Data and information management

About a month after Visa's European outage, Mastercard encountered a similar glitch for a brief period of time on Thursday.

As banks beef up defenses, hackers are targeting the weaker link: customers.

The virtual card company is giving customers direct access to their data through an application programming interface to see what they do with it.

Even though much of PCI data is stored and maintained on mainframes, many are currently not being evaluated or scanned accurately for PCI DSS compliance, writes Ray Overby, co-founder and president of Key Resources.

The Bank of England, together with the Financial Conduct Authority and the Prudential Regulation Authority, has cautioned U.K. banks to prepare for cyberattacks and technical failures.

High-powered portfolio simulations, security and client communication are among the most promising possibilities, say tech leaders at Morgan Stanley, D-Wave and Clovyr.

Fallout from the Equifax breach is coming into clearer focus as more companies begin pinpointing its effects over the last several months.

Technology can help an organization scale internationally and help finance departments shift their focus from managing the details of supplier payment processing to delivering valuable guidance to the business, writes Chen Amit, CEO of Tipalti.

Bancor, an Israeli startup that facilitates trading in digital tokens, said a criminal made off with a $13.5 million cache, mostly comprised of Ether.

When GDPR went into effect in May, it was expected that the European law would touch a lot of U.S. payment companies because of their international scope. Now it's clear that even purely domestic U.S. firms will have to adhere to some version of the data-privacy law.

A lack of standardization increases costs and complexity at each bank, opens the door to insecure solutions and hinders adoption by software developers that only have bandwidth to write to one or two open APIs, according to Steve Kirsch, CEO and founder of Token.

The consortium's Corda Enterprise is designed to let blockchain applications exist behind a company’s firewall but still interact with outside partners.

All service providers, even those with a strong security posture, are only as secure as the Home Depots, LinkedIns and Equifaxes of the world, argues George Avetisov, chief executive of HYPR.

Echoing the set of restrictive rules known as GDPR enacted earlier this year by the European Union, the state legislation — which does not take effect until 2020 — will almost certainly be the subject of intense lobbying from business giants that vacuum up all the data.

By intelligently applying friction, where the entry of a PIN or a swipe of the screen can be used to correlate against known data, we can better prove that the correct user made the transaction and avoid the costs and disruption associated with fraud and disputed claims, writes Zia Hayat, CEO of Callsign.

One firm's inability to access bank data shows how fragile fintechs can be; payments processor Square quietly withdraws bank application; turnover of chief risk officers is on the rise; and more from this week's most-read stories.

A new malicious spam campaign that has been targeting Internet users in the U.K. serves as an important example of how banking malware targets business as well as home users.

International banks are also having to adapt to a raft of regional payment and data regulations that impact their operations in certain territories significantly but in others only negligibly, according to Russell Bennett, chief technology officer of Fraedom.

Readers weigh in on inequality in financial services, opine on falling bank reputations, chime in on the evolving role of the chief risk officer and more.

The GDPR doesn’t mandate how data requests should be made, but it does say that organizations handling personal data should be prepared to handle the requests. One would be right to wonder whether companies are as prepared as they should be.