Blog

2014 started with a key infographic on how and why “privacy” ended the year as the 2013 Word of the Year. From our collective experience, 2014 however will forever be known as the “Year of the Data Breach”. A recent infographic published by www.databreachtoday.com, highlighted the Top Breach ....

I’d like to make a bold statement: vendor risk management is easy. Step 1: Use contracts to set expectations, secure audit rights and transfer liability. Step 2: Conduct an assessment to determine if expectations are being met. Step 3: Remediate any issues identified during the assessment. ....

The last couple of months have seen a more focused and public discussion between merchants and banks about how the standards that will underlie payment tokens should be crafted. An oversimplified summary of positions would suggest that merchants want an ISO based standards development process which ....

OCC issues revised guidance (OCC Bulletin 2014-41) on Merchant Processing as regulators continue to increase focus on third party risk. In their revised guidance the OCC stresses the need for expanded due diligence of third party card processors. The guidance reinforces the OCC's concept of managing ....

Confirming the need for stringent third party risk assessments, the PCI security standards council issued a guidance this week focusing on the need to thoroughly assess third party service providers who store, process or transmit cardholder data. The PCI Guidance underscores and reinforcing Shared ....

Part I in a series In less than eighteen months, there has been more industry guidance and updated regulations regarding third party risk than at any other juncture in the evolution of governance within the financial services industry. Media attention from retailer breaches and enforcement actions ....