The information you need to start your day, from PaymentsSource and around the Web:

Equifax in the swamp: On Tuesday former Equifax CEO Richard Smith told the House Energy and Commerce Committee that one IT staffer was to blame for the company's massive data breach, which has been updated to 145 million people who had their personal information exposed. Smith told Congress a technician was supposed to install a patch to eliminate a security vulnerability. That person did not install the patch, and a backup computer scan also failed to spot the vulnerability, according to Smith's testimony. That didn't seem to satisfy the committee, which continued to pressure Smith, with Rep. Greg Walden (R-Ore.) telling Smith "I don't think we can pass a law that fixes stupid," according to Engadget. Equifax is facing a lot of heat in Washington over its breach, the timing of its public disclosure and how an Equifax executive stock sale fits into the timeline. But the government isn't totally breaking up with Equifax. The IRS just spent $7.25 million to hire Equifax to vet tax IDs, according to Politico, which describes the contract as a "sole source order," meaning the government deemed Equifax is the only company that can do the job. The IRS added the contract was issued to prevent a gap in tax ID vetting while the government solves a separate ID security contract dispute.

Not just Equifax: There's also fallout from two other major breaches. The crooks who attacked the Securities and Exchange Commission may have accessed personal data, The Financial Times reports. The data includes names, dates of birth and Social Security numbers, all information that can be used for card theft and other account attacks. The SEC has informed the potential victims and has offered them ID theft protection. Jay Clayton, SEC chairman since May, has been overseeing a cybersecurity risk profile assessment over the past few months, an effort that will likely lead to a senior level cybersecurity work group to coordinate information sharing, risk monitoring and incident response. And Yahoo has upped the estimate from its 2013 breach to three billion accounts, or three times the original estimate, according to The Wall Street Journal, which cites Verizon, Yahoo's new corporate parent. Yahoo disclosed that breach, and a separate incident, in 2016.

Walmart's delivery: Walmart has made several steps to compete with Amazon by reducing logistics cost and upping its delivery capability. This week it announced an acquisition of Parcel, a Brooklyn-based delivery company that will aid Walmart's delivery efforts in New York. Ars Technica reports the approximate $10 million acquisition will help Walmart compete with Amazon's Apartment Hubs by delivering groceries and meal kits. The four-year old Parcel allows consumers to schedule two-hour delivery windows for residents of New York and other large cities, mitigating the threat of lost or stolen packages.

Ignore bitcoin at your peril, says IMF's Lagarde: In contrast to JPMorgan CEO Jamie Dimon's characterization of bitcoin as a "fraud," IMF managing director Christine Lagarde said virtual currencies have the potential to challenge existing currencies and monetary policy. While speaking to the Bank of England, Lagarde said virtual currencies were valid alternatives to pounds and dollars, and consumers may eventually prefer virtual currencies because of the lack of settlement risk, clearing delays and central registration, The New York Times reports. Lagard did say privately issued virtual currencies are still unstable and are of little current risk to central banks, though consumers may pressure central banks to provide digital currency alternatives.

Token standards: Tokenization has emerged as an important piece of security for mobile commerce and digital transactions, and is considered one part of broader strategy to mitigate data breaches. In an attempt to standardize token deployments, the Accredited Standards Committee X9 has published new guidance, X9.119-2, for required security and uniform procedures for tokens. The standards were written following input from issuers and security companies with large data breaches in mind. "The end result is a valuable synthesis of a range of views on tokenization and its implementation. X9.119-2 will be beneficial to the entire financial services industry, from merchants to acquirers to banks and software providers participating in post-authorization activities," said Jeff Stapleton, chair of the X9 token standards working group and an engineer at Wells Fargo, in a release.

From the Web

How Singapore Can Go Entirely Cashless Within Six Months
Forbes | Tue Oct 3, 2017 – In his latest National Day Rally speech, Singaporean Prime Minister Lee Hsien Loong contrasted Singaporeans' highly connected lifestyle and digital literacy with their slowness in adopting digital payment. The concept of making transactions with your mobile phone has been around for many years and has been successfully implemented in countries much larger than Singapore. Mr. Lee pointed out that the country has a natural advantage in that it is compact and highly connected. With the highest smartphone penetration rate in the world, why is Singapore still lagging behind? Cash may be considered king, but there is a cost to handling it - from the time taken to count it, to store it securely, and then finally banking it. Going cashless makes business operations simpler and easier, allowing business owners to save precious time and money.

France's Worldline raises targets as acquisitions pay off
Reuters | Tue Oct 3, 2017 – French payments company Worldline SA has raised its revenue and profitability targets for 2017-2019 thanks to increased business from its acquisitions. The sector has seen a wave of consolidation as payment firms become targets for credit card companies and banks looking to capitalize on a switch from cash to payments by smartphones or other mobile devices and as regulatory changes promise to open up the fragmented market. Recent deals have included company Vantiv’s takeover of Worldpay and Hellman & Friedman’s bid for Nets. “Worldline intends to pursue its growth by capturing opportunities created by regulation changes like PSD2 and Instant Payments, as well as by large new processing outsourcing opportunities and cross-border acquiring contracts,” Chief Executive Gilles Grapinet said in a statement. Grapinet added that the company intends to “actively participate” in consolidation in the European payment industry.

ATM and overdraft fees hit an all-time high—here’s how much cardholders are paying
CNBC | Tue Oct 3, 2017 – ATM and overdraft fees have reached an all-time high, according to an annual Bankrate checking survey, which has studied non-interest and interest accounts over 20 years. "ATM fees hit a record high for the 11th year, with record highs in both fees the consumer pays: The fee to their own bank and the fee to the ATM owner," Greg McBride, Bankrate chief financial analyst, tells CNBC Make It. "Overdraft fees hit a new high after a slight dip last year." The average ATM surcharge rose to $2.97, from $2.90 last year, a 13-year high. The average fee charged by a consumer's own bank for using an out-of-network ATM rose three percent to $1.72. And the average total cost of an out-of-network ATM withdrawal is $4.69, up from $4.57. For overdraft charges, the average fee reached $33.38, up from $33.04 last year. The most common charge amount is $35, the survey found, and the number of banks that increased their fee outnumbered those who lowered their fee seven to one.

More from PaymentsSource

Bank of Ireland partners up to improve cross-border payments
Bank of Ireland's quest to offer a quicker path for cross-border payments has fed the sort of collaboration that's becoming more common as issuers seek to quickly advance their technology.

Credit bureaus' reliance on 'valuable' info enhances breach threat
Credit bureaus can address identity theft by advancing the robustness of their security processes and abandoning outdated systems that rely on our personal information, writes Jason Brvenik, Chief Technology Officer for NSS Labs.

Shake Shack isn't killing cash—it's killing anonymity
What makes Shake Shack's cashless store so potentially powerful — even if it's only one location in Manhattan — is what the burger chain can do when every customer is known to it.

Stripe's new 'building blocks' aim to rein in complex checkouts
No matter how good a company's e-commerce strategy is, the customer experience can still fall apart on the checkout page — especially when introducing new features.