Data security

The tax agency's struggle to protect sensitive data mirrors banks' own, and its shortcomings can also be found at financial institutions.

In expanding Visa Token Service, the card brand is requiring issuers to stop using alternate personal account numbers in cloud-based mobile payments and instead converting to tokenization.

Encryption keys are vital to the secure operation of payment acceptance devices. But key transport protocols have not kept pace with the movement toward standardized encryption practices. This adds cost and complexity to payment infrastructure and processes.

In the payments industry, tokenization is often portrayed as a new or futuristic security method, better suited for the world of mobile wallets than the era of magstripe cards. But SeatGeak decided early on to make it a cornerstone of its mobile commerce experience.

Wells Fargo and Tangerine Bank are among those trying new communications tools that bring human conversations back into the channels where people bank by swiping and tapping.

New requirements and guidance from the Payment Card Industry Security Standards Council will be released to merchants in April, which is about six months earlier than its normal update cycle.

The Consumer Financial Protection Bureau on Wednesday ordered online payment processor Dwolla Inc. to pay a $100,000 fine for deceiving customers about its security practices — the first action it has taken related to data security.

With tighter security in the online and mobile channels, fraudsters are turning their attention to vulnerable contact centers, conning eager-to-please phone service reps into coughing up customer information or letting them reset passwords on other people’s accounts.

The U.S. migration to EMV chip cards has been rough, according to U.K.-based Creditcall, which hopes its new certification from First Data can smooth things out.

Cybercriminals and hackers are increasingly targeting people, and not just technology, in an attempt to breach financial institutions.