Data security

Ticket sales company Ticketmaster has warned customers in the U.K. that malicious code running on its website could have led to personal data and payment details being stolen. This kind of breach through third-party JavaScript code is quite common and may go undetected for months.

Capital One Financial Corp. is limiting how account data flows to outside apps for managing finances, prompting a backlash from the bank’s customers who say they have been locked out of their own information.

Payments fraud from business email compromise, or BEC, occurs when scammers use phishing tricks and email to fool businesses into making fraudulent payments to perceived suppliers. Experts suggest newer factors are accelerating the trend.

HSBC is the first bank in the U.S. to deploy SoftBank's lifelike Pepper robot in a branch to help customers learn about bill pay, remote check capture and even ask the weather — but in Pepper's current iteration, it won't take deposits or payments.

Almost two-thirds of financial institutions have yet to form threat hunting teams — a growing necessity as the number of high-profile attacks rises.

Called Mezu, the P2P platform has been live for about a week and uses a location-based code to execute payments, avoiding the need to even share usernames or other identifying information to move money.

Malware operators are joining forces, installing each others’ tools on compromised computers to target a wider range of victims, and possibly also sharing the work of harvesting funds using stolen account details.

Visa, which was criticized for its vague explanation of a June 1 outage in Europe, was in the process of installing better technology, but the project was not complete at the time of the incident and won't be finished until the end of this year.

The Dixons Carphone hack shows again that merchants and payment companies need to do more to make data unattractive to thieves, according to Robert Capps, vice president of NuData Security, a Mastercard Company.

Of all the types of malicious software targeting businesses, ransomware continues to be one of the most pervasive, according to recent studies. Here's an overview of the things banks, especially small ones, are doing to stop it.

Readers respond to a bill designed to modernize the anti-money-laundering rules, applaud the acting head of the CFPB’s decision to fire the members of the bureau’s advisory councils, opine on when a bank ought to communicate it has been hacked and more.

PCI compliance can take time and is expensive, but it's a vital part of security and there are ways to mitigate the resource challenges, according to Justin Shipe, vice president of information security for CardConnect.

That’s the question executives of publicly traded banks are asking themselves as they try to make sense of new — and somewhat vague — guidance from the SEC on procedures for disclosing data breaches.

Retailer associations and debit network providers have formed the Secure Payments Partnership, designed to address the ongoing problem of payment fraud.

Agency says it wants “smaller memberships to ensure streamlined discussions;” the bank hired a U.K. firm to help it better defend against cyberattacks.

Visa's management faces an unwelcome choice: It can share more information about internal shortcomings or mistakes that caused payments to shut off temporarily, or get summoned to Parliament for a politically-infused public questioning.

The European Union’s General Data Protection Regulation could serve as groundwork for future U.S. rules, so analysts suggest credit unions at least begin working toward compliance.

Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.

Merchants, banks, fintechs and card networks may crave digital payments' treasure trove of data over cash's simple anonymity, but any weakness in a centralized ecosystem threatens the entire network, as Visa learned late last week.