Second Menu


Retailers extremely focused on payment innovation

Payment innovation in the retail industry is rapidly changing, driven by consumer adoption of mobile smart devices.  Because of recent well-publicized data breaches and payment card fraud, retailers have turned their attention to the dual challenges of data security and fraud prevention, even as they try to keep up with the demands of digitally enabled consumers. Retail Systems Research (RSR) recently released… Continue reading >>

Draft ISO 20022 standard for real-time payments published

A global scheme aimed at establishing a set of harmonised standards for cross-border real-time payments has published a first draft of ISO 20022 messages for review. The ISO Real-Time Payments Group (RTPG), which published the draft, is comprised of over 50 global experts under the auspices of the Payments UK trade entity. The focus of the first draft aimed at… Continue reading >>

NatWest online banking crashes again

UK bank NatWest, part of the RBS group, has suffered another online banking crash which has affected thousands of users. The latest IT failure comes only six weeks after the bank suffered a crash that caused over 600,000 transactions and hundreds of thousands of pounds in payments to go missing. The bank’s IT team is trying to find the source… Continue reading >>

The economics of hacking

After a series of high-profile hacking attacks, many companies are considering more aggressive tactics to fight back against cyber crime, including “active defence” strategies. The most controversial is “hacking back” against cyber criminals, which is against US law and, according to several bank officials, a bad idea because of the difficulty in definitively identifying culprits. Instead, they are fighting back… Continue reading >>

Update on changes to the new Payment Services Directive (PSD2)

The arrival of the new Payment Services Directive (PSD2) in the internal market repealing the current Payment Services Directive 2007/64/EC (PSD1) has been a closely monitored development since the publication of the European Commission’s (the Commission) Green Paper on Card, Internet and Mobile Payments (COM (2011) 941) in January 2012. On 2 June 2015 the final compromise text of PSD2… Continue reading >>

Cyber security: When 95% isn’t good enough

According to a very interesting article in the FT – two weeks after hackers broke into Sony Pictures’ computer systems, deleting important company files and exposing embarrassing emails, technology experts at some of the world’s largest financial institutions decided to run an experiment. They took copies of the “malware” — malicious strands of computer code — used in the Sony… Continue reading >>

New data security standards published

Following various high-profile encryption protocol vulnerabilities, the PCI Security Standards Council has published an out-of-schedule update to the PCI Data Security Standards (PCI DSS) and Payment Application Data Security Standard (PA-DSS). Versions 3.1 of the PCI DSS and PA-DSS were effective on publication —15 April 2015 and 1 June 2015 respectively. This marks a change for the Council, which usually… Continue reading >>

Dyre malware reboots for holiday phishing attacks

Shortly after online banking customers in the UK were warned of a major phishing campaign using the notorious Dyre malware designed to steal financial data, the malware has resurfaced in a new iteration for the holiday season. Customers of Barclays, Santander and Lloyds TSB were being targeted by the trojan malware. Nearly 20,000 malicious emails were sent containing infectious .exe files posing as an email from… Continue reading >>

Giesecke & Devrient receives Visa certification for HCE

Giesecke & Devrient (G&D) has been certified “Visa Ready” by Visa for HCE (Host Card Emulation) cloud based payment services. With the Visa Ready status, Visa ensures that technology and service providers develop and deploy products and services that are compatible with Visa’s requirements. G&D’s data center in Canada has received Visa Ready certification as a provider for cloud based… Continue reading >>

Autralian regulator voices concerns over cloud risks

The Australian Prudential Regulation Authority (APRA) has released an information paper on prudential considerations and key principles in relation to outsourcing involving shared computing services, including the cloud. The information paper uses the term ‘shared computing services’ (whether labelled cloud or otherwise) to differentiate arrangements which involve the sharing of IT assets (including hardware, software and/or data storage) with other parties,… Continue reading >>