Four Seasons Hotels and Resorts learned of a data security breach at Sabre Hospitality Solutions, a third-party hotel reservations provider working with the company. The intrusion compromised payment card data and other information pertaining to a limited number of consumers. Four Seasons confirmed the issue has been contained and no unauthorized access to Sabre's system currently exists. The hotel chain also emphasized that guests who made reservations through Fourseasons.com, the Four Seasons Worldwide Reservations Office, or directly through any of its hotels and resorts were not affected by the incident. The impacted reservations were made through such nondirect channels as online travel agencies and travel agents, which are processed through Sabre Hospitality Solutions SynXis Central Reservation System.

read more

Experian's Global Fraud and Identity Report, published Jan. 24, 2018, found online fraud a growing concern for businesses worldwide. In an effort to provide linkages to customer recognition, convenience, trust and fraud risk, researchers interviewed 5,500 consumers and 500 business leaders between June and October 2017. Respondents included senior executives from financial institutions, payment providers, and online and mobile retailers in the United States, United Kingdom, Brazil, Singapore, China, India, Australia, France, Spain, Turkey and South Africa. The survey found consumers expect security and a frictionless checkout experience, noted Kathleen Peters, Senior Vice President of Global Fraud and Identity at Experian. Peters said businesses are migrating to advanced forms of authentication to improve security and customer experience.

read more

The Consumer Financial Protection Bureau is providing more time for prepaid debit card companies to prepare for upcoming new regulations. The bureau also has taken a scalpel to the controversial new rule set, narrowing the application of error resolution requirements and adjusting compliance requirements for providers of digital wallets. The CFPB's prepaid card rules were crafted in an effort to extend to prepaid debit card accounts disclosure requirements and other consumer protections that already apply to debit and credit card accounts. Adopted in 2016, they were supposed to take effect in October 2017. But the bureau began backpedaling last June, moving the implementation date to April 2018 and requesting new input on what were considered particularly controversial provisions of the rule set.

read more

A recent flurry of headlines reflects a growing interest in cryptocurrencies, according to payments and legal analysts. Recent reports include numerous initial coin offerings (ICOs), cardless cash startups and armed robberies involving bitcoin wallets. Peter Vessenes, co-founder of the Bitcoin Foundation and Managing Director of New Alchemy, expects blockchain technology and various methods of tokenization to become mainstream in the next five years.

read more

The recently released IDC Market Spotlight, Payments Trends to Watch in 2018, sponsored by the Electronic Transactions Association, highlights new channels, networks and opportunities for the acquiring community. In particular, the report details five major trends in payment technology that are expected to drive discussion at the ETA's Transact tradeshow, which will take place in Las Vegas from April 17 to 19, 2018.

read more

The PCI Security Standards Council (PCI SSC), which leads a global effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs, released a new standard pertaining to commercial off-the-shelf devices (COTS) such as smartphones and tablets. The new PCI Software-Based PIN Entry on COTS (SPoC) Standard contains requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant's consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN, the council stated in a press release about the new requirements.

read more

Security analysts have slammed Uber for what they deem to be a selective approach to repairing software bugs. The ride-sharing service pays informants a bounty for reporting vulnerabilities, but payouts have been uneven, according to critics. ZDnet Security Editor Zack Whittaker reported Jan. 21, 2018, that HackerOne, an Internet security firm and bug bounty program administrator, pays bug fixes according to severity levels. Some discoveries are marked "informative," but go unpaid, Whittaker noted. Bug bounty programs are typically offered by software developers and websites, and provide recognition and compensation to individuals who report bugs in their software, particularly those associated with vulnerabilities.

read more

Allentown, Pa.-based Lighthouse Network, a payment technology provider previously known as Harbortouch, disclosed Jan. 15, 2018, that it acquired Shift4 Corp., a payment gateway based in Las Vegas. Company representatives said the newly created entity, Shift4 Payments, will leverage Shift4's patented payment technologies and Lighthouse Network's family of integrated POS solutions.

read more

The National Retail Federation reported 37,500 attendees and 900 exhibitors from 96 countries attended its 107th annual convention and expo held Jan. 14 to16, 2018, at Jacob K. Javits Convention Center in New York City. Retail and payments leaders in attendance attributed the event's palpable celebratory spirit to record holiday spending, economic recovery and a post-EMV retail landscape.

read more

It was news no merchant wants to hear. Family-owned Jason's Deli, which operates 275 delis in 28 states, received notice on Dec. 22, 2017, that a large quantity of payment card information associated with the business was for sale on the Dark Web. Law enforcement, a threat response team and forensic experts began investigating immediately and recently reported a breach had, indeed, occurred. It began June 8, 2017, and jeopardized the credit card information of approximately 2 million Jason's Deli customers.

read more

The National Retail Federation's 107th annual Convention and Expo opened Jan. 14, 2018, at Jacob Javits Convention Center in New York City. The NRF expects record attendance, with 35,000 registered attendees and 600 exhibitors from more than 3,500 companies and 90 countries. NRF executives held a pre-show press briefing in the Innovation Lab, a show within a show designed to highlight emerging technologies. In opening remarks, NRF President and Chief Executive Officer Matthew R. Shay said retail transformation is good for companies, employees and customers. "Retail is not dead," Shay said. "It is being reshaped in response to shifting customer expectations and buying behaviors."

read more

The Electronic Transactions Association, a global trade association representing more than 500 payments and technology companies, selected 10 participants for its 2018 ETA Young Payments Professionals Scholar Program. The ETA devised the program, which is supported by ETA member Discover Financial Services, to help young professionals in the payments industry grow, connect with a class of scholars and meet respected leaders from influential companies. The program's goal is to encourage leadership within the organization itself, as well as the industry at large.

read more

Following an investigation by the New York Department of Financial Services set forth in Western Union Co.'s January 2017 deferred prosecution agreement (DPA) with the U.S. Department of Justice, its Western Union Financial Services Inc. subsidiary agreed to a consent order with NYDFS on Jan. 4, 2018. In the DPA, the company acknowledged deficiencies in its money services compliance programs from 2004 to 2012. Under terms of the consent order, WUFSI agreed to pay $60 million to NYDFS to resolve violations of New York law arising out of facts set forth in the DPA. In its original agreement with the Justice Department, Western Union admitted to criminal violations including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud.

read more

A Jan. 4, 2018, memo by U.S. Attorney General Jeff Sessions gives law enforcement the right to prosecute marijuana-related activities, even in states that have legalized these practices. Sessions maintains marijuana cultivation, distribution, possession and use have always been illegal, despite the previous administration's policy against prioritizing prosecution of several types of cannabis-related activities in states that have legalized it.

read more

A U.S. appeals court upheld most of a 2017 lower court ruling that called into question a decades-old California ban on surcharging customers paying by credit card. But the move applies only to five businesses that challenged the law's constitutionality. In a decision handed down on Jan. 3, 2018, a panel of judges for the Ninth Circuit U.S. Court of Appeals, in San Francisco, ruled that a 1985 California law banning credit card surcharges violates the First Amendment of the U.S. Constitution by restricting commercial free speech. In doing so, the appeals court partially affirmed a district court ruling declaring the California statute "unconstitutional," but it stopped short of permanently enjoining enforcement of the law, as the lower court had ruled.

read more

Security analysts are criticizing Forever 21 Inc. for failing to protect cardholder data from hackers. On Nov. 14, 2017, the retailer disclosed its POS systems had been compromised, but it attempted to downplay the damages. Forensic investigators found anomalous activities had occurred between April and November 2017, but company representatives said it has been using encryption and tokenization since 2015, so a full-scale attack was unlikely to have occurred. "Encryption only protects data when it's implemented correctly," stated Marc Punzirudu, Director of Security Consulting Services at ControlScan Inc., a managed security and compliance solutions company.

read more

Citing lack of federal approval for a proposed merger between global money-transfer services provider MoneyGram International Inc. and fintech giant Ant Financial Services Group, the two companies revealed they have terminated their amended merger agreement, a $1.2 billion deal that would have resulted in Ant Financial acquiring all outstanding shares of MoneyGram for $18 per share in cash. They will instead work together on strategic initiatives to expand their remittance and digital payment services internationally.

read more

The results of a comprehensive analysis of private companies across America are in. Entrepreneur magazine just released its Entrepreneur360 List, which honors 360 small businesses based on four pillars of entrepreneurship: impact, innovation, growth and leadership. Among an elite group of payment companies selected, Calverton, N.Y.-based Electronic Payments placed 106 in the rankings. "There is no other industry that is growing as rapidly as financial technology, and the disruptions and shifts that we're seeing have provided unprecedented opportunity to drive innovation in the payments space," said Michael Nardy, Electronic Payments founder and CEO.

read more

Mobile wallet usage is more widespread in the United Kingdom than in the United States, according to a new study published Dec. 22, 2017, by Auriemma Consulting Group, a boutique management consulting firm with offices in New York and London. Auriemma researchers attribute the disparity to the United Kingdom's broader adoption of near field communications (NFC), which has enabled tapping at the POS to become a mainstay for U.K. merchants. Jaclyn Holmes, Director of Payment Insights at Auriemma noted U.K. consumers have been tapping at the POS since 2007. "Their increased comfort with this technology, in the decade since its inception, makes payment behavior at the point of sale less of a barrier for mobile pay adoption," she stated.

read more