched from computers in one or more countries, operated remotely by people in one or more countries, against targets in one or more countries. Now everyone is a target and no one knows exactly who the attackers are.

This makes questions about cyber warfare and security infinitely more complex. Most attackers operate at a certain remove from any governments to which they may hold an allegiance, however strong or loose, allowing for what the diplomats like to call “plausible deniability.” Or they may be the equivalent of digital mercenaries fighting for whoever pays the most, or some combination of both. The multiple combinations of variables make the the old nation-to-nation, single attacker, single target paradigm seem outmoded.

That makes the sharing of information among authorities in the most target-rich nations — the U.S. and Europe generally — an important piece any response. If houses are being broken into by a burglar who happens to be good at prying open a certain kind of door or window that happens to be prevalent in your neighborhood, would you not want your neighbor to share that information with you so that you can prepare accordingly?

Perhaps the same kind of common sense approach should apply to the community of nations in the area of cyber security. Could it be done under the auspices of a multination treaty? Perhaps something similar to NATO, where an attack on interests in one country — whatever the entity doing the attacking, be it a nation-state, terrorists, or a gang of troublemakers — amounts to an attack on all? Just a thought.

Image copyright Gregory James Van Raalte

Financial institutions are embracing digital offers out of necessity because revenue from current sources is in decline. The future of the payments industry is shifting quickly to monetizing consumer relationships — particularly through mobile devices — and away from extracting new value from the payments value chain.

What many do not know is that credit card companies have experienced significant pain as a result of the capping of their lucrative interchange fees by the Durbin Amendment, which became effective in 2011. Faced with declines in what had previously been a significant form of revenue, credit card companies know that they need to open new sources of revenue. This need is becoming ever more urgent with companies like Google and Paypal joining the mix and leveraging their unique assets — novelty, retailer relationships, and extensive technology infrastructure.

The opportunity here is massive — total real-world (not online) retail commerce is $4 trillion a year in the U.S., and eMarketer just reported that mobile advertising is expected to increase by 180 percent in the coming year to reach $4 billion. Credit card companies looking to take their fair share of this revenue need to figure out how to leverage their great relationships with consumers to open up new sources of revenue.

Here are my suggestions for strategies that will help credit card companies come out ahead in 2013:

Stop chasing Chase. Instead, start acting like a media company.
To open new sources of revenue through media and technology, banks need to add new DNA that is not focused on traditional banking concerns such as regulatory compliance, security and fraud. Of course, I am not suggesting that they stop complying with regulations, or that they abandon security. But banks must become more nimble at attacking new revenue opportunities — particularly in consumer offers. At Google and other companies in Silicon Valley, teams still pull all-nighters to release alpha versions of products for consumers and partners in a matter of days to test an experience, an approach that is antithetical to the banking world. Yet if banks want to succeed in the media world, they have to figure out how at least part of their organization can play in an API-driven ecosystem that encourages collaboration and rapid product releases. First test for the C-suite at banks: Have you developed and released anything new to consumers in a single quarter?

Play ball with the competitors.
Consider the value of the ecosystem in growing your mobile offers initiative. In order to succeed in delivering a great mobile rewards program, the key is having a rich supply of merchant offers upon which to layer targeting. No one company is going to assemble enough, so think instead about collaborating with all the other players and getting the network effects of a larger audience and a bigger pool of offers. An interesting model for this kind of collaboration is WEVE in the UK, in which three mobile operators — EE, Telefonica UK (O2) and Vodafone UK — have banded together to form a large consortium. The individual companies behind the consortium still compete to acquire subscribers, but they now collaborate with a common platform for monetizing those subscribers through marketing.

Turn that marketing focus inside out.
Now that you have a great offers program, the biggest challenge is getting enough customers into it to move the needle. Each card provider today has marketing teams that focus solely on signing up new customers for their credit cards. Yet somehow, these are not the folks developing new digital offerings. These customer acquisition teams are digital media experts. Imagine focusing that valuable marketing experience on getting consumers to opt into new and sophisticated customer reward programs, and to download their new rewards apps. It is customer acquisition, pure and simple.

Don’t wait for big data.
My last and most controversial suggestion for 2013 is to let go of the obsession with big data! Many banks are building huge databases for micro-targeting customers with niche offers. Microtargeting is cool, but believe me, media is a war of attrition and all of that big data-based targeting will yield a customer segment of just a few people. Brands do not want to target only a select handful of people with their offers; they need to reach a million people in order for their investment in creating and distributing that offer to make economic sense. Silicon Valley has managed to convince enterprises that massive amounts of data will build a program that really performs in terms of offers and sales; but ultimately, microtargeting is not monetizable at scale until there are an equally large set of available offers. The real way to success is to provide a great experience with lots of offers for your entire customer base. Yes, there are a handful of important variables that should be considered, including location, time of day, gender, interests and even retargeting; but other data on top is gravy and too much is at odds with reaching a large enough number of people with relevant offers. The “big picture” is not always based on big data. (Hint: You might derive as much value from customers by asking them what they want instead.)

The Long View
As Bob Dylan said, “you don’t need a weatherman to know which way the wind blows.” Credit card companies can no longer hesitate while other companies race forward to make a profit on this kind of consumer spending. If credit card companies employ the strategies I propose, they will be real contenders against the likes of Paypal, Google, Apple and the mobile operators. The weather forecast is clear for mobile offers: Sunny, with billions of dollars blowing in the wind. It’s up to each financial institution to figure out how to get to market faster and catch some of it.

Alistair Goodman is the CEO of Placecast, where he leads a team of mobile, technology and marketing experts who have created the most scalable, proven, location-based marketing system currently available. Alistair has more than 20 years of experience working in marketing and product development efforts for media and technology companies.

When a giant takeover is brewing, banks usually try to get as many pieces of the action as they can, from offering advice to lending money.

But J.P. Morgan Chase & Co., the largest U.S. bank by assets and one of the most frequently hired advisers on mergers and acquisitions, didn’t pursue an important chunk of business in the potential buyout of Dell Inc.

Read the rest of this post on the original site »

That was the warning given by Gen. William Shelton (pictured in a file photo), head of the U.S. Air Force’s Space Command, which is also in charge of the Air Force’s cyberwar group, in a speech in Washington, D.C., yesterday, which was covered by Reuters.

Shelton’s warning comes nine days after security experts familiar with the opinion of U.S. government officials told the New York Times that Iran is behind a series of denial-of-service attacks in late 2012 meant to disrupt the normal flow of financial business. Banks affected included Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, J.P. Morgan Chase and PNC.

The attacks were largely seen as a retaliation not only for Stuxnet, but for other malware-based campaigns that are thought to have been targeted against Iran: Flame, which turned computers into sophisticated spying tools, using their built-in video cameras and microphones; and Gauss, which sought to intercept bank account information.

Shelton didn’t speak directly to whether or not Iran has attacked U.S. government networks, but said that its efforts are ongoing.

Shelton referred to the Stuxnet attack in 2010 as the “Natanz situation.” In that instance of sophisticated digital sabotage, as reported by the New York Times, malware targeting Windows burrowed its way into industrial control computers called Programmable Logic Controllers, targeting a specific setup in a specific configuration. The malware then seized control of those systems and cause some centrifuges to spin out of control and ultimately explode, while computer monitors displaying the condition of those centrifuges showed them to be normal. At the time, the damage was thought to have set the Iranian nuclear research program back by about two years.

Shelton says it had another effect: An increase in Iranian resolve to strike its enemies in the cyber realm. “The Iranian situation is difficult to talk about,” Reuters quotes Shelton as saying. “It’s clear that the Natanz situation generated reaction by them. They are going to be a force to be reckoned with, with the potential capabilities that they will develop over the years and the potential threat that will represent to the United States.”

Financial firms have spent millions of dollars responding to the attacks, according to bank officials, who add that they can’t be expected to fend off attacks from a foreign government.

Read the rest of this post on the original site »

The acquisition was reported by several media outlets, including The Wall Street Journal, which cited sources close to the transaction as saying that Chase paid $35 million for the San Francisco company.

Bloomspot’s roughly 100 employees are expected to be offered jobs at the lender and payment processor.

Together, the two should be a good fit.

In general, banks and card issuers are looking for new revenue streams after the Durbin Amendment capped the amount that they could charge merchants on debit card transactions. Additionally, many banks have already begun sending targeted ads or deals to consumers based on their spending habits.

In a recent story, I named financial companies, including Visa, MasterCard and American Express, as potential acquirers for Groupon. However, one impediment with Groupon is its price. Even though its stock is down around 80 percent since its IPO, it would still cost billions to acquire.

The purchase today by Chase shows that there is an interest, just at a lower price point.

In a release, Jeff Kinder, president of Chase Offers, said, “Merchant partners are continually looking for ways to engage the right customers, and consumers have shown a clear interest in receiving offers from their favorite merchants. We believe Chase has a unique set of assets to bring these customers together and deliver highly targeted, relevant merchant offers at scale.”

Over the past few years, Bloomspot, which was led by former Yahoo executive Jasper Malcolmson, has tried hard to disassociate itself from both Groupon and LivingSocial. Even though on the surface it seems as though Bloomspot distributed similar offers, Malcolmson said he was focused on bringing merchants profitable customers rather than just getting new people in the door.

The company’s motto was, “Great Offers. Great Customers.”

But this deal may not have been so great for investors.

Last summer, Bloomspot raised $35 million in a second round of funding just before Groupon’s public offering. Prior to that, it raised nearly $11 million, for a total of about $46 million. Investors include InterWest Partners, Columbia Capital, Menlo Ventures and True Ventures, among others.

Images of Money

Visa’s V.me service is similar to eBay’s PayPal and other e-wallet services under development by MasterCard and American Express. The consumer benefit for all of these is that checking out online or from a mobile phone will be easier because customers will only have to enter a username and password, which automatically populates dozens of fields, including credit card numbers and shipping addresses.

While V.me is operated by Visa, it is promising to be open, meaning that consumers can fund it using a variety of sources — including Visa, MasterCard, America Express and Discover cards.

Today, Visa is announcing the commercial launch of the service after unveiling V.me in beta a year ago.

In that time, it has signed up 23 online retailers, including Blue Nile, Buy.com, MovieTickets.com, 1-800-Flowers.com, Cooking.com and CozyBoots.com. And agreements have been secured with 50 of the top issuers and banks, including BB&T, CSCU, BBVA, U.S. Bank, dozens of credit unions and more.

Jennifer Schulz, Visa’s global head of e-commerce, said the company will be relying mostly on the banks to promote the digital wallet service. Some banks have committed to directing consumers to the V.me site, or to integrating the registration process directly on their own sites. Any consumer, regardless of whether their bank is participating, can sign up at V.me.

Visa still has a long way to go. It will reach 55 million consumers through the bank relationships, and it is working with only 25 of the top 250 Internet retailers, Schulz said.

The diagnosis puzzled Ms. McCandless, who is no Luddite. She builds database software from her home in Winston-Salem, N.C. She only figured out the real problem later that day, after seeing news reports about how big banks were the target of a cyberattack.

Read the rest of this post on the original site »

It’s complicated, but not difficult, to surmise the nature, if not the names, of the targets of this latest state-sponsored malware campaign: Of the 2,500-odd infections that Kasperky’s researchers have counted so far, 1,660 — more than two thirds of them — have occurred in Lebanon. The software is designed to intercept data intended for use with accounts at the Bank of Beirut, Byblos Bank, Fransabank, all of which are either based, or which have significant operations in Lebanon.

Gauss, they say, bears a lot of the same markers as Stuxnet, Duqu, and Flame, which all predated it. It is the latest evidence that the U.S. is participating in a covert, undeclared campaign of computer warfare against parties unknown and of uncertain intent.

Anyone who reads the news of the world can guess at Gauss’s purpose. The prospect of a shooting war with Iran involving the U.S. and Israel in some combination is never far from the minds of anyone in that region these days, as that country continues to develop its capacity to produce materials that might be used in nuclear weapons.

Lebanon is the home base of Hezbollah, a militant and terrorist group that is backed financially by both Iran and Syria, and which even has a political arm that has seats in the current Lebanese government. If there is to be a war with Iran, it follows that Hezbollah would act as an Iranian proxy, and would probably serve as Iran’s offensive arm, launching missile and other attacks against Israel. Naturally, intelligence about the movements of money in that country might be useful information. It might also be useful to drain certain accounts of funds as a way of slowing down operations. You can’t shoot guns and missiles if you can’t buy them first.

Another purpose might also have to do with the efforts to undermine the regime of president Bashar al-Assad in neighboring Syria. For years, Syria essentially occupied Lebanon, and it continues to have a significant interest in the country.

Naturally, there’s a potential for unintended consequences. Attacking the banking services and infrastructure of one country invites a response. And few things give people more pause than the thought that their banking information might be compromised, altered or even wiped out. Imagine going to an ATM tomorrow and seeing a negative balance where you expected plentiful cash.

There is one bit of encouraging news in this: It seems the cyber-warriors are learning from their mistakes. Having watched as Stuxnet was first detected and then de-constructed by the global community of computer security researchers, Gauss’ meatier functions have been carefully and shielded by a cloak of strong encryption. When it encounters a computer of a specific type and configuration, then and only then do those parts decrypt themselves. Stuxnet did something similar, and it was later discovered to be aimed at a specific combination of systems thought to be used in Iran.

Stuxnet was difficult and expensive to create, and as such never intended to be seen in the wild. When it did leak into public view, researchers working for both the good guys and bad guys tore it apart in order to learn as much as they could from it. This time, the most sensitive parts of the weapon — for that is what it is — have been locked up relatively tightly in hope that the bad guys learn less this time around. For people like me who wring their hands over the implications of all this, that has to count as progress.

On Wednesday, the door opened for research analysts at banks that worked on Facebook’s initial public offering to publish their views on the social-network company’s shares. Large Wall Street firms are barred for a 40-day period after an IPO from putting out analyst reports on stocks they underwrite. Smaller banks involved in an IPO aren’t legally barred but typically agree to adhere to the delay.

Read the rest of this post on the original site »

Trading desks at Goldman Sachs Group Inc. and J.P. Morgan Chase & Co., two of the firms that helped Morgan Stanley underwrite the IPO, were among those lending out Facebook shares that hedge funds needed for short sales, according to people familiar with the matter.

Read the rest of this post on the original site »

The full extent of the breach couldn’t be determined, one of the people said. It wasn’t immediately clear if cardholders have been hit by fraudulent transactions.

Read the rest of this post on the original site »

The push represents an effort by frustrated merchants to get the upper hand in the fast-developing market that turns cellphones into payment devices. The race pits the retailers against banks, credit-card networks, telecommunications firms and technology companies.

Read the rest of this post on the original site »

Gupta joined the company 18 months ago after Google acquired Jambool, a virtual goods payment platform where he was a founder and CEO. More recently, he’d been one of the leaders on the payments team, overseeing Google Wallet and reporting to Osama Bedier, Google’s VP of Payments.

“I can confirm that Vikas has left Google and we wish him all the best in his future endeavors,” a spokesman said.

Jambool’s product, Social Gold, was rolled into Google’s payment products and is being used for in-app purchases on both Android Market and Google+ Games.

According to Gupta’s LinkedIn page, he joined Google in August 2010 and held the title of head of consumer payments. Jambool reportedly was purchased for $55 million before any additional earn-outs. Prior to founding Jambool, Gupta worked at Amazon.

Gupta’s departure is the second management move made in the Google Wallet ranks over the past week.

A spokesperson declined to say if the division was undergoing a wider restructuring, but last week, I reported that Google’s VP of Commerce Stephanie Tilenius was moving into a more global position. And, as part of that, Bedier will be taking on a larger role within Google Wallet, though his title will not be changing.

The Wallet is Google’s mobile payments strategy that allows users to tap their phone at the register to pay using near field communication technology. The company has already successfully formed alliances with both banks and retailers, and is leveraging its vast install base of Android users.

Today, it is live with some merchants, although it does face some challenges.

Currently, it only works on one phone from Sprint, and both consumers and merchants will most likely have to upgrade their hardware for it to work. Additionally, some carriers, such as Verizon Wireless, have decided to disable Google Wallet on phones they are shipping. Other carriers, which are part of a mobile wallet joint venture called ISIS, are expected to follow suit, effectively limiting access for many U.S. consumers.

More than six months after hosting a flashy launch event, the business may be getting a lot harder than it originally looked.

Seattle-based Bobber Interactive believes it has come up with a solution: A Facebook application that allows prepaid users to track their spending, make savings goals and ultimately earn cash rewards.

While a number of Facebook applications exist to collect debts from friends, pool money for shared bills or track household expenses, this may be the first application that allows people to actually manage real money, like a bank.

The application, called Goal Card, is being unveiled this week at the Finovate event in New York, where the company is providing a demonstration and announcing that it has raised $1.4 million in a round of capital.

As you might expect, the Goal Card application is nothing like your mother’s bank. Instead of black-and-white spreadsheets, the GoalCard apps uses animated pictures, videogames to increase loyalty, and even viral mechanisms, like posting to a friend’s Facebook page.

The concept for the company, led by CEO Eric Eastman and COO Scott Dodson, started to gel last year, and won the “Best in Show” award at the Finovate event in the spring.

Today, the five-person team works out of luxurious headquarters in downtown Seattle. The space is hundreds of thousands of square feet too big, but it’s a bargain, and there’s always parking available in the garage. It’s also appropriate because it’s on Wall Street. Eastman jokes that while a lot of people have lost their trust for financial institutions on Wall Street, “hopefully they’ll trust this one.”

The company’s investors include Peak6 Investments and Dove Capital.

The application allows prepaid cardholders to do a number of regular banking activities such as check balances and track recent purchases. But it also allows users to set goals, like saving up for a new mountain bike or designer purse. Every day, users will see a progress bar detailing how close they are to making that purchase.

Users will also be able to play games, like a version of Bejeweled in which users line up credits and debits or answer questions such as “Who would you rather loan $50 to?” using their Facebook friends.

The games encourage engagement and enable users to earn cash rewards, Dodson explains. Users will also be able to receive up to five percent cash back once they meet their goal and purchase the item they’ve been saving up for.

Bobber makes money by sending referrals to e-commerce sites, which can pay up to 15 percent, depending on the item. But the majority of its revenues are expected to be made from interchange rates, which merchants pay the card’s processors each time a purchase is made. Those rates have remained high for prepaid cards — around 1.25 percent — despite recent legislation that lowered rates for other transactions.

So far, Bobber has only integrated with Amazon, but it expects to add more retailers soon.

Additionally, it expects to lower the cost of acquiring customers compared to other banks and card issuers, which spend big dollars on circulars and flashy ads. Instead, it believes current customers will spread the word about the site through Facebook’s viral channels.

The emergence of Union Square as a destination for technology firms got its start several years ago. But the neighborhood’s tech community received a boost this year with the arrival of household names such as computer giant Apple Inc. and the impending arrival of user-review site Yelp.

Those big companies are among nearly a dozen tech firms that have signed leases this year for a combined 135,000 square feet of office space in Union Square, according to the Union Square Partnership.

Read the rest of this post on the original site »

The Fed proposal, being considered at a meeting Wednesday afternoon, gives banks and credit unions much more flexibility in how much they can charge merchants.

Interchange or “swipe” fees are what banks charge merchants every time a customer uses plastic to pay for a purchase; the consumer doesn’t pay them directly.

Read the rest of this post on the original site »

Federal prosecutors in Manhattan have alleged the poker companies, which are located outside the U.S., tried to sidestep U.S. laws prohibiting banks and credit-card issuers from processing gambling payments by disguising billions of dollars from U.S. gamblers as payments to nonexistent online merchants for golf balls, jewelry, flowers and other merchandise.

After U.S. banks and financial institutions began detecting and shut down bank accounts used by the scheme in late 2009, prosecutors allege, a new strategy was developed in which two online poker websites allegedly persuaded a few small, local banks facing financial difficulties to process their payments in return for multimillion-dollar investments in those banks.

Read the rest of this post on the original site »

The company has not yet hired bankers or determined a timeline for a potential IPO, but some of the groundwork is starting to be laid, said Vince Sollitto, the company’s VP of corporate communications.

Sollitto said Yelp’s current CFO, Vlado Herman, who has a young family and a long commute to the company’s San Francisco headquarters, suggested the change. He will stay on board until a replacement is found.

Herman’s departure will give the company the opportunity to hire someone with expertise in the public markets.

In a fairly public move, Yelp walked away from about a half a billion dollar offer from Google in 2009.

The company’s revenues are widely considered to be around $50 million last year, and are projected to double this year.

Sollitto declined to confirm the numbers, but said the company’s growth accelerated in the first quarter of 2011, and the the local reviews site is now attracting 50 million unique visitors a month and counts 17 million reviews.

Yelp is now available in eight countries, and relies primarily on local search advertising. Increasingly, as its audience grows, it is also seeing opportunities in display advertising, and it was able to enter the daily deals space easily by leveraging its sales staff of 350.

Today, it is offering daily deals in 10 U.S. markets.

In that space, Groupon is the most prominent player currently considering an IPO. Groupon is on track to pick Goldman Sachs and Morgan Stanley as its two lead underwriters, reports the WSJ. The IPO is expected to value the Chicago company between $15 billion and $20 billion, according to people familiar with the deal.

The service, called Serve, will let consumers make purchases, take cash withdrawals from ATMs and make person-to-person payments from their computer or their phone.

The card will be funded by a user’s bank account or credit or debit card–even from one of the company’s major competitors, like Visa or MasterCard.

In the beginning, Serve will be fairly traditional and be accepted anywhere that American Express is accepted, but eventually it could give way to a mobile payments solution on the phone, using such technologies as near-field communication (NFC).

“What we are trying to do is put into place a platform–not a card, or an e-wallet–that enables digital payments and commerce that allows consumers and merchants to seamlessly move between online and offline,” said Dan Schulman, Group President, Enterprise Growth at American Express.

What Schulman said he wasn’t interested in experimenting with yet was NFC, which allows users to waive their phone at the register to pay. The technology is still in its infancy.

“That’s incredibly uninteresting…That’s a form factor shift, not a value proposition change,” he said. “The distinction between online and offline is going to blur and become moot as you go out three to five years from now.”

Schulman has been thinking about these problems since joining American Express in August 2010.

Previously, he was the president of Sprint’s prepaid division, having joined the third-largest carrier when Sprint acquired prepaid provider Virgin Mobile USA, where he served as CEO.

The Serve platform evolved from American Express’s $300 million acquisition of an Internet-based payments network that was part of America Online Inc. called Revolution Money, co-founder Steve Case’s investment firm.

To be sure, the launch provides new ways for the $54 billion company to diversify its user base.

“This will enable us to break into a younger demographic for sure, or under-served demographics, and people who’ve used debit, checking or cash. It enhances our ability to address different demographics in the U.S., but also the rest of the world,” he said.

On day one, Serve will be accessible online and from applications on both Apple and Android devices, with support for BlackBerry coming soon. Initially it will be in the U.S., but will shortly expand internationally. It will also downplay its associations with the large card company.

“We are really excited about the launch, it’s really different than what people might think about American Express. It’s not AmEx-branded, it’s cross-platform and completely open,” Schulman said.

He expects the platform to be very flexible and adapt to the market in future iterations.

To help promote the platform, the company is creating a number of partnerships that are all over the map.

One is with Ticketmaster, which will let users buy tickets to an event and then get reimbursed by their friends via Serve. Others include Concur and Flipswap. The service will also be available through a Facebook widget. To promote the widget, Serve will be letting users donate to certain causes. Serve will match contributions up to $100,000 for each charity.

While these are new areas that American Express does not currently serve, Schulman believes its experience makes the company a potential leader in digital payments.

He said it helps that they have 90 million card members and have partnerships with thousands of merchants worldwide. Also, he said, there are three crucial pieces of the puzzle that a company entering the space must have: trust, security and good customer service.

Of course, eBay-owned PayPal, Visa, MasterCard and a variety of other startups–including Boku, Zong, BilltoMobile and Square–are all vying for a position in the emerging digital and physical payments market.

Schulman admits there’s a lot of overlap with what it is doing and PayPal. “Yes, there are obviously things that are similar to PayPal. In fact, there are quite a number of people thinking about this as we are making a transition from a physical plastic world to a digitally-oriented payments world.”

For instance, PayPal will be conducting several pilot programs over the next year to test how consumers will use their PayPal accounts at the register.

Visa recently purchased PlaySpan for about $190 million to enter the digital payments world. Google also is planning its next move.

With all this talk about payments, American Express indeed expects to get paid as well.

To start, most consumer fees will be waived for at least the first six months, including fees for adding money to the account and transferring funds between Serve users. The first ATM withdrawal each month is free, but after that consumers will be charged $2. After the introductory period, consumers will be charged 2.9 percent plus 30 cents each time they load money (that drops to 0 percent for cash, debit and ACH).

Merchants will also pay, but will be charged a discounted rate for transactions made in stores and online since Serve is considered a prepaid card. Typically, prepaid discount rates are less expensive than credit rates, according to a spokeswoman.

But its not just the fees that American Express wants to collect. It also wants to collect consumer data to be able to offer well-targeted offers.

“We’ll probably make the equivalent once we are at scale, depending on funding and merchant mix through payments alone. We think that’s a great business. We also think that the data we can collect with consumers, assuming they give permission, will add a number of value-added services in connection with partners.”