Avivah Litan

A member of the Gartner Blog Network

Archives for May, 2010


Wal-Mart pushes for Chip and PIN in the U.S.

by Avivah Litan  |  May 20, 2010  |  Comments Off

Storefrontbacktalk published this must-read article today: http://storefrontbacktalk.com/securityfraud/wal-mart-its-time-for-chip-and-pin-in-the-u-s I was encouraged to hear Wal-Mart talk about their interest in having the U.S. move to chip-and-pin. Turns out Wal-Mart has upgraded all its U.S. card readers, according to this article.  It makes sense – Wal-mart must have standardized on its POS equipment around the world while demanding […]

Comments Off

Category: Uncategorized     Tags:

Will Symantec discover Internet Identity with VeriSign acquisition?

by Avivah Litan  |  May 19, 2010  |  Comments Off

Symantec finally confirmed its rumored purchase of VeriSign’s security business for a whopping $1.28 billion. (Kudos to Verisign for getting such a high price from Symantec!). Presumably, Symantec is excited to get into the identity business that it just acquired by buying VeriSign’s VIP business. After all there’s been a lot of talk about identity […]

Comments Off

Category: Uncategorized     Tags:

Smart cards come to America; any relief for PCI compliance?

by Avivah Litan  |  May 17, 2010  |  2 Comments

A credit union in the United States becomes the first card issuer to issue EMV chip credit cards for its elite members.  As reported in the American Banker last Thursday http://www.americanbanker.com/issues/175_91/emv-1019106-1.html,  the United Nations Federal Credit Union will start offering Platinum Visa EMV cards this August that its traveling members can use abroad. Platinum cards are […]

2 Comments »

Category: Uncategorized     Tags:

Bank at your own risk: Just what kind of security education do users need?

by Avivah Litan  |  May 13, 2010  |  3 Comments

There was tremendous emphasis on customer education as a partial solution to payments fraud, during presentations made at the FDIC conference on ‘combating commercial payments fraud’ earlier this week.  Of course, no one can argue against customer education and in fact, it is effective – but only up to a point. We all know by […]

3 Comments »

Category: Uncategorized     Tags:

Small Business account takeovers have regulators, law enforcers on the defense

by Avivah Litan  |  May 12, 2010  |  Comments Off

I attended the FDIC public event on ‘Combating Commercial Payments Fraud’ yesterday at the regulators offices in Virginia.  My main impression of the day is that the fraud rings conducting these account takeovers using Zeus malware and man-in-the-browser attacks have put the regulators, law enforcement agencies and certainly most of the banks and businesses being […]

Comments Off

Category: Uncategorized     Tags:

How come there is no PCI for Bank account data?

by Avivah Litan  |  May 10, 2010  |  3 Comments

The credit card brands – mainly Visa and MasterCard – have done a good job (depending on your point of view) driving security awareness and system upgrades among most companies that accept or process payment cards by making PCI DSS compliance mandatory. I’ve often wondered why a similar bank consortium has not exercised the same […]

3 Comments »

Category: Uncategorized     Tags:

End-to-End encryption of malware

by Avivah Litan  |  May 5, 2010  |  3 Comments

I was a bit taken aback yesterday when I heard that the much ballyhooed “end-to-end encryption” solution being promoted by payment processors as THE solution for PCI compliance has already been cracked. (Refer to “Where does End-to-End Encryption for PCI End?” G00170703).  I should have expected it. In this case, malware enters a retailer’s card reader […]

3 Comments »

Category: Uncategorized     Tags:

Next privacy battleground: Enterprises start monitoring employee Facebook activities

by Avivah Litan  |  May 4, 2010  |  Comments Off

Brand monitoring and anti-phishing vendors have long scanned the Web for activities that threaten the security, revenue stream, and reputation of its enterprise clients.  One of these vendors, Cyveillance, just launched a social network monitoring service that helps its enterprise clients ensure employees and others are not abusing or threatening the company’s brand, image or safety via their […]

Comments Off

Category: Uncategorized     Tags: