Breaches aided by weak passwords, poor AV detection

February 09, 2012

Trustwave's annual review of its data breach response investigations concluded that franchises are now the prime target for hackers seeking customer data, such as credit card numbers.
 

MasterCard announces product future around EMV

February 07, 2012

The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
 

Visa advises on more secure credit card transactions

January 16, 2012

Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
 

Zappos breach affects 24M, opens door for more attacks

January 16, 2012

Hackers breached a server belonging to online retailer Zappos and made off with the personal information of 24 million customers, though no credit card numbers were involved.
 

Hackers steal 200,000 card numbers from wholesaler

December 19, 2011

Hackers breached the systems of New York-based food services wholesaler Restaurant Depot, and stole hundreds of thousands of credit and debit card numbers.
 

Online privacy and security breeds customer confidence

Chris Babel, CEO, TRUSTe December 09, 2011

Studies show that online consumers are concerned about security and privacy. That means web retailers must ensure they are taking all the steps necessary to ensure a safe and transparent shopping experience.
 

Four charged with hacking Subway, other retailers

December 09, 2011

The defendants allegedly compromised the credit card data of 80,000 customers and made millions of dollars in unauthorized purchases.
 

Vandals hack checkout terminals at California supermarkets

December 08, 2011

As of Monday, at least 80 people were victimized by credit and debit card readers being tampered with.
 

Holiday folly for retailers with DNS glitches

Sean Leach, vice president of strategy, VeriSign Network Intelligence and Availability Group November 22, 2011

Proper DNS management by organizations is critical to protecting against threats and staying online during the busy holiday months.
 

Another PlayStation Network breach stings Sony customers

October 12, 2011

Sony's PlayStation Network again has been hit by hackers, but the limited damage that resulted could point to strides being made by the electronics giant.
 

Hacker attacks against retailers up 43 percent

October 12, 2011

Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
 

More than 100 charged in ID theft ring

October 10, 2011

The organized structure of a huge identity theft operation, based in New York, allowed members to make millions in profits.
 

Microsoft adds "major" update to detect Zeus trojan

September 15, 2011

Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
 

Former DHS official tapped to lead security at Sony

September 06, 2011

Much-maligned Sony announced Tuesday that it has hired a former U.S. cybersecurity official to serve as its first-ever chief information security officer. Philip Reitinger, 49, the former director of the National Cybersecurity Center at the U.S. Department of Homeland Security since June 2009, who tendered his resignation in May, will be tasked with assuring the protection of the multibillion dollar company's assets and services. It's been a tough year for Sony, which has experienced multiple breaches, most notably the compromise of its PlayStation Network and Qriocity services, which resulted in the exposure of the personal details of tens of millions of users. Reitinger has been in the private sector before, where he held the role of security strategist at Microsoft.
 

Experts warn of attacks as more Epsilon victims emerge

April 06, 2011

Fallout continues, and new corporate victims come to light after the massive breach of an email marketing services provider.
 

Former Gucci insider charged with hacking network

April 05, 2011

A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.
 

A slew of banks, retailers affected by Epsilon email breach

April 04, 2011

A growing list of companies, including Capital One, U.S. Bank, Citigroup and JPMorgan Chase, are notifying customers that their email addresses were stolen by hackers.
 

Scaled down, armored up: Small and midsized business protection

April 01, 2011

For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.
 

VeriFone, Square at odds over refuted security flaw

March 10, 2011

Mobile payment service startup Square has refuted claims made by a competitor that its card reader could easily be turned into a skimmer capable of stealing financial and personal information.
 

eHarmony advice site hacked to expose user information

February 11, 2011

eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
 

An independent approach to PCI audit security and compliance

Dave Greenstein, chief architect, StillSecure February 04, 2011

The PCI Data Security Standard assessment process must change, or the payment industry faces an ethical bind.
 

Dating site PlentyOfFish hacked to expose passwords

January 31, 2011

The credentials of nearly 30 million online daters are at risk following the exploit of a common website vulnerability. The exact circumstances of the incident remain in question.
 

Views regarding PCI compliance are mostly positive

January 12, 2011

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
 

Visa strengthens its network fraud detection

January 07, 2011

Visa has enhanced the security of its electronic credit card authorization system, known as VisaNet, to improve the speed and accuracy of fraud detection, the card brand announced Thursday. Earlier this year, Visa improved the processing platform of its Advanced Authorization technology so that it can analyze more information and perform more functions faster. "This provides Visa with a comprehensive view into the global payments system, leading to high levels of intelligence around spending patterns and improving the company's ability to detect and prevent fraud in near real-time," Visa said. The company believes the improvements could lead to a 29 percent gain in fraud detection over 2009. - DK
 

DHS zeroing in on Vietnamese-based fraud ring

January 04, 2011

Operation eMule is targeting a Vietnamese-based fraud operation believed to have duped U.S. retailers out of millions of dollars.
 

Standing up for the freedom of information, with the help of a security bug

December 28, 2010

In this instance, the public fervor isn't over the release of secret diplomatic cables but a U.K. academic paper detailing a vulnerability in chip-and-PIN.
 

NYC bus tour company's database hacked of credit card info

December 21, 2010

The credit card details belonging to customers of CitySights NY were stolen when a database belonging to the sightseeing bus tours company was hacked.
 

Zeus botnet targeting Macy's, Nordstrom account holders

December 09, 2010

A new Zeus botnet is targeting the credit card accounts of several major U.S. retailers, including Macy's and Nordstrom, according to researchers at online banking security firm, Trusteer.
 

Senate votes to exempt lawyers, doctors from Red Flags

December 02, 2010

Lawyers, doctors and accountants may avoid having to comply with the Federal Trade Commission's new identity theft rule.
 

Scammers ready to pounce on Cyber Monday deal-hunters

November 23, 2010

Social networking sites and search engines are expected to be hit hard as cybercriminals try to wrangle in unsuspecting holiday shoppers.
 

Grocer Aldi discloses breach of payment terminals

October 12, 2010

Grocery chain Aldi is warning customers that their payment card information may have been stolen after fraudsters placed altered point-of-sale terminals at a number of Aldi stores in 11 states.
 

Is the United States the weakest link when it comes to credit card security?

Jose Diaz, director of technical and strategic business development at Thales e-Security September 29, 2010

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
 

Websites suffer from 13 security flaws on average

September 24, 2010

The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
 

PCI Council: P2PE simplifies PCI DSS compliance

September 23, 2010

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
 

Is there a silver bullet to the payment industry's data security woes?

Ulf Mattsson, CTO, Protegrity September 02, 2010

Security professionals must consider all the options available to them to secure cardholder data.
 

Heartland settles with Discover over breach

September 01, 2010

Heartland Payment Systems, the New Jersey-based credit card processor that fell victim to the largest reported data breach of all time, announced on Wednesday that it will settle with Discover for $5 million. Heartland already has settled with Visa for $60 million and MasterCard for $41.4 million over the breach, which exposed an estimated 130 million credit and debit card numbers to organized criminals. The settlement money will be used by Discover to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. — DK
 

Visa releases best practices for installing payment apps

August 24, 2010

Visa on Tuesday announced best practices for companies to use when implementing, installing and managing programs that process payment applications. The guidance will complement the existing Payment Application Data Security Standard (PA-DSS), which prescribes 14 requirements for software developers that build programs that process credit card payments. The Visa payment application best practices, developed in conjunction with the SANS Institute, include 10 guidelines and can be downloaded here. They are meant for vendors, integrators and resellers. — DK
 

PCI Council unveils expected changes for DSS guidelines

August 13, 2010

The body that manages PCI guidelines has released a summary of expected changes, but merchants will not find any mention of emerging data security technologies.
 

Visa issues tokenization guidance, clarifies rules around storage of card numbers

July 14, 2010

Visa on Wednesday released a four-page document that offers best practices for tokenization, the process by which 16-digit credit card numbers are replaced with unique symbols. The guidance is meant to reduce risk for merchants, vendors, service providers and acquiring banks. It covers such areas as detecting suspicious activity so attackers cannot compromise the token system. In addition on Wednesday, Visa, in conjunction with the National Retail Federation trade group, clarified its operating rules around storage of sensitive information. According to the card brand, issuing banks must accept a disguised or truncated card number on transaction receipts for dispute resolution. Also, merchants are permitted to store disguised or truncated card numbers to reduce the amount of data that could be retrieved by attackers. — DK
 

Hackers compromise Destination Hotels' credit card system

June 30, 2010

Guests at 21 Destination Hotels & Resorts' properties may have been subjected to credit card theft after the chain discovered malware installed in its credit card processing system.
 

New fraud service serves as repository for stolen data

June 17, 2010

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers or employees have been discovered online.
 

Police bust massive global credit card fraud ring

June 16, 2010

Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring. Eight of alleged members were nabbed in the United States
 

Payment security: Interview with Bob Carr, chairman and CEO of Heartland Payment Systems

June 10, 2010

Bob Carr, CEO of Heartland Payment Systems, which suffered a record-breaking breach in 2008, has rolled out a new payment solution to its merchants that offers end-to-end encryption of sensitive transaction data. In an interview with SC Magazine's Deputy Editor Dan Kaplan, Carr discusses the new offering and offers an update on the company's recovery 18 months after it announced the breach, which exposed some 130 million records.
 

FTC delays Red Flags Rule enforcement until end of year

May 28, 2010

The Federal Trade Commission is, for the fifth time, pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rule.
 

Heartland, MasterCard settle for $41.4M

May 20, 2010

Heartland Payment Systems and MasterCard have settled for $41.4 million over the payment processor's record-breaking data breach, disclosed in January 2009. Under the settlement, MasterCard issuing banks will be eligible to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. For the settlement to be official, banks representing 80 percent of the affected accounts must agree to it by June 25. Heartland and Visa settled for $60 million in January. — DK
 

New PCI internal assessor training program

April 30, 2010

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Friday announced a new training program designed to educate internal security personnel on conducting assessments. The three-day course, to be led by PCI Council experts, either will enable security departments to better work with with third-party assessors or allow them to conduct their own assessments, Bob Russo, the council's general manager, told SCMagazineUS.com. Merchants that process more that six million annual transactions are required to conduct annual on-site PCI DSS assessments. Classes will be held in multiple locations. For more information, including pricing, visit here. — DK
 

Visa bars merchants from "data pass" marketing

April 28, 2010

Visa announced Tuesday that it has banned merchants from providing cardholder data to third parties without first receiving consent from the consumer. The new rule is a move to prevent a deceptive practice known as "data pass," by which a shopper, during checkout, is prompted to enroll in a club membership. The customer often does not realize the offer originates from a different merchant or that it comes with additional fees and charges, Visa said. Under the new rule, consumers will have to re-enter their credit card information if they wish to sign up for the promotions, which have cost some 30 million Americans about $1.4 billion, said Visa, citing a 2009 report from the U.S. Senate Commerce Committee. — DK
 

U.S. businesses face skimming fraud increase

April 27, 2010

Eastern European gangs are systematically conducting well-organized skimming attacks against U.S. consumers and businesses, according to a Gartner analyst.
 

TJX hacker sentenced to five years, fined

April 16, 2010

The sixth and final U.S. person charged two years ago with breaking into the computer networks at discount retail parent TJX was sentenced Thursday. A U.S. District Court judge in Boston sentenced Damon Patrick Toey, 25, to five years in prison and fined him $100,000. Toey pleaded guilty in September 2008 to wire fraud, credit card fraud and aggravated identity theft. He also is connected to a number of other major heists at retailers and payment processor Heartland Payment Systems. The ring's orchestrator, Albert Gonzalez, was sentenced last month to 20 years in prison. Some of Gonzalez' Eastern European-based co-conspirators remain at large. — DK
 

Worries grow over safety of online transactions

April 13, 2010

The number of consumers seriously concerned about the security of online transactions is at its highest level in three years, according to the latest Unisys Security Index, released Tuesday. In the biannual survey of 1,004 consumers, which measures how safe Americans feel regarding national, financial, internet and personal security, 20 percent of respondents were "extremely concerned" about shopping or banking online, up from 16 percent in September 2009. Another 23 percent said they are "very concerned." Meanwhile, identity theft and national security ranked as Americans' top worries, garnering serious concern from 64 and 65 percent of respondents, respectively. — AM
 

Law to allow banks to recoup breach losses

April 05, 2010

A new Washington state law set to go into effect July 1 will allow banks to recoup certain data breach losses from negligent businesses. Under the new law, passed by the state Legislature in late March, financial institutions can seek reimbursement from large retailers and credit card processors that have suffered a data breach — if they failed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The new law is similar to a Minnesota statute passed in 2007. — AM
 

Gonzalez co-conspirator sentenced to seven years

March 30, 2010

Another co-conspirator to hacker Albert Gonzalez was sentenced Monday in federal court in Boston to seven years in prison for playing a major role in the BJ's Wholesale Club and TJX hacks. Christopher Scott of Miami pleaded guilty in September to charges of unlawful access to computers, access device fraud, wire fraud, aggravated identity theft and money laundering, according to court documents. Scott is latest person involved in the crime ring to be sentenced. The ringleader Gonzalez last week received a record-breaking hacking sentence of 20 years. — AM
 

JCPenney joins Heartland, TJX as Gonzalez victims

March 30, 2010

Court documents unsealed Friday name JCPenney and another retailer as additional targets of notorious hacker Albert Gonzalez' cybercriminal gang.
 

Another Gonzalez co-conspirator sentenced

March 24, 2010

Jeremy Jethro, 29, was sentenced Tuesday in federal court in Boston to six months home confinement and three years probation for providing accused retail hacker Albert Gonzalez with a zero-day exploit.
 

Two-day SC Magazine PCI econference continues today

March 23, 2010

Join us Tuesday and Wednesday for our special two-day SC eConference and Expo: Complying with PCI.
 

TJX money launderer sentenced to four years

March 12, 2010

While hacker Albert Gonzalez awaits his sentencing date, scheduled for later this month, one of his co-conspirators in the TJX, BJ's Wholesale Club and Sports Authority hacks was sentenced Thursday in federal court in Boston to 46 months in prison and fined $75,000. Prosecutors said Humza Zaman, formerly a programmer at Barclays bank, laundered $600,000 to $800,000 in identity theft proceeds for Gonzalez. Zaman received a 10 percent cut for his work. — AM
 

Trio charged with ripping off gas customers

March 09, 2010

Three California men each are facing two dozen charges for running a sophisticated identity theft ring which netted them nearly $2 million, the Los Angeles County district attorney's office announced Monday. Albert Jose Gonzalez, 39, of Lancaster, Josue Gustavo Albizuras, 42, of Los Angeles and Cesar Vasquez Echeverria, 28, of Santa Clarita installed skimmer devices on computerized pay pumps at gas stations to steal customers' credit and debit card information. The men, who have pleaded innocent, were arrested Feb. 25 after a three-year investigation by members of the Los Angeles Sheriff's Department and the FBI. — AM
 

Westin hotel's point-of-sale system possibly hacked

March 09, 2010

The Westin Bonaventure Hotel & Suites in Los Angeles recently revealed that hackers may have broken into its point-of-sale systems.
 

Wyndham Hotels suffers another data breach

March 09, 2010

Wyndham Hotels and Resorts (WHR) recently revealed that it was the victim of another data breach after hackers broke into its computer systems and stole customer payment card data and other sensitive information.
 

RSA Conference: Gonzalez may receive largest ever U.S. hacking sentence

March 05, 2010

Hacker Albert Gonzalez will likely receive a record-breaking prison term, law enforcement officials said Thursday at the RSA Conference.
 

Four charged with hacking ticket vendors

March 01, 2010

Four men were charged on Monday with using computer hacking to obtain tickets to major sporting events, theater productions and concerts.
 

Heartland settles with American Express over breach

December 18, 2009

Heartland Payment Systems has settled its first lawsuit with a card brand over the 2008 data breach.
 

Lawsuit against BJ's over 2004 breach dismissed

December 16, 2009

The Massachusetts Supreme Judicial Court last week affirmed a lower court ruling dismissing a case against BJ's Wholesale Club over a 2004 breach.
 

Judge dismisses shareholder lawsuit against Heartland

December 09, 2009

A federal judge in New Jersey has thrown out one of the three class-action lawsuits pending against Heartland Payment Systems.
 

Retail shopping bugs

December 07, 2009

Online shopping during the holidays may not be as seamless as customers might want. A new study from software testing services firm uTest, which asked 600 testers from 20 countries to examine three popular shopping sites for technical, functional and security bugs, found that Target had the most reported holes (261), followed by Walmart (150) and then Amazon (94). Nine percent of the discovered flaws were classified as "showstoppers," meaning they were in need of immediate attention. — GM
 

Secure customer loyalty with the gift of data security

Brian Lapidus, chief operating officer, Kroll Fraud Solutions December 07, 2009

Retailers need to check their list twice to ensure the proper security measures are in place.
 

Recognizing the payment industry achievements of 2009 and looking ahead

Lib de Veyra, chairman, PCI Security Standards Council December 02, 2009

The chairman of the PCI Security Standards Council shares his thoughts on the payment industry's 2009 successes and looks forward to what is on the horizon to ensure the protection of credit card information.
 

Breached restaurateurs suing point-of-sale provider

December 02, 2009

The restaurants, located in Louisiana and Mississippi, are seeking millions of dollars in damages from Georgia-based point-of-sale vendor Radiant Systems and its distributor Computer World.
 

Experts expect exploits abound on Cyber Monday

November 25, 2009

Cybercriminals have already begun to ramp up their exploits in preparation for Cyber Monday, one of the busiest online shopping days of the year.
 

FTC increases security obligations of ChoicePoint

October 20, 2009

The Federal Trade Commission contends that ChoicePoint did not properly implement security improvements after its milestone 2005 data breach.
 

Survey: Most organizations struggling to secure data

September 23, 2009

Sixty percent of IT security professionals polled in a recent study said their organization does not have sufficient resources to become PCI compliant.
 

TJX settles for $525K with four banks over breach

September 03, 2009

TJX, which announced a then-record data breach in January 2007, has settled with the final four banks suing the discount merchant.
 

Merchants encouraged to crack down on skimming

August 25, 2009

The organization charged with administering credit card security guidelines is offering tips to avoid "skimming" attacks.
 

Cybercriminals move up the stack -- but so does data protection

Gary Palgon, VP, nuBridges August 18, 2009

Cybercriminals have approached data theft in a methodical way, starting at the bottom of the technology stack and working their way up to the top - the applications layer.
 

Small businesses largely not PCI compliant

August 12, 2009

Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.
 

The simple complexity of PCI

Joe Leonard, security practice manager, Presidio Networked Solutions August 11, 2009

The intent of the PCI standard is really quite simple: To safeguard the information of payment card holders as it makes its way through the network. But things get complex in execution, as the information crosses many touchpoints in the delivery infrastructure.
 

A new approach to identity and access management governance: Governance with accountability

Venkat Raghaven, director product management, security, risk and compliance, Tivoli Software, IBM Software Group August 10, 2009

With the increasing number of collaborative business models, information databases and social networks, sharing and managing identity and access information has become critical.
 

A rise in cybercrime hits SMBs

July 27, 2009

Forty four percent of U.S. SMBs have been hit by some form of cybercrime and 10 percent were hit so bad that they had to stop production, according to a survey from Panda Security.
 

Network Solutions was PCI compliant before breach

July 27, 2009

Updated: Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information.
 

Protect yourself from business partners

Jeffrey Rogers, chief architect, Risk Advisory Services, Unisys July 23, 2009

Corporate and public-sector organizations are working with more business partners than ever before -- and the number will continue to grow. Outsourcing, offshoring, supply-chain management, workflow management, value chains and emerging markets: These each signal a warning to information security managers.
 

How to choose a QIRA

Mark Carney, managing director, FishNet Security July 22, 2009

During a breach containment process, you may be required to call in a Qualified Incident Response Assessor to conduct a thorough investigation and forensic analysis.
 

Companies offer to pay breach fines

July 21, 2009

Two credit-card payment processors are offering to cover merchants' fines and penalties in the event of a data breach.
 

PCI clarifies procedures to secure Wi-Fi

July 17, 2009

With a new guidance document, the Payment Card Industry Security Standards Council aims to clarify what retailers must do to secure their Wi-Fi networks.
 

TJX settles over breach with 41 states for $9.75 million

June 23, 2009

The settlement is just one in a long line of payoffs that followed one of the largest reported data-loss incidents on record.
 

New security standards for mobile payments coming

June 18, 2009

A financial services technology group is developing standards for making secure mobile payment transactions.
 

Microsoft seeks $750,000 in lawsuit over click fraud

June 16, 2009

Microsoft on Monday filed a civil lawsuit to stop a click fraud scheme from being perpetrated on its advertising network.
 

FTC releases FAQs on Red Flags Rules

June 12, 2009

A new frequently-asked-questions document aims to clear up some of the confusion around the Red Flags Rules.
 

Bank sues Savvis over 2005 CardSystems breach

May 28, 2009

Utah-based Merrick Bank claims to have lost $16 million as a result of a 2005 breach of payment card processor CardSystems Solutions and is now seeking legal restitution.
 

OTA seeks comment

May 20, 2009

The Online Trust Alliance (OTA), an industry group whose mission is to eliminate email and internet fraud, has released for comment a draft document outlining its Online Trust Principles. OTA said the principles listed in the document are a major step toward establishing business practices for greater online protection. After a 30-day comment period and subsequent ratification, OTA plans to work with business and regulatory agencies to drive adoption, according to an announcement describing the initiative. — CAM
 

PCI appoints new board of advisers

May 18, 2009

A roster of new organizations will make up the second Payment Card Industry Security Standards Council (PCI SSC) board of advisers, including Bank of America, Wal-Mart and PayPal, the industry standards body announced Monday.
 

$12.6 million spent so far to respond to Heartland breach

May 08, 2009

The chief executive of Heartland Payment Systems said Thursday that the payment processor so far has spent $12.6 million in responding to the massive data breach that was announced in January.
 

LexisNexis admits to another major data breach

May 04, 2009

About 32,000 people are being notified that their personal information may have been compromised after a breach at consumer data provider LexisNexis resulted in identity theft and credit fraud, the company has disclosed.
 

Heartland again PCI compliant

May 01, 2009

Breached payment card processor Heartland Payment Systems has been again certified compliant with the Payment Card Industry Data Security Standard (PCI DSS), the company announced Friday. In March, two months after the breach was disclosed, Visa removed Heartland from its list of compliant service providers. Some experts questioned whether the removal meant merchants risked being fined for doing business with Heartland, but Visa issued a statement saying this was not true. Heartland said it is expects to rejoin the Visa-approved list on Monday. — DK
 

FTC extends Red Flags Rule enforcement three more months

May 01, 2009

The day before the Federal Trade Commission was to begin enforcing the Red Flags Rule, the agency announced the deadline for compliance will be extended for the second time, until Aug. 1.
 

PCI DSS compliance for firewalls: It doesn't have to be complex

Jody Brazil, founder, president and CTO, Secure Passage April 28, 2009

The Payment Card Industry Data Security Standard has placed considerable pressure on retail industry IT security teams. The burden to ensure both security and compliance isn't easing; the current economic situation forcing IT to accomplish more with less is only adding to the problem.
 

Corporate users increasingly skirt security infrastructures

April 16, 2009

In a recent assessment, organizations had an average of 156 applications traversing their networks -- some of which pose a danger to the organization.
 

FTC site helps meeting "Red Flags Rule"

April 03, 2009

The FTC has established a how-to guide for coping with new requirements aimed at deterring identity theft.
 

Changes at AOTA

March 31, 2009

Online trust-building organization AOTA (Authentication and Online Trust Alliance) changed its name to the Online Trust Alliance (OTA) on Tuesday. The organization said that its action should help it in its "mission to enhance trust, confidence and the protection of businesses and consumers" online. The group plans further international expansion and will release a list of recommended best practices for online behavior and email authentication at next month's RSA Conference in San Francisco. — CAM
 

Desired state: Retailers get compliant with PCI

March 26, 2009

Whether online or brick-and-mortar, retailers are challenged with securing the integrity of their payment systems to meet regulatory mandates, reports Greg Masters.
 

Heartland: Visa won't fine you for doing business with us

March 24, 2009

As Heartland works to become compliant again with the PCI standard, Visa plans to hold off on issuing fines.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws