Gartner Blog Network

Posts from Date:   2011-4

Mobile Payments innovation ‘Square’s off with PCI at Visa Security Summit

by Avivah Litan  |  April 27, 2011

I attended part of the Visa Security Summit in Washington D.C. today and was especially interested in the session on mobile payments, where panelists representing major card issuers, Visa, security consultants, analyst firms and mobile payment innovators, i.e. Square, all discussed the future of ‘secure mobile payments.’ Much of the discussion focused on Square, the […]

Read more »

Why I really appreciate my credit card

by Avivah Litan  |  April 14, 2011

There are plenty of issues with the credit and payment card industry, not the least of which is that the payment systems infrastructure in the U.S. is in dire need of an upgrade away from the decades old magnetic stripe technology it relies on. Payment (credit/debit) card fraud is prevalent – and it seems like […]

Read more »

Should Security Vendors and Service Providers Managing Sensitive Data be Held to a Higher Standard?

by Avivah Litan  |  April 12, 2011

This is the question of my day. With a rash of attacks that began late last year against email service providers (culminating in the Epsilon breach) and a similar spate against security vendors (the most recent publicized one being Barracuda Networks), this question is definitely top of mind. Secondly, is it rational to expect our […]

Read more »

What are the dangers with the Epsilon breach?

by Avivah Litan  |  April 4, 2011

I think we do need to be concerned about this breach for several reasons: a) This incident points out the major risks involved in outsourcing even ‘seemingly low risk’ applications, such as email or word processing and highlights the even bigger risks in outsourcing more sensitive applications, such as authentication. Companies need to think twice […]

Read more »

RSA SecurID attack details unveiled – lessons learned

by Avivah Litan  |  April 1, 2011

RSA had a conference call today with various analysts to discuss more details of the attack, and how they are communicating the after-effects to and with their customers. RSA said the attack started with phishing emails sent to small groups of low-profile RSA users (presumably employees). The emails were surreptitiously titled “2011 Recruitment Plan” and […]

Read more »