by Ty Hardison

EMV shift could change hackers' focus to CNP transactions

Ian Murphy of RetailDive suggests the adoption of EMV systems will cause hackers to focus on card-not-present (CNP) transactions.

The 2015 EMV deadline arrives in October and many experts have speculated about how the widespread implementation will change the nature of cyberattacks. On this blog, we've discussed predictions that hackers will use all of their old tricks up until the EMV deadline in order to capitalize on the closing window of opportunity. However, Ian Murphy of RetailDive suggests the adoption of EMV systems will cause hackers to focus on card-not-present (CNP) transactions. 

"CNP fraud is expected to more than double from a total of $2.9 billion in 2014 to $6.4 billion in 2018," explains Murphy. "And as an EMV transition proceeds in the United States, fraud will shift from card-present transactions to other types of card payments that so far lack stringent protocols for authentication, says … more

Penetration tests should be sophisticated and controlled

PYMNTS spoke to Graham Steel, CEO of Cryptosense, a company that creates software for testing vulnerabilities in secure systems.

Earlier this year, we discussed the importance of conducting penetration tests. Recently, PYMNTS spoke to Graham Steel, CEO of Cryptosense, a company that creates software for testing vulnerabilities in secure systems. According to the site, Cryptosense focuses on back-end security gaps in PINs, security keys and other forms of encoded information. 

"What we usually find are just little mistakes, little configuration errors or small things that are being done wrong," said Steel. "The things we find wrong are often easy and simple but they are hidden among all the other functions that are found in payments back office application. They are shallow, but they are hard to find because of all the other layers."

One of the best ways to ensure that your system … more

Most merchants say high-profile breaches have served as wake-up call

Although a significant number of merchants have been proactive about reviewing their payment security strategies, 69 percent is far from 100 percent.

After a year of high profile breaches, some might assume that merchants are on high alert about payment card security. And while a majority say that the spate of compromises has caused them to think seriously about the issue, about 30 percent say the media attention has had little effect on their approach to data protection. 

On this blog, we just discussed the findings of "Data Security in the Evolving Payments Ecosystem," a report by Experian and the Ponemon Institute. One of the study's areas of focus was on the response from merchants in relation to breaches at companies like Target, Home Depot and Michaels.

"Sixty-nine percent said highly publicized data breaches did increase their awareness about securing their payment processes," summarizes Roy Urrico of Payment Union … more

Study shows merchants value convenience over security

Despite the hype that surrounds new payment methods, the most important aspect of data security is doing what you do, well.

It seems that each week there's a new payment method on the market. Whether it's the launch of a new mobile payment platform or the looming October deadline for EMV migration, merchants may feel a sense of urgency to implement systems that give their customers a variety of options for purchases. However, a new study by Dublin, Ireland-based Experian and the Michigan-based Ponemon Institute found that retailers may need to realign their priorities when it comes to new payment platforms. 

"While risk and security concerns loom, large and new technologies are being deployed because they offer vastly improved customer convenience. Throughout our study, we found a large percentage of companies are likely to keep moving forward with deployment of new technologies … more

Are retail storefronts primed for a comeback?

physical retail spaces have their own array of advantages when it comes to delivering on value propositions.

Much has been written about the threat that ecommerce sites pose to brick-and-mortar retail operations. However, some experts say the tide may be shifting in favor of traditional storefront retailers. 

This led Karen Webster of PYMNTS to ask the question: "Is physical retail a threat to Amazon?"

"Amazon is largely correct that consumers are driven by convenience, selection and price. But in a connected device world, those words now mean different things," she writes in an op-ed. "And the combination of smart devices and technology is helping retailers large and small and on and offline respond to how consumers now interpret what it means to deliver 'convenience.'"

This is to say that physical retail spaces have their own advantages when it comes to delivering on value … more

Target to pay $19 million settlement following breach

This month, it was announced that Target will pay as much as $19 million to MasterCard and banks to address losses sustained by customers.

The last year has been rocky for payment card security. With a spate of high-profile breaches in the retail industry, corporations face costly settlements to rectify the damage caused by compromised payment card data. This month, it was announced that Target will pay as much as $19 million to MasterCard and banks to address losses sustained by customers. 

"Under the agreement, Target will make available up to $19 million in alternative recovery offers to eligible banks and credit unions across the globe," MasterCard said in a statement. "These funds will settle their claims for operational costs and fraud-related losses on MasterCard-branded cards believed by MasterCard to have been affected by the data breach."

While the money will have a restorative effect for individuals and … more

Banking industry leaders endorse new cybersecurity bill

A new congressional bill titled

A new congressional bill titled "Data Security And Breach Notification Act of 2015" aims to increase intelligence and awareness about threats against consumer data. According to PYMNTS, the legislation is designed to enhance standards for data protection and alert entities in the private sector about new vulnerabilities as they arise.

Sponsored with bipartisan support, the bill was introduced to the Senate this month by Sen. Tom Carper (D-Delaware), and Sen. Roy Blunt, (R-Missouri) and moved successfully through the House Energy and Commerce Committee under the guidance of Republican Rep. Marsha Blackburn and Democrat Peter Welch.

One of the requirements of the bill is that businesses must inform customers within 30 days of a breach that their personal information … more

Discover partners with Apple Pay

In order for a new payment platform to take off, it requires the support of merchants and credit card companies. If neither gets behind the new technology, it will have little hope of success. That's why the news this week that Discover will partner with Apple Pay is so important: According to the Associated Press, now all major credit card providers are on board with Apple's mobile payment system. 

The AP report suggests that the decision came after "months of complaints" from customers that Discover hadn't yet addressed Apple Pay compatibility. 

"As the mobile payments landscape matures, Discover remains committed to giving cardmembers secure options for using their cards and mobile devices," Diane Offereins, Discover's president of payment services, said in a statement. … more

85 percent of Apple users haven't tried Apple Pay

For both consumers and businesses, the advent of payment systems like Apple Pay represent a new avenue of revenue and payment processing options.

For both consumers and businesses, the advent of payment systems like Apple Pay represent a new avenue of revenue and payment processing options. And while some have been quick to trumpet the turning tide in favor of mobile payment processing, adoption rates lag behind the hype. 

According to PYMNTS.com, 85 percent of Apple users have yet to try the service, indicating an attachment to old payment methods. A November report by the site and InfoScout found that in November 2014, total usership among iPhone 6 owners was a mere 5 percent, which grew to 6 percent by March of this year. 

"Ask most people what the state of mobile payments is today, and they'll tell you it's just kicking off," explains Alix Murphy of TechCrunch. "With Facebook announcing the option to send … more

Hospitality industry routinely the target of breaches

hotels at any price point or clientele can be susceptible to attacks if their payment processing systems aren't up-to-date, continuously monitored and compliant.

The hotel management industry processes payments on many different fronts. From the front desk or concierge to the lobby bar, guests at hotels face many different locations and platforms to purchase goods, services and amenities. A Wells Fargo report called "Understanding the impact of a data breach on your hotel or resort" provides a log of high-profile and damaging attacks perpetrated by members of the public and hospitality employees to compromise customer payment data. 

Those entities range from high-end luxury resorts to travel agencies and motel chains, indicating that hackers don't discriminate when it comes to stealing data. Moreover, it shows all participants in the hospitality industry can be susceptible to attacks if their payment processing systems aren' … more