A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.

Search Payments News

January 5, 2021

On the web

The Company That Processes Payments for Amazon and Swiggy Has Reported a Data Leak of Over 100 Million Debit and Credit Cardholders

Business Insider

“In what could be a major data breach, information of over 100 million debit and credit card users from payments processor Juspay has leaked on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip among others.The leaked data is in the form of a data dump and has been leaked through a compromised server of Juspay. Juspay has confirmed the data leak in its official blog post, outlining the details of the breach.”

December 21, 2020

On the web

September 23, 2020

On the web

Shopify Says Two Support Staff Stole Customer Data from Sellers

TechCrunch

Shopify has confirmed a data breach, in which two “rogue members” of its support team stole customer data from at least 100 merchants. In a blog post, the online shopping site said that its investigation so far showed that the two employees, who have since been fired, were “engaged in a scheme to obtain customer transactional records of certain merchants.” Shopify said it had referred the matter to the FBI.”

September 22, 2020

On the wires

August 21, 2020

On the web

235M Instagram, TikTok, and YouTube profiles exposed in database breach

TNW

“A databased containing scraped data of nearly 235 million social media users from Instagram, TikTok, and YouTube was exposed without any password protection. It contained user information such as names, contact info, images, and stats about followers. Web scraping is a technique of gathering data from web pages in an automated manner. While it’s not illegal, social media companies prohibit this practice to protect user data.”

July 17, 2020

On the web

EU Court Blocks Data Pact Amid Fears Over U.S. Surveillance

Bloomberg

“The European Union ’s top court struck down a key method used by Facebook Inc. and other companies to transfer data across the Atlantic amid fears over potential U.S. surveillance. Thursday’s decision by the EU Court of Justice on the so-called Privacy Shield means thousands of businesses that ship commercial data to the U.S. risk turmoil in their day-to-day activities. While a separate contract-based system to transfer data was approved, the judges’ doubts about American data protection also plunge that alternative method into legal uncertainty.”

June 2, 2020

On the web

Payment App Data Breach Exposes Millions of Indians’ Data

Infosecurity Magazine

“A major data breach at mobile payment app Bharat Interface for Money ( BHIM ) has exposed the personal and financial data of millions of Indians. The breach occurred after BHIM failed to securely store vast swathes of data collected from users and businesses during a sign-up campaign. On April 23, researchers at vpnMentor made the alarming discovery that all the data related to the campaign was publicly accessible after being stored in a misconfigured Amazon Web Services S3 bucket.”

May 19, 2020

On the web

May 5, 2020

On the wires

Cross-Industry Coalition Advances Digital Trust Standards

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host the Trust over IP (ToIP) Foundation, an independent project to enable trustworthy exchange and verification of data between any two parties on the Internet. The ToIP Foundation will provide a robust, common standard that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact and innovate at a speed and scale not possible today. The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.”

April 23, 2020

On the web

New York payments startup exposed millions of credit card numbers

TechCrunch

“A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet. The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions. But because there was no password on the server, anyone could access the data inside.”

January 14, 2020

On the web

India’s About to Hand People Data Americans Can Only Dream Of

“India has more than 560 million internet users, all generating data by the terabyte. Soon they’ll have an unprecedented amount of control over their digital financial footprints, with the ability to decide what to share, with whom, and for how long. India’s top banks are getting ready to roll out a system that gives consumers access to a wide swath of their financial data and allows them to share it instantly. Backed by the Reserve Bank of India, it’s an ambitious approach that combines privacy protection with credit reporting: if it works, it could unlock the credit market for millions of Indians while offering new levels of data security and consumer control.”

December 16, 2019

On the web

CULedger Completes Blockchain Identity Pilot With Three US Credit Unions

FinTech Futures

“CULedger claims that MyCUID users can verify their identity by using a biometric function on their smart phone, such as voice, fingerprint or facial recognition. The vendor says that data from its pilot indicated that the average time to verify a member’s identity had been reduced from the industry average of more than 50 seconds to ten or less. “As financial cooperatives, credit unions are more inclined to work together than their bank counterparts in order to best serve their members’ needs,” said John Ainsworth, president and CEO of CULedger.”

July 31, 2019

On the web

UniCredit Investigating Data Breach Possibly Related to Capital One

WSJ (Paywall)

UniCredit SpA is investigating the possibility of a data breach that the Italian lender believes could be related to a similar hacking incident at Capital One Financial Corp. COF 1.33% , according to a person familiar with the matter. The company is examining whether a directory held on a cloud server was accessed without authorization, the person said. UniCredit, Italy’s largest bank by assets, said in a statement that it had contacted the relevant authorities and is actively investigating the matter. “Data security and privacy are our key priorities at all times,” the statement said. Capital One, the fifth-largest U.S. credit-card issuer, said Monday that a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest-ever data breaches of a big bank.

July 30, 2019

On the web

Capital One Reports Data Breach Affecting 100 Million Customers, Applicants

Capital One Financial Corp. , the fifth-largest U.S. credit-card issuer, said Monday that a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest-ever data breaches of a large bank. The bulk of the exposed data involves information submitted by customers and small businesses that applied for Capital One credit cards between 2005 and early 2019, the bank said, including addresses, dates of birth and self-reported income.”

July 26, 2019

On the web

Concerns Over Security: Govt Fears WhatsApp May Share Payments Data With Facebook, Others

The Economic Times

“Indian authorities are concerned that WhatsApp’s payment service might share user data with group companies Facebook & Instagram, compromising the security, privacy and non-commercial information of its subscribers. The government has asked the National Payments Corporation of India (NPCI) to look into the matter and ensure that user data collected through payment services such as WhatsApp and Google Pay is not shared, top officials said. NPCI is the agency that operates retail payment and settlement systems in India.”

July 23, 2019

On the wires

OFX Joins Financial Data Exchange to Accelerate Financial Data Sharing Standards

prnewswire

“In an important step toward establishing a single interoperable industry standard for financial data sharing, the Open Financial Exchange (OFX) will join the Financial Data Exchange (FDX) effective immediately. With this milestone, the industry continues to align around the FDX standards, which spell out how consumer-permissioned financial data is securely shared, and clarifies the security and authentication protocol requirements for financial institutions and fintechs”

July 22, 2019

On the web

Equifax to Pay at Least $650 Million in Largest Data-Breach Settlement Ever

New York Times

“The credit bureau Equifax will pay at least $650 million and potentially significantly more to end an array of state, federal and consumer claims over a 2017 data breach that exposed the sensitive information of more than 147 million people. The breach was one of the most potentially damaging in an ever-growing list of digital thefts. The settlement, which was announced on Monday and still needs court approval, would be the largest ever paid by a company over a data breach. The deal requires Equifax to put a minimum of $380.5 million into a restitution fund for American consumers who file claims showing that they were financially harmed.”

March 19, 2019

On the wires

Whitepages Pro Introduces Transaction Risk API

“The predictive identity data features included in Transaction Risk API are leveraged in models, alongside internal company data, to provide an additional layer of identity verification for real-time risk reduction at scale. In under 100 milliseconds (ms), the core identity data elements of email, IP, phone, address, and name are scored to return a concise response, easily consumed by risk models at high volumes. The low latency of Transaction Risk API allows for global identity verification during the authorization process, helping companies to reduce false declines while finding previously undetected fraud.”

November 14, 2018

On the web

PNC Bank to offer dynamic CVV cards to commercial customers

NFC World

“PNC Bank is piloting dynamic CVV cards that use an e-ink screen on the reverse of the card to display a continuously updated three-digit CVV security code. The US-based bank plans to begin offering the cards to its Treasury Management division’s commercial cardholders in early 2019. PNC is using cards based on Visa’s Dynamic CVV2 Specification (dCVV2) for the pilot and is working with Idemia and Tsys, as well as Visa, on the project.”

October 18, 2018

Top Post

Financial Industry Unites to Enhance Data Security, Innovation and Consumer Control

“Financial institutions, fintech firms and industry groups announced the launch of the Financial Data Exchange (FDX), a non-profit organization to unify the financial sector around the secure exchange of financial data. FDX will address common challenges around the way the industry shares consumer account information to enhance security, innovation and consumer controls. FDX is a subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC).”

September 21, 2018

On the web

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

“It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.”

Payments News

Give us your email address or link to our RSS feed and we’ll push the daily Payments News headlines to you.

Glenbrook Payments Boot camp®

Register for the next Glenbrook Payments Boot Camp®

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot Camps tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

Glenbrook Press

Comprehensive books that detail the systems and innovations shaping the payments industry.