A data security breach involving Staples Inc., initially reported in October 2014, has been confirmed by the Framingham, Mass-based retail office supply chain. The far-reaching event impacted 119 of the 1,500 Staples locations in 35 states. Malicious software discovered inside cash registers was intercepting credit card transactions and transmitting cardholder data to a criminal host network. The company believes that up to 1.16 million credit cards may have been affected by the breach. A company press release issued on Dec. 19 stated that "malware may have allowed access to some transaction data at affected stores, including cardholder names, payment card numbers, expiration dates, and card verification codes.

read more

When the ball drops at 12 a.m. on Jan. 1, 2015, it will mark the beginning of a new year, as well as the deadline for implementation of a new set of security standards. The PCI Security Standards Council released Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 in January 2014, and gave merchants and payment services providers one year to review and upgrade their PCI DSS 2.0-compliant systems. The security community embraced the new standards, noting the enhanced protections for e-commerce, widely considered to be a leading point-of-entry for cyber attacks.

read more

The U.S. Department of Justice has been ordered to stop making trouble for individuals and businesses that take advantage of state medical marijuana laws. However, the demand, attached to the $1.1 trillion federal budget bill that was signed into law Dec. 16, 2014, is not a total condemnation of the federal government's efforts to stamp out marijuana legalization initiatives. "It merely restricts the use of funds in a one-year budget bill," noted a web post by the National Law Review. "The bill does not exempt marijuana has as an illegal Schedule I drug under the federal Controlled Substances Act."

read more

At the close of 2014, payments leaders are reflecting on the year's highlights and looking ahead to what many believe will be a defining year for the industry. An unprecedented number of disruptions have occurred over the past twelve months, led by emerging technologies, the expanding role of data analytics, and changes in purchasing behaviors and banking environments. The digital transformation of payments is perhaps most evident in the changing role of payments industry equipment manufacturers.

read more

Recent news of a security breach at Charge Anywhere has raised concerns about vulnerabilities that may exist in payments industry middleware and third-party service providers (TPSPs). Charge Anywhere, a New Jersey-based payment gateway, has long been considered an innovator in the mobile payments space, marketing payment solutions and services through ISO and reseller distribution channels since 2002. Now, the company is working with its channel partners to help them mitigate risk, as well as teaming up with security specialists to forensically investigate malware initially discovered on Sept. 22, 2014. The malware has since been removed.

read more

Midway through the holiday shopping season, analysts are crunching the numbers, providing a “pay-by-pay” analysis of consumer spending patterns. The reports give some merchants and payment professionals reason to celebrate while others may be motivated to revisit their promotional strategies. Year-over-year growth in consumer spending grew a modest 5.3 percent compared with a 7.4 percent increase in 2013, according to First Data’s 2014 SpendTrend Holiday Shopping analysis, a comprehensive report issued December 8, 2014. The study measured in-store transaction data and consumer spending at over 1 million merchant locations.

read more

The National Security Agency released the first in a series of hyper-adaptive software solutions designed to improve efficiencies in the government and private sectors. Niagarafiles (Nifi) is a new protocol conversion method developed by the NSA's Technology Transfer Program (TTP) that the NSA made available to open source software developers on Nov. 25, 2014. This is viewed as a positive step for many market sectors, including the payments industry.

read more

Cyber Week 2014 unleashed big deals and bigger threats in the omni-channel retail environment, where emerging consumer trends and a rash of high-profile security breaches have altered the holiday shopping playing field. The latest breach at Bebe Stores Inc., initially reported by KrebsOnSecurity Dec. 4, 2014, and confirmed by Bebe today, involved cybercrime operation Goodshop, which was selling counterfeits of cards used at Bebe stores Nov. 18 through 28, according to Krebs' bank sources. The extent of the crime and the number of consumer accounts affected has not yet been determined.

read more

Extreme shopping has evolved from a Black Friday sprint to a Cyber Week marathon as retailers extend deep discounts further into the holiday season. A December 2, 2014, report by IBM Digital Analytics Benchmark tracked sales in the five-day span between Thanksgiving and Cyber Monday, comparing this year's consumer transactional data against the same period last year. Jay Henderson, Director of IBM Smarter Commerce saw the expanding length of the holiday shopping season as favorable to consumers and retailers, "making it easier for consumers to find the best deals on the go, whenever and wherever they chose to shop."

read more

To a long list of companies crying foul over Visa Inc.'s pricing models, add Discover Financial Services. Discover's debit unit, Pulse Network LLC, recently filed a lawsuit against Visa in a federal court in Texas alleging Visa undermines competition in the debit network world. The network is asking the court to "enjoin Visa's ongoing violations of antitrust laws" and award Pulse compensation for revenues lost due to the challenged policies. This isn't the first time Discover has taken Visa to court. In 2008, Discover ended up with out-of-court settlements with both Visa and MasterCard for a long-time practice the two bankcard companies had of not allowing financial institutions that offer Visa and MasterCard to also issue Discover cards.

read more