The PCI Security Standards Council has issued version 3.2 of the PCI-Data Security Standard (PCI-DSS). In a significant policy shift, the council also announced that future revisions to the standard will be issued more frequently than the 3-year major update cycle of the past. Primary changes include a new multifactor authentication requirement for those with access to [...]
In an unsurprising ruling, a U.S. District Court agreed with the Federal Trade Commission that Amazon is liable for unauthorized in-app purchases, mostly by children. The FTC estimated that more than 40% of these purchases were not authorized. In-app purchases include game currency, game unlocks and other subscription items. At issue was Amazon's lack of sufficient [...]
April is shaping up to be a big month for data breach revelations. High profile incidents include the BeautifulPeople dating site (1.1 million users compromised), Lifeboat gaming site (7 million accounts), essential oils seller doTerra (3 million customers) and Spotify (extent unknown), to name a few. The consequences are getting higher: states including Tennessee and Nebraska are [...]
Discover's Chairman and CEO David Nelms (full disclosure: I reported to Nelms during my tenure as head of Discover's merchant network) has endorsed EMV Chip and PIN authentication. Great leadership on Discover's part advocating for this common-sense authentication method already in wide use in Canada and the EU. The U.S. really missed the boat by [...]
One of the biggest EMV-related complaints from consumers and merchants alike has been the slowdown at the point of sale. Those added seconds decrease customer satisfaction and slow down the checkout process, thereby creating significant added expense for high volume merchants. The updated technology from Visa, known as Quick Chip for EMV, speeds up [...]
Bitpay is notifying users of a Trojan virus affecting some Microsoft Windows users which can irreversibly redirect Bitcoin payments. The virus does not reside within the payment application or digital wallet. Rather, it exploits the clipboard feature within Windows. Many users copy the bitcoin address of the intended payee into the Windows clipboard before pasting it into a [...]
As detailed in this American Banker article, an FDIC employee who was leaving the agency copied over 40,000 records with PII onto a portable drive. Although technically a data breach, the intent was apparently innocuous as the employee was copying various personal photos and other files (which probably shouldn't be on an FDIC work computer) on [...]
Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point. In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective. While the [...]
The tide is turning on the time-honored process of presenting a payment card at the point of sale. MasterCard predicts that 38% of EU payment transactions by 2020 will be digital, meaning they originated on a tokenized device such as a mobile phone or wearable rather than the presentment of a payment card. MasterCard's MDES platform also [...]
Generally speaking, I'm one of those people that cringes when attention-seekers like Kim Kardashian actually get attention for their antics. But I just couldn't let this one go without comment. She filed litigation against Amazon, MasterCard and Lucova asserting that the use of facial recognition technology to authenticate payments is an infringement on her intellectual property [...]
