Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
"It's interesting to see regulators putting the onus on the financial companies for fraud that occurs after the theft has already happened," says David Navetta, co-chairman of the American Bar Association's Information Security Committee.
Enforcing standards for privacy and security is a major part of a new health information exchange accreditation program, says Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission.
Physicians adopting electronic health records systems need to demonstrate to their patients that they're taking adequate steps to keep records secure because so many consumers are worried about health information privacy.
A preliminary draft of new online authentication guidance from the Federal Financial Institutions Examination Council puts greater responsibility on the shoulders of financial institutions to enhance security.
Visa says a move toward EMV can help merchants cut PCI compliance costs, and SWIFT says globalization, regulation and the introduction of new services from non-financial providers will set the tone for payments 2011.