Security and Fraud

Despite high use, Canadians concerned about safety of debit and credit card processing

• Subscribe to news feed
• Follow us on Twitter
• Join our Facebook page

No such thing as 'PCI in a box,' experts say

Debit card fraud increasing, but chip card technology expected to reverse the trend

Want to spend less on payment processing security? Minimize PCI scope

The latest payment processing security threat? Bored employees

Security and Fraud News Archive

March 2010

• 11/03/2010 - Despite high use, Canadians concerned about safety of debit and credit card processing
• 11/03/2010 - No such thing as 'PCI in a box,' experts say
• 10/03/2010 - Debit card fraud increasing, but chip card technology expected to reverse the trend
• 10/03/2010 - Want to spend less on payment processing security? Minimize PCI scope
• 09/03/2010 - The latest payment processing security threat? Bored employees
• 09/03/2010 - Attention to payment processing security keeps merchants from being 'an easy target'
• 09/03/2010 - Restricting access control crucial to payment processing security, expert says
• 08/03/2010 - Automated gathering of controls data can help audit preparation, year-round payment processing security
• 08/03/2010 - As consumer security fears escalate, American Express voted most trusted brand
• 08/03/2010 - Payment processing security measures should be about more than ROI, TCO
• 05/03/2010 - Tokenization has benefits, but is still a sticky issue
• 04/03/2010 - PCI SSC's new QSA certification program presents potential drawbacks
• 04/03/2010 - Responding to consumer concerns, retailers more proactive about payment processing security
• 04/03/2010 - Interac urges merchants to invest in payment processing security measures
• 02/03/2010 - How to convince the CEO to invest in payment processing security
• 02/03/2010 - Businesses should develop contingency plan for payment processing breaches
• 01/03/2010 - Restricting access is most important aspect of payment processing security - and least practiced

Feberary 2010

• 25/02/2010 - Miss a scan? You may still be compliant - but don't make a habit of it
• 24/02/2010 - QSAs urge PCI SSC to release guidelines on cloud computing and PCI compliance
• 24/02/2010 - Survey reveals businesses confused, unconvinced by PCI DSS
• 24/02/2010 - Protect payment processing data by educating employees on hacking techniques
• 23/02/2010 - Payment processing security initiatives can backfire if not well-planned
• 22/02/2010 - Business should audit payment processing access controls, utilize 'zero trust' model
• 19/02/2010 - Report: PCI audit-inspired security overhauls unsustainable, risky
• 18/02/2010 - PCI Security Standards Council makes third change to audio recording rules
• 18/02/2010 - IT GRC systems can help retailers manage PCI compliance, reduce costs
• 17/02/2010 - Report: Social media poses threat to SME payment processing data security
• 17/02/2010 - Ontario sees 200 incidents of debit card fraud, merchants urged to check POS terminals
• 16/02/2010 - Expert: Payment processing security technology is meaningless without employee training
• 15/02/2010 - Tokenization, encryption, can kill two birds with one stone - if done correctly
• 12/02/2010 - Tokenization can reduce PCI compliance expense, improve payment processing security
• 12/02/2010 - PCI compliance may be bitter pill to swallow, but it's for merchants' own good
• 10/02/2010 - Report: Hospitality, food and beverage industries most vulnerable to payment processing breaches
• 10/02/2010 - Report suggests debit cards more secure than credit cards
• 08/02/2010 - Proper access control key to payment processing security
• 08/02/2010 - Reputational damages are 'worst thing that can happen' in payment processing breaches
• 05/02/2010 - Expert: PCI compliance not optional, and non-compliance can get costly
• 04/02/2010 - Heartland Payment Systems beefs up payment processing security with end-to-end encryption, tokenization
• 04/02/2010 - PCI Security Standards Council busy with more than just PCI-DSS revisions
• 03/02/2010 - PCI SSC changes rules regarding audio recordings of payment processing data
• 03/02/2010 - Malware's cousin, crimeware, can threaten payment processing security
• 02/02/2010 - Report: Payment processing breaches more expensive than ever
• 02/02/2010 - Payment processing hacks for the common good
• 02/02/2010 - QSA: PCI compliance not possible in the public cloud - yet
• 02/02/2010 - Contrary to rumors, operating systems are out of scope for PCI DSS
• 01/02/2010 - Webinar to help business owners understand, accomplish PCI compliance

January 2010

• 29/01/2010 - Study: Payment processing data most common target of security breaches
• 29/01/2010 - Heartland CEO Robert Carr advocates sharing of payment processing breach information
• 29/01/2010 - Simple strategies to protect payment processing data
• 29/01/2010 - PCI compliance gets sticky in the cloud
• 27/01/2010 - PCI SSC: New version of PCI DSS will focus on guidance, not major changes
• 27/01/2010 - Why PCI compliance goes beyond - and is more important than - the PCI audit
• 27/01/2010 - How to salvage customers - and the company's reputation - after a payment processing breach
• 26/01/2010 - Outsourcing security information management can help reduce IT costs, increase payment processing security
• 25/01/2010 - Don't forget to protect encryption keys, expert says
• 25/01/2010 - Nine people arrested for debit card fraud, pin pad tampering in Ontario
• 25/01/2010 - Does the PCI DSS punish secure merchants for the sake of insecure ones?
• 22/01/2010 - QSA says using both end-to-end encryption and tokenization might be unnecessary
• 21/01/2010 - PCI DSS: Friend or foe? The debate continues
• 21/01/2010 - PCI compliance still a struggle, standardisation may help
• 20/01/2010 - Heartland chooses end-to-end encryption, representing notable endorsement of the technology
• 20/01/2010 - PCI compliance is worth its weight in ROI
• 19/01/2010 - Many cloud computing offerings not PCI DSS compliant
• 19/01/2010 - Five Quebecers arrested for $1 million debit and credit card skimming fraud
• 15/01/2010 - End-to-end encryption most practical payment processing security measure, study says
• 15/01/2010 - Does virtualisation make an organisation less PCI compliant?
• 14/01/2010 - Nearly half of organisations not confident in their PCI compliance, survey finds
• 13/01/2010 - Payment processing data discovery tools are underused, expert says
• 13/01/2010 - For a higher payment processing budget, emphasize security over compliance
• 11/01/2010 - Payment processing fraud on the rise, industry players investing in prevention, detection
• 11/01/2010 - PCI DSS not perfect, but it's a start
• 11/01/2010 - Heartland to pay Visa $60 million for losses from payment processing security breach
• 08/01/2010 - Cardholder data discovery may become PCI DSS requirement in 2010
• 07/01/2010 - Heartland's compliant breach was game-changer for payment processing security
• 06/01/2010 - Survey: Data protection efforts remain a mystery to majority of executives
• 05/01/2010 - Avoid the checklist mentality to payment processing security, expert says
• 04/01/2010 - Long-term planning, not short-term cramming, is ideal approach to payment processing security

December 2009

• 30/12/2009 - The enemy is us: Employee gift card theft on the rise
• 29/12/2009 - Consumers more afraid of identity theft than in pre-recession years
• 29/12/2009 - Frequent network scans can help businesses beat hackers to the punch
• 28/12/2009 - With payment processing security, keep it simple
• 24/12/2009 - Even small businesses must ensure thorough PCI compliance
• 23/12/2009 - MasterCard reverses PCI compliance audit requirement for Level 2 merchants
• 22/12/2009 - PCI Security Standards Council unveils new website in French Canadian, 7 other languages
• 18/12/2009 - Quick facts about protecting corporate and travel credit cards
• 17/12/2009 - Study: Best-in-class merchants spend less for payment processing compliance but are more secure
• 17/12/2009 - Who's afraid of the QSA? Businesses should focus fear on cyberthieves, not PCI DSS
• 17/12/2009 - Complete erasure of payment processing data increasingly difficult, expert says
• 16/12/2009 - Heartland Payment Systems lawsuit dismissed - payment processing security may have been adequate despite breach
• 16/12/2009 - PCI SSC: 'Tis the season to be stealing'
• 11/12/2009 - Education can counteract fear-driven payment processing security overspending
• 11/12/2009 - Invest in payment processing security to keep the holidays happy and safe
• 08/12/2009 - Payment processing industry now prioritizing security
• 03/12/2009 - Employee theft illustrates conflict between productivity and security
• 02/12/2009 - Holiday season brings unique payment processing security risks
• 02/12/2009 - Two-thirds of organizations not PCI compliant, study finds
• 01/12/2009 - Study: Majority of restaurants audited violate payment processing security standards

November 2009

• 30/11/2009 - The preface and postscript to PCI compliance
• 24/11/2009 - Debit cards now as safe as credit cards, report finds
• 23/11/2009 - Next up in payment processing security: improved access control
• 20/11/2009 - Canadian businesses experience more economic crime than global counterparts, study shows
• 18/11/2009 - Level four merchants may be more resistant to payment processing security compliance
• 16/11/2009 - The simple measure that can improve payment processing security
• 13/11/2009 - Relying on 'out-of-scope' can put payment processing data at risk
• 12/11/2009 - Encrypted payment processing networks only as secure as their keys, expert says
• 12/11/2009 - Payment processing security tactics can improve overall enterprise security, expert says
• 11/11/2009 - Payment processing security not just for merchants: Banks may be neglecting PCI compliance
• 09/11/2009 - Security breaches may have dropped, but war is not yet won
• 09/11/2009 - Expert: Avoid reliance on PCI DSS, payment processing cure-alls
• 06/11/2009 - Tokenization can improve security, reduce data storage requirements, expert says
• 02/11/2009 - Payment processing security is a process, not a goal
• 02/11/2009 - Hypercom introduces encryption technology to North American market

October 2009

• 30/10/2009 - Merchants should not get complacent about payment processing security
• 28/10/2009 - Survey: Small businesses store credit card data, lack employee IT training
• 23/10/2009 - VigiTrust launches automated tool to support payment processing compliance
• 22/10/2009 - Don't forget virtual terminals, expert says
• 22/10/2009 - How hacking can protect your payment processing data
• 21/10/2009 - Cost, availability concerns deter organizations from encrypting credit card data
• 20/10/2009 - Does size matter for new payment processing technologies?
• 19/10/2009 - Middle-to-middle encryption plus tokenization may be more feasible, expert says
• 15/10/2009 - Wal-Mart found to be early victim of payment processing security breaches
• 13/10/2009 - Study: Electronics, telecommunications retailers are highly vulnerable to credit card fraud
• 12/10/2009 - Verizon to offer McAfee's payment processing security services
• 09/10/2009 - Legacy POS systems put hospitality industry at risk, expert says
• 07/10/2009 - With no cure-all for payment processing security, layered approach may be best
• 07/10/2009 - VeriFone security solution complies with Visa's end-to-end encryption guide
• 06/10/2009 - Visa publishes end-to-end encryption best practices guide
• 06/10/2009 - The case for private networks: An investment in PCI compliance
• 05/10/2009 - The future of PCI compliance remains hazy in wake of PwC report
• 02/10/2009 - Security breaches rise among Canadian companies, study says
• 01/10/2009 - Security webinar helps businesses understand, achieve PCI compliance

September 2009

• 30/09/2009 - PCI Security Standards Council to focus on small business compliance
• 28/09/2009 - New technologies hold promise for PCI compliance
• 25/09/2009 - Tokenization can add security, reduce PCI compliance costs
• 24/09/2009 - Businesses struggle with PCI compliance, small businesses fall behind
• 23/09/2009 - The future of the payment card industry will hinge on PCI compliance, expert says
• 22/09/2009 - Steer clear of 'easy graders' for QSA evaluations
• 21/09/2009 - Retailers urged to protect against employee theft and fraud
• 18/09/2009 - Canadian companies, consumers prioritize information security more than in U.S.
• 17/09/2009 - Retaining cardholder data - smart strategy or risky practice?
• 16/09/2009 - Know thyself - the importance of pre-compliance assessments
• 15/09/2009 - End-to-end encryption may be next step in PCI compliance
• 14/09/2009 - PCI project managers can streamline compliance
• 12/09/2009 - Even small businesses should prioritize PCI compliance
• 11/09/2009 - PCI compliance may have prevented Gonzalez attacks
• 11/09/2009 - Fears of credit card fraud overtake personal safety concerns
• 02/09/2009 - Restaurants urged to go the extra mile with PCI compliance

August 2009

• 31/08/2009 - Is my business PCI compliant?
• 28/08/2009 - PCI Security Standards Council solicits feedback for updated PCI DSS
• 26/08/2009 - Businesses must be more vigilant during holiday season, survey finds
• 26/08/2009 - Credit cards may be safer than debit cards
• 25/08/2009 - PCI SCC releases credit card skimming prevention guide
• 25/08/2009 - Security breach may have been due to lax PCI compliance, Visa says
• 13/08/2009 - Many small merchants do not understand PCI compliance, survey finds
• 12/08/2009 - MasterCard aims to help merchants improve PCI compliance
• 11/08/2009 - PCI compliance is best when preventative, expert says
• 11/08/2009 - Merchants prioritize PCI compliance, look to vendors as resource
• 07/08/2009 - Earn customer trust through PCI compliance and transparency
• 04/08/2009 - PCI council releases guide to wireless security