Retail

TJX settles over breach with 41 states for $9.75 million

Dan Kaplan June 23, 2009

The settlement is just one in a long line of payoffs that followed one of the largest reported data-loss incidents on record.
 

New security standards for mobile payments coming

Angela Moscaritolo June 18, 2009

A financial services technology group is developing standards for making secure mobile payment transactions.
 

Microsoft seeks $750,000 in lawsuit over click fraud

Angela Moscaritolo June 16, 2009

Microsoft on Monday filed a civil lawsuit to stop a click fraud scheme from being perpetrated on its advertising network.
 

FTC releases FAQs on Red Flags Rules

Angela Moscaritolo June 12, 2009

A new frequently-asked-questions document aims to clear up some of the confusion around the Red Flags Rules.
 

Bank sues Savvis over 2005 CardSystems breach

Angela Moscaritolo May 28, 2009

Utah-based Merrick Bank claims to have lost $16 million as a result of a 2005 breach of payment card processor CardSystems Solutions and is now seeking legal restitution.
 

OTA seeks comment

Chuck Miller May 20, 2009

The Online Trust Alliance (OTA), an industry group whose mission is to eliminate email and internet fraud, has released for comment a draft document outlining its Online Trust Principles. OTA said the principles listed in the document are a major step toward establishing business practices for greater online protection. After a 30-day comment period and subsequent ratification, OTA plans to work with business and regulatory agencies to drive adoption, according to an announcement describing the initiative. — CAM
 

PCI appoints new board of advisers

Angela Moscaritolo May 18, 2009

A roster of new organizations will make up the second Payment Card Industry Security Standards Council (PCI SSC) board of advisers, including Bank of America, Wal-Mart and PayPal, the industry standards body announced Monday.
 

$12.6 million spent so far to respond to Heartland breach

Dan Kaplan May 08, 2009

The chief executive of Heartland Payment Systems said Thursday that the payment processor so far has spent $12.6 million in responding to the massive data breach that was announced in January.
 

LexisNexis admits to another major data breach

Angela Moscaritolo May 04, 2009

About 32,000 people are being notified that their personal information may have been compromised after a breach at consumer data provider LexisNexis resulted in identity theft and credit fraud, the company has disclosed.
 

Heartland again PCI compliant

Dan Kaplan May 01, 2009

Breached payment card processor Heartland Payment Systems has been again certified compliant with the Payment Card Industry Data Security Standard (PCI DSS), the company announced Friday. In March, two months after the breach was disclosed, Visa removed Heartland from its list of compliant service providers. Some experts questioned whether the removal meant merchants risked being fined for doing business with Heartland, but Visa issued a statement saying this was not true. Heartland said it is expects to rejoin the Visa-approved list on Monday. — DK
 

FTC extends Red Flags Rule enforcement three more months

Angela Moscaritolo May 01, 2009

The day before the Federal Trade Commission was to begin enforcing the Red Flags Rule, the agency announced the deadline for compliance will be extended for the second time, until Aug. 1.
 

PCI DSS compliance for firewalls: It doesn't have to be complex

Jody Brazil, founder, president and CTO, Secure Passage April 28, 2009

The Payment Card Industry Data Security Standard has placed considerable pressure on retail industry IT security teams. The burden to ensure both security and compliance isn't easing; the current economic situation forcing IT to accomplish more with less is only adding to the problem.
 

Corporate users increasingly skirt security infrastructures

Angela Moscaritolo April 16, 2009

In a recent assessment, organizations had an average of 156 applications traversing their networks -- some of which pose a danger to the organization.
 

FTC site helps meeting "Red Flags Rule"

Angela Moscaritolo April 03, 2009

The FTC has established a how-to guide for coping with new requirements aimed at deterring identity theft.
 

Changes at AOTA

March 31, 2009

Online trust-building organization AOTA (Authentication and Online Trust Alliance) changed its name to the Online Trust Alliance (OTA) on Tuesday. The organization said that its action should help it in its "mission to enhance trust, confidence and the protection of businesses and consumers" online. The group plans further international expansion and will release a list of recommended best practices for online behavior and email authentication at next month's RSA Conference in San Francisco. — CAM
 

Desired state: Retailers get compliant with PCI

Greg Masters March 26, 2009

Whether online or brick-and-mortar, retailers are challenged with securing the integrity of their payment systems to meet regulatory mandates, reports Greg Masters.
 

Heartland: Visa won't fine you for doing business with us

Dan Kaplan March 24, 2009

As Heartland works to become compliant again with the PCI standard, Visa plans to hold off on issuing fines.
 

Visa risk chief: Reports of PCI's death exaggerated

Dan Kaplan March 19, 2009

Criticisms of the PCI DSS will hurt the security of payment systems, Visa's chief risk officer said Thursday at the card brand's Security Summit in Washington, D.C.
 

Visa: Heartland, RBS WorldPay no longer PCI compliant

Dan Kaplan March 13, 2009

Visa has removed Heartland Payment Systems and RBS WorldPay -- two payment processors that have announced massive data breaches in recent months -- from its list of service providers compliant with payment industry guidelines.
 

PCI council plans training

Dan Kaplan March 11, 2009

The PCI Security Standards Council, charged with administering payment industry guidelines, is scheduled to host a two-day training session, designed to help merchants better prepare for assessments. The curriculum also will focus on teaching retailers how to create an internal compliance program, so they can maintain adherence to the standards after the assessment is over. The course, which costs $995, is scheduled for April 6 and 7 at the University of Chicago Gleacher Center. — DK
 

How should you ensure PCI DSS compliance?

Gretchen McCoy, Senior VP of the Technology Management Division for Visa International, Retired; Strategic Advisory Board member, Rohati Systems March 09, 2009

Most IT professionals know that firewalls and anti-virus solutions aren't the only technologies needed to address the PCI Council's mandates.
 

Conficker worm targets legitimate travel site

Chuck Miller March 02, 2009

The website for a major commercial airline, along with a number of other legitimate sites, could face downtime due to the Conficker worm, a researcher said Monday.
 

Visa claims payment processor breach is not new

Dan Kaplan March 02, 2009

In an effort to quiet speculation within the security community, Visa has issued a statement denying that a new payment processor breach has occurred.
 

PCI council offering "milestones" for compliance

Dan Kaplan February 27, 2009

The PCI Security Standards Council next week plans to release guidance on how companies should approach complying with the payment security requirements.
 

New Conficker variant emerges

Dan Kaplan February 20, 2009

A new variant of the Conficker, or Downadup, worm has emerged, and researchers believe it has been designed to neutralize the efforts of an industry coalition that is trying to prevent infected machines from receiving additional instructions or code updates, according to a report this week from nonprofit research institute SRI International. The Conficker B++ variant finds a new way for its authors to communicate with compromised computers thanks to features that allow drones to receive binary updates without being forced to meet an "internet rendezvous" point. — DK
 

CVS to pay $2.25 million to settle HIPAA violation

Dan Kaplan February 18, 2009

CVS Caremark has agreed to pay nearly $2.3 million for violating federal privacy laws regarding the protection of patient information.
 

No Kaspersky compromise

Dan Kaplan February 13, 2009

A forensic exam has confirmed Kaspersky Lab's initial findings that Romanian hackers did not compromise any personal data when they launched an SQL injection attack against the anti-virus company's U.S. support site. David Litchfield of Next Generation Security Software said in a Thursday report that other attackers, upon learning of the vulnerable site at usa.kaspersky.com, attempted to access data but also were unable. — DK
 

F-Secure suffers attack

February 12, 2009

F-Secure joins Kaspersky Lab and a partner site of BitDefender as the latest security firm to have its website tampered with by a Romanian hacker group. F-Secure's site succumbed to an SQL injection attack after hackers found a vulnerable page that did not properly validate input. The hackers said the database leaked malware statistics but no personal information. F-Secure said the incident was a learning experience but "not the end of the world." — DK
 

RIM wins battle for cryptography company Certicom

Chuck Miller February 10, 2009

Certicom said this week that VeriSign will not attempt to match the takeover bid offered by Research In Motion.
 

Kaspersky regrets hack but determines no data was leaked

Dan Kaplan February 09, 2009

Romanian hackers could have exposed the database contents of Kaspersky Labs' customers after they were able to compromise the anti-virus company's website on Saturday.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Virus Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Compliance Data Loss Prevention Data Theft Security DDoS Endpoint Protection External Threats Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Privacy Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws