Data breaches

Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.

The Dixons Carphone hack shows again that merchants and payment companies need to do more to make data unattractive to thieves, according to Robert Capps, vice president of NuData Security, a Mastercard Company.

PCI compliance can take time and is expensive, but it's a vital part of security and there are ways to mitigate the resource challenges, according to Justin Shipe, vice president of information security for CardConnect.

That’s the question executives of publicly traded banks are asking themselves as they try to make sense of new — and somewhat vague — guidance from the SEC on procedures for disclosing data breaches.

Many of these attacks have been server side ransomware and other sophisticated hacks, leading companies to examine the immature security processes, the technology of application security, and the insufficient expertise of development, writes Jeannie Warner, the security manager at WhiteHat Security.

We need to rethink how we acquire and manage consumer data, and any business using enterprise software needs to be accountable for how information is being processed, transported or shared, writes Chris Wong, CEO of LifeSite.

Canadian Imperial Bank of Commerce and Bank of Montreal are alerting clients that "fraudsters" claimed to have accessed personal and financial information of some customers.

Phishing is the likely culprit behind the recent Saks and Lord & Taylor breaches. Stronger email protection required to combat the threat, according to Matthew Vernhout, 250ok's director of privacy.

Deadlines imposed by U.S. and EU regulators are giving banks intercontinental whiplash.

Mark Begor said Wednesday that banks and other customers will receive regular updates on the credit reporting agency’s efforts to improve its cybersecurity in the wake of last year’s massive data breach.

Regalii has changed its name to arcus and switched from cross-border bill payment to helping banks use tokenization to reissue lost, stolen or breached cards.

A multilayered approach that allows one type of fraud tool to pick up the slack when another layer fails, according to Robert Capps, a vice president at NuData Security.

The correct strategy needs to be built around the mindset that the attackers might eventually succeed, and that with the right tools, the breach can be detected early, the extent of it can be controlled, and the attack can be stopped before a lot of damage is inflicted, writes Engin Kirda, a professor of computer science at Northeastern University.

Acting CFPB Director Mick Mulvaney told a group of bankers last week that he intends to end public access to complaints, but Sen. Elizabeth Warren and two other Democrats argue that would be a mistake.

In addition to changing the name of the Consumer Financial Protection Bureau, the acting director wants to also nix public complaints; the good, bad and ugly in Zelle's ascendance; a case study for digital outage recovery; and more from this week's most-read stories.

The agency's acting chief said hundreds of data breaches justified a halt on collecting information from firms, but experts question that logic.

With new data breaches becoming public on an almost routine basis, it’s no surprise that our findings revealed that consumers are starting to favor safety over speed and ease of checkout, writes Joseph Daly, COO of Paysafe Payment Processing in North America.

SunTrust let about eight weeks pass before telling the public that data tied to 1.5 million customers had been stolen.

The news of the data breach cast a shadow over relatively strong first-quarter earnings for the Atlanta bank.

PCI compliance can't solve all security problems. EMV, encryption are all necessary to protect merchants from data breaches, writes Jeff Zimmerman, COO of Clearent.