Monthly Archives: April 2016

PCI Data Security Standard 3.2 introduces new authentication, testing and policy requirements

The PCI Security Standards Council has issued version 3.2 of the PCI-Data Security Standard (PCI-DSS).  In a significant policy shift, the council also announced that future revisions to the standard will be issued more frequently than the 3-year major update cycle of the past. Primary changes include a new multifactor authentication requirement for those with access to [...]

By |2017-11-18T15:32:41-05:00April 30th, 2016|PCI-DSS|0 Comments

Federal court agrees with FTC ruling that Amazon is liable for unauthorized in-app purchases

In an unsurprising ruling, a U.S. District Court agreed with the Federal Trade Commission that Amazon is liable for unauthorized in-app purchases, mostly by children.  The FTC estimated that more than 40% of these purchases were not authorized.  In-app purchases include game currency, game unlocks and other subscription items. At issue was Amazon's lack of sufficient [...]

By |2017-11-18T15:32:41-05:00April 29th, 2016|Amazon, Apple, FTC, Google|0 Comments

April has been a tough month for data breaches. New report finds 85% of successful exploits are related to ten preventable vulnerabilities.

April is shaping up to be a big month for data breach revelations.  High profile incidents include the BeautifulPeople dating site (1.1 million users compromised), Lifeboat gaming site (7 million accounts),  essential oils seller doTerra (3 million customers) and Spotify (extent unknown), to name a few. The consequences are getting higher:  states including Tennessee and Nebraska are [...]

By |2017-11-18T15:32:41-05:00April 27th, 2016|data breach, data security|0 Comments

Discover’s CEO endorses Chip and PIN authentication

Discover's Chairman and CEO David Nelms (full disclosure: I reported to Nelms  during my tenure as head of Discover's merchant network) has endorsed EMV Chip and PIN authentication.   Great leadership on Discover's part advocating for this common-sense authentication method already in wide use in Canada and the EU. The U.S. really missed the boat by [...]

By |2016-04-26T11:30:07-05:00April 26th, 2016|Discover, EMV|0 Comments

Visa introduces technology to speed up EMV transactions

One of the biggest EMV-related complaints from consumers and merchants alike has been the slowdown at the point of sale.   Those added seconds decrease customer satisfaction and slow down the checkout process, thereby creating significant added expense for high volume merchants. The updated technology from Visa, known as Quick Chip for EMV, speeds up [...]

By |2016-04-25T17:33:16-05:00April 25th, 2016|EMV, Visa|0 Comments

Bitcoin reality check: Trojan virus can irreversibly hijack payments

Bitpay is notifying users of a Trojan virus affecting some Microsoft Windows users which can irreversibly redirect Bitcoin payments. The virus does not reside within the payment application or digital wallet.  Rather, it exploits the clipboard feature within Windows.  Many users copy the bitcoin address of the intended payee into the Windows clipboard before pasting it into a [...]

By |2016-04-19T08:29:43-05:00April 19th, 2016|Bitcoin, Bitpay, Virus|0 Comments

Data breach story with a happy ending? Sort of.

As detailed in this American Banker article, an FDIC employee who was leaving the agency copied over 40,000 records with PII onto a portable drive.  Although technically a data breach, the intent was apparently innocuous as the employee was copying various personal photos and other files (which probably shouldn't be on an FDIC work computer) on [...]

By |2017-11-18T15:32:41-05:00April 15th, 2016|data breach, data security, FDIC|0 Comments

Massive Turkey data breach affects nearly half of its citizens, is nearly double the size of the 2015 U.S. OPM breach

Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point.  In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective.  While the [...]

By |2017-11-18T15:32:41-05:00April 6th, 2016|data breach, data security, EMV, PCI-DSS|0 Comments

Welcome to the future: MasterCard predicts nearly 40% of EU payments will not involve plastic card presentment by 2020

The tide is turning on the time-honored process of presenting a payment card at the point of sale.  MasterCard predicts that  38% of EU payment transactions by 2020 will be digital, meaning they originated on a tokenized device such as a mobile phone or wearable rather than the presentment of a payment card.   MasterCard's MDES platform also [...]

By |2016-04-05T08:28:18-05:00April 5th, 2016|digital wallets, ecommerce, MasterCard|0 Comments

Did Kim Kardashian invent biometric authentication?

Generally speaking, I'm one of those people that cringes when attention-seekers like Kim Kardashian actually get attention for their antics.  But I just couldn't let this one go without comment. She filed litigation against Amazon, MasterCard and Lucova asserting that the use of facial recognition technology to authenticate payments is an infringement on her intellectual property [...]