Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Apple Pay vs. CurrentC; will Merchants lose out again to Visa and MasterCard?

by Avivah Litan  |  November 3, 2014

The recent ruckus in the media about Wal-Mart, CVS and RiteAid and other national retailers refusing ApplePay has created bad PR for the fragmented retail sector. News commentators have been ranting on about how these merchants need to give consumers free choice and turn back on ApplePay acceptance. These comments reflect the great job Visa […]

Read more »

Can Credit Report Monitoring become more useful?

by Avivah Litan  |  November 3, 2014

For years companies whose troves of credit cards have been data breached have been offering potential fraud victims’ credit report monitoring as relief. I always cringe when I hear about this because I view this largely as a PR move on behalf of the breached entity that does virtually nothing to protect a cardholder from […]

Read more »

2014: The year of the worst data breaches and highest profits at U.S. credit card issuers

by Avivah Litan  |  October 14, 2014

It looks like the credit card companies keep winning and the retailers keep losing when it comes to making money on credit cards. R.K. Hammer, a consulting firm in Thousand Oaks, Calif., estimates that U.S. card issuers will generate $158.6 billion in 2014 revenue, a 9% jump over the $146 billion they earned in 2013. […]

Read more »

Lessons from the Israeli CyberFront

by Avivah Litan  |  September 22, 2014

I just returned from a week in Israel, which always seems to me to be Ground Zero for CyberSecurity. Here are some of the takeaways I came back with from my visit: a) Life goes on – and the security community continues to innovate I attended and spoke at one of the major Israel cyber-tech […]

Read more »

Will Apple Pay Save Merchants from Data Breaches?

by Avivah Litan  |  September 9, 2014

Apple has finally gotten into the payments business with its Apple Pay announcement. While details on Apple Pay security features are still scarce, it sounds like they are working with Visa, MasterCard, the other card brands and the major issuing banks behind them to use a payment card tokenization scheme that these financial services companies […]

Read more »

Big Banks hit by CyberAttacks – Alarming but not Surprising

by Avivah Litan  |  August 28, 2014

Today’s headlines report that big banks have been hit by cyberattacks, according to the FBI. While this news is alarming, it certainly is not surprising. Hackers are always probing bank systems and even a year ago or so, law enforcement authorities and regulators put out an advisory to banks about criminals hacking into bank employee […]

Read more »

Russian Gang Password heist is so much worse than Target

by Avivah Litan  |  August 6, 2014

I’m finally going to change my passwords. Frankly, I haven’t been motivated until now – even after Heartbleed and all the other heists – since I just do a quick mental calculation of my risk vs. my inconvenience. And I decided against the inconvenience. But now the threat to me and you as consumers is […]

Read more »

$200 Million credit card heist reminds us how overrated Social Security Numbers are

by Avivah Litan  |  May 15, 2014

A man convicted of a $200 Million credit card bust out scheme pleaded guilty Monday in one of the largest credit card fraud schemes ever charged by the Justice Department. (See: The scam was executed by using fake identities to take credit cards out, and incur expenses that were never paid back to the […]

Read more »

Open SSL Heartbleed vulnerability affects much more than just websites

by Avivah Litan  |  April 9, 2014

As we all know by now, this is mega-serious and affects all users of Open SSL 1.0.1 through 1.01.f – so those who kept their Open SSL code up to date were in effect penalized. For information on the vulnerability, see I’m just trying to understand why all the news reports are focused on […]

Read more »

Class Action Suit against Target Assessor is a wake up call for PCI

by Avivah Litan  |  March 26, 2014

Two U.S. banks are suing Target’s Qualified Security Assessor, Trustwave, for damages incurred during the holiday season breach at Target, accusing the company of failing to identity security issues. The suit also claims that Trustwave’s round the clock monitoring services for Target failed to detect the intrusion into Target’s network for a full three weeks. […]

Read more »