Data security

As EMV-chip card use spreads at the point of sale in the U.S., online merchants will have to change the way they handle payments online.

Imagine a stunned ISO executive standing amid the smoking ruins of a data breach and clutching a six-figure bill for the damages. Visions of such scenes are prompting ISOs to take a keen interest in helping their merchants comply with the Payment Card Industry data-security standards designed to prevent such catastrophes, observers say.

Between tending to tarantulas, looking after lizards and feeding the snakes every night, a mom-and-pop pet shop owner has enough predators to worry about. But there's one that threatens small businesses' very livelihood that often gets overlooked.

Over the next year banks will likely spend millions of dollars enhancing information security in response to the recent Federal Financial Institutions Examination Council guidance. The FFIEC guidelines were updated in response to increased threats from phishing, pharming and crimeware. The updated guidelines suggest that financial institutions (FIs) assess the risk associated with their Internet banking applications, identify mitigating actions and adjust their information security programs to implement those actions.