Merchant Link SecurityCents

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

The Cost of Cyber Crimes Gets More Expensive <Tweet this article>
by Sue Marquette Poremba
If you need a reason to throw more of an effort into cybersecurity, here it is: The cost of cyber crime has gotten more expensive.
According to a new study sponsored by HP and conducted by the Ponemon Institute, the occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent……. Click here to read more

Facebook Want Button: Collecting massive amounts of data about you has never been easier <Tweet this article>
by Network World
Have you ever commented “Want!” anywhere on the web? Perhaps because “liking” is not enough for Facebook, and shares in its stock are still down, the company is pushing ahead with a ‘Collections’ feature. Collecting massive amounts of desired-based data about users would be like hitting the mother lode for advertisers…..……. Click here to read more

My Walletless Month: Happier, Healthier and Ready to Ditch Cash Forever <Tweet this article>
by Christina Bonnington
The e-wallet space is blowing up. Isis — an NFC-based mobile-payment platform backed by Verizon, AT&T, and T-Mobile — is set to launch on Monday. Google Wallet, now almost two years old, is nicely maturing with partnerships with an ever-expanding list of big-name retailers…..……. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Researchers: Chip and PIN Enables ‘Chip and Skim’ <Tweet this article>
by KrebsonSecurity
Researchers in the United Kingdom say they’ve discovered mounting evidence that thieves have been quietly exploiting design flaws in a security system widely used in Europe to prevent credit and debit card fraud at cash machines and point-of-sale devices
At issue is an anti-fraud system called EMV (short for Europay, MasterCard and Visa), more commonly known as “chip-and-PIN.”……….Click here to read more

Bricks to Benefit from Clicks as Multichannel Rises <Tweet this article>
by Campbell Phillips
Multichannel retailing is set to complement, rather than compete, with bricks-and-mortar over the next two years, according to a new study from CBRE.
Investing in new or currently existing stores is a major priority for international retailers, with many indicating a requirement for more physical outlets and increased shop space as a result of their multichannel strategies………. Click here to read more

61 percent of IT security professionals fear Anonymous, hacktivist attacks <Tweet this article>         
by Suzanne Choney
Nearly two-thirds of IT security professionals worldwide believe their companies will be the target of a cyber attack in the next six months, and 61 percent say that Anonymous and other hacktivist groups will be most likely the ones to target their organizations.
Cyber criminals, then “nation states,” including  China and Russia, are considered next on the list of likely attackers by 55 and 48 percent, respectively, according to the survey done by security firm Bit9………. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

Now that the July 4^th sparklers have all burned out we head into the long hot days of summer.  These lazy days are filled with beach vacations, barbecues and picnics, and lounging in the sun. In part 2 of our Security Awareness blog series we focus on some alarming trends towards data security and PCI compliance in small businesses.  Unfortunately, according to a recent study commissioned by The Hartford Financial Services Group, the attitude of small business owners looks a lot like a summer vacation when it comes to their approach to data security.  According to the survey, many small business owners (Level 4 merchants) simply do not believe they are at risk of a data breach, when in fact; attacks on smaller businesses are increasing.  The bottom line: data thieves don’t take vacation, and are always attempting to steal your customer’s credit card information. ControlScan described it as “The Perfect Storm of Complacency” in their 2011 survey of level 4 merchant attitudes regarding compliance with the Payment Card Data Security Standard (PCI DSS).  The survey revealed that merchants have a nonchalant attitude with regards to sensitive cardholder data and observed:

• Risk of financial losses doesn’t seem to be a big motivator for Level 4 merchants to aggressively comply with the PCI DSS.
• A sizeable minority of Level 4 merchants continue to believe that PCI compliance does not make their business more secure.
• Little progress has been made in increasing awareness of PCI compliance among small merchants.

 While small business owners want to focus on managing and growing their business more than the details of data security and PCI compliance, the threats and risks remain. Thankfully, there are some great resources out there that can help, including:

• 8 Best Practices for Small Business Data Protection, provided by The Hartford Financial Services Group
• The PCI Security Council’s dedicated website for small merchants  

 So enjoy the lazy days of summer but don’t get lazy when it comes to data security and your company’s reputation!  We invite you to share your experiences, questions and comments below.

With more than 25,000 guests visiting each month, Fantasy Springs Resort Casino, owned by the Cabazon Band of Mission Indians, is known for providing luxurious accommodations, the finest cuisine, exciting entertainment, and a world-class casino.

Fantasy Springs is also on the cutting-edge when it comes to payments and transaction security.  Following is an exclusive podcast with Don Lindsey, Fantasy Springs Resort Casino’s Director of Information Technology, who discusses transaction security trends and their use of tokenization.

Today, Merchant Link announced that it has named Dan Lane as its next president and chief executive officer (CEO).  Lane is one of the company’s founders and formerly served as Merchant Link’s chief technology officer (CTO).  The appointment is part of the company’s strategy to reinforce Merchant Link’s commitment to delivering the world’s most innovative payment security solutions for merchants.

Following is an exclusive podcast with Lane who discusses his new role and his vision for enhancing payment innovations from Merchant Link.

By Emily Dresner, CISSP

This year I had the wonderful chance to attend the RSA Security Conference in San Francisco, CA.  Between the immense Expo floor, 200+ sessions, peer-to-peer sessions, industry meetings, and keynotes, it is impossible to see it all and do it all.

I did learn about the newest attack vectors, listened to debate on the hottest discussion topics, and saw the product lines for 2011.

So what did I consider the highlights of the show?  Here are some of the topics that caught my attention:

- Cyberwar: Is it real or is it an over talked term?  Can a worm create a “kinetic” effect in the real world?  Where is the line between criminality, vandalism, and war?

- Cloud Computing Security: Business and government are leaping forward into the “cloud.” This has wide implications for security departments who try to secure both the data of their users and their corporation as a whole.  In fact, we’ve talked about tokenization in the cloud and what it means for organizations on this blog.

- Advanced Persistent Threats and Online Espionage: Aurora, Night Dragon, Ghost.Net are the newest crop of “APTs” — advanced persistent threats.  These new threats are burrowing into corporations through social engineering and have the potential to cause massive data loss on scales not yet seen.

- Zeus, Spy Eye, and other botnet networks: Botnets have become commoditized in the black market.  Now they do not merely steal credentials but they take screen shots, steal medical details, and keep a constant record of a compromised host.  They come through both infected websites and infected documents.  These rootkit-based botnets are evolving swiftly to defeat the best defenses to breach corporate and personal security.

- Mobile Security: The workforce is becoming distributed.  Smart phones and tablets are here to stay.  What does this mean for data security?  How does one secure mobile devices and still allow a mobile workforce to work unencumbered?  This is a major developing issue in information security with presentations from some product vendors.

- Wikileaks and Anonymous: Is Wikileaks a news source or theft?  Is Anonymous legitimate free speech or vandalism on a large scale?  How does one protect a network in the days of massively outsourced distributed denial of service attacks on command and continue to operate while under attack?

- Public/Private Partnership: The Department of Defense has realized they can no longer “go it alone” in cyberspace.  They are aggressively reaching out to private enterprise to help secure the nation’s critical infrastructure.

- Cryptography: One cannot go to the RSA Security Conference without hearing about cryptography — its sources, how public-key encryption made the Internet what it is today, and the new algorithms in signature analysis and SHA-3 hashes on the horizon.

I was also surprised that there were minimal discussions about PCI standards and compliance.

But overall, all the conversations were about the future: where we are now, where we have been, but mostly…where we want to be.  We also had a keynote from ex-President Bill Clinton as the capstone to the event.

Here’s looking forward to 2012!

In an effort to promote the upcoming annual conference in San Francisco, the RSA has developed a creative campaign that clearly explains how certain security technologies actually work.

As part of this effort, the RSA recruited renowned security expert, Bruce Schneier, to develop a video that provides a simple explanation of cryptography and encryption.

Now we know that encryption can be hard to understand. In fact, we’ve written several posts about encryption and the difference between encryption and tokenization.  But this video explains that it is all about the relationship between characters.  Like in most intriguing stories, there are the good guys and the bad guys, and the relationship between the two makes for an exciting storyline.

So meet Alice and Bob…the two main characters.  (The terms were actually coined in 1978 by Ron Rivest and used instead of “a” and “b” to describe people in a cryptographic exchange of data.)  Alice and Bob are having a conversation that is personal, just between them, when Eve begins to eavesdrop on their discussion.  Although Eve does nothing with the information she has gathered, the nefarious Mallory decides to intrude in on the conversation for her own malicious purposes.  Encryption is simply the coded process that fights off Mallory’s attempts to take that information in the conversation and use it for her own purposes.

Check out this video of Schneier explaining this simple but effective concept further.

And, if you want to get pumped up about the upcoming RSA 2011 Conference, check out the general promotional video here.

See you all at the 20^th Annual RSA Conference in San Francisco next month!