There's often a dangerous trade-off made between convenience and security. That's illustrated no better than by a recent issue patched by Microsoft. It's an attack so devilishly smooth that it's a wonder hackers had not figured it out before.
While many banks and merchants in Britain, France and Germany have long complied with the PCI Data Security Standard, deregulation has led organizations in other European countries to start taking PCI compliance more seriously and use it for competitive advantage.
A recent interview about Hillary Clinton's email server controversy drew numerous comments, with respondents divided over whether users will devise ways to circumvent systems safeguards to do their jobs more effectively. Join the conversation.
How low will ransomware go? New malware - dubbed Ranscam - demands bitcoins to unlock files, but in reality they've already been deleted, researchers warn. As always when it comes to defending against ransomware, preparation pays.
Omni Hotels & Resorts is warning customers that for six months, hackers infiltrated its networks and used point-of-sale malware to steal payment card data. One security expert says more than 50,000 stolen cards have been sold by a hacker called JokerStash.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
Interbank messaging service SWIFT will begin collecting and sharing anonymized attack information and offering incident-response services - backed by Fox-IT and BAE Systems - to help hacked banks. But will financial institutions buy in?
Now a Ukraine bank has reported suffering a $10 million hacker heist via fraudulent SWIFT transfers. Also hear about why attackers often use legitimate IT administrator tools, and organizations' growing use of deception technologies and strategies.
The need for PCI-DSS compliance is being embraced in Southeast Asia and the Middle East, with adoption of PCI standards increasing dramatically over the last five years, says Dharshan Shanthamurthy, CEO of SISA Information Security, who shares insights about why PCI adoption is likely to continue to grow.
In the wake of recent SWIFT-related interbank payment heists, more banks are monitoring transactions for anomalous behavior in an attempt to catch fraud in real time, says Andrew Davies, a fraud prevention expert at core banking services provider Fiserv.
So why is Visa temporarily reducing the fraud chargeback burden on non-EMV-compliant U.S. merchants? Mark Nelsen, Visa's senior vice president, says it boils down to this: The card brand wants to give retailers a break while it takes steps to streamline the cumbersome certification of new POS devices.
An individual claiming to be the hacker who posted four healthcare databases on the dark web reveals some of his tactics. We take a close look at the risks posed to one affected clinic, which faces a ransom demand.
Achieving international acceptance of PCI-DSS is an ongoing challenge, says Jeremy King, international director of the PCI Security Standards Council, who's working to educate merchants about baseline security that goes far beyond cardholder data protection.
In this edition of the ISMG Security Report, you'll hear our editors explore how hackers use Java script for ransomware, the latest digital currency security issue and privacy threats posed by virtual reality.
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.