You are currently browsing the Electronic Payment Security weblog archives for February, 2007.
- February 7, 2007: New Techniques for Guarding Financial Data
- February 6, 2007: Increased Scrutiny From Card Associations in 2007
- January 28, 2007: The State of PCI Compliance 2007
- January 23, 2007: Background Checks on IT Personnel
- January 5, 2007: 100 Million Notifications of Data Breaches in US
- December 17, 2006: Inside Jobs: The Risk of Data Breach From Insider Threats
- December 12, 2006: Card Associations Step Up PCI Enforcement
- December 1, 2006: CompTIA Survey Emphasizes Importance of Security Training
- December 1, 2006: CompTIA Survey Emphasizes Importance of Security Training
- November 16, 2006: Average data breach costs $5 million
Credit Card Companies
FAQ
Helpful Sites
Archive for February 2007
New Techniques for Guarding Financial Data
February 7, 2007 by tim.
In the 2/6/07 edition of E-Commerce Times, Andrew Rolfe has published an article that discusses ways to use out-of-band authentication to secure online transactions. He defines this as “the use of two separate networks working simultaneously to authenticate a user.” The practice of two-factor authentication has certainly received much press, but out-of-band authentication is a relatively new concept.
Mr. Rolfe discusses the increased sophistication of criminals, particularly through the proliferation of malware and phishing. He describes how out-of-band authentication for activities such as online financial transactions can be used to thwart criminal activities. In particular, he describes how some financial institutions now use the telephone network as out-of-band authentication for certain types of transactions such as balance transfers. The article is a good read if you want to stay up on the latest ideas in this industry.
Posted in Electronic Payment Security - General | No Comments »
Increased Scrutiny From Card Associations in 2007
February 6, 2007 by tim.
In the latest issue of The Green Sheet, David H. Press writes about the increased scrutiny to expect in 2007 from the credit card associations. He cites a Visa announcement that states: “By combining both incentives and fines, we expect acquirers to increase their efforts with merchants to accelerate their progress toward becoming PCI-compliant and eliminating the storage of sensitive card data. Nothing is more important to Visa than securing commerce.”
Visa estimated that PCI compliance among level 1 merchants would be only 65% at the end of 2006. Effective Oct. 1, 2007, acquirers whose merchants have validated their PCI-compliance may qualify to get lower interchange rates for both Visa and Interlink tiers. Visa has also announced fines for data compromises – regardless of the size of the merchants.
Visa has also stepped up their enforcement of PCI-compliance for merchants and service providers, even before data breaches occur. Visa stated, “For prohibited data storage, acquirers failing to provide confirmation that their level 1 and 2 merchants are not storing full track data, CVV2 or PIN data by March 31, 2007, will be eligible for fines up to $10,000 a month per merchant, subject to escalation in the event material progress toward compliance is not made in a timely manner.”
Posted in Payment Card Industry / Credit Card Security | No Comments »