Gartner Blog Network

Posts from Date:   2010-5

Wal-Mart pushes for Chip and PIN in the U.S.

by Avivah Litan  |  May 20, 2010

Storefrontbacktalk published this must-read article today: I was encouraged to hear Wal-Mart talk about their interest in having the U.S. move to chip-and-pin. Turns out Wal-Mart has upgraded all its U.S. card readers, according to this article.  It makes sense – Wal-mart must have standardized on its POS equipment around the world while demanding […]

Read more »

Will Symantec discover Internet Identity with VeriSign acquisition?

by Avivah Litan  |  May 19, 2010

Symantec finally confirmed its rumored purchase of VeriSign’s security business for a whopping $1.28 billion. (Kudos to Verisign for getting such a high price from Symantec!). Presumably, Symantec is excited to get into the identity business that it just acquired by buying VeriSign’s VIP business. After all there’s been a lot of talk about identity […]

Read more »

Smart cards come to America; any relief for PCI compliance?

by Avivah Litan  |  May 17, 2010

A credit union in the United States becomes the first card issuer to issue EMV chip credit cards for its elite members.  As reported in the American Banker last Thursday,  the United Nations Federal Credit Union will start offering Platinum Visa EMV cards this August that its traveling members can use abroad. Platinum cards are […]

Read more »

Bank at your own risk: Just what kind of security education do users need?

by Avivah Litan  |  May 13, 2010

There was tremendous emphasis on customer education as a partial solution to payments fraud, during presentations made at the FDIC conference on ‘combating commercial payments fraud’ earlier this week.  Of course, no one can argue against customer education and in fact, it is effective – but only up to a point. We all know by […]

Read more »

Small Business account takeovers have regulators, law enforcers on the defense

by Avivah Litan  |  May 12, 2010

I attended the FDIC public event on ‘Combating Commercial Payments Fraud’ yesterday at the regulators offices in Virginia.  My main impression of the day is that the fraud rings conducting these account takeovers using Zeus malware and man-in-the-browser attacks have put the regulators, law enforcement agencies and certainly most of the banks and businesses being […]

Read more »

How come there is no PCI for Bank account data?

by Avivah Litan  |  May 10, 2010

The credit card brands – mainly Visa and MasterCard – have done a good job (depending on your point of view) driving security awareness and system upgrades among most companies that accept or process payment cards by making PCI DSS compliance mandatory. I’ve often wondered why a similar bank consortium has not exercised the same […]

Read more »

End-to-End encryption of malware

by Avivah Litan  |  May 5, 2010

I was a bit taken aback yesterday when I heard that the much ballyhooed “end-to-end encryption” solution being promoted by payment processors as THE solution for PCI compliance has already been cracked. (Refer to “Where does End-to-End Encryption for PCI End?” G00170703).  I should have expected it. In this case, malware enters a retailer’s card reader […]

Read more »

Next privacy battleground: Enterprises start monitoring employee Facebook activities

by Avivah Litan  |  May 4, 2010

Brand monitoring and anti-phishing vendors have long scanned the Web for activities that threaten the security, revenue stream, and reputation of its enterprise clients.  One of these vendors, Cyveillance, just launched a social network monitoring service that helps its enterprise clients ensure employees and others are not abusing or threatening the company’s brand, image or safety via their […]

Read more »