Authorities on Risk Assurance

The Shared Assessments Blog

Viewing Category: Payments

It’s a New Day for Payment Card Fraud Liability

Published on January 4, 2016 By | Posted in: Blog, Data Breach, Fraud, Payments

According to the global 2015 Cost of Data Breach Study by the Ponemon Institute, the average total cost of a data breach for the participating companies increased 23 percent over the past two years to $3.79 million. Now breach costs are likely to rise further as banks and payment processors shift more of the liability […]

It’s Not Just a Check The Box Exercise: Building a Culture of Compliance

Published on October 13, 2015 By | Posted in: Compliance, Payments, Risk

Last week I outlined ideas on implementing appropriate best practices in structuring effective compliance programs. Leveraging program management disciplines can streamline the logistics of compliance management. However, process alone is not sufficient without the right “tone at the top” to focus an organization’s efforts. Senior leadership within an organization is accountable for managing risk and […]

Joint Advisory Bulletin: Mobile Payment System Vulnerability

Published on September 30, 2015 By | Posted in: Mobile, PCI, Secret Service

Earlier this month, the U.S Secret Service, in collaboration with the Payment Card Industry (PCI) Security Standards Council, released a Joint Advisory Bulletin: Mobile Payment System Vulnerability. The advisory discuses the Growing Criminal Exploitation of Provisioning in Mobile Payments. Excerpt: The Secret Service has observed a steady increase in criminals exploiting vulnerabilities in the account […]

PCI and Tomorrow’s Payments Security Environment

Published on April 30, 2015 By | Posted in: Newsletter, Payments, PCI

Every so often it’s useful to sit back and reexamine a subject from a 40,000 foot perspective. In the last six to eight weeks, three unrelated items have caused me to do just that as I think about security issues in the payments card arena, never an easy subject even in the best of circumstances. […]

Happy New Year EMV

Published on January 30, 2015 By | Posted in: Payments, Tokens

2014, on balance, was a very good year for progress in securing electronic retail payment transactions. Most importantly, many of the key payments stakeholders seemed to coalesce around the general understanding that three basic tools, EMV chip cards, payment tokenization, and end-to-end encryption were all essential to make real progress toward next generation payments security. […]

Apple Pay is Live and Has (Just) A Few Hiccups

Published on October 30, 2014 By | Posted in: Apple Pay, Payments

Apple Pay hit the streets with the release of IOS 8.1 the week of October 20th and at least at the physical point of sale, the mechanics largely seem to be working as planned. With the exception of about 1000 Bank of America customers who experienced quickly corrected duplicate charges, there have been few reported […]

Apple Pay – And Dynamic Payment Tokens

Published on September 12, 2014 By | Posted in: Payments, Tokens

Although Apple’s payments announcement on Tuesday was not a surprise, the platform’s mechanics were largely unknown before Tim Cook’s on-stage introduction at the Flint Center in Cupertino. Cook set the context for Apple’s payments vision quite accurately: “Most people that have worked on this have started by focusing on creating a business model that was […]

Payment Token Implementation Do’s and Don’ts

Published on July 1, 2014 By | Posted in: Payments, Tokens

With an estimated 70% of US credit cards likely to be EMV chip ready by the end of next year1 , the race to protect against sharply increased levels of card-not-present fraud has begun in earnest. As we’ve discussed in the past, one of the most important tools to help mitigate card-not-present fraud will be […]

Holiday Reading

Published on January 13, 2014 By | Posted in: Payments

One of the great things about the holiday season is the time it provides to read and explore items that might otherwise be passed over and forgotten. This season, payment gurus had lots of eye candy in the form of 187 responses to the Federal Reserve Board’s request for comments on its Payment System Improvement […]

PCI 3.0

Published on October 21, 2013 By | Posted in: Payments, Standards

Although it seems as if the Payment Card Industry Data Security Standard (PCI DSS) was launched yesterday, the standards organization was in fact created in 2006 to consolidate and better promulgate the major credit card organizations’ then overlapping data security requirements. The PCI Council updated its original requirements in 2010 (with Version 2.0) and now, […]

Shared Assessments Logo Iron Mountain
Shared Assessments Logo Deloitte
Viewpoint Logo
Shared Assessments Logo pwc
Shared Assessments Logo dtcc
Shared Assessments Program licensee Churchill & Harriman logo
MetricStream logo
Shared Assessments Logo radian
Shared Assessments Logo Deluxe Corp
intralinks-logo
Shared Assessments Licensee Protiviti
Shared Assessments Licensee TD Ameritrade
Shared Assessments Licensee Pivot Point Security
Shared Assessments Licensee Bank of the West
Shared Assessments Logo first data
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Power Advocate
Shared Assessments Logo sei
Shared Assessments Logo usbank
Shared Assessments Licensee Lockpath
Shared Assessments Licensee ControlCase
Shared Assessments Licensee Rsam
Shared Assessments Licensee ZS logo