Data security

American Express has filed a notice with the attorney general in California informing some of its cardholders that their account information may have been compromised.

American Express has filed a notice with the Attorney General in California, informing some of its cardholders that their account information may have been compromised.

Merchants that postponed their EMV migration are feeling the sting of losses connected to the EMV liability shift. They are now shoring up their fraud defenses and—in some cases—speeding up their EMV-migration plans.

Biometric authentication has been "replacing" passwords for a long time, but for the most part accounts still rely more on remembered credentials than physical identifiers.

Data security vendor and researcher Trustwave has appointed company veteran Michael Petitti as senior vice president of global alliances.

The fight over the security protections on the San Bernardino, Calif., iPhone is about more than a single device or Apple's product line.

The Central Bank of Bangladesh is threatening to sue the New York Fed over money wired out of its account. The Fed says it did nothing wrong, the transfer was authenticated and executed by Swift.

As the Central Bank of Bangladesh threatens to sue the Federal Reserve Bank of New York over at least $80 million stolen from its account there, the Fed says its systems were not compromised.

For financial institutions, there are scary parallels between the IRS' failure to protect sensitive personal information and their own such struggles.

A mature governance framework and risk culture that reaches all employees are among the attributes of a high-functioning "risk organization."

In focusing on private blockchains, banks make the same mistake companies made in the nineties when they favored private information networks over the open protocols of the Internet.

The tax agency's struggle to protect sensitive data mirrors banks' own, and its shortcomings can also be found at financial institutions.

In expanding Visa Token Service, the card brand is requiring issuers to stop using alternate personal account numbers in cloud-based mobile payments and instead converting to tokenization.

Encryption keys are vital to the secure operation of payment acceptance devices. But key transport protocols have not kept pace with the movement toward standardized encryption practices. This adds cost and complexity to payment infrastructure and processes.

In the payments industry, tokenization is often portrayed as a new or futuristic security method, better suited for the world of mobile wallets than the era of magstripe cards. But SeatGeak decided early on to make it a cornerstone of its mobile commerce experience.

Wells Fargo and Tangerine Bank are among those trying new communications tools that bring human conversations back into the channels where people bank by swiping and tapping.

New requirements and guidance from the Payment Card Industry Security Standards Council will be released to merchants in April, which is about six months earlier than its normal update cycle.

The Consumer Financial Protection Bureau on Wednesday ordered online payment processor Dwolla Inc. to pay a $100,000 fine for deceiving customers about its security practices — the first action it has taken related to data security.

With tighter security in the online and mobile channels, fraudsters are turning their attention to vulnerable contact centers, conning eager-to-please phone service reps into coughing up customer information or letting them reset passwords on other people’s accounts.

The U.S. migration to EMV chip cards has been rough, according to U.K.-based Creditcall, which hopes its new certification from First Data can smooth things out.