PCI DSS 3.2 Compliancy

On February 1, 2018, Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS 3.2) goes into effect, making multi-factor authentication mandatory for non-console access to computers and systems handling cardholder data, and remote access to the cardholder data environment (CDE). Earlier this year, the PCI Security Standards Council also issued guidance for multi-factor authentication implementations. PCI DSS… Read more


Faces of Fraud

Analysts wonder whether recent hacks like that of Equifax might serve as the tipping point for banks to rollout new anti-fraud measures, while in tandem, more than half of financial institutions surveyed lack confidence in their current ability to detect and prevent fraud. At least that’s what the 2017 Face of Fraud Survey, conducted by ISMG, experts in risk management… Read more


October 26, 2017 - Steven Murdoch, Frederik Mennes
Existing encryption's a casualty of the massive KRACK WiFi attack

The KRACK WiFi attack has exposed a major vulnerability that could impact millions of users around the world, creating a major new threat for security professionals, financial institutions, retailers and payment companies. But there are options to mitigate the risk. Read what Frederik Mennes and Steven Murdoch have to say on this important topic in an article recently contributed to Payment Source…. Read more


The Berlin Group’s NextGenPSD2 conference

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the… Read more


sms authentication

What a difference a year makes. As related in AppDev Magazine’s recent newsletter, just one year after NIST, the National Institute of Standards and Technology issued guidance that found SMS insecure and no longer suitable as a strong authentication mechanism; it has backpedaled to reduce their previously strong statements and instead offers a new, softer recommendation. According to this article,… Read more


Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists… Read more


Earlier this year, the New York State Department of Financial Services (NYDFS) significantly increased the cybersecurity requirements for any financial services company doing business in the state. Given that New York City is the “Financial Capital of the World”, there are few organizations unaffected by the Cybersecurity Requirements for Financial Services Companies regulation. Section 500.12, requires all covered entities to use multi-factor authentication (MFA) for… Read more


Blockchain

Blockchain is one of the more exciting – and often misunderstood – emerging technologies. It essentially offers the ability to record and track transactions in a decentralized database (often referred to as a “ledger”). When a transaction occurs, everyone who has permission on the network knows about it. It’s tamper-proof and everything happens in real-time. This has disruptive implications for… Read more


ENISA Report

A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organizations in implementing EU legislation, provides guidelines on how to take the appropriate measures to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk… Read more


Behavioral Biometrics: Improving Security and the Customer Experience

Before the Internet, customers who wanted to transact with their bank had only one option – a visit to their local branch for a face-to-face transaction. Now, in the mobile age, customers expect their banks to provide secure and easy access to the full suite of banking services via their mobile device. New channel, new challenges This demand for mobile… Read more