The Green Sheet Online Edition
March 26, 2018 • Issue 18:03:02
Editor's Note: Following are excerpts from news stories recently posted under Breaking Industry News on our home page. For links to these and other full news stories, please visit www.greensheet.com/breakingnews.php?flag=previous_breaking_news.
SEC toughens cybersecurity guidelines
The Securities and Exchange Commission published new cybersecurity guidelines for publicly traded companies that became effective Feb. 26, 2018. Security analysts praised the interpretive guidance for requiring companies to disclose cybersecurity risks and incidents within prescribed timeframes.
"Given the frequency, magnitude and cost of cybersecurity incidents, the Commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack," the SEC wrote in its Commission Statement and Guidance on Public Company Cybersecurity Disclosures document.
The SEC added that crucial to a public company's ability to make required disclosure of cybersecurity risks and incidents in the appropriate timeframe are "disclosure controls and procedures that provide an appropriate method of discerning the impact that such matters may have on the company and its business, financial condition, and results of operations, as well as a protocol to determine the potential materiality of such risks and incidents."
NACHA unites with IFX Forum
In a strategic move, NACHA ‒ The Electronic Payments Association and financial services standards development organization International Financial eXchange Forum agreed to combine organizations to accelerate development of standardized application programming interfaces (APIs) supportive of the global financial services industry.
"The powerful combination of IFX Forum's established leadership in financial industry standards, along with additional technical expertise in the area of API message development, and NACHA's leadership in payment and adjacent standards will accelerate this innovation," said NACHA President and CEO Janet O. Estep. "The organizations will be able to build relevant standards in existing and new business domains."
As a steward of the automated clearing house network, NACHA said that aligning the complementary work of its API Standardization Industry Group, comprised of more than 100 leading organizations, and the IFX Open Banking APIs Working Group, tasked with developing a standard for more open API access, will benefit industry stakeholders.
New study finds ISVs can streamline PCI compliance
Researchers have found achieving and maintaining Payment Card Industry (PCI) security standards compliance continues to be a challenge for small and midsize merchants. The 2018 ControlScan/MAC Acquiring Trends Survey, published Feb. 28, 2018, surveyed 115 acquirers, processors, ISOs and payment facilitators.
Global security company ControlScan co-authored the report with Merchant Acquirers' Committee, an organization of bankcard professionals involved in the risk management side of card processing. The organizations said the comparative analysis, aimed at tracking compliance trends, is their seventh annual survey.
One significant finding was that 67 percent of survey respondents with decreased compliance rates said their merchants had initially achieved compliance but subsequently failed to be revalidated. They attributed failures to lack of awareness of requirements and avoidance of recertification procedures, which have become more rigorous in recent years, according to some participants.
As Lyons shifts focus, Mastercard aligns digital, physical
An entrepreneur at heart, Mastercard Chief Innovations Officer Garry Lyons is leaving the Purchase, N.Y.-based card and payments brand to launch a new technology venture closely aligned with the company he has helped to invigorate. Meanwhile, Mastercard is integrating its physical and digital payments teams under one organization, the Products and Innovation team. The reorganization will be effective April 2, 2018; Lyons will depart the company June 1.
Mastercard credits Lyons for being a catalyst for its expanded view of payments technology, as well as for leading the creation of Mastercard Labs, a global research and development effort that looks at the future from a fresh perspective, ascertaining how technology advancements and consumer trends will affect the company's business.
"Garry has helped us to think differently about the payment experience, using those sparks to deliver additional value to customers and consumers," said Mastercard President and CEO Ajay Banga. "I'm looking forward to the opportunities his new venture will create for our company, both as a customer and as an investor."
World Economic Forum forms cybersecurity consortium
On March 6, 2018, the World Economic Forum launched a consortium dedicated to bolstering cybersecurity within the financial technology and data aggregator sectors. The consortium came together after leading cybersecurity experts convened by the forum identified the growing threat of cyber-attacks to financial services providers as a key concern for global financial systems. "Fintechs can only deliver on their customer experience promises if the financial system is able to manage the risks adequately," said Matthew Blake, Head of the Financial and Monetary System Initiative at the forum. "This consortium will offer technology companies a clear goalpost and thus enable them to implement sound cybersecurity measures at the product design stage."
The consortium plans to begin work in conjunction with the organization's Global Centre for Cybersecurity, which opened recently in Geneva, Switzerland. According to the forum, the aim of the center is to establish the first global platform for governments, businesses, experts and law enforcement agencies to collaborate on cybersecurity challenges. The consortium plans to focus on four key areas: development of common principles for cybersecurity assessments, guidance for implementation, a point-based scoring framework and guidance on improving an organization's score.
CyberEdge finds rising security concerns
A report published March 7, 2018, by CyberEdge Group noted year-over-year growth in security concerns and threats. Researchers surveyed 1,200 information technology managers from 17 countries and 19 industries to examine the emerging threat landscape and respondents' security postures, investments and strategies for this fifth annual report. Respondents cited cloud security, data privacy, access control and threat monitoring among their leading challenges. "Although we've presented multiple pieces of evidence to suggest that IT security has finally stemmed the tide of successful cyberattacks, this doesn't mean that life is peachy keen," researchers wrote. "Far from it."
Survey respondents cited lack of skilled IT personnel, low security awareness and data overload as leading inhibitors to data protection. "Last year's stunning finding that nearly nine out of ten organizations are experiencing a shortage of IT security talent validated recurring headlines that claim there's a global shortage of one to two million cybersecurity professionals," researchers wrote. "The good news, if it can be called that, is that our results this time around show a modest improvement in this area, with only eight out of ten (i.e., four in five), now indicating that their organizations are impacted by the security talent shortfall."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.