Fraudsters are turning their attention to e-commerce sites, continuing to improve the malware they use to find and harvest payment card data, and sensing opportunity in mobile devices, according to the latest annual data-breach report by Trustwave Holdings Inc. Chicago-based Trustwave, a leading data-forensics investigator and security vendor, based …

Gideon Samid • Gideon@BitMint.com Our clients are often angry. Why do we have so many security problems? they demand. Why so many “holes”? Can’t you do better than patching and band-aiding and sweet-talking? Our answer can be boiled down to one word: complexity. Complexity forces us to build systems with …

Peter Lucas Last year’s Google Wallet hack should have been a wakeup call, but security experts are still plenty nervous about wallets. What’s being done to shore up security? When Google Inc.’s digital wallet was breached last February by security experts from not just one, but two, points of entry, …

As we prepare to close out 2012, we thought we’d look back at the year’s major developments and pinpoint the ones that generated our biggest news stories. Here’s our list, arranged chronologically. Not surprisingly, given the events of the year in electronic payments, the list is dominated by mobile-payments and …

Most owners of legitimate sites that have been compromised to support phishing attacks have no idea their site has been violated until some third party tells them, according to a recent survey. But the cluelessness doesn’t end there. Nearly half of owners of compromised sites don’t know how the attack …

Continuing its slow march toward comprehensive security requirements for mobile payments, the PCI Security Standards Council on Thursday released a set of best practices for developers of software for mobile devices. The guidelines follow by four months the guidance about mobile payments that the Council released for small merchants. The …

Cybercriminals have introduced a new version of a notorious malware threat that is not only harder to detect but also more capable of stealing card numbers, PINs, and other sensitive information. This latest variant of the so-called Zeus Trojan malware includes a change that makes it virtually invisible to programs …

Hey, mobile-payments types: the fraudsters  are gunning for you. What are you doing to keep fraud at bay? So far, the known mobile-payments security lapses have proven to be more embarrassments than the truly damaging data breaches seen with more conventional payment methods. For example, Square Inc. initially passed out …

To effectively secure payment card data, encryption must occur in tamper-resistant security modules, says Steve Elefant. Software always leaves valuable payment card data in the clear somewhere during the life cycle of the transaction. Steven M. Elefant is managing director at Soaring Ventures, Lafayette, Calif., and of counsel at The …

Linda Punch When data breaches happen, fingers often point instinctively to shadowy hackers in distant lands. But the real culprits often are inside the office. Security experts say preventative measures must include better screening and monitoring of employees. When data breaches hit the headlines, the instigators typically are portrayed as …