Payments News from Glenbrook Partners
Glenbrook   Book   Education   Views   Archives   Store   Advertise   About         SUBSCRIBE:


Welcome to the News View for "Security".

Here, on these archive pages, you'll find all of the articles on Payments News for Security listed in date sequence beginning with the most recent article at the top of the page.

Click here for a complete listing of what's available in the Payments News Archive - organized by both posting date and subject category.

Subscribe to Payments News!

December 01, 2014

Headline News from - December 1, 2014

Welcome to December!

  • It's hard to believe that we're down to the last month of 2014! It's been quite a year for payments! Has anything changed in your life this year about how you make payments? If so, tell me about it!

On the Web:

  • Payments on Fire Podcast #11 – Bitcoin, Banking, and Crypto 2.0 Approaches - - "Glenbrook’s George Peabody discusses Bitcoin and blockchain evolution with Sean Safahi, co-founder and CEO of Bold Financial Technologies, a provider of math-based currency services to the banking industry."
  • Bankers: First Data IPO Rapidly Approaching - "The company, through its CEO Bisignano, has been suggesting that KKR wants to cash out of the investment in the next year if possible."
  • Health-Care EFT Transaction Volume Via the ACH Grows Nearly 180% in a Year - Digital Transactions - "The new volume flows through the ACH network under a business-to-business transaction code known as CCD+Addenda (for cash concentration or disbursement)."
  • What Happens When You Swipe Your Card? - CBS 60 Minutes - "Even the strongest banks in the world-- banks like JPMorgan, retailers like Home Depot, retailers like Target -- can't spend enough money or hire enough people to solve this problem."
  • Shopping on a Phone Is Still Uncommon but Growing Fast - New York Times -“These cellphones are with us all the time, so why should you be doing Christmas shopping only at home? Why shouldn’t you do it while you’re on the subway, waiting for the bus, at the cafe?”
  • PayPal Reports Record-Breaking Number Of Black Friday Shoppers And Sales On Mobile - TechCrunch - "Based on its online commerce data, the company reports having seen a 47% increase in PayPal global mobile payment volume on Thanksgiving compared with Thanksgiving 2013, and a 62% increase for Black Friday 2014 over last year."
  • Thanksgiving Weekend Sales, at Stores and Online, Slide 11 Percent - New York Times - "The results could show that “there are a significant number of Americans out there for whom the recession is not yet over,” said Matthew Shay, the group’s president and chief executive."
  • Credit Card Rewards: The Deals Get Sweeter - Wall St. Journal - “Issuers are getting more aggressive in terms of what they’re willing to dangle to acquire new customers,” says Curtis Arnold, founder of, a credit-card comparison website. “It’s an arms race.”
  • Cashless Society? It’s Already Coming - New York Times - "When you are out shopping, it’s the wallet, not the credit card, that is the annoyance. It’s bulky. It can be forgotten, or lost. I’ve learned while traipsing about buying stuff with my ApplePay that I can whittle down wallet items that I need to carry to three..."
  • "Banks As Commodity Utilities In A New Payment World - TechCrunch - "To stay relevant, banks must embrace the technology-driven changes and look for new opportunities rather than protecting and preserving antiquated business models."
  • Are universal credit cards the next thing? - Geektime - "Coin recently started shipping their long awaited universal credit card to early bakers in the US, in a very overdue timing. But meanwhile, other universal credit cards companies entered the market, which makes you wonder if this is the next big thing."

On the Wires:

  • Intel Acquires PasswordBox, an Award-Winning Digital Identity Manager - “Everyone can relate to password fatigue. The PasswordBox service has already brought relief to millions of consumers who now enjoy simple, instant login,” said Chris Young, senior vice president and general manager of Intel Security Group.
  • BCG and SWIFT publish annual Global Payments report - "The aim of the report is to provide payments and transaction-banking institutions with a comprehensive overview of major business drivers shaping the industry. It also provides the reader with recommendations on which specific actions should be taken by various types of players in order to achieve or maintain market-leading positions. In today's competitive environment, financial institutions must differentiate themselves and bring value to continue to grow."

Updates from Glenbrook:

Note: Headline News is compiled by Glenbrook Partners. Throughout the day, as we spot interesting developments, this post is updated. Do you have news to share? Tell us here:!

November 03, 2010

RSA Unveils New Solution to Deliver End-To-End Data Security

RSA_logo-140px.pngRSA has announced the general availability of the RSA Data Protection Manager, which "combines tokenization and application encryption, two popular application-based controls, with advanced token and key management to deliver end-to-end data security." RSA tokenization technology is currently used with partners like First Data Corporation and VeriFone to secure payment card data.

September 27, 2010

New Payment Tokenization Service Unveiled for the Akamai Cloud

akamai_logo_140px.pngAkamai Technologies has announced a new Edge Tokenization payment security service that is seamless and undisruptive to a retailer's existing eCommerce workflow. The Akamai solution enables card data to be converted to a token prior to Web transactions landing on a merchant's infrastructure.

September 21, 2010

Litle Provides Integrated Payment Tokenization Platform

litle_logo_140px.pngLitle & Co. has announced the availability of Litle Vault, an integrated tokenization solutions that enables CNP merchants to safely remove sensitive cardholder data from their systems without disrupting the integrity of their existing card transaction-based processes. "Delivered through the Litle payment processing platform, merchants can then use tokens in place of credit card numbers for all successive payment transactions including authorizations, deposits and chargebacks."

September 17, 2010

Survey Says Perceptions About Online Security Vary Significantly By Country

survey_graphic_140px.pngA recent survey commissioned by F-Secure found that online users in Finland, Germany, Malaysia, Poland, Sweden, the UK and the United States show striking variations in their experiences and perceptions of the online risks. Specific to payments, the survey results shows that payment card crime is the most prevalent in the US, where 32% of the respondents personally experienced it or knew someone who has been a victim. Malaysia (27%) and UK (27%) also reported a relatively high level of credit card crime; the lowest incidence was in Poland (11%) and Finland (12%).

September 10, 2010

Cybercriminals Creating Nearly 60,000 Fake Websites Each Week

Panda Security's anti-malware laboratory (PandaLabs) reports that hackers are creating 57,000 new websites each week that exploit many of the major high-profile brand names. In the investigation, PandaLabs found that banks by far comprise the majority of fake websites with 65% of the total. Online stores and auction sites are also popular at 27%, with eBay taking the spot as the #1 most targeted brand on the Web today. Western Union was the #2.

July 14, 2010

Visa Releases Global Best Practices for Card Data Tokenization

visa_logo-140px.jpg Visa has announced global industry best practices for card data tokenization.
Based on Visa's experience working with the industry and also insights from data compromise investigations, the tokenization best practices are the latest in a series of guidance to help merchants reduce or eliminate sensitive card data from payment systems and simplify data security and compliance efforts. Tokenization is the process through which a credit or debit card's 16-digit primary account number (PAN) is replaced by proxy numbers.
In a related announcement, Visa is clarifying existing operating regulations to ensure that acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.

Visa's Best Practices for Tokenization, Data Field Encryption, and PAN Storage and Truncation may be found online at READ MORE »

February 26, 2010

FFIEC Updates Retail Payment Systems Booklet

The Federal Financial Institutions Examination Council (FFIEC) has released an updated Retail Payment Systems Booklet that replaces the version issued in March 2004. The booklet is one of 12 that, in total, comprise the FFIEC IT Examination Handbook. The OCC commented: "The updated booklet incorporates developments in various aspects of retail payments activities since the first edition was issued and provides guidance on the risks and risk-management practices applicable to national banks. The booklet’s enterprise-wide perspective makes it a valuable tool to an entire organization in addition to an information technology department."

January 20, 2010

Thales, Voltage Security Announce Partnership for Payments Security

Thales and Voltage Security have announced a "technology integration and partnership centered around delivering end-to-end encryption and key management solutions for the payments industry and broader enterprise security applications. Through the partnership, the two companies have worked together to integrate Voltage SecureData technology with Thales hardware security modules (HSMs) for customers, Heartland Payment Systems being an example." READ MORE »

January 08, 2010

Ingenico Introduces End-to-End Security Solutions for Merchants

Ingenico has announced a "comprehensive strategy to provide secure end-to-end solutions to assist merchants in complying with the PCI Data Security Standards." Ingenico says its strategy addresses the entire payment transaction process including: data in flight, data at rest, and architecture. READ MORE »

January 05, 2010

FS-ISAC Plans Cyber Attack against Payment Processes (CAPP) Exercise

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a forum for sharing information about attacks, threats, vulnerabilities, and risk mitigation practices in the financial services industry, has announced that it is planning "a nationwide cyber attack simulation exercise to test the ability of financial institutions, processors, businesses and retailers to respond and recover from major cyber attack incidents that could impact their payment processes." READ MORE »

December 31, 2009

Small Businesses - Dedicate a PC for Online Banking Activities

In an article titled "Cybercrooks stalk small businesses that bank online", Byron Acohido writes for USA Today about how small businesses are being targeted by fraudsters seeking to gain online banking account userid's and passwords. According to Acohido, "the American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking."

June 30, 2009

Heartland Completes First Phase of End-to-End Encryption Pilot

HeartlandPayments_logo-140px.jpgHeartland Payment Systems has announced that yesterday it successfully completed the first phase of its end-to-end encryption pilot project. According to the company, "this first step involved the transmission of live AES (Advanced Encryption Standard)-encrypted card transactions from a merchant to Heartland’s processing platform. AES is the highest level of encryption and is currently on track to replace DES (Data Encryption Standard) and Triple DES as the desired standard for sensitive data."

Earlier this month Heartland announced it was working with Voltage Security to develop its end-to-end encryption approach. READ MORE »

June 17, 2009

Heartland Selects Voltage Security for End-to-End Encryption

HeartlandPayments_logo-140px.jpgHeartland Payment Systems has selected Voltage Security as a partner to develop end-to-end encryption (E3) software specifically suited to payments processing.

“Heartland is developing a complete end-to-end encryption solution designed to protect cardholder data at all stages of a transaction – from card swipe through delivery to the card brands,” said Bob Carr, Heartland’s chairman and chief executive officer. “Together with Voltage, we are developing a comprehensive solution that currently does not exist.” READ MORE »

May 29, 2009

Voltage Security Introduces Data Breach Index

Voltage Security has introduced the Voltage Data Breach Index, a single at-a-glance view into the state of national and global data breaches.

According to Voltage, "the visual map brings data breach reporting to life, summarizing historical and real-time breaches, size and scope, types of records, regions affected, industry and more. Perhaps most interesting is that patterns in the data enable the creation of a predictive data breach model. This model predicts, for example, that 14 data breaches will, over the next year, each expose 1,000,000 or more records to potential use by criminals. And, at least one breach of over 10,000,000 records will affect nearly 5 percent of the U.S. population." A white paper is also available.

April 15, 2009

Verizon Business 2009 Data Breach Study

More electronic records were breached in 2008 than the previous four years combined, fueled by a targeting of the financial services industry and a strong involvement of organized crime, according to the "2009 Verizon Business Data Breach Investigations Report" released today. Full press release here. READ MORE »

March 25, 2009

Bank Fraud Forum Blog Launched

The Bank Fraud Forum Blog has been launched by Memento Security.

Fraud is a serious issue that deserves serious discussion. The Bank Fraud Forum℠ has two primary objectives: 1) to convey insights, opinions and comments on the world of financial crime, and 2) to serve as an open, albeit virtual, forum for the fraud fighting community. Our goal is to offer intelligent, timely and thought-provoking analysis of trends, news, best practices and more.

March 19, 2009

Visa Holds Global Security Summit

Visa chief enterprise risk officer Ellen Richey told security experts today that payment card data fraud rates remain near historic lows despite economic woes and high-profile compromises, and called for continued industry investment, collaboration and innovation, three key components in keeping the electronic payment system secure in the future. She made her comments to a gathering of business, government, academic and law enforcement officials at Visa's Global Security Summit, its third cross-functional symposium on payment security, held in Washington, DC. READ MORE »

February 12, 2009

Voltage SecureData Provides End-to-End Encryption of Data

Voltage Security has announced major enhancements to Voltage SecureData, supporting more environments and platforms, including end-to-end encryption across distributed environments such as those used by retail and payment processors. "Voltage customers are finding it easier to protect their data end-to-end, comply with regulations and protect sensitive customer information from the moment it is collected." READ MORE »

February 06, 2009

Data Breaches: What the Underground World of “Carding” Reveals

Kimberly Kiefer Peretti of the Computer Crime and Intellectual Property Section of the US Department of Justice has authored a paper titled "Data Breaches: What the Underground World of “Carding” Reveals" icon_PDF_small.gif to be published in the Santa Clara Computer and High Technology Journal. READ MORE »

January 24, 2009

New Books on PCI-DSS Compliance

With all of the news this week surrounding the payment card data breach at Heartland Payments Systems, we've added a new section to the Payments News Bookstore with several new books covering the topic of PCI-DSS (Payment Card Industry-Data Security Standard) compliance. If you're aware of any we've missed, please send us Feedback and we'll add them to the bookstore.

In addition to these books about the subject, the PCI Security Standards Council website is a great starting point for learning more about PCI-DSS.

January 23, 2009

Heartland CEO Calls for Industry Cooperation to Fight Criminals

Heartland Payment Systems issued a press release today saying that it had "added more than 400 merchants to its client base in the past few days - exceeding results for the same period from last year" - and including a statement from founder, chairman and CEO Robert O. Carr on the response his organization has made to the announcement earlier this week of a payment card data breach at Heartland. READ MORE »

January 21, 2009

More on the Heartland Payment Systems Card Data Breach

Eric Dash and Brad Stone report for the New York Times on the payment card data breach announced yesterday by Heartland Payment Systems. The compromise may have occurred as early as last May but wasn't detected until late last fall.
The Heartland breach also showed that in spite of the adoption of more stringent standards and tougher oversight by banks and credit card companies, consumers are still vulnerable."
You can follow the discussion about the Heartland card data breach among Twitter users and on our Other Blogs page.

January 20, 2009

Heartland Payment Systems Announces Major Card Data Breach

Heartland Payment Systems has announced it has learned it was the victim of a security breach within its processing system in 2008. Heartland says it "believes the intrusion is contained." The company has created a website for "to provide information about this incident and advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers."

Brian Krebs reports for the Washington Post that the breach "may have led to the compromise of more than 100 million credit and debit card transactions."

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

January 11, 2009

Peter Wayner's New Editions

[Reposted from my personal blog:]

I happened to hear from Peter Wayner that he's got new editions of both his Disappearing Cryptography (third edition) and Translucent Databases (second edition) now available.

Disappearing Cryptography is available from Amazon while it looks like Translucent Databases, for the moment anyway, is only available on the publisher's web site.


December 23, 2008

Legislative Responses to Data Breaches, Information Security Failures

The Payment Cards Center of the Federal Reserve Bank of Philadelphia has published a new discussion paper titled "Legislative Responses to Data Breaches and Information Security Failures" icon_PDF_small.gif by Philip Keitel. READ MORE »

June 24, 2008

TowerGroup Worries about Nonbank Personal Finance Web Sites

In a new report titled "The Impact of Online Personal Finance Offering: The Good, the Bad, and the Ugly", TowerGroup analyst George Tubin finds the capabilities of new non-bank online personal finance web sites are of interest but raises concerns about whether the sites have "adequate fraud prevention capabilities to protect both the consumer and the bank from account takeover and identity theft." READ MORE »

May 29, 2008

Attacking NFC Mobile Phones

In a post titled "Attacks on NFC mobile phones demonstrated", Dancho Danchev writes for ZDNet on last week's presentation by Collin Mulliner icon_PDF_small.gif at the EUSecWest conferece in London.

May 23, 2008

Trusteer Partners with ING DIRECT

ING DIRECT has announced that it has partnered with Trusteer to become the first US bank to offer Trusteer’s Rapport consumer Identity Theft protection software free to all of its customers. READ MORE »

May 20, 2008

Unisys Security Index Finds Bank Customers Concerned

The latest U.S. results of the Unisys Security Index find that Americans are more concerned than they were seven months ago about national security issues and health epidemics and are increasingly concerned about financial security issues and worries about identity theft. READ MORE »
Payments News on Facebook