MasterCard is testing a smartphone app that lets users approve online transactions using facial recognition, via the equivalent of taking a selfie. But could such technology be spoofed, and will it reduce card fraud?
The PCI Security Standards Council has just released version 2 of its point-to-point encryption standard. Jeremy King of the PCI SSC explains how this optional standard can complement PCI-DSS compliance.
Would encryption, two-factor authentication and other measures stop a determined adversary from stealing millions of U.S. government personnel files? No, a former CIA CISO says. Read how Robert Bigman would defend against OPM-style cyber-attacks.
Following its mega-breach, the U.S. Office of Personnel Management suspends use of its online background check application system, citing a vulnerability. Also, the agency now faces a breach-related lawsuit filed on behalf of federal workers.
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.
The U.S. Office of Personnel Management breach continues to reveal such staggering levels of information security problems, paper-pushing and seeming incompetence that it's creating a new cyber-espionage category: the "victim-as-a-service" provider.
Sony's 2014 cyber-attack cleanup costs continue to mount. The company reports spending $35 million on remediation as of March, and costs will continue to mount, now that a judge has ruled that a class-action lawsuit by former employees can proceed.
Forget attributions of the German parliament malware outbreak to Russia, or Chancellor Angela Merkel's office being "ground zero." The real takeaway is the Bundestag's apparent lack of effective defenses or a breach-response plan.
The Gartner Security and Risk Management Summit tackles digital business, a concept that blurs the physical and digital worlds, and requires organizations to reconsider how they approach IT security and risk management.
This year's Infosecurity Europe conference in London - celebrating its 20th anniversary - decamped from Earl's Court to the glass-topped, 19th-century Olympia Conference Center, and featured more than 300 exhibitors and 200 speakers.
The lead cybersecurity official for Britain's GCHQ intelligence agency dismisses charges that the U.K. conducts mass surveillance. But critics question the government's introduction of the Investigatory Powers Bill.
A new breach reported by Heartland Payment Systems won't get much attention. But this incident could be more damaging to the undisclosed number of consumers affected than was Heartland's 2008 payment card breach.
Prosecutors love to tell judges that sentences for hackers and cybercriminals must be strong enough to deter future such crimes. But as the case of Silk Road mastermind Ross Ulbricht shows, they've failed to make the case for deterrence.