It's easy to look at the payments landscape and see only the flaws. But payment card security has come a long way in the past 10 years, thanks in large part to the PCI Data Security Standard. How will card security be refined in the coming decade?
The breach of an offshore account owned by Union Bank of India is raising new questions about the security of interbank payments, which often rely on antiquated backend verification processes that fraudsters seem to be compromising with relative ease.
An investigative report from Reuters paints a disturbing picture of the Federal Reserve Bank of New York using antiquated security practices to safeguard interbank SWIFT payments. Here's how security experts say interbank transaction security must be improved.
The Federal Reserve's strategy for oversight of the U.S. migration toward faster payments won't change in the wake of the heists that exploited SWIFT payments, says Fed official Marianne Crowe. The long-term security of U.S. payments has always been a priority for the Fed's study of faster payments, she says.
While many banks and merchants in Britain, France and Germany have long complied with the PCI Data Security Standard, deregulation has led organizations in other European countries to start taking PCI compliance more seriously and use it for competitive advantage.
Interbank messaging service SWIFT will begin collecting and sharing anonymized attack information and offering incident-response services - backed by Fox-IT and BAE Systems - to help hacked banks. But will financial institutions buy in?
The need for PCI-DSS compliance is being embraced in Southeast Asia and the Middle East, with adoption of PCI standards increasing dramatically over the last five years, says Dharshan Shanthamurthy, CEO of SISA Information Security, who shares insights about why PCI adoption is likely to continue to grow.
So why is Visa temporarily reducing the fraud chargeback burden on non-EMV-compliant U.S. merchants? Mark Nelsen, Visa's senior vice president, says it boils down to this: The card brand wants to give retailers a break while it takes steps to streamline the cumbersome certification of new POS devices.
Achieving international acceptance of PCI-DSS is an ongoing challenge, says Jeremy King, international director of the PCI Security Standards Council, who's working to educate merchants about baseline security that goes far beyond cardholder data protection.
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.
Reacting to strong complaints from retailers, three major card brands have finally taken steps toward reducing the amount of counterfeit fraud chargebacks to U.S. merchants, which began as a result of the EMV fraud liability shift last October. But was the action by the brands bold enough?
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.
Now that both the FBI and the FFIEC have issued alerts calling attention to the risks associated with interbank messaging and wholesale payments in the wake of SWIFT-related heists, U.S. institutions should brace for more regulatory scrutiny of bank-to-bank payments, financial fraud experts say.
Asking how many different technologies consumers will tolerate when it comes to paying for their goods and services is a bit like asking how many more superheroes moviegoers will countenance in the latest "Avengers" film.