MADISON, Wis. (1/3/12)--The payment industry's emphasis on security appears to be paying off. Breached payments worldwide fell to less than four million in 2010--the latest figures available--from 361 million in 2008, according to Verizon Communications and U.S. Secret Service reports.
On the other hand, 760 data breaches, the largest number to date, were reported last year.
The reports found a significant decline in large scale breaches. Cybercriminals are engaging in small, opportunistic attacks rather than large scale, difficult attacks and are using relatively unsophisticated methods to penetrate organizations, according to Verizon.
The payments industry continued to take steps to bolster security in 2011.
In August, Visa started a program that combined fines with incentives to make its merchants compliant with Payment Card Industry Security Standards Council guidelines and requirements.
Also in August, the Payment Card Industry (PCI) Council issued new guidelines on tokenization. Tokenization is a process that conceals the financial account number from a merchant by replacing it with a surrogate number referred to as a "token."
In October, the PCI Council announced an update to its personal identification number (PIN) security program under which any card-acceptance device can be tested and approved for eligibility to use advanced encryption---even in those devices that do not accept PIN transactions (American Banker Oct. 17).
The PCI Council in November announced its special interest group initiative would set new security and compliance standards for cloud computing, e-commerce security and risk assessment.