Data security

Merchants today face the daunting task of investing in several payment technology upgrades at once, and the confusion surrounding this process could bolster many pre-existing security vulnerabilities, argues point of sale security expert Chris Strand.

Target has agreed to pay $39 million to settle loss claims from a two-year-old data breach that were brought by MasterCard and a group of financial institutions, according to court documents filed Wednesday.

Unlike the high-profile hacking incidents at big banks, smaller institutions have their own breed of threats such as cyberextortion that they must focus on in strengthening their security.

The introduction of EMV cards didn't significantly slow transaction times at U.S. retailers during the Black Friday shopping event, but there are still many wrinkles to iron out at the point of sale.

The U.S. is a long way from widespread adoption of EMV, but security analysts say the boom in online shopping—plus a surge in consumers' use of mobile devices for holiday purchases—will make it easier for fraudsters to hide their moves as they redirect their efforts from retail to online channels.

To counter the rising rate of e-commerce fraud, U.K.-based myPINpad plans to provide a virtual PIN pad for mobile-generated online transactions through the VocaLink network for the next five years.

Banks give a lot of reasons for providing chip cards that work with signatures, rather than four-digit PIN codes, but none of them are convincing.

The goal of adopting chip cards — to provide tighter security — is a noble one. But by going partway, authorizing transactions with signatures rather than four-digit codes, banks are watering down that security, at least for lost and stolen cards.

At long last, the National Retail Federation has won the support of several U.S. attorneys general in its demand for chip and PIN security at the point of sale. But even this isn't enough.

Regions Financial in Birmingham, Ala., has hired FBI veteran John Boles to oversee its investigations of cybersecurity and international threats.