As banks beef up defenses, hackers are targeting the weaker link: customers.

Even though much of PCI data is stored and maintained on mainframes, many are currently not being evaluated or scanned accurately for PCI DSS compliance, writes Ray Overby, co-founder and president of Key Resources.

The Bank of England, together with the Financial Conduct Authority and the Prudential Regulation Authority, has cautioned U.K. banks to prepare for cyberattacks and technical failures.

Bancor, an Israeli startup that facilitates trading in digital tokens, said a criminal made off with a $13.5 million cache, mostly comprised of Ether.

The consortium's Corda Enterprise is designed to let blockchain applications exist behind a company’s firewall but still interact with outside partners.

A new malicious spam campaign that has been targeting Internet users in the U.K. serves as an important example of how banking malware targets business as well as home users.

Turnover of chief risk officers is on the rise as CEOs look to add executives whose experience goes far beyond assessing credit risk. Sometimes they are promoting from within, but often they are poaching talent from rival banks.

Phone-based customer service opens opportunity for voice phishing, or "vishing," and other types of attacks linked to card not present transactions, according to Rafael Lourenco, an executive vice president at ClearSale.

The Illinois commercial bank gained a new role when it realized it shared the same digital transformation challenges as its customers.

Eight states want the credit bureau to show what it’s doing to improve data security; Goldman, Morgan Stanley and Wells Fargo will be the focus of this set.

Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.

Ticket sales company Ticketmaster has warned customers in the U.K. that malicious code running on its website could have led to personal data and payment details being stolen. This kind of breach through third-party JavaScript code is quite common and may go undetected for months.

Payments fraud from business email compromise, or BEC, occurs when scammers use phishing tricks and email to fool businesses into making fraudulent payments to perceived suppliers. Experts suggest newer factors are accelerating the trend.

HSBC is the first bank in the U.S. to deploy SoftBank's lifelike Pepper robot in a branch to help customers learn about bill pay, remote check capture and even ask the weather — but in Pepper's current iteration, it won't take deposits or payments.

Almost two-thirds of financial institutions have yet to form threat hunting teams — a growing necessity as the number of high-profile attacks rises.

Malware operators are joining forces, installing each others’ tools on compromised computers to target a wider range of victims, and possibly also sharing the work of harvesting funds using stolen account details.

The Dixons Carphone hack shows again that merchants and payment companies need to do more to make data unattractive to thieves, according to Robert Capps, vice president of NuData Security, a Mastercard Company.

Of all the types of malicious software targeting businesses, ransomware continues to be one of the most pervasive, according to recent studies. Here's an overview of the things banks, especially small ones, are doing to stop it.

Readers respond to a bill designed to modernize the anti-money-laundering rules, applaud the acting head of the CFPB’s decision to fire the members of the bureau’s advisory councils, opine on when a bank ought to communicate it has been hacked and more.

PCI compliance can take time and is expensive, but it's a vital part of security and there are ways to mitigate the resource challenges, according to Justin Shipe, vice president of information security for CardConnect.