Hackers Conquer Two-Factor Authentication

January 3, 2010 by ADMIN · Leave a Comment

BY Mel Duvall, Chief Content Officer at CIOZone

“Fraudsters have definitely proven that strong two-factor authentication processes can be defeated,” said Avivah Litan of Gartner. “Enterprises need to protect their users and accounts using a three-prong layered fraud prevention approach that uses stronger authentication, fraud detection and out-of-band transaction verification and signing for high-risk transaction.”

Heartland (HPY) Implements E2EE System

June 30, 2009 by ADMIN · Leave a Comment

From Heartland Payment Systems

“Monday’s successful test involved Zones 1, 2, 3 and 4,” detailed Steven M. Elefant, Heartland’s executive director of end-to-end encryption. “We believe that protecting data in these zones alone will significantly impact the protection of cardholder data.

ISR News: CardSystems Breach Spurs Suit

June 1, 2009 by ADMIN · Leave a Comment

Excerpts From Digital Transactions

Four years later, the fallout from the notorious CardSystems Solutions Inc. data breach—at the time the biggest hacking of payment card data ever—surfaced last week and looks like it could go on for months or even years. Merchant acquirer Merrick Bank Corp. is suing Savvis Inc., the company that inspected CardSystems before the breach, for alleged negligence because Savvis had concluded that the processor’s security systems met Visa Inc.’s standards.

ISR News: A Wireless Hacker’s Paradise

May 14, 2009 by ADMIN · Leave a Comment

Excerpts From SecurityFocus

“We thought wireless was mature enough that people should understand the security issues,” Baglietto said. “But we saw a lot of open access points, a lot of identities being leaked, and a lot of insecure installations.”

ISR News: TD Ameritrade Settles Breach Suit

May 12, 2009 by ADMIN · Leave a Comment

Excerpts From Associated Press

More than 6 million current and former customers of online brokerage TD Ameritrade Holding Corp. will be able to benefit from the settlement of a class-action lawsuit filed over the theft of client contact information.

ISR News: Heartland Fights MasterCard Fine

May 12, 2009 by ADMIN · Leave a Comment

Excerpts From Finextra

“Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law and it intends and is prepared to vigorously contest and it has recommended to its sponsor banks that they vigorously contest, through all means available including litigation if necessary any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine,” says Carr.

Heartland Regains PCI Compliant Status

May 3, 2009 by ADMIN · 1 Comment

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident and similar events at RBS WorldPay (RBS) have not been made available due to ongoing investigations.

Payment Card Industry Swallows Its Own Tail

April 1, 2009 by ADMIN · 10 Comments

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

Anyone who has been following the cascade of security failures plaguing the payment card industry in the last year, and punctuated by the still-shrouded breaches at RBS WorldPay (RBS) and Heartland Payment systems (HPY), has to acknowledge that there are major problems with security that need to be addressed pronto. But the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers intent on a “big score,” but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve.

Is Heartland/WorldPay Suspect in Custody?

March 26, 2009 by ADMIN · 2 Comments

By Anthony M. Freed, Information-Security-Resources.com Financial Editor

Authorities investigating the RBS WorldPay breach, as well as the breach at Heartland Payment Systems, have used similar language to describe an international conspiracy that is targeting multiple financial institutions. Based on these similarities, it seems highly likely that Tenenbaum and his cohorts may indeed be the culprits behind a rash of major information security breaches that have the Payment Card Industry pointing fingers and attempting to dodge responsibility for security compliance.

ISR News: See The AIG, Merrill Lynch Docs

March 19, 2009 by ADMIN · 3 Comments

Excerpts From Dealbook

A New York state judge ruled Wednesday afternoon that New York’s attorney general could disclose the names of executives at Merrill Lynch who received 2008 bonuses ahead of Bank of America’s acquisition of the brokerage firm, rejecting arguments that the information was a trade secret. “The record does not support the intervenors’ claim that the employee compensation information is a trade secret,” Justice Bernard J. Fried of New York State Supreme Court wrote, referring to Merrill and Bank of America. He ordered them to turn over the list of names.

Next Page »