Why Quarterly Vulnerability Scanning Is An Impressively Stupid Idea
The current PCI DSS quarterly vulnerability scanning requirement is nothing short of ridiculous, given the fact that most operating system vendors and some application software providers release...
View ArticleSquare Mastering PayPal’s “Don’t Tell Store Associates And See What Happens”...
When a Reuters story this week detailed that retail associates were oblivious about a Square service being offered in their stores, it had a frighteningly familiar ring to it. We have repeatedly run...
View ArticleSafeway Self-Checkout Security Hole Illustrates The Importance Of Button...
The self-checkout software at a Safeway chain in California, Vons, lets the shopper move directly to the payment area and then still buy more items. This bit of flexibility likely seemed a good idea at...
View ArticlePhone Makers Are Still Opening Security Holes By Spying On Phones
A security researcher in Seattle has identified yet another program running in the background of some smartphones in the name of collecting quality of service information. This time the phone is...
View ArticleMajor Chain Loses PCI Compliance When Data Center Moves
One of the nation's 15 largest retail chains had done a tremendous job segmenting its network to reduce the scope of its PCI assessment. All of that was thrown away, though, during a simple data center...
View ArticlePCI’s Not-So-Open Global Forum
PCI's Global Forum is an open forum in name only, at least as long as it continues to force changes on members that they are not permitted to even know about until someone who has been briefed chooses...
View ArticleWalmart Sales Tax Snafu: How Did They Get This So Wrong?
In a sterling example of what big retailers' POS software is not supposed to get wrong, Walmart has apparently been charging too much sales tax on two-for-one coupon deals in Pennsylvania in violation...
View ArticleWhy Did Gonzales Hackers Like European Cards So Much Better?
Last Thursday's (July 25) indictment of five more Albert Gonzalez gang members by federal prosecutors in New Jersey is a reminder of how big that operation was (and may still be) and how far...
View ArticleNow Asda, Morrisons And Europe Are Going After Visa And MasterCard Over...
First there was the $7.25 billion interchange settlement that big chains mostly detested, largely because it would outlaw future interchange lawsuits. Then came a flurry of retailer lawsuits against...
View ArticleSelf-Service Shifts Legal Risks, May Let Customers Off The Hook
One of the great things about the Internet and computer technologies is that they can empower consumers and businesses to do things that ordinarily require a middleman. Consumers can purchase their own...
View ArticleWalmart’s Scan & Go Change Reminds Us How To Make Mobile Work
One of the many advantages of mobile payment is significantly expanding CRM reach, getting to know about a far greater percentage of all of a shopper's purchases. Nowhere is this more attractive than...
View ArticleWhen Replacing NFC, Tech Is Really Not The Issue
Seems that the thing to say today, when discussing a retail mobile interaction method (be it for payment or loyalty or couponing)is to say it's an alternative to NFC (Near Field Communication). What a...
View ArticleCan VeriFone Actually Outsource PCI Problems?
In theory, you can't outsource PCI issues, but VeriFone wants to try. On Monday (Aug. 5), the POS maker announced VeriFone Point, a payments-as-a-service offering that basically takes everything in the...
View ArticleCourt To Fed: Keep The (Inter)Change
On July 31, a federal court in Washington sent shock waves through the merchant, banking, and credit/debit card industry by overturning the Federal Reserve's rules implementing limitations on the...
View ArticleHarbor Freight Breach May Be Biggest Of 2013, Issuers Say
What looked initially like a two-store payment-card breach may end up being one of the biggest breaches of 2013. In late July, the 425-store discount hardware chain Harbor Freight Tools posted signs in...
View Article