On the web:

• Attack of the New Bank Fees - WSJ.com
• Rare Legal Fight Takes On PCI Security Standards and Fines - Wired.com
• La Caixa, Visa Europe to Blanket Barcelona with Contactless Payments - American Banker
• Swedish Carriers Pick Mobile Wallet Suppliers - NFC World
• Verizon Versus Google Wallet - IEEE Spectrum

On the wires:

• MaxMind and TeleSign Partner to Provide Best-in-Class Multilayer Fraud Prevention
• Moneris Launches PAYD, a New Mobile Payment Processing Service

ControlScan has released the results of a study it recently completed with acquirers on Level 4 Merchant PCI Compliance.

94% percent of acquirers have a PCI program in place for their Level 4 merchants with 57% saying their merchants see value in their PCI program. More importantly, 70% of acquirer respondents believe their PCI program reduces small merchant data breaches.

The survey was completed in October 2011 by 146 banks, processors and ISOs with Level 4 merchant portfolios ranging from less than 1,000 accounts to more than 50,000.

A study recently published by SecurityMetrics shows 71% of merchants who entered the study were found to store unencrypted payment card data in 2011, which is an increase of 8% since 2010.

"There's so much going on in the security industry that it's sometimes difficult to target the most important things," said SecurityMetrics CEO Brad Caldwell. "We think these findings are a game changer for the security industry, and will help focus priorities on the bigger problem plaguing merchants today. After all, criminals can't steal card data merchants don't have."

On the web:

• Square, the iPhone Credit Card Machine, Goes Mainstream - The Atlantic Monthly
• Free Checking Thrives at Smaller Banks, Durbin Notwithstanding - American Banker
• Carriers to Invest $100 Million in Isis Mobile Payments Venture - Mobiledia
• Will ModoPayments Finally Monetize Check-In? - TechCrunch
• Sizing the Mobile Payments Market - eMarketer

On the wires:

• X-Cart and CRE Secure Partner to Eliminate PCI Scope for eCommerce Merchants
• GlobalCollect Joins Demandware LINK to Provide Pre-Built Integrations to Retailers
• SHAZAM Supports Adaptive Payments' Pentagon Mobile Payment Technology

Visa has announced plans to accelerate the migration to EMV contact and contactless chip technology in the United States. "The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions that support either a signature or PIN at the point of sale."

"By encouraging investments in EMV contact and contactless chip technology, we will speed up the adoption of mobile payments as well as improve international interoperability and security," said Jim McCarthy, global head of product, Visa Inc. "As NFC mobile payments and other chip-based emerging technologies are poised to take off in the coming years, we are taking steps today to create a commercial framework that will support growth opportunities and create value for all participants in the payment chain."

"Findings from a new survey of eCommerce merchants released today by CyberSource and Trustwave show that nearly 70% of respondents cited the need to 'protect the brand' as the primary driver for tightening controls against hackers and other payment security risks." Only 26% said avoiding PCI compliance fines were the key motivator.

On the wires:

• 25% of Mobile Network Operator Survey Respondents Not PCI DSS compliant
• MICROS Launches MICROS Payment Gateway Globally With Integration to Planet Payment
• ROAM Data Adopts New Visa Mobile Payment Security Best Practices

On the web:

• TechCrunch: BillGuard Will Track Hidden Fees And Billing Errors On Credit Card Bills
• Bloomberg: Google Said to Plan Mobile-Payment Service Unveiling in New York
• RIS News: Home Depot Hits 100,000 Mobile POS Transactions Per Week
• New York Times: Square Tries to Make Wallets Obsolete
• The Telegraph: 'Wave and Pay' Mobile Phone Spells the End for Cash

On the wires:

• Survey: Card Fraud Experts Warn Against Looming Mobile Payment Fraud Risk
• SecurityMetrics Introduces Network Threat Sensor to Simplify PCI-DSS Compliance
• TSYS Signs Merchant Services Agreement With Caledon Card Services
• NXGEN International Partners with Elavon to Expand European Footprint
• PayCommerce Offers Cloud-Based SMB Payment Suite Reseller Subscription Plan
• Elastic Path Launches Ecommerce on the Google Cloud
• Carta Worldwide Integrates MasterCard Mobile Over-the-Air Provisioning Service (MOTAPS)
• OpenCuro To Demonstrate New Online Payment System at FinovateSpring 2011

On the web:

• NPR: Banks, Retailers In Lobbying Race Over Debit Fees
• TechCrunch: Sequent Software Raises Funding, Aims To Simplify NFC Mobile Payments
• American Banker: ProPay s Zumogo Mobile Payment App Gets Social
• FierceFinance: Bank of America Ponders New Ways to Charge Overdraft Fees (via SMS Opt-In)
• CNET: Intuit Eyes NFC for Mobile Payment System
• GoMo News: India's Interbank Mobile Payment Service Finally Includes Merchants

On the wires:

• Cardtronics Enlists Lexcel for Payment Network Testing
• Ethoca Partners with NCFTA, Launches FraudStop Service

On the web:

• Wall Street Journal: Google Pursues Role in Mobile Payments
• Portals and Rails: The nitty gritty of money transfer operators (MTOs)
• Mobile Commerce Daily: Mobile commerce and shopping experiencing phenomenal growth rates
• Wall Street Journal: Is Your Charity Chiseling You?
• paidContent: The NYT Pay Plan’s Most Dangerous Foe: Perception
• ETA Blog: Merchants Still Far From PCI Compliant
• China Daily: UnionPay network works well, competition not needed
• LINC New York: Innovations in Payment and Marketing in Web, Mobile and Social Networking

On the wires:

• IP Commerce Strikes a Distribution Agreement with ReD
• Western Union, Emirates NBD Bank to Offer International Money-Transfer Service in UAE
• ChargeSmart Introduces New Bill Presentment and Hosted Payments Portal
• NEFCU Implements Guardian Analytics for Fraud Prevention
• Aconite announces Mobile Prepaid Solution

On the web:

• All Facebook: Facebook Creates Payments Subsidiary
• MoneyControl: PlaySpan-Visa deal: How it all happened (Video Interview with PlaySpan CEO)
• StorefrontBacktalk : PCI Delist Move Threatens Mobile Payment Security

nuBridges has announced nuBridges Protect Tokenization as a Service (TaaS), the "first cloud-based tokenization service for national and multi-national companies that want to protect Personally Identifiable Information (PII) and Electronic Health Records (EHR) to improve security, reduce risk, ease compliance and minimize data security costs. Hosted by Verizon Business on its Computing as a Service (CaaS) platform, the new service is equally adept at protecting payment cards to help merchants comply with the Payment Card Industry’s Data Security Standard (PCI DSS)."

Headline News is compiled by Glenbrook Partners:

• Visa Sells Minority Stake in Brazilian Prepaid Issuer CBSS
• Zuora's January '11 Release Delivers New Subscription Pricing Power and Reduces Credit Card Fraud
• New Mercator Report on the Evolution of Payment System Risk Management
• Cynergy Data Selects Voltage Security for PCI-Compliant Email With Customers

• TechCrunch: Android In-App Payments Coming Soon — Were Delayed Because Developers Were Busy
• RetailWire: Retail TouchPoints: Starbucks, Disney and Guess Up The Ante With Mobile
• Visa Viewpoints: Barney Frank: Debit Card Provisions Need Amending

Headline News is compiled by Glenbrook Partners:

• Foregenix launches FScout Enterprise to Help Organizations Achieve PCI-DSS Compliance
• Smart Card Alliance to Provide Full-day Open Bank Card Payments Workshop for Transit
• Acculynk Bringing PaySecure to the Mobile Channel

• SpringWise: SwipeGood: Rounding up Credit Card Purchases Creates a Monthly Donation to Charity
• postalnews blog: USPS to try selling gift cards at post offices
• Digital Transactions: Acquirers Will Benefit from Durbin, But Gain Could be Short-Lived
• BostInnovation: Mobile Self-Checkout AisleBuyer Looks to National Retailers in 2011

Cisco has unveiled the results of a survey conducted by InsightExpress of 500 information technology decision-makers to uncover and qualify current sentiment on PCI DSS five years after the standard emerged. Surprisingly, respondents think PCI compliance has been more beneficial than not:

• 70% of survey respondents feel that their organization is more secure than it would be if PCI compliance were not required
• Of the survey respondents, 87% believe that the PCI requirements are necessary for protecting cardholder data
• 60% of respondents suggested that PCI-compliance projects can drive other network or network security projects

Headline News is compiled by Glenbrook Partners:

• Braintree Launches Card-Not-Present End-to-End Encryption Solution
• First Paid Healthcare Solutions Now Available in Puerto Rico
• MasterCard and Gemalto Partner on Global Card Replacement Services
• First Data Consolidates Operations and Management of its Business

• CUinsight: New Era Begins for NACHA Operating Rules and Guidelines
• NetBanker: Google Launches More Financial Product Comparison Pages: Savings Accounts, Checking, CDs, and Mortgages
• CNNMoney: U.S. Treasury Launches Tax Refund Prepaid Debit Card
• PayPal Blog: PayPal Opens New Customer Support Center in Malaysia
• BAI Banking Strategies: Leveraging ATMs for the ‘Bank of Mom and Dad’

Headline News is compiled by Glenbrook Partners:

• Protraction, Complacency And Ignorance: PCI DSS Compliance In Disarray Amongst UK Contact Centres
• Think Introduces Real Cost-Per-Action (CPA) Advertising with FaceCash Coupons

• Slate Magazine: The Fed Enters the Skirmish Over Debit Card Fees
• Visa Blog: Congressional Leaders Voice Concern Regarding Federal Reserve Debit Rules
• Rethink Wireless: Orange Leads NFC Charge in Europe
• Bloomberg: Danaher Said to Offer 1.44 Billion Euros for Ingenico

Braintree has announced availability of Luhn-10 Tokenization, a key feature to helps merchants better address PCI compliance requirements. "Braintree has also enhanced its innovative Transparent Redirect technology by adding support for applications written in Flash. This is particularly important as an increasing number of Web 2.0 merchants work to make the payments experience as seamless and frictionless as possible."

Amazon Web Services has announced that "it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Merchants and other service providers can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud."

Headline News is compiled by Glenbrook Partners:

• New Mercator Report on Closed-Loop Gift Cards
• US-Based Shift4 Becomes First Hosted Gateway Certified for Canadian EMV
• New Celent Report on The Future of Consumer Remote Deposit Capture (RDC)
• PCI QSA Determines Heartland Payment Systems' E2E Encryption Solution for Terminals Can Reduce PCI Scope by Up to 79%

• American Banker: Stay with Me - Mobile Pay System Ties Buyers to One Card
• MSNBC Red Tape Chronicles: Friendly Fraud
• SFgate: Facebook Testing Out A "Pay Later" Option For Credits
• MIT Technology Review: How Mobile Phones Jump-Start Developing Economies
• The Moscow Times: Russia Government Drafts E-Payment Rules
• Portals and Rails: The Continuing Challenge of Workplace Fraud in Financial Services

According to a new survey conducted by ControlScan and Merchant Warehouse, Level 4 Merchants (small-to-medium sized businesses) are all over the map on PCI awareness and compliance. 91% of the larger Level 4 merchants (over 50 employees) are familiar with PCI DSS, but only 45% of the smaller merchants (1-10 employees) are familiar. eCommerce merchants were more aware of PCI compliance than their brick-and-mortar retail counterparts (60% versus 37%).

The PCI Security Standards Council (PCI SSC) has announced the availability of separate guidance papers on the use of end-to-end (E2E) encryption and EMV technologies in a payment card data environment. The documents are intended to provide the market with greater clarity on how these two specific technologies relate to the PCI Security Standards and impact PCI DSS compliance.

Akamai Technologies has announced a new Edge Tokenization payment security service that is seamless and undisruptive to a retailer's existing eCommerce workflow. The Akamai solution enables card data to be converted to a token prior to Web transactions landing on a merchant's infrastructure.

First Data today announced the public availability of the First Data TransArmorSM solution. TransArmor protects payment card data from the moment it enters the merchant environment by replacing the card data with a token number that preserves the value of card data for merchant business operations but removes all value for fraudsters. As a result, "merchants are able to significantly reduce the scope, risk and costs associated with Payment Card Industry (PCI) compliance without requiring new hardware or extensive changes to existing business processes."

DataPortability.org, the largest data portability group on the U.S., has recently embraced credit card data portability as one of its key initiative areas.

The Credit Card Data Portability Standard is supported by an opt-in community of electronic payment processing providers (service providers) that agree to provide credit card data and associated transaction information (sensitive data) to an existing merchant upon request in a PCI Compliant manner.

RSA has publised a new security brief titled "Secure Payment Services: Card Data Security Transformed" which is available for download from their website. According to the company, "the new RSA Security Brief introduces a model for outsourcing credit card data security called "secure payment services." Secure payment services transfer safeguarding card information to outside service providers, improving electronic card data security while simultaneously reducing the time, complexity and cost of achieving PCI compliance for merchants."

First Data Corp. has published a new white paper titled "Where Security Fits in the Payment Processing Chain" that provides an overview of security vulnerabilities and identifies cost-effective technology-based solutions that are readily available today to help merchants security sensitive data and improve their PCI compliance.

Heartland Payment Systems has announced the commercial launch of its new payment card security technology. According to the company, "Heartland has spent more than two years developing and ten months beta testing and iteratively improving this end-to-end encryption technology — called E3™ — that is designed to protect cardholder credit and debit card data, rendering scrambled data useless to cybercriminals." READ MORE »

First Data Corporation has announced it has expanded the merchant pilot of the its TransArmor data security solution to more than 400 U.S. merchants. FDC's TransArmor solution was developed in partnership with EMC Corporation and "addresses the root cause of merchant data security issues by removing payment card data from the merchant environment as part of processing the transaction, significantly reducing risk and the scope of PCI compliance efforts." READ MORE »

The Federal Financial Institutions Examination Council (FFIEC) has released an updated Retail Payment Systems Booklet that replaces the version issued in March 2004. The booklet is one of 12 that, in total, comprise the FFIEC IT Examination Handbook. The OCC commented: "The updated booklet incorporates developments in various aspects of retail payments activities since the first edition was issued and provides guidance on the risks and risk-management practices applicable to national banks. The booklet’s enterprise-wide perspective makes it a valuable tool to an entire organization in addition to an information technology department."

Javelin has announced a new report titled "End-to-End Encryption, Tokenization, and EMV in the US: Vendor Analysis of Emerging Technologies and Best Hybrid Solutions" that "assesses the capabilities of end-to-end encryption, tokenization, virtual terminals, magnetic-stripe security and the EMV standard as solutions to combat payment-related data breaches." READ MORE »