Attorneys general in nine states say card issuers should move to chip-and-PIN, rather than chip-and-signature, as they roll out EMV. But are other issues, such as wider use of encryption and tokenization, more worthy of attention?
ATM fraud losses are increasing globally, and we can expect to see this trend continue as the U.S. ramps up its migration to EMV at the point of sale. Unattended terminals are easy to compromise, and they will always be among fraudsters' favorite targets.
Adjusting risk management strategies in the aftermath of the newly discovered hacker attack on Excellus BlueCross BlueShield, as well as other recent massive cyber-attacks, will be among the hot topics discussed at the Healthcare Information Security Summit in San Francisco on Sept. 17.
The FDIC says cybersecurity is a business continuity issue. So it's offering banks a series of videos and exercises to help them address key threats, including account take-over, malware infections and other risks related to third parties.
The outrage directed at Oracle Corp.'s security chief after a recent blog post in which she scolded third parties who scan the company's software looking for security flaws had a familiar ring: Do medical device makers have a similar cybersecurity attitude?
MasterCard is testing a smartphone app that lets users approve online transactions using facial recognition, via the equivalent of taking a selfie. But could such technology be spoofed, and will it reduce card fraud?
Breached dating website FriendFinder allegedly missed email warnings from security researchers that its site had been breached and customers' data was being sold on a "darknet" site. What can other businesses learn from that apparent mistake?
A proposed national data breach notification bill to usurp 47 state statutes could make it easier for businesses to notify consumers of a breach. But is that worth weakening PII protections some states offer? Massachusetts plans to do battle.
Israeli Prime Minister Benjamin Netanyahu may have been a bit premature to claim Israel has deployed a cyber "iron dome" to protect its critical IT and defense systems. But a new initiative under way will try to do just that.
If the NSA's meddling in NIST cryptography standards soiled the reputation of the National Institute of Standards and Technology, an amendment approved by the House of Representatives could help restore it.
Kentucky is now the 47th state to enact a breach notification law. While a national law superseding the widely varying state statutes is long overdue, the primary election defeat of House Majority Leader Eric Cantor makes passing such a bill tougher.
An analysis of the Target breach prepared for a Senate committee is a political document that might help its patron's agenda but doesn't go far enough to identify technical solutions to help enterprises avoid Target-like breaches.
One key way to reduce the risk of a breach is continuous improvement of information security programs. It's dangerous to put security controls in place and then walk away, thinking you're finished, warns security expert Kate Borten.
In case you missed ISMG's 2013 Fraud Summit - or even if you were there and want to share insights with colleagues - I'm pleased to announce the availability of a series of session videos featuring top fraud experts.