Investment

For financial institutions, there are scary parallels between the IRS' failure to protect sensitive personal information and their own such struggles.

A mature governance framework and risk culture that reaches all employees are among the attributes of a high-functioning "risk organization."

In focusing on private blockchains, banks make the same mistake companies made in the nineties when they favored private information networks over the open protocols of the Internet.

The tax agency's struggle to protect sensitive data mirrors banks' own, and its shortcomings can also be found at financial institutions.

In expanding Visa Token Service, the card brand is requiring issuers to stop using alternate personal account numbers in cloud-based mobile payments and instead converting to tokenization.

Encryption keys are vital to the secure operation of payment acceptance devices. But key transport protocols have not kept pace with the movement toward standardized encryption practices. This adds cost and complexity to payment infrastructure and processes.

In the payments industry, tokenization is often portrayed as a new or futuristic security method, better suited for the world of mobile wallets than the era of magstripe cards. But SeatGeak decided early on to make it a cornerstone of its mobile commerce experience.

Wells Fargo and Tangerine Bank are among those trying new communications tools that bring human conversations back into the channels where people bank by swiping and tapping.

New requirements and guidance from the Payment Card Industry Security Standards Council will be released to merchants in April, which is about six months earlier than its normal update cycle.

The Consumer Financial Protection Bureau on Wednesday ordered online payment processor Dwolla Inc. to pay a $100,000 fine for deceiving customers about its security practices — the first action it has taken related to data security.