GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Industry self-policing: A lofty goal?

Patti Murphy
ProScribes Inc.

News

Industry Update

Federal Reserve sets debit interchange at 21 cents

Visa to update forecast after Fed sets debit interchange

More regs, requirements from FFIEC, PCI council

Fraudsters nailed, proactive security initiatives needed

The 25 most dangerous software errors in 2011

Features

Wal-Mart wants to bank the underserved

Patti Murphy
ProScribes Inc.

Microfinance and profits

Patti Murphy
ProScribes Inc.

Electronic billing for SMBs

The three R's of text message marketing

Pal Flagg
Street Savings

ISOMetrics:
Breaches across America

Selling Prepaid

Prepaid in brief

Is the new AmEx prepaid card a game changer?

Case study: Prepaid electricity metering

Views

Are you ready for the NFC paradigm shift?

Scott Henry
VeriFone Inc.

Education

Street SmartsSM:
Networking groups and referral marketing - Part 1

Bill Pirtle
MPCT Publishing Co.

Use communication to cut merchant attrition

Jeff Fortney
Clearent LLC

Finding the right payment processor

John Barrett
First Data Corp.

Social media: Putting your company's best face forward

Peggy Bekavac Olson
Strategic Marketing

What is my portfolio worth anyway?

Adam Atlas
Attorney at Law

Company Profile

Capital Access Network Inc.

New Products

Award winning loyalty technology

Paycloud
SparkBase

Less churn, more earn in health care

Revenue Maximizer
TransEngen Inc.

Inspiration

Make children your business

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

July 11, 2011  •  Issue 11:07:01

previous next

More regs, requirements from FFIEC, PCI council

Federal regulators updated their take on Internet security, and put bankers on notice that greater scrutiny of online banking security will begin with 2012 examinations. The Federal Financial Institutions Examination Council is an umbrella group that develops uniform examination practices and standards that span different types of financial institutions.

FFIEC members include the Federal Reserve, Federal Deposit Insurance Corp., Office of the Comptroller of the Currency, National Credit Union Administration, Office of Thrift Supervision and a committee of five state bank regulators.

On June 28, 2011, the FFIEC released a supplement to a guidance document issued originally in October 2005 - Authentication in an Internet Banking Environment. The supplement updates that document, describing "supervisory expectation regarding customer authentication, layered security, and other controls in the increasingly hostile online environment," the FFIEC wrote.

The supplement emphasizes the need for regular risk assessments, effective strategies for mitigating risks and raising customer awareness of potential risks. The FFIEC expects examiners to begin using the new guidelines in January 2012. Download the enhanced guidelines at www.ffiec.gov/press/pr062811.htm.

PCI SSC releases list of secure payment app requirements

A list of requirements for payment applications to meet payment industry data security requirements was recently released by the PCI Security Standards Council (PCI SSC). The list clarifies what standards payment applications must meet to be eligible for Payment Application Data Security Standard (PA DSS) validation and listing. The list includes information on how the PA DSS applies to mobile payments.

The PCI SSC manages the Payment Card Industry Data (PCI) Data Security Standard (DSS), PIN Transaction Security (PTS) and the PA DSS. Only payment applications that store, process or transmit cardholder data as part of the transaction and are sold, distributed or licensed to third parties are eligible for the PA DSS program.

Complete information on how to comply with the PA DSS can be found at www.pcisecuritystandards.org/security_standards/documents.php?association=PA-DSS.

The PCI SSC is evaluating mobile communication devices and payment applications to determine the risks involved in validating mobile payment acceptance applications to the PA DSS 2.0 standard. In late June, the council issued its position concerning mobile payment security, "Which Applications are Eligible for PA-DSS Validation? A Guiding Checklist." The council plans to release further guidance by year's end.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio