Attorneys general in nine states say card issuers should move to chip-and-PIN, rather than chip-and-signature, as they roll out EMV. But are other issues, such as wider use of encryption and tokenization, more worthy of attention?
As U.S. merchants shore up physical point-of-sale security by upgrading their terminals to accept EMV chip cards, attackers are turning their aim toward new, unattended targets. Here's the latest on how to respond to "shimming" attacks.
Distributed-denial-of-service attacks on banks are more powerful than ever, but we hear less about them than we did three years ago. How have attackers changed their tactics, and why should we be even more concerned about their strikes?
While sophisticated cyberattacks and high-profile mega-breaches get most of the attention, European fraud experts say less sophisticated attacks are far more common and pose a greater fraud risk. At ISMG's Fraud Summit in London, they called for global collaboration to fight fraud.
ATM fraud losses are increasing globally, and we can expect to see this trend continue as the U.S. ramps up its migration to EMV at the point of sale. Unattended terminals are easy to compromise, and they will always be among fraudsters' favorite targets.
A new breach reported by Heartland Payment Systems won't get much attention. But this incident could be more damaging to the undisclosed number of consumers affected than was Heartland's 2008 payment card breach.
In the wake of the breaches suffered by JPMorgan Chase, Sony and Anthem, attack attribution and information sharing are playing more prominent roles for banking leaders, and they will be key discussion points at the upcoming RSA Conference 2015 in San Francisco.
An upcoming series of summits on fighting financial fraud and mitigating advanced persistent threats will provide timely insights from industry thought leaders on the critical steps to take to address emerging risks.
A recent interview about why retailers say EMV without the PIN is a fruitless fraud-fighting effort has spurred debate among retailers and bankers. In the end, though, bankers' resistance to PIN is all about time and money.
In the wake of a data breach that followed a routine regulatory, a former regulator is asking why the agency failed to disclose the breach sooner, and why it has not accepted more responsibility for its error.
An important lesson to learn from the massive JPMorgan Chase breach is that banks can't just focus on protecting card data and online banking accounts; they also must protect their customers' personally identifiable information.