Data security

Heading into 2015, merchants weary from data breach fallout and worried about stricter PCI guidance will likely turn to third parties for payment security over a do-it-yourself approach.

Tangerine, Simple, American Express and Discover are some of the financial institutions that use Apple's Touch ID fingerprint-authentication technology to let consumers replace passwords or to add security.

In a breach incident that illustrates how long a company can do business without knowing fraudsters are potentially stealing its card data, Charge Anywhere LLC informed its merchants it has found and shut down malware that initially entered its network five years ago.

As card networks develop tokens to stand in for account numbers in online and mobile commerce, they may be able to standardize the experience across all companies that handle payments, said Mike Matan, head of global network business at American Express.

Rallying its members to wipe out passwords, the Faster IDentity Online Alliance — an organization of more than 150 payments and technology businesses — released standards Dec. 9 for multi-factor e-commerce authentication.

Companies seeking to shield valuable data from criminals and government spying should assume the attackers have already penetrated their systems and adjust defensive strategies, security firms McAfee and Symantec said.

Despite the many high-profile breaches that occurred over the past year, too many businesses have not adopted strong security practices and as many as a third don't have a clear understanding of where their sensitive data is stored or how it is protected.

Following the disclosure by a name brand retailer that their point-of-sale (POS) system had been breached, shoppers outside one of the retailer’s brick and mortar locations unanimously told a television reporter that cash was the safest way to pay in-person.

As mobile commerce and other new technologies change the way people shop, fraudsters are changing their methods to adapt. Banks, fintech providers and consumers are all looking at security in new ways.

Total holiday sales are expected to reach $863 billion in 2014, up from $822 billion last year. That is a staggering amount of money, and the weeks between Thanksgiving and Christmas make or break a sales year for large and small businesses alike.

After spending six of his 10 years in the U.S. Air Force as a cybersecurity professional, Chris Gerritz brought his expertise to the retail payments industry. His startup, Infocyte, operates on the premise that hacks into payment systems are inevitable.

Target Corp. must defend itself against claims that its failure to shield computer systems allowed hackers to steal the account data of millions of shoppers, forcing banks to reimburse fraudulent charges and issue new credit and debit cards.

The annual Cyber Monday shopping holiday is a boon to mobile payments, but remains a significant challenge for e-commerce security.

A year after the Target data breach prompted retailers to step up their migration to EMV-chip acceptance, many consumers finally have EMV cards or can access the same security through Apple Pay's new mobile wallet. But will they finally change their habits?

A significant number of consumers are concerned about credit card fraud, particularly in light of recent, high-profile data breaches disclosed by Home Depot and Target, according a survey released by FICO.

Payment technology processor Acculynk has agreed to buy the intellectual property of PayPlum.

Most small merchants are not security experts, but the past year's string of retailer breaches may slowly be changing their mindset.

The growing influence of nonbank companies poses a danger to the financial system, and perhaps a national security threat, BB&T's Kelly King says during a wide-ranging conversation among big-bank CEOs.

Target Corp. is asking a federal judge to throw out claims by banks that had to deal with the consequences of a data breach that compromised at least 40 million credit-card accounts.

Modern technology has turned the payments industry into a juggling act, particularly for those charged with deploying new techniques to protect payment card data.