Slideshow 2015: Milestones in Cybersecurity

  • December 10 2015, 11:01pm EST
9 Images Total

A lot happened in 2015 to advance digital security, but a lot also happened to challenge the status quo and force merchants and banks to rethink their strategies. Here are some of the key changes that took place in the past year.

EMV in the USA

The deadline has passed for EMV chip-card acceptance at the point of sale, prompting many warnings to e-commerce merchants that fraudsters will step up their attacks against card-not-present transactions.

Content Continues Below

PCI 3.1

The Payment Card Industry security standards council took an updated look at Web security, calling for merchants to change the common Secure Socket Layer, or SSL, protocol between a server and client to a more secure version of Transport Layer Security, or TLS.

Back to Basics

Despite the attention to new security tools in mobile, e-commerce and the point of sale, Visa urged many merchants to make sure they are taking care of basic security practices such as changing their default passwords.

Tokenization Expands

The major card networks continued their push of tokenization for securing mobile and Web transactions, including efforts to embed the technology in their own payment products, such as MasterCard's MasterPass.

Content Continues Below

Lessons from Ashley Madison

The breach of user data at Ashley Madison, a dating site for people seeking extramarital affairs, emphasized that companies should not cheat on their security commitments. The site's "full delete" service for eliminating user data did not live up to its promise.

Biometrics Learning Curve

Apple's TouchID and other mobile fingerprint systems are making biometric authentication mainstream, but these systems can still be troublesome. Apple emphasized this by requiring stronger lock-screen PINs, since the PIN can be used to bypass TouchID when the user can't get a good fingerprint read.

Security Gets Experimental

The spread of mobile devices is giving developers a chance to get inventive in how they provide security. Several companies are considering using "selfies," or mobile self-portraits, as an authentication method for mobile devices.

Content Continues Below

Target's Struggle

Target was ahead of the curve in getting EMV acceptance in place before the Oct. 1 deadline, but its 2013 data breach still haunts it. The latest development is a $39 million settlement reached with financial institutions in December.