Merchant Link SecurityCents

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Data Breach Security From A To Z <Share this article on Twitter>
by Robert Westervelt
Companies face daily threats from cybercriminals, hacktivists and nation-state-sponsored hacking groups. Financially motivated cybercriminals typically use automated tools to spread a wide attack campaign, gaining as many victims as possible. Hacktivists are politically motivated and often use distributed Denial-of-Service attacks as a weapon to cripple or bring down a website. Nation-state-sponsored hacking groups choose a specific target and stealthily conduct cyberespionage activities on a network over extended periods of time. Their aim is to steal intellectual property, email and other sensitive documents…. Click here to read more

Lyndhurst Man Among 18 Charged in $200M Global Credit Card Fraud <Share this article on Twitter>
by Hugh R. Morely
It was a meticulously planned criminal operation, with at least 18 participants, 1,100 separate bank accounts, and 7,000 false identities.
There were doctored credit reports, sham companies and 1,800 mailing addresses used to receive documents for 25,000 fraudulently obtained credit cards.
And when it was all put together, the participants – among them a Lyndhurst man who ran a jewelry store involved in the scheme, and five other New Jersey residents – stole at least $200 million from credit card companies…. Click here to read more

New PCI Guidelines for E-Commerce <Share this article on Twitter>
by Tracy Kitten
A new set of card data security guidelines for merchants and payments providers aims to address increasing risks unique to e-commerce environments.
On Jan. 31, the Payment Card Industry Security Standards Council issued its PCI DSS E-commerce Guidelines Information Supplement, a set of guidelines for e-commerce security. The guidelines relate to online infrastructures and how merchants work with third-party providers…. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….
.

 

 
Lisa Anderson
Director, Product Management
Voltage Security

Here’s a prediction: enforcement of EMV standards will shift even more fraudulent transactions and security breaches to e-commerce. EMV is designed to add an additional layer of security to prevent fraudulent card-present transactions by embedding a chip in the card and requiring a PIN to authorize transaction. With these new security measures, it’s hard to use stolen credit cards on POS terminals – you’d need to either know the PIN or hack the terminal at time of swipe.  As of today, e-commerce doesn’t support EMV and it doesn’t seem like it’s happening any time soon. Existing security vulnerabilities that haven’t been resolved mean that breaches will continue to happen, making e-commerce the easier target for siphoning credit card numbers as well as using them to make fraudulent transactions and for card testing.

We see three major points of focus across the retail payments landscape in the U.S.:

1. Security and evolving payment methods – ensuring  a  payment solution conforms to the latest Payment Card Industry (PCI) standards and includes a plan to support the upcoming EMV requirements for Chip and PIN or Chip and Signature acceptance.

2. A single solution across multiple form factors – the next generation payment solution will operate  on various cross-channel platforms,  including traditional stationary in-lane, portable throughout store, consumer phone, out of store both e-commerce and m-commerce.

3. Integration of the point of sale with the point of service – across the multiple form factors, payment solutions will continue to integrate across point of service and marketing systems, including:

• Advertising
• Loyalty
• Couponing
• CRM
• Surveys

Forward-looking retailers are interconnecting data across consumer touch points, which will lead to more efficient, targeted marketing and a more pleasant shopping experience for consumers.

 
Nick Wislocki
VP of R&D
MICROS-Retail

Mobile is continuing to be a major focus in the retail space, including the emergence of  more mobile payment options. Consumers are seeking the convenience of simply carrying their phone for all their needs, including commerce. Consumers are driving the market in this space and retailers are seeking innovative ways to keep up with demand. Additionally, there is a continued shift toward global commerce, offering options to all corners of the world in the applicable currencies. These tendencies will continue throughout 2013 and the foreseeable future.

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

The Cost of Cyber Crimes Gets More Expensive <Tweet this article>
by Sue Marquette Poremba
If you need a reason to throw more of an effort into cybersecurity, here it is: The cost of cyber crime has gotten more expensive.
According to a new study sponsored by HP and conducted by the Ponemon Institute, the occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent……. Click here to read more

Facebook Want Button: Collecting massive amounts of data about you has never been easier <Tweet this article>
by Network World
Have you ever commented “Want!” anywhere on the web? Perhaps because “liking” is not enough for Facebook, and shares in its stock are still down, the company is pushing ahead with a ‘Collections’ feature. Collecting massive amounts of desired-based data about users would be like hitting the mother lode for advertisers…..……. Click here to read more

My Walletless Month: Happier, Healthier and Ready to Ditch Cash Forever <Tweet this article>
by Christina Bonnington
The e-wallet space is blowing up. Isis — an NFC-based mobile-payment platform backed by Verizon, AT&T, and T-Mobile — is set to launch on Monday. Google Wallet, now almost two years old, is nicely maturing with partnerships with an ever-expanding list of big-name retailers…..……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

Former Director of Service Delivery Turns Attention to Expanding Security Features and Payment Methods

SILVER SPRING, MD (May 30, 2012) – Merchant Link, a leading provider of payment gateway and data security solutions, has named Geoffrey Krieg as vice president of product management. Krieg first joined Merchant Link in 2003 as the Director of Service Delivery. He returns to the company after spending four years abroad consulting with major European e-commerce merchants.

“Geoff’s background in the processor and gateway industry, his expertise in e-commerce and alternative payment methods, along with his international experience provides the right leadership and vision for our product development strategy,” shared Dan Lane, President and CEO of Merchant Link.

Krieg brings over 20 years’ experience in the payments sector. A pioneer in working with Independent Sales Organizations (ISOs), Geoff began his career with the Bank of Boulder, as Division Officer responsible for growing the bank’s ISO program. In 1995, Geoff joined four members of the Bank of Boulder’s executive team in launching TransFirst, one of the top acquirers in the United States. Before TransFirst, he also spent time at Visa International and CIAN Systems.

“What differentiates Merchant Link from other payment providers is the extremely stable and flexible transaction environment we deliver to our customers,” said Krieg. “Moving forward we want to continue to offer the security and choice Merchant Link is known for, combined with feature-rich, multi-channel merchant support.”

Options to include hosted payment page and encryption

SILVER SPRING, MD (April 16, 2012) – Merchant Link, a leading provider of payment gateway and data security solutions, today announced that it is developing an innovative e-commerce solution for merchants to process payments securely in card-not-present environments.

Working closely with industry-leading partners, Merchant Link will offer two options to secure
e-commerce transactions and online payments:

• Hosted Solution: This option will enable a secure process to route sensitive cardholder data directly from the checkout page to the Merchant Link gateway while preserving the look and feel of the merchant website, enabling a seamless user experience.
• Encrypted Solution: This option will encrypt sensitive cardholder data at the moment of capture and prevent such data from being available to the e-commerce application or merchant.

Both options will significantly improve data security while reducing PCI scope and costs by blocking merchant access to cardholder data, the encryption and decryption environments, and to key management operations.

“This offering reflects our ongoing commitment to expand the breadth and depth of our services to provide merchants with all the options, security, support and flexibility they need when it comes to payments,” said Dan Lane, Merchant Link’s President and CEO.

The new solution is expected to be available by the end of the year.

When the PCI Security Standards Council (PCI SSC) holds its election for Special Interest Groups (SIGS), it often provides a true window into the future of payment security.  One could actually consider the outcome of the SIG elections a true crystal ball if you will.

Last year, for example, our experts participated in the PCI SIGs for point-to-point encryption and tokenization.  We saw these technologies as reaching a tipping point in the hospitality, retail and lodging industries.

This year, the organization received 500 votes from more merchants, financial institutions, service providers and associations for the initiatives they want to prioritize in 2012, which included cloud computing, e-commerce security and risk assessment.  All of which, are top of mind for merchants as online and mobile transactions become more prevalent.

In addition, PCI SSC received votes from many organizations outside of North America, showcasing how finding global payment security solutions will be a priority.  Here’s what Jeremy King, European Director, PCI Security Standards Council, had to say in the PCI Council’s official press release:

“This is our first SIG election and I’m really pleased with the turnout, with a quarter of all of our Participating Organizations voting. Most impressively, a third of our votes came from outside North America showing that involvement in the Council’s activity and development of PCI Standards and resources to help secure the payment chain is truly a global endeavor.  I’m looking forward to close collaboration between the Council and SIG membership.”

The SIGs have often resulted in guidance for interpreting and implementing the PCI Standards – in such areas as wireless security, EMV chip, point-to-point encryption and virtualized environments. So we will be offering our own opinions and watching with anticipation to see what they will recommend in these new areas.

And while there is no such thing as a real crystal ball, the SIG elections clearly provide a glimpse into the future of payments and PCI compliance.