When taking steps to guard against fraudulent transactions through contactless payments, organizations must carefully balance the level of security versus customer convenience, says Sriram Natarajan, COO at Quatrro.
The PCI Security Standards Council is offering 40 percent lower fees for participating organizations in nations with lower-income economies. "We want to encourage countries in Africa and South Asia to get engaged with us," Jeremy King, international director at PCI SSC, tells ISMG in an exclusive interview.
Arizona-based Banner Health, which operates 29 hospitals, says it's notifying 3.7 million individuals that their data was exposed in a "sophisticated cyberattack." An initial attack against payment card processing systems apparently opened the door to the attackers accessing healthcare data.
As the PCI Security Standards Council celebrates its 10th anniversary, Troy Leach, the council's chief technology offer, offers his assessment of how its Payment Card Industry Data Security Standard could evolve in the next 10 years.
The PCI Security Standards Council envisions a single, globally-unified data security standard. Now that the European Card Payment Association is a strategic regional member, that goal is significantly closer, says Jeremy King, the council's international director.
Even though the U.S. is migrating to the EMV chip, Visa is still stressing the need for merchants to comply with the PCI Data Security Standard, says Eduardo Perez, the card brand's senior vice president of payment risk, in this video interview.
PCI-DSS will remain a viable standard even after EMV, as well as encryption and tokenization, become more common, argues Jeremy King of the PCI Council. He acknowledges, however, that the standard will have to evolve in light of changes in the payment system.
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
The U.S.'s move to EMV alone will not eliminate fraud because certain data elements could still be exposed in the breach of EMV card transactions, says Jeremy King of the PCI Security Standards Council, who highlights other essential security steps.
Experts debate the value of new PCI guidance for how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. Does the new advice go far enough?
Despite commitments by leading payment card brands to enhance security, some critics say the White House cybersecurity summit produced no specifics for how the public and private sectors will curb cyber-fraud.
As a result of the Home Depot breach, which compromised 56 million cards, credit unions have spent nearly $60 million dealing with card reissuance and fraud costs, according to the Credit Union National Association.
P.F. Chang's confirmed card breach has renewed debate about the state of security at U.S. merchants. The PCI Council's Bob Russo says that while there has been progress in recent months, the retail industry still has a long way to go.