www.fgks.org   »   [go: up one dir, main page]

 Retail

NYC bus tour company's database hacked of credit card info

Dan Kaplan December 21, 2010

The credit card details belonging to customers of CitySights NY were stolen when a database belonging to the sightseeing bus tours company was hacked.
 

Zeus botnet targeting Macy's, Nordstrom account holders

Angela Moscaritolo December 09, 2010

A new Zeus botnet is targeting the credit card accounts of several major U.S. retailers, including Macy's and Nordstrom, according to researchers at online banking security firm, Trusteer.
 

Senate votes to exempt lawyers, doctors from Red Flags

Angela Moscaritolo December 02, 2010

Lawyers, doctors and accountants may avoid having to comply with the Federal Trade Commission's new identity theft rule.
 

Scammers ready to pounce on Cyber Monday deal-hunters

Angela Moscaritolo November 23, 2010

Social networking sites and search engines are expected to be hit hard as cybercriminals try to wrangle in unsuspecting holiday shoppers.
 

Grocer Aldi discloses breach of payment terminals

Angela Moscaritolo October 12, 2010

Grocery chain Aldi is warning customers that their payment card information may have been stolen after fraudsters placed altered point-of-sale terminals at a number of Aldi stores in 11 states.
 

Is the United States the weakest link when it comes to credit card security?

Jose Diaz, director of technical and strategic business development at Thales e-Security September 29, 2010

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
 

Websites suffer from 13 security flaws on average

Angela Moscaritolo September 24, 2010

The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
 

PCI Council: P2PE simplifies PCI DSS compliance

Angela Moscaritolo September 23, 2010

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
 

Is there a silver bullet to the payment industry's data security woes?

Ulf Mattsson, CTO, Protegrity September 02, 2010

Security professionals must consider all the options available to them to secure cardholder data.
 

Heartland settles with Discover over breach

Dan Kaplan September 01, 2010

Heartland Payment Systems, the New Jersey-based credit card processor that fell victim to the largest reported data breach of all time, announced on Wednesday that it will settle with Discover for $5 million. Heartland already has settled with Visa for $60 million and MasterCard for $41.4 million over the breach, which exposed an estimated 130 million credit and debit card numbers to organized criminals. The settlement money will be used by Discover to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. — DK
 

Visa releases best practices for installing payment apps

Dan Kaplan August 24, 2010

Visa on Tuesday announced best practices for companies to use when implementing, installing and managing programs that process payment applications. The guidance will complement the existing Payment Application Data Security Standard (PA-DSS), which prescribes 14 requirements for software developers that build programs that process credit card payments. The Visa payment application best practices, developed in conjunction with the SANS Institute, include 10 guidelines and can be downloaded here. They are meant for vendors, integrators and resellers. — DK
 

PCI Council unveils expected changes for DSS guidelines

Dan Kaplan August 13, 2010

The body that manages PCI guidelines has released a summary of expected changes, but merchants will not find any mention of emerging data security technologies.
 

Visa issues tokenization guidance, clarifies rules around storage of card numbers

Dan Kaplan July 14, 2010

Visa on Wednesday released a four-page document that offers best practices for tokenization, the process by which 16-digit credit card numbers are replaced with unique symbols. The guidance is meant to reduce risk for merchants, vendors, service providers and acquiring banks. It covers such areas as detecting suspicious activity so attackers cannot compromise the token system. In addition on Wednesday, Visa, in conjunction with the National Retail Federation trade group, clarified its operating rules around storage of sensitive information. According to the card brand, issuing banks must accept a disguised or truncated card number on transaction receipts for dispute resolution. Also, merchants are permitted to store disguised or truncated card numbers to reduce the amount of data that could be retrieved by attackers. — DK
 

Hackers compromise Destination Hotels' credit card system

Dan Kaplan June 30, 2010

Guests at 21 Destination Hotels & Resorts' properties may have been subjected to credit card theft after the chain discovered malware installed in its credit card processing system.
 

New fraud service serves as repository for stolen data

Dan Kaplan June 17, 2010

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers or employees have been discovered online.
 

Police bust massive global credit card fraud ring

Angela Moscaritolo June 16, 2010

Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring. Eight of alleged members were nabbed in the United States
 

Payment security: Interview with Bob Carr, chairman and CEO of Heartland Payment Systems

Dan Kaplan June 10, 2010

Bob Carr, CEO of Heartland Payment Systems, which suffered a record-breaking breach in 2008, has rolled out a new payment solution to its merchants that offers end-to-end encryption of sensitive transaction data. In an interview with SC Magazine's Deputy Editor Dan Kaplan, Carr discusses the new offering and offers an update on the company's recovery 18 months after it announced the breach, which exposed some 130 million records.
 

FTC delays Red Flags Rule enforcement until end of year

Angela Moscaritolo May 28, 2010

The Federal Trade Commission is, for the fifth time, pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rule.
 

Heartland, MasterCard settle for $41.4M

Dan Kaplan May 20, 2010

Heartland Payment Systems and MasterCard have settled for $41.4 million over the payment processor's record-breaking data breach, disclosed in January 2009. Under the settlement, MasterCard issuing banks will be eligible to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. For the settlement to be official, banks representing 80 percent of the affected accounts must agree to it by June 25. Heartland and Visa settled for $60 million in January. — DK
 

New PCI internal assessor training program

Dan Kaplan April 30, 2010

The PCI Security Standards Council, tasked with managing the Payment Card Industry Data Security Standard (PCI DSS), on Friday announced a new training program designed to educate internal security personnel on conducting assessments. The three-day course, to be led by PCI Council experts, either will enable security departments to better work with with third-party assessors or allow them to conduct their own assessments, Bob Russo, the council's general manager, told SCMagazineUS.com. Merchants that process more that six million annual transactions are required to conduct annual on-site PCI DSS assessments. Classes will be held in multiple locations. For more information, including pricing, visit here. — DK
 

Visa bars merchants from "data pass" marketing

Dan Kaplan April 28, 2010

Visa announced Tuesday that it has banned merchants from providing cardholder data to third parties without first receiving consent from the consumer. The new rule is a move to prevent a deceptive practice known as "data pass," by which a shopper, during checkout, is prompted to enroll in a club membership. The customer often does not realize the offer originates from a different merchant or that it comes with additional fees and charges, Visa said. Under the new rule, consumers will have to re-enter their credit card information if they wish to sign up for the promotions, which have cost some 30 million Americans about $1.4 billion, said Visa, citing a 2009 report from the U.S. Senate Commerce Committee. — DK
 

U.S. businesses face skimming fraud increase

Angela Moscaritolo April 27, 2010

Eastern European gangs are systematically conducting well-organized skimming attacks against U.S. consumers and businesses, according to a Gartner analyst.
 

TJX hacker sentenced to five years, fined

Dan Kaplan April 16, 2010

The sixth and final U.S. person charged two years ago with breaking into the computer networks at discount retail parent TJX was sentenced Thursday. A U.S. District Court judge in Boston sentenced Damon Patrick Toey, 25, to five years in prison and fined him $100,000. Toey pleaded guilty in September 2008 to wire fraud, credit card fraud and aggravated identity theft. He also is connected to a number of other major heists at retailers and payment processor Heartland Payment Systems. The ring's orchestrator, Albert Gonzalez, was sentenced last month to 20 years in prison. Some of Gonzalez' Eastern European-based co-conspirators remain at large. — DK
 

Worries grow over safety of online transactions

Angela Moscaritolo April 13, 2010

The number of consumers seriously concerned about the security of online transactions is at its highest level in three years, according to the latest Unisys Security Index, released Tuesday. In the biannual survey of 1,004 consumers, which measures how safe Americans feel regarding national, financial, internet and personal security, 20 percent of respondents were "extremely concerned" about shopping or banking online, up from 16 percent in September 2009. Another 23 percent said they are "very concerned." Meanwhile, identity theft and national security ranked as Americans' top worries, garnering serious concern from 64 and 65 percent of respondents, respectively. — AM
 

Law to allow banks to recoup breach losses

Angela Moscaritolo April 05, 2010

A new Washington state law set to go into effect July 1 will allow banks to recoup certain data breach losses from negligent businesses. Under the new law, passed by the state Legislature in late March, financial institutions can seek reimbursement from large retailers and credit card processors that have suffered a data breach — if they failed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The new law is similar to a Minnesota statute passed in 2007. — AM
 

Gonzalez co-conspirator sentenced to seven years

Angela Moscaritolo March 30, 2010

Another co-conspirator to hacker Albert Gonzalez was sentenced Monday in federal court in Boston to seven years in prison for playing a major role in the BJ's Wholesale Club and TJX hacks. Christopher Scott of Miami pleaded guilty in September to charges of unlawful access to computers, access device fraud, wire fraud, aggravated identity theft and money laundering, according to court documents. Scott is latest person involved in the crime ring to be sentenced. The ringleader Gonzalez last week received a record-breaking hacking sentence of 20 years. — AM
 

JCPenney joins Heartland, TJX as Gonzalez victims

Angela Moscaritolo March 30, 2010

Court documents unsealed Friday name JCPenney and another retailer as additional targets of notorious hacker Albert Gonzalez' cybercriminal gang.
 

Another Gonzalez co-conspirator sentenced

Angela Moscaritolo March 24, 2010

Jeremy Jethro, 29, was sentenced Tuesday in federal court in Boston to six months home confinement and three years probation for providing accused retail hacker Albert Gonzalez with a zero-day exploit.
 

Two-day SC Magazine PCI econference continues today

Staff Report March 23, 2010

Join us Tuesday and Wednesday for our special two-day SC eConference and Expo: Complying with PCI.
 

TJX money launderer sentenced to four years

Angela Moscaritolo March 12, 2010

While hacker Albert Gonzalez awaits his sentencing date, scheduled for later this month, one of his co-conspirators in the TJX, BJ's Wholesale Club and Sports Authority hacks was sentenced Thursday in federal court in Boston to 46 months in prison and fined $75,000. Prosecutors said Humza Zaman, formerly a programmer at Barclays bank, laundered $600,000 to $800,000 in identity theft proceeds for Gonzalez. Zaman received a 10 percent cut for his work. — AM
 

Latest News


Popular Topics
Breaches & Exposures Browser Flaws Browsers And Security Cyber Attacks Cyber War Cybercrime Cyberwarfare Data Breaches DDoS Education Government Hackers Insider Threat Legislation Malware Nation State Non-Microsoft Patches Password Management Patch Management Patch Tuesday Phishing Social Networking Spam Vulnerabilities & Flaws Vulnerability Disclosure