Compliance news, analysis, research, how-to, opinion, and video.

expiration date can
threatening clouds

Citibank credit card with an EMV chip

Debit cards lag credit cards in EMV migration, putting banks at risk

Three times as many credit cards will be chip-enabled by the end of the year as debit cards, making the slower banks bigger targets for cybercriminals.

credit cards

EMV transition will still leave security gaps

This October, US merchants and payment providers are scheduled to switch to new, more secure, chip-based payments. But financial transactions aren't going to become safer overnight, since the majority of merchants are still not ready...

FTC website

Court: FTC can take action on corporate data breaches

The US Court of Appeals has ruled that the FTC mandate to protect consumers against fraudulent, deceptive and unfair business practices extends to oversight of corporate cybersecurity efforts -- and lapses. But security experts are...


Cyber sharing bill shares too much, critics say

There is general agreement between industry and government that sharing cyber threat information could improve defenses against ever-escalating and more sophisticated attacks. But critics of this year’s proposed legislation say it has...

pci security compliance

Application security needs to be shored up now

In this first of a three-part series, we will explore the connection between PCI and application security. Parts 2 and 3 will detail how to ensure PCI compliance for all things application security.


DRM could be making a comeback in the enterprise

Digital rights management might be coming back to the enterprise, experts say, as long as usability issues don't get in the way.

bank cloud

Banks balance security and workflow when encrypting in the cloud

When financial institutions store data in the cloud, they use different kinds of encryption depending on security and workflow requirements, according to a new report from CipherCloud.

japan location

Researchers improve de-anonymization attacks for websites hiding on Tor

Attackers controlling entry nodes on the Tor network could find the location of hidden services or unmask users visiting them

american justice courtroom gavel legal system law justice flag

FTC sues identity protection service LifeLock again

Identity protection service LifeLock said Tuesday it is prepared to go to court after the U.S. Federal Trade Commission filed a fresh lawsuit alleging the company has failed to protect its users' data and deceptively advertises its...

government columns

Regulators seek to limit security software exports

The comment period on Wassenaar ends next Monday, and the rules, as written, would severely restrict international sales, deployment, research and even discussion of cybersecurity tools and exploits, experts say.


China tightens grip over the Internet with new security law

U.S. trade groups are worried that China's security policies could stifle business in the country

Extreme Hacks to Be Paranoid About

Software developers are failing to implement crypto correctly, data reveals

Lack of specialized training for developers and crypto libraries that are too complex lead to widespread encryption failures

worried man

Do security leaders need to worry about the end of the QSA program?

Whether you need to comply with PCI or not, recent changes to the QSA program signal the need for security leaders to engage in two important discussions

caught in trap trapped

Why the dip in healthcare spending is actually a risky opportunity for security leaders

A new report that projects healthcare spending to dip also reveals a hidden risk for security leaders, unless they learn how to navigate it properly

bending over backwards

Agile security lessons from Aetna and the state of Texas

The move to agile development practices poses both challenges and opportunities to security teams -- with the challenges often dominating. But some organizations have found ways to make it work. What is agile security? And how can you...

money game

What a new survey on payment solutions reveals about your security leadership

Insights from a new briefing with some commentary on how it impacts your ability to lead security efforts through the evolving payment ecosystem

mobile payments

Five tips to comply with the new PCI requirements

At the end of June, merchants that accept payment cards have five new security requirements to comply with -- and significant fines and other costs if they don't

cracks in wall

SAFETY Act liability shield starts showing cracks

This week, Salted Hash has examined the Department of Homeland Security's (DHS) SAFETY Act, and FireEye's promise to customers that their certification under the act provides them protection from lawsuits or claims alleging that the...

Load More
You Might Also Like