Data breaches

Multifactor authentication is table stakes in today's breach-heavy environment. Falling short of that standard creates a dangerously high threat, according to David Vergara, head of security product marketing for OneSpan.

Within hours of learning about the breach, Brinker International, parent company of the Chili’s chain, issued a news release, website notice and social media advisories informing consumers and other interested parties of the incident, writes John Gunn, CMO of OneSpan.

If fintechs can prove effective at overcoming fraud challenges as they scale their customer base, they’ll be able to better capitalize on their unique position of operating independent of legacy platforms as they create a more financially connected consumer experience, writes Dave Excell, founder and CTO of Featurespace.

Even though much of PCI data is stored and maintained on mainframes, many are currently not being evaluated or scanned accurately for PCI DSS compliance, writes Ray Overby, co-founder and president of Key Resources.

Eight states want the credit bureau to show what it’s doing to improve data security; Goldman, Morgan Stanley and Wells Fargo will be the focus of this set.

Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.

The Dixons Carphone hack shows again that merchants and payment companies need to do more to make data unattractive to thieves, according to Robert Capps, vice president of NuData Security, a Mastercard Company.

PCI compliance can take time and is expensive, but it's a vital part of security and there are ways to mitigate the resource challenges, according to Justin Shipe, vice president of information security for CardConnect.

That’s the question executives of publicly traded banks are asking themselves as they try to make sense of new — and somewhat vague — guidance from the SEC on procedures for disclosing data breaches.

Many of these attacks have been server side ransomware and other sophisticated hacks, leading companies to examine the immature security processes, the technology of application security, and the insufficient expertise of development, writes Jeannie Warner, the security manager at WhiteHat Security.

We need to rethink how we acquire and manage consumer data, and any business using enterprise software needs to be accountable for how information is being processed, transported or shared, writes Chris Wong, CEO of LifeSite.

Canadian Imperial Bank of Commerce and Bank of Montreal are alerting clients that "fraudsters" claimed to have accessed personal and financial information of some customers.

Phishing is the likely culprit behind the recent Saks and Lord & Taylor breaches. Stronger email protection required to combat the threat, according to Matthew Vernhout, 250ok's director of privacy.

Deadlines imposed by U.S. and EU regulators are giving banks intercontinental whiplash.

Mark Begor said Wednesday that banks and other customers will receive regular updates on the credit reporting agency’s efforts to improve its cybersecurity in the wake of last year’s massive data breach.

Regalii has changed its name to arcus and switched from cross-border bill payment to helping banks use tokenization to reissue lost, stolen or breached cards.

A multilayered approach that allows one type of fraud tool to pick up the slack when another layer fails, according to Robert Capps, a vice president at NuData Security.

The correct strategy needs to be built around the mindset that the attackers might eventually succeed, and that with the right tools, the breach can be detected early, the extent of it can be controlled, and the attack can be stopped before a lot of damage is inflicted, writes Engin Kirda, a professor of computer science at Northeastern University.

Acting CFPB Director Mick Mulvaney told a group of bankers last week that he intends to end public access to complaints, but Sen. Elizabeth Warren and two other Democrats argue that would be a mistake.

In addition to changing the name of the Consumer Financial Protection Bureau, the acting director wants to also nix public complaints; the good, bad and ugly in Zelle's ascendance; a case study for digital outage recovery; and more from this week's most-read stories.