Avivah Litan

A member of the Gartner Blog Network

Archives for April, 2011


Mobile Payments innovation ‘Square’s off with PCI at Visa Security Summit

by Avivah Litan  |  April 27, 2011  |  Comments Off

I attended part of the Visa Security Summit in Washington D.C. today and was especially interested in the session on mobile payments, where panelists representing major card issuers, Visa, security consultants, analyst firms and mobile payment innovators, i.e. Square, all discussed the future of ‘secure mobile payments.’ Much of the discussion focused on Square, the […]

Comments Off

Category: Uncategorized     Tags:

Why I really appreciate my credit card

by Avivah Litan  |  April 14, 2011  |  Comments Off

There are plenty of issues with the credit and payment card industry, not the least of which is that the payment systems infrastructure in the U.S. is in dire need of an upgrade away from the decades old magnetic stripe technology it relies on. Payment (credit/debit) card fraud is prevalent – and it seems like […]

Comments Off

Category: Uncategorized     Tags:

Should Security Vendors and Service Providers Managing Sensitive Data be Held to a Higher Standard?

by Avivah Litan  |  April 12, 2011  |  2 Comments

This is the question of my day. With a rash of attacks that began late last year against email service providers (culminating in the Epsilon breach) and a similar spate against security vendors (the most recent publicized one being Barracuda Networks), this question is definitely top of mind. Secondly, is it rational to expect our […]

2 Comments »

Category: Uncategorized     Tags:

What are the dangers with the Epsilon breach?

by Avivah Litan  |  April 4, 2011  |  2 Comments

I think we do need to be concerned about this breach for several reasons: a) This incident points out the major risks involved in outsourcing even ‘seemingly low risk’ applications, such as email or word processing and highlights the even bigger risks in outsourcing more sensitive applications, such as authentication. Companies need to think twice […]

2 Comments »

Category: Uncategorized     Tags:

RSA SecurID attack details unveiled – lessons learned

by Avivah Litan  |  April 1, 2011  |  31 Comments

RSA had a conference call today with various analysts to discuss more details of the attack, and how they are communicating the after-effects to and with their customers. RSA said the attack started with phishing emails sent to small groups of low-profile RSA users (presumably employees). The emails were surreptitiously titled “2011 Recruitment Plan” and […]

31 Comments »

Category: Uncategorized     Tags: