Data security

WASHINGTON — Federal regulators on Tuesday unveiled a much-anticipated tool meant to help institutions assess their own cybersecurity systems.

The agency's Semiannual Risk Perspective pinpointed compliance and operational risk as potential problems for big banks while it outlined a different set of challenges for midsize and community banks.

The EMV migration should be part of a broader security strategy that includes examining the age-old practice of using signatures to authenticate card payments, Federal Reserve Gov. Jerome Powell said Thursday.

Applying early for the web extension increases the odds of getting a preferred address in a business where "First National" is as common as "John Smith." Eventually, bankers hope .bank gains widespread recognition as a mark of trustworthiness.

The fraud fix, as it is becoming clearer, is to take payment card information (account numbers, card verification values and the like) and devalue this data in an effort to make it less relevant to the hackers who seek to harvest and sell it.

Among the most important payment changes on the horizon in the U.S., is the migration to EMV technology and the looming October 1, 2015 deadline.

Trustwave researchers have discovered a vulnerability in RubyGems, a software distribution programming language that's used for many payment processes.

Bankers are banding together to combat cybercrime and Chris Feeney, new head of the Financial Services Roundtable's technology arm, wants to play a central role in keeping it a team effort.

Multinational banks that delay preparation for the European Union's proposed General Data Protection Regulation could pay a steep price: hundreds of millions of dollars in fines.

Before Target, there was TJX, the major 2007 breach that impacted about 45 million credit cards. The crime and its prevention were basic, and provide a lesson for today's retailers that are battling a new wave of data theft.

In a letter to nine lenders, New York Attorney General Eric Schneiderman said investigators uncovered identity-theft schemes hatched by tellers at some of the biggest institutions.

Several weighty issues remain on the agenda for policymakers over the next few months, including everything from living wills to regulatory relief to a long-lost compensation rule.

Many community banks are trying to determine the right balance of in-house staff and outsourced assistance in the area of risk management. Cost cutting and regulatory oversight loom large over such decisions.

There have been various media reports about some of the security shortcomings within Apple Pay. The shortcomings are not security holes per se, in the sense that a hole is generally unintended. No, the security issues were deliberate, done with the goal of making signups and initial usage as easy as possible for shoppers.

As cards include more embedded technology, issuers and manufacturers face the tough question of how much card power to sacrifice for stronger fraud protection.

Comptroller of the Currency Thomas Curry described cyber-readiness as a "system-wide" exercise, and said a new tool for assessing readiness can help banks of all sizes.

In the second part of a two-part conversation with American Banker, miiCard's James Varga discusses how his company leverages the trust placed in banks to create "digital passports" for consumers to prove their identities without oversharing information.

It comes as a shock to few people that we’re currently in a period of high fraud, in an environment that can be characterized with words like “high risk” and “unstable.”

Heartland Payment Systems has reported it suffered another data breach last month.

Payments security researchers today find themselves in an awkward position and it's retailers who have put them there.