About Christine Speedy

B2B cloud payment acceptance solutions and CenPOS enterprise cloud payment solutions global sales.

Equifax Announces Comprehensive Consumer Settlement Arising From 2017 Cybersecurity Incident

Jul 22, 2019 Agreements Establish Restitution Fund for Consumers

ATLANTA, July 22, 2019 /PRNewswire/ — Equifax Inc. (NYSE: EFX) today announced a comprehensive resolution of significant U.S. consumer-related litigation and regulatory matters facing the company related to its 2017 cybersecurity incident. 

EFX logo - Powering the World with Knowledge (PRNewsfoto/Equifax Inc.)

The $671 million resolution includes settlement agreements that would resolve the multi-district consumer class action litigation, as well as investigations by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services (NYDFS).

If approved by the Court, a consumer restitution fund of up to $425 million will be available to pay for three-bureau credit monitoring for consumers whose information was impacted in the 2017 breach, actual out-of-pocket losses related to the breach, and other consumer benefits such as identity restoration services. Equifax has been providing free credit monitoring services to consumers since September 2017.

“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company,” said Equifax Chief Executive Officer, Mark W. Begor. “The consumer fund of up to $425 million that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data – and reflects the seriousness with which we take this matter. We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement while continuing our $1.25 billion EFX2020 technology and security investment program. We are focused on the future of Equifax and returning to market leadership and growth.”

As part of the resolution, Equifax has agreed to continue the significant steps it has taken in the wake of the cybersecurity incident to enhance its information security and technology program. It also has agreed to make payments totaling $290.5 million directly to certain state and federal regulatory agencies and to pay attorneys’ fees and costs in the multi-district litigation. Equifax recorded an accrual of $690 million in the first quarter of 2019 and expects to increase its accrual by approximately $11 million in the second quarter of 2019 principally related to the comprehensive consumer settlement, resulting in a total $701 million accrual related to the 2017 cybersecurity incident.

If the Court approves, members of the settlement class will receive notification of their rights and options as part of the multi-district litigation. More information can be found at www.equifaxbreachsettlement.com.

Additional detail on the terms of the proposed settlement in our Form 8-K filed today with the Securities and Exchange Commission.

Equifax CEO Mark Begor will provide details in the following conference calls:

  • 9:00 a.m. ET Conference call for investors, analysts and others
    U.S. and Canadian participants should dial: (888) 254-3590.
    International callers should dial: (786) 789-4797. 
    A replay of this conference call will be available beginning Monday, July 22 at 12:00 p.m. ET and ending at 12:00 p.m. ET on Monday, July 29.  To access the replay, please register.
  • 9:30 a.m. ET Conference call for media
    U.S. and Canadian participants should dial: (800) 289-0438. International callers should dial: (786) 789-4783.

Please dial the appropriate number 5-10 minutes prior to the start of the calls to complete registration. Name and affiliation/company are required to join.

Forward-Looking Statements

This release contains forward-looking statements and forward-looking information. These statements can be identified by expressions of belief, expectation or intention, as well as statements that are not historical fact. These statements are based on certain factors and assumptions. While the company believes these factors and assumptions to be reasonable based on information currently available, they may prove to be incorrect.

Several factors could cause actual results to differ materially from those expressed or implied in the forward-looking statements, including, but not limited to, potential adverse developments in new and pending legal proceedings or government investigations, including the failure to obtain final court approval of the agreements which make up the Consumer Settlement; uncertainties regarding the ultimate amount and timing of payments the Company may be required to make in connection with the Consumer Settlement; the cost of compliance with the Company’s non-monetary obligations associated with the Consumer Settlement; uncertainties regarding the outcome of the remaining legal proceedings or government investigations related to the 2017 cybersecurity incident; and limitations on the Company’s ability to access the capital markets and corresponding effects on the Company’s ability to finance its obligations. A summary of additional risks and uncertainties can be found in the Company’s Annual Report on Form 10-K for the year ended December 31, 2018, including without limitation under the captions “Item 1. Business — Governmental Regulation” and “— Forward-Looking Statements” and “Item 1A. Risk Factors,” and in the Company’s other filings with the U.S. Securities and Exchange Commission. Forward-looking statements are given only as at the date of this release and the company disclaims any obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

About Equifax 
Equifax is a global data, analytics, and technology company and believes knowledge drives progress. The Company blends unique data, analytics, and technology with a passion for serving customers globally, to create insights that power decisions to move people forward. Headquartered in Atlanta, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region. It is a member of Standard & Poor’s (S&P) 500® Index, and its common stock is traded on the New York Stock Exchange (NYSE) under the symbol EFX. Equifax employs approximately 11,000 employees worldwide. For more information, visit Equifax.com and follow the company’s news on Twitter and LinkedIn.

Magento mandatory upgrade for PCI Compliance

Merchants must replace Magento version 2.1.x summer 2019. The Magento 2.1.18 software release marks the final supported software release for Magento version 2.1.x. As of June 30 2019, Magento 2.1.x will no longer receive security updates or product quality fixes now that its support window has expired.

PCI compliance requires the installation of critical software security patches within 30 days. When a software or related service provider no longer offers security patches, then merchants must replace or upgrade within 30 days. This is the same reason merchants using Microsoft Windows XP would not be PCI compliant.

I previously reported the Magento vulnerabilities and patch requirements in April 2019. Merchants should not rely on their business partners to automatically perform updates. Here’s a handy web site to check your Magento version now.

Now is a great time to also do a payment gateway checkup.

Call Christine Speedy, PCI Council QIR certified, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET.

EMVCo Launches EMV 3-D Secure 2.2.0 Testing Programme

Confirms that EMV 3-D Secure products support merchant whitelisting functionality and authentication of additional e-commerce payment scenarios.

25 June 2019 – EMVCo has updated the EMV® 3-D Secure (EMV 3DS) Testing Programme which includes test platform and process updates to support the EMV 3DS 2.2.0 Core Specification and EMV 3DS 2.2.0 SDK Specification released in December 2018.
Using the EMV 3DS Test Platform, EMV 3DS product providers can validate that their products support all the enhancements introduced in EMV 3DS 2.2.0, such as the exemptions to Strong Consumer Authentication (SCA) for the European Second Payment Services Directive (PSD2). Additionally, the test platform will also validate support for FIDO enhancements, and authentication for new payment scenarios, such as mail order and telephone purchase transactions.

“Testing and approving 3DS products using the EMV 3DS Test Platform provides the industry with confidence that 3DS products are aligned with the EMV 3DS specifications to ensure delivery of effective and convenient e-commerce authentication,” comments Karteek Patel, EMVCo Executive Committee Chair. “Our specifications and testing frameworks can’t be static. EMVCo works with industry experts to ensure the 3DS infrastructure supports the latest requirements of e-commerce stakeholders.”


EMVCo’s EMV 3DS Testing Programme, launched in August 2018, has approved more than 100 3DS products to date. This update to the Test Platform references additional features for merchants and issuers to maximise the benefit of the available SCA exemptions, including the ability of a consumer to whitelist a merchant.
EMV 3DS is a messaging protocol that promotes secure, frictionless consumer authentication for card-not-present, e-commerce purchases across channels and connected devices. To learn more about EMV 3DS, please read the FAQ that is available for download from the EMVCo website.

EBA publishes an Opinion on the elements of strong customer authentication under PSD2

The European Banking Authority (EBA) published today an Opinion on the elements of strong customer authentication (SCA) under the revised Payment Services Directive (PSD2). The Opinion is a response to continued queries from market actors as to which authentication approaches the EBA considers to be compliant with SCA. The Opinion also addresses concerns about the preparedness and compliance of some actors in the payments chain with the SCA requirements that apply as of 14 September 2019.

Today’s Opinion provides a non-exhaustive list of the authentication approaches currently observed in the market and states whether or not they are considered to be SCA compliant. The Opinion does so separately for each of the three SCA elements of knowledge, possession and inherence, and also provides clarifications regarding combinations of these elements.

The Opinion also responds to the concerns about market preparedness, by clarifying that the EBA is legally not able to postpone an application date that is set out in EU law. The Opinion also explains that sufficient time has been available for the industry to prepare for the application date of SCA, given that the definition of SCA had been set out in PSD2 when it was published in 2015, which gave clear indications that existing authentication approaches would need to be phased out, and because PSD2 already granted an additional 18-month period for the industry to implement SCA.

However, the Opinion acknowledges the complexity of the payments markets across the EU and the challenges arising from the changes that are required, in particular by actors that are not payment service providers (PSPs) and, therefore, not directly subject to PSD2 and the EBA’s technical standards, such as e-merchants, which may lead to some actors in the payments chain not being ready by 14 September 2019.  

The EBA, therefore, accepts that, on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after 14 September 2019, NCAs may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time. This is to allow issuers to migrate to authentication approaches that are compliant with SCA, such as those described in this Opinion, and acquirers to migrate their merchants to solutions that support SCA.

This supervisory flexibility is available under the condition that PSPs have set up a migration plan, have agreed the plan with their NCA, and will execute the plan in an expedited manner.

In order to fulfil the objectives of PSD2 and the EBA of achieving consistency across the EU, the EBA will later this year communicate deadlines by which the aforementioned actors will have to have completed their migration plans.

Background

The revised Payment Services Directive was published in November 2015, entered into force on 13 January 2016 and applies since 13 January 2018. The Directive brings fundamental changes to the payments market in the EU, in particular by requiring SCA to be applied by payment services providers (PSPs) when carrying out remote electronic transactions.

SCA is defined in the Directive as an “authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.” The Directive also provides that SCA is to be applied to all electronic payments, unless one of the exemptions applies.

The EBA had been mandated to support the Directive by developing regulatory technical standards (RTS) setting out the details on strong customer authentication and common and secure communication (RTS on SCA and CSC), including its exemptions, and to regulate the access to customer payment account data held in account servicing payment service providers.

The RTS were developed in 2015/16, consulted on during 2016/17, adopted as Commission Delegated Regulation (EU) 2018/389 on 27 November 2017, published in the Official Journal on 13 March 2018, and will legally apply from 14 September 2019. The RTS deliberately refrains from referring to any particular authentication approaches in the industry, in order to ensure that the RTS remains technology neutral and future-proof.

Legal basis

The EBA issued the Opinion in accordance with Article 29(1)(a) of its Founding Regulation, which mandates the Authority to play an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union.

Visa Prevents Approximately $25 Billion in Fraud Using Artificial Intelligence

Since pioneering AI in payments, continuous evolution of the technology in Visa Advanced Authorization helps drive commerce and consumer confidence

SAN FRANCISCO–(BUSINESS WIRE)–Visa Inc. (NYSE: V) today announced new analysis showing Visa Advanced Authorization (VAA) using artificial intelligence (AI) helped financial institutions prevent an estimated $25 billion in annual fraud—making the global payment ecosystem safer for retailers and consumers.i VAA is a comprehensive risk management tool that monitors and evaluates transaction authorizations on the Visa global payment network, VisaNet, in real time to help financial institutions promptly identify and respond to emerging fraud patterns and trends. Visa processed more than 127 billion transactions between merchants and financial institutions on VisaNet last year, and employed AI to analyze 100 percent of the transactions—each in about one millisecond—so financial institutions can approve legitimate purchases while quickly identifying and preventing fraudulent transactions.

“One of the toughest challenges in payments is separating good transactions made by account holders from bad ones attempted by fraudsters without adding friction to the process,” said Melissa McSherry, senior vice president and global head of Data, Risk and Identity Products and Solutions, Visa. “Visa was the first payment network to apply neural network-based AI in 1993 to analyze the riskiness of transactions in real time, and the impact on fraud was immediate. By striking the right balance between human expertise and technology innovation, we continue to evolve our capabilities as new AI breakthroughs expand the realm of what’s possible.”

For financial institutions, friction in the payment process can lead to the abandonment of a payment card. A study by Javelin Strategy & Research revealed more than half of cardholders affected by false declines (51 percent) used a secondary payment card to complete the purchase at the same merchant, which can push a competitor’s card to the top of wallet.ii However, removing friction cannot come at the expense of identifying and preventing fraud. As a survey by the National Retail Federation and Forrester discovered, the top payment-related challenge faced by retailers is fraud, cited by 55 percent of those surveyed.

Visa Advanced Authorization is a layer of fraud prevention that can help drive down risk and fraud for financial institutions and retailers, and help reduce friction due to false declines for payment account holders. More than 8,000 financial institutions in 129 countries use Visa Advanced Authorization.

Preventing fraud near the speed of light

Visa pioneered using neural networks modeled after the human brain to power its AI platform to identify possible fraud. This delivers faster and deeper insights through previously unknown correlations. Delivered through Visa Advanced Authorization, retailers and financial institutions benefit from:
• Machine Learning models used for real-time examination of each transaction for indicators of fraud—looking at activities, patterns and more than 500 risk attributes—all in about one millisecond.
• Risk scoring, which Visa shares with the account holder’s financial institution, where the decision is made to either approve or decline the transaction, or flag the transactions for follow up with the account holder.
• The ability to identify good transactions even when made by new or infrequent shoppers, reducing the likelihood of false declines.
• Real-time authorization using integrated, global predictive analytics to identify and prevent fraud.
Visa has kept global fraud rates at historic lows—less than 0.1 percent—through a multi-layered approach of investing in human intelligence and technology like A.I.; empowering consumers and clients with tools, resources and control to manage risk; and setting governance processes to help businesses and regulators stay nimble.iv
“Consumers identified Visa as the most trusted company to provide financial services or payments among all payment networks and we believe it is due to Visa’s unrelenting focus on eliminating fraud and protecting the payment ecosystem,” said McSherry.v

Additional Risk Solutions Using AI
Visa champions security every day to protect the payment ecosystem and offers a portfolio of risk products and services that can help consumers, merchants and financial institutions prevent fraud. This includes Visa Risk Manager (VRM), Visa Consumer Authentication Services (VCAS) and CyberSource Decision Manager (DM), among others. For more information about Visa’s Risk solution portfolio, visit Visa Security.

Additional Resources

About Visa Inc.

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network – enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of digital commerce on any device for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce. For more information, visit About Visa,visa.com/blog and @VisaNews.

i For the 12 months ended April 30, 2019.

ii “Addressing the Threat of False Positive Declines” by Kyle Marchini and Al Pascual, Javelin Strategy & Research, October 17, 2018.

iii “The State of Retail Payments Report – Outlook for 2019” by Brendan Miller, principal analyst, Forrester, November 2018.

iv Visa Global Fraud Data, Visa Inc., April 2019.

v “Omnichannel and Branch: The Current U.S. Consumer Banking Environment,” by Peter Reville, Director of Primary Data, Mercator Advisory Group, March 2019.

Source: Visa Inc.