New payment card security standards issued by the PCI Council include a number of improvements, plus some glaring omissions, such as requirements for mobile, security experts say. What are their chief concerns?
New requirements to mitigate payment card risks posed by third parties, such as cloud providers and payment processors, are a focal point of the PCI Security Standards Council's updated data security standard.
Senior leaders in business and government are buying in to the need for more cybersecurity investments as well as threat-intelligence sharing, new research shows. But why are they still struggling to hire the right security pros?
Organizations must develop a "defensible response" to data breaches and fraud incidents because of the likelihood of a regulatory investigation or legal action, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.
A $400,000 settlement in a case against a community bank in North Carolina for violations of the Bank Secrecy Act should serve as a reminder that anti-money-laundering woes are not just a big-bank issue, experts say.
Our inaugural Fraud Summit on Oct. 22 at the Meadowlands in New Jersey will feature an impressive lineup of information security leaders offering timely insights about practical risk mitigation strategies.
Regulators need to do a better job of notifying banks promptly when they find severe security flaws at third parties, especially core banking processors. And community banks need to collaborate on assessments of third-party risks.
Banks need to ensure they continuously monitor their cloud vendors, says Troy Wunderlich of Washington Trust, a community bank in Spokane, who outlines his institution's strategy for vendor management.
In the wake of an ongoing stream of merchant and payment processing breaches, the FDIC is reminding smaller banking institutions that they are ultimately responsible for ensuring the security of cardholder data.