Data breaches

Organizations that lack security controls and have experienced a breach can expect auditors, regulators and standards bodies to knock on their doors demanding information, writes Fouad Khalil, head of compliance and SecurityScorecard.

The time is now for Congress to enact stricter data security standards that better protect credit unions and consumers.

Heading into the mid-terms, credit unions must remain focused on how to move forward these four key legislative and regulatory initiatives.

Sen. Elizabeth Warren and Rep. Elijah Cummings have called for an update on probes into the credit reporting giant a year after its massive data breach came to light.

After news of the breach, congressional hearings for the company’s ex-CEO and other blowback were accompanied by legislative calls to action. But a year later, have policymakers done anything?

The company built a patch within 24 hours of being alerted to a vulnerability in messaging software used by many banks and credit unions. Fiserv is looking into how this happened while addressing speculation about whether consumer data is still threatened.

The company built a patch within 24 hours of being alerted to a vulnerability in messaging software used by many banks. Fiserv is looking into how this happened while addressing speculation about whether consumer data is still threatened.

Cybersecurity remains a chief concern for small credit unions as a panel of experts warns small CUs may not just be a target, they could be one step in a larger attack.

The Trump administration is making more than 80 recommendations to encourage financial innovation within a regulated space, including endorsing the creation of a federal fintech charter.

The ongoing threat of data breaches serves as a reminder that every business is subject to PCI DSS compliance, no matter their size. Any company that handles cardholder data in any way must adhere to PCI DSS standards, which can be time-consuming and expensive, writes Matt VanderZwaag, director of product development at US Signal.

Multifactor authentication is table stakes in today's breach-heavy environment. Falling short of that standard creates a dangerously high threat, according to David Vergara, head of security product marketing for OneSpan.

Within hours of learning about the breach, Brinker International, parent company of the Chili’s chain, issued a news release, website notice and social media advisories informing consumers and other interested parties of the incident, writes John Gunn, CMO of OneSpan.

If fintechs can prove effective at overcoming fraud challenges as they scale their customer base, they’ll be able to better capitalize on their unique position of operating independent of legacy platforms as they create a more financially connected consumer experience, writes Dave Excell, founder and CTO of Featurespace.

Even though much of PCI data is stored and maintained on mainframes, many are currently not being evaluated or scanned accurately for PCI DSS compliance, writes Ray Overby, co-founder and president of Key Resources.

Eight states want the credit bureau to show what it’s doing to improve data security; Goldman, Morgan Stanley and Wells Fargo will be the focus of this set.

Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.

The Dixons Carphone hack shows again that merchants and payment companies need to do more to make data unattractive to thieves, according to Robert Capps, vice president of NuData Security, a Mastercard Company.

PCI compliance can take time and is expensive, but it's a vital part of security and there are ways to mitigate the resource challenges, according to Justin Shipe, vice president of information security for CardConnect.

That’s the question executives of publicly traded banks are asking themselves as they try to make sense of new — and somewhat vague — guidance from the SEC on procedures for disclosing data breaches.

Many of these attacks have been server side ransomware and other sophisticated hacks, leading companies to examine the immature security processes, the technology of application security, and the insufficient expertise of development, writes Jeannie Warner, the security manager at WhiteHat Security.