Cyber Security

Senate Intelligence Committee approves Cyber Information Sharing Act

The Senate Intelligence Committee voted 12-3 last week to advance the bipartisan Cyber Information Sharing Act (CISA), which is intended to help the government and private sector prevent security breaches and cybercrime. The bill—introduced by Sens. Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.)—expands information shared about... Read More...

Retailers overly confident in ability to detect data breaches

A new survey from Tripwire showed that while data breaches largely go undiscovered for a long period of time, retail firms are overly confident in their ability to detect breaches. The survey, which evaluated the attitudes of 154 retailers across a number of cybersecurity topics, found that 42 percent of retailers expected to detect a data... Read More...

FFIEC launches cybersecurity webpage, announces pilot program

The Federal Financial Institutions Examination Council launched its cybersecurity webpage on Tuesday to promote awareness of its cybersecurity activities. The FFIEC page provides links to webinars, statements and other resources that may assist financial institutions as they examine and revamp their cybersecurity programs. In addition to the... Read More...

Debit use increases despite growing threat of data breaches

A recent study commissioned by the PULSE EFT Network showed that despite recent and well-publicized data breaches at major retailers, the performance of debit card programs improved in 2013. According to the study, consumers have increasingly turned to electronic payments—the number of transactions per card increased to 20 from approximately... Read More...

Malware migrates from Russia to threaten U.S. mobile banking users

Russian IT security company Kaspersky Lab recently discovered malware that has migrated from Russia to the U.S., presenting a threat to mobile device users. According to Kaspersky, Svpeng—a type of malware that targets mobile devices—was detected a year ago. The first releases of the malware sought to steal payment card information from... Read More...

National Security Alliance to hold first members meeting on biometrics

The Natural Security Alliance, a group launched and financed by retailers, banks and point-of-sale manufacturers in 2008 to promote biometric payments authentication standards, will hold its first members meeting next week to discuss the development of a biometric standard. The meeting will be held on June 5 in Paris. Registration begins at 9... Read More...

MasterCard extends identity theft assistance to all U.S. cards

MasterCard announced on Tuesday the addition of identity theft assistance for all of its credit, debit, prepaid and small business cards issued in the U.S. as part of an effort to combat fraud. “Fraud prevention and detection is a 24/7 job at MasterCard,” MasterCard North America President Chris McWilton said. “The changes that... Read More...

Retail trade group launches cyber intelligence sharing organization

The Retail Industry Leaders Association (RILA), along with several of America’s largest retailers, recently launched the Retail Cyber Intelligence Sharing Center (R-CISC)—an independent organization that seeks to improve cyber threat information-sharing. Launched with support from retailers like American Eagle, Gap, Lowe’s, Target and... Read More...

ETA warns against overly broad federal data breach notification standard

The Electronic Transactions Association told lawmakers on Thursday that while the organization supports a federal data breach notification standard, nationwide notification should be limited to breaches that pose a substantial risk to consumers. In a letter dated May 22, the ETA pointed to different data breach notification laws across 47... Read More...

Logic PD engineers develop solution to prevent mobile payments fraud

A team of engineers and designers from Logic PD recently unveiled a solution aimed at reducing the incidence of identity fraud in mobile payments. The platform unveiled by the team at the Logic PD ACME-thon late last month uses NFC authentication and camera imaging to protect consumers. The team’s members included designers and engineers... Read More...

eBay urges users to change passwords after data compromise

eBay urged users on Wednesday to change their passwords after a cyberattack compromised a company database containing passwords and other data, though the company said it has not detected any related unauthorized account activity. The company said it has not discovered evidence to suggest the cybercriminals gained access to financial or credit... Read More...

Visa joins FIDO Alliance for online authentication standards

The Fast Identity Online (FIDO) Alliance, an organization that promotes online authentication standards, announced on Tuesday that Visa has joined the alliance and will join the group’s board of directors. "Strong authentication is vitally important as the future of payments becomes increasingly mobile and digital," Mark Nelsen, the head of... Read More...

Americans most concerned about financial security, bank card fraud

A recent survey by IT security firm Unisys showed Americans are most concerned about financial security—a sentiment driven in part by bank card fraud, which has increased in recent years as cyberattackers target retailers. According to the survey, approximately 60 percent of Americans are concerned about other people obtaining and using their... Read More...

Heartland Payment Systems introduces card-present data fraud solution

Heartland Payment Systems introduced a solution last week aimed at helping merchants protect against card-present data fraud. The solution, which combines EMV chip card technology, end-to-end encryption technology and tokenization, features a breach warranty and is designed to combat point-of-sale intrusions, insider misuse, crimeware and other... Read More...

New York governor directs banking regulators to ramp up cybersecurity

New York Gov. Andrew Cuomo instructed state banking regulators last week to conduct targeted and revised routine cybersecurity preparedness checks at the state’s financial institutions as part of an effort to combat the growing risks of cybercrime. The new examination process will include additional questions regarding IT management and... Read More...

Heartbleed consumer warnings effective in encouraging proactive response

Data released by the Pew Research Center’s Internet and American Life Project last week indicated that consumer warnings regarding the Heartbleed security flaw were effective in swaying internet users to change their passwords. Heartbleed, an OpenSSL security bug, was discovered by engineers in April. The vulnerability may have potentially... Read More...

White House big data panel pushes for data breach notification standard

A White House working group on data and privacy recommended last week passage of a federal data breach notification standard—one of several recommendations included in a report following a 90-day review of big data and privacy. The working group was tasked by President Obama in January with exploring how big data technologies impact society,... Read More...

Schutzer: Data breaches show “folly” of individual risk management

Dan Schutzer, a senior technology consultant at the Financial Services Roundtable’s BITS technology division, said recent data breaches and waves of distributed denial of service attacks illustrate the “folly” of approaching risk on an individual basis. Cybercrime has been on the rise in recent years with the growing use of technology... Read More...

Increase in CNP fraud based on longstanding tactics by cybercriminals

A white paper released by The Members Group on Thursday said that while there is a “legitimate” connection between the global transition to EMV and card-not-present (CNP) fraud, criminals are using tactics that have been around for decades. “[F]raudulent online, mail order and telephone transactions posed a significant threat long before... Read More...

NCFTA to hold annual Cyber Crime Forum in Pittsburgh

The National Cyber-Forensics and Training Alliance (NCFTA) will hold its annual Cyber Crime Forum next month, bringing together payment executive, retailers, business leaders and government representatives to discuss emerging cybersecurity threats. The forum will be held at the Sheraton Station Square Hotel in Pittsburgh, Penn. The event will... Read More...

Verizon report shows most data security breaches “easily preventable”

Verizon recently released a report that showed a majority of data security breaches that occurred last year were accomplished using weak or stolen credentials, a risk the company said is “easily preventable.” “If you want to see how widely available hacking tools have become, do a web search for ‘password cracker,’” the report,... Read More...

NAFCU urges Senate, House leaders to take action on data security

The National Association of Federal Credit Unions urged Congress last week to take action on proposed data security and breach notification standards. The call for action came one day after Michaels Stores confirmed as many as 2.6 million customers had their credit card data compromised between May 2013 and January 2014. Between June 2013 and... Read More...

Kentucky becomes 47th state to enact data breach notification law

Kentucky became the 47th state to enact data breach notification legislation earlier this month after Gov. Steve Beshear signed a bill into law that would require firms to notify consumers in the event of a data breach. Only three states—Alabama, New Mexico and South Dakota—do not have laws in place requiring companies to notify consumers... Read More...

House subcommittee holds hearing on role of law enforcement in data breaches

Witnesses testified last week before the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies that information-sharing among law enforcement agencies and regulators is critical to protecting the nation’s infrastructure from the growing threat of cyberattacks. The subcommittee hearing, held at... Read More...

SEC latest regulator to issue guidance on Heartbleed vulnerabilities

The SEC joined the growing list of federal regulatory agencies and organizations warning banks and credit unions about the risks of cyberattacks. Last week, the SEC released an outline detailing how agency examiners will assess preparedness for cyberattacks and the kind of information that might be requested of management. Additionally, the... Read More...

Report: 18 percent of Americans report personal data breaches

Data recently released by the Pew Research Center showed more Americans have experienced personal data breaches, with the number rising from 11 percent in July 2013 to 18 percent in January. According to the survey, 21 percent of adults on the internet have experienced a security breach in email or social networking accounts—the number was... Read More...

OCC’s Curry warns of third-party security risks for financial institutions

Comptroller of the Currency Thomas Curry spoke on Wednesday on the growing threat of cyberattacks and concerns regarding financial institutions’ reliance on third parties to secure their own systems. “The fact is, we live in a world where consumers use their cellphones to deposit checks, pay bills over the internet and make purchases at... Read More...

NRF to establish retail information-sharing platform to combat cybercrime

The National Retail Federation said on Monday it will establish a program to provide the retail community with information on cybersecurity threats identified in the financial services sector. The program, which will be developed in partnership with the Financial Services Information Sharing and Analysis Center, will set up an... Read More...

FFIEC: Firms need to address Heartbleed vulnerability

The Federal Financial Institutions Examination Council said on Thursday that it expects firms to address a recently revealed OpenSLL vulnerability dubbed "Heartbleed." FFIEC said that financial institutions should upgrade systems and incorporate patches on systems and services, applications, and appliances that use OpenSSL  as soon as... Read More...

Tripwire gifts cybersecurity service to Penn State

Leading global risk-based security and compliance management solutions provider Tripwire, Inc., announced the gift of a cloud-based risk and analytics cybersecurity service on Thursday to the Center for Cyber Security, Information Privacy and Trust at Penn State’s College of Information Sciences and Technology. Penn State has valued the... Read More...

ACCA USA, Pace University convene cybercrime symposium

ACCA USA, the U.S. arm of the Association of Chartered Certified Accountants, and Pace University convened the second annual cybercrime symposium and panel discussion on April 3. “As our world becomes more connected than ever before, the threat of cybercrime has become a reality for far too many businesses, governments and individuals,”... Read More...

Regulators warn banks, credit unions of ATM cyberattacks

Financial regulators warned financial institutions on Wednesday that cyberattackers have recently targeted ATMs and card networks to gain access to funds and urged banks and credit unions to review security protocols to address the growing risks. The Federal Financial Institutions Examination Council, which includes the OCC, Federal Reserve,... Read More...

« Previous Stories