Information Security

Visa Technology Tackles Fraud Before it Occurs

Market Watch reports that Visa Inc. has announced a new fraud-preventive technology entitled Visa Strategy Manager, designed “to help financial institutions create and implement strategies for identifying and stopping fraudulent transactions in real-time at the check-out”. The technology reportedly allows financial institutions to target high-risk transactions “by automating the process for writing their fraud detection rules, and responding to real-time fraud trends”, according to Visa head of global risk and authentication product development Mark Nelsen. Visa Strategy Manager can reportedly be “used independently with an issuer’s own host system” or in conjunction with Visa Risk Manager, “a decisioning tool that enables issuers to test and deploy authorization rules within minutes and respond to fraud trends as they evolve”. Whilst this service is currently only being offered within the US, Canada, Latin America and the Caribbean, it will be offered to Asia Pacific, Central and Eastern Europe, the Middle East and Africa by mid 2012, reports Market Watch.

Market Watch: Visa Strategy Manager Boosts Issuer Fraud Detection (11 April 2012)
(Source: Market Watch)

University Breach Discovered in Class

A class project on advanced search techniques in March 2012 has led to the discovery of a major data breach at the University of Tampa in Florida. The breach reportedly occurred when “university [information technology] officials [created] three temporary files to address a problem with university [identification] cards that arose after a server migration in July 2011″.¬† Reportedly, “the breach affected more than 6,800 students who enrolled with the university [in Autumn 2011] … after a file containing their names, Social Security Numbers and dates of birth was inadvertently made available on the Web for about eight months”.¬†Reportedly, a further “two files containing similar data on an additional 22,722 faculty, staff and students may also have been available online during that same period” according to a university statement. The files have since been removed, and traces deleted from search caches and the university will “pay for credit monitoring services for the 6,818 students whose data was exposed”, reports Computerworld.
Computerworld: Univ. of Tampa says student info was exposed for 8 months (21 March 2012)
(Source: Computerworld)

Survey Indicates Companies Are Leaving Themselves Vulnerable To Attacks
Asia Pacific

The Sydney Morning Herald (SMH) reports that a study by Carnegie Mellon University’s CyLab has found that companies without a chief information officer and a cyber security chief are leaving themselves vulnerable to attacks by hackers. The study also reportedly found that “boards and senior level executives are not keeping a close watch on privacy and security matters themselves, thus not exercising their good governance duties”. Reportedly, the survey indicates that 70% of companies never or only occasionally review and approve security and privacy policies. Carnegie Mellon University fellow Jody Westby reportedly stated that in the three years she had conducted the survey, “some indicators had improved, namely the number of companies that now had a dedicated risk management committee – 46% in 2012, up from 8% in 2010 – but it [is] still not enough, hence the exceptional number of breaches reported in the past 12 months”.
SMH: Wanted: privacy and security officers to curb data theft (28 February 2012)
(Source: SMH)

Data Security Breach Readiness Guide

The Online Trust Alliance (OTA) has made available the 2012 Data Protection & Breach Readiness Guide (26 January 2012), “a comprehensive guide outlining key questions and recommendations to help businesses in data breach prevention and incident management”. The guide “provides an analysis of the past year’s security breaches and offers companies a wide range of best practices in data security, privacy and data collection”.
Online Trust Alliance’s media release (24 January 2012)
(Source: OTA)

Report Looks at Cyber Threats in 2012

Information Security Forum (ISF) has released Cyber Security Strategies: Achieving Cyber Resilience (member access only), a report which addresses the security issues that companies are facing today, and looks at the key trends in security for 2012.  Key issues that companies may need to address in 2012 reportedly include the increasing development of Malspace, a marketplace for buying and selling tools and expertise to execute sophisticated attacks, the necessity to embrace uncertainty and develop cyber risk resilience, and the fact that cyberthreats can last a long time and results can be unpredictable. Cybercrims form global business industry (14 February 2012)