Latest news with #paymentsecurity
Skift
5 days ago
- Business
- Skift
How a $40K Cyber Scam Nearly Grounded 80 Event Pros
In an era of rising cyber fraud, one planner's $40,000 loss is a wake-up call for the industry: payment security deserves the same rigor as contracts, insurance, and attendee safety. The call came less than 24 hours before departure. The Tuscan venue hosting Liz Lathan's first-ever mystery trip was canceling due to non-payment. 'The thing is we had sent them the payment, a whopping $40,000,' said Lathan, co-founder of The Community Factory and co-creator of Club Ichi who has also held roles with companies including Dell and IBM. 'Meanwhile, we had 80 event pros ready to meet us and head to Tuscany together.' In fact, Lathan thought she paid the venue, but the payment had gone to a scam artist. This 2019 trip, the 'Haute Dokimazo Secret Family Reunion,' was 'the ultimate trust exercise to bring back human connection,' she said. Eighty event professionals paid between $2,500 and $3,500, showed up with passports at a pre-flight reveal party at the TWA Hotel at JFK Airport, and had no idea where they were headed. What they also didn't know was that just hours earlier, the entire six-day retreat — held at an agrifarm in Tuscany that had never held a group event before — was on the verge of collapse. The Scam The $40,000 final payment to secure the venue had been intercepted in an email scam. A hacker gained access to the venue's email account and sent a payment request that looked legitimate, complete with correct branding, formatting, and bank details. The only clue: an extra period at the end of the sender's email address. 'The criminals somehow had intercepted our venue contact's email, which was a gmail, as they were a family-run agrifarm, not a corporate entity. The scam email was also a gmail that was exactly the same except for the extra period that went unnoticed,' said Lathan. In a time crunch, last minute details were moving fast. 'We wired the money and when I learned it didn't go to the venue, I could feel the blood drain from my head. I was terrified. Where would we get another $40,000? Would we have to cancel the whole thing? I gave myself 10 minutes to process it, then sprang into action.' A Midnight Rescue Mission Lathan and her partners scrambled to replace the missing funds. They borrowed, maxed out credit cards, and pieced together $40,000 to keep the trip alive. The FBI opened a case, but the money was never recovered. 'The struggle, pain, shame, embarrassment, and financial impact is real,' said Lathan. The experience permanently changed how she handles payments. Now, anyone involved with Club Ichi financial transactions — especially ACH or wire transfers — must complete fraud awareness training through online courses. She recently brushed up on the types of fraud out there with a class offered by the U.S. Small Business Administration. Lathan is planning the second edition of her 'secret business trip,' scheduled for May 1, 2026. Attendees will meet at LAX, learn their destination at the airport, and board an aircraft together. 'I am absolutely more careful with how money moves,' she said. 'Last week, I wired a $10,000 deposit for a Club Ichi activation during IMEX — only after calling the property owner to verify the bank details multiple times. From now on, large payments always come with a phone call.' This isn't an isolated incident. In 2024, U.S. consumers lost $12.5 billion to fraud, a 25% year-over-year increase. Approximately 38% of fraud reports result in actual financial loss, with bank transfers being the most exploited method, according to the Federal Trade Commission. A Growing Threat Lathan's experience is not unique. Atlanta-based event producer Nirjary Desai, founder of KIS Cubed Event, lost nearly $20,000 in July after a scammer posed as a corporate client. 'There should be standards for payments and RFPs,' Desai said. 'We need everyone vetted. It's time the industry treats payment protocols as seriously as contracts and insurance.' Desai's story recently helped another planner in Miami avoid the same scam when the fraudster reached out to her. 'It seems the scammer has moved on from Atlanta to Miami,' Desai said. 'I'm urging event professionals to beware.'
Yahoo
15-07-2025
- Business
- Yahoo
Bluefin and Allied Electronics Secure Petroleum Retail with PCI-Validated P2PE Integration
ATLANTA, July 15, 2025--(BUSINESS WIRE)--Bluefin, a global leader in payment and data security, today announced a partnership with Allied Electronics to bring Bluefin's PCI-validated point-to-point encryption (P2PE) solution, Decryptx®, to Allied's NeXGen PRIME forecourt controller platform. NeXGen PRIME fuses the performance of Allied's NeXGen Forecourt Controller with the advanced AEGIS hardware platform to deliver a best-in-class automation solution for retail petroleum and convenience store operators. As Bluefin's integrated partner for Commercial Fuel, Allied currently supports more than 500 live locations using the joint solution to protect sensitive cardholder data. The integration of Decryptx® provides an added layer of security by encrypting payment data at the point of interaction – such as fuel dispensers or in-store terminals – and keeping it encrypted through to decryption in Bluefin's secure environment. This not only protects against cyber threats but also helps petroleum retailers and grocery stores simplify PCI DSS compliance, reduce risk, and build consumer trust. With over 52,000 interface devices deployed globally and a client roster that includes Pilot, Casey's, Love's, and QuikTrip, Allied is a trusted leader in forecourt automation. The addition of Bluefin's P2PE technology ensures their customers are equipped to meet the rising demands of payment security in complex, high-volume environments. "Our goal is to make enterprise-grade payment security accessible and practical for all retail fueling environments," said Sean Gately, Vice President of Security Solutions at Bluefin. "This integration brings together Allied's innovation and Bluefin's P2PE expertise to protect both merchants and consumers at the pump and in-store." "Security is critical in today's fueling landscape, and Bluefin's P2PE solution enhances our ability to deliver both protection and performance to our customers," said Bob Danford, Strategic Account Manager, Allied Electronics. "Together, we're raising the standard for secure, compliant, and future-ready forecourt technology." About Allied Electronics Founded in 1978, Allied Electronics is a trusted leader in service station automation and forecourt technology, serving major oil companies, travel plazas, convenience stores, casinos, and other markets across North America. The company develops and maintains the NeXGen Prime and Aegis forecourt controllers and supports over 52,000 interface devices worldwide, partnering with top-tier fuel dispenser, tank gauge, car wash, and price sign manufacturers. Allied also operates the industry's largest online petroleum parts superstore, offering more than 58,000 products for brands like Gilbarco, Tokheim, and Wayne. With a legacy of innovation and a commitment to future-ready automation, Allied empowers service stations to meet the evolving demands of the 21st century. About Bluefin Bluefin is a global leader in payment and data security, specializing in PCI-validated point-to-point encryption (P2PE) and vaultless tokenization to protect cardholder data, PII, and PHI. Our product suite includes both integrated and vendor-agnostic solutions, enabling enterprises, organizations, and SaaS platforms to secure sensitive data with business flexibility. We work with 300+ partners to serve 35,000 clients in 60 countries, securing over 2.5 billion pieces of data annually. Bluefin is headquartered in Atlanta with offices in Waterford, Ireland and Vienna, Austria, and is a Participating Organization of the PCI Security Standards Council (SSC). For more information, visit View source version on Contacts Walker Sandsbluefinpr@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Finextra
03-07-2025
- Business
- Finextra
HitPay deploys Flagright security and compliance tech
Flagright has partnered with HitPay to improve payment security and compliance in Southeast Asia. 0 The Flagright HitPay partnership helps SMEs meet evolving regulatory needs. HitPay, a pioneering all-in-one payment platform for SMEs, is integrating Flagright's advanced security technologies to ensure its innovative payment solutions remain secure and compliant as they expand their services across Southeast Asia and beyond. HitPay, trusted by over 15,000 businesses, unifies online, point-of-sale, and B2B payments into a single, integrated payment processing system. HitPay earned a major payment institution (MPI) license from the Monetary Authority of Singapore (MAS), allowing them to broaden their services to include merchant acquisition and money transfers. This significant milestone underscores HitPay's commitment to providing secure and efficient payment solutions for SMEs. Aditya Haripurkar, Co-Founder and CEO of HitPay, expressed his enthusiasm about the collaboration: 'Partnering with Flagright is a crucial step in reinforcing our commitment to security and compliance. Flagright's cutting-edge transaction monitoring and AML compliance solution will enhance our ability to protect our customers' transactions and ensure compliance with stringent regulatory standards. As a fellow Y Combinator company, we share a common vision of leveraging technology to drive innovation and security in the financial sector. This collaboration ensures that HitPay continues to set the benchmark for secure and efficient payment processing.' Baran Ozkan, co-founder and CEO of Flagright, commented: 'We are thrilled to support HitPay, a leader in the payment processing industry and a fellow Y Combinator company. Our collaboration reflects our shared commitment to enhancing security and compliance in financial services. We look forward to supporting HitPay's mission to provide secure and seamless payment solutions for SMEs across Southeast Asia and the globe.' The Flagright HitPay partnership reflects a shared mission to strengthen trust in Southeast Asia's growing digital payment ecosystem.
Finextra
18-06-2025
- Business
- Finextra
Beyond the Firewall: Rethinking Payment Data Security: By James Richardson
In today's digital economy, protecting sensitive business payment data is no longer just the responsibility of IT or treasury departments — it's a strategic business imperative. While enterprise systems like ERP and CRM often have strong security protocols, these systems don't operate in a vacuum. Payment data is frequently copied, stored, and used across spreadsheets, shared drives, and supplier portals — far beyond the safety of core systems. That's where the real risk lies. Why Traditional Defences Fall Short Historically, businesses have relied on layered security controls like encryption, firewalls, and access policies to protect payment information. But these measures alone don't eliminate the inherent risks of decentralised data. Payment details often reside in multiple locations across an organisation — from shared folders to manual payment files — making it hard to track who has access, where data is stored, and how it's being used. In these uncontrolled environments, human error, system design gaps, and cybercriminals can easily exploit weaknesses. And the stakes are high. Data breaches involving bank account details not only damage reputations and erode customer trust but can also expose organisations to direct financial loss, fraud recovery efforts, and regulatory scrutiny. The Rise of Payment Tokenisation To address this growing threat, an additional and effective approach is gaining traction in B2B payments security: payment tokenisation. Tokenisation replaces sensitive bank account information with a secure, randomised token — a placeholder with no exploitable value. These tokens are stored and managed outside the business's systems, in highly secure external environments. The original bank data stays protected, while the business uses the token for processing payments as if it were the real thing. In practice, this means organisations can continue to run payments efficiently — but without ever holding the real account data internally. Even if a breach occurs, attackers get meaningless tokens rather than actionable payment credentials. Strategic Benefits Beyond Security The appeal of tokenisation goes beyond protecting against fraud. It simplifies compliance and risk management by centralising sensitive data into a single, tightly controlled location. That eliminates data sprawl, reduces audit complexity, and gives finance teams greater peace of mind. Organisations embracing tokenisation also gain operational resilience. Instead of relying solely on internal controls, they reduce systemic risk by shifting sensitive data management to dedicated, security-hardened infrastructure. That's especially valuable for large businesses managing thousands of payments a day or navigating complex multi-supplier networks. From Niche to Necessity While tokenisation is already well established in card payment systems, its adoption for bank account data is only just beginning. There's no regulatory requirement — yet — but that's starting to shift. Standards like PCI DSS don't currently mandate tokenisation for bank details, but forward-thinking organisations aren't waiting for legislation to catch up. Rising fraud, evolving cyber threats, and increasing expectations from partners and regulators are all pushing tokenisation from a niche solution to a best-practice standard. For financial operations teams, it's a proactive step that protects both reputation and revenue. The Strategic Imperative Tokenisation isn't just a cybersecurity tactic — it's a smarter, more resilient way to handle business payment data in a landscape where breaches are inevitable and reputational risk is high. It streamlines compliance, enhances governance, and dramatically lowers the threat posed by internal errors, third-party risks, and increasingly sophisticated attacks. The time to act is now. Businesses that wait for regulation, a major breach, or a mandate from a banking partner are already on the back foot. Forward-looking organisations are proactively removing sensitive bank account data from their systems — not simply to protect it, but to eliminate the need to hold it in the first place. Don't wait for a crisis to rethink your approach. Tokenisation is fast becoming a defining feature of modern payment security strategy. If your business handles payments, it's time to ask: why hold the risk at all?
Zawya
10-06-2025
- Business
- Zawya
Al Etihad Payments elected to PCI SSC Board of Advisors for 2025–2027 term
Abu Dhabi, UAE – Al Etihad Payments (AEP), a subsidiary of the Central Bank of the UAE, has been elected to the 2025–2027 Board of Advisors for the Payment Card Industry Security Standards Council (PCI SSC). AEP is among the first organizations from the Middle East to be elected to this global body driven by the UAE's growing leadership in cybersecurity and payment system resilience on the international stage. The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible, and effective data security standards and programs that help businesses detect, mitigate, and prevent cyberattacks and breaches. Hani Bani Amer, Head of Information Security at AEP, will represent AEP as one of 64 global board members. He will serve as a strategic partner to the PCI SSC, contributing industry, regional, and technical expertise to support the Council's mission of enhancing global payment security. The PCI SSC Board of Advisors plays a vital role in guiding the Council's priorities and standard-setting initiatives. Members provide critical insights on global payment security trends, regional regulatory landscapes, and emerging technologies. 'Being elected to the PCI SSC Board of Advisors is both an honor and a responsibility', said Hani Bani Amer. 'Through our participation, we aim to ensure that our regional unique insights and perspectives are represented in the development of global standards, ultimately benefiting stakeholders locally and internationally. I look forward to working closely with my fellow Board members to advance strong, future-ready payment security standards that address today's challenges and tomorrow's cybersecurity threats.' The new Board includes representatives from 61 organizations, reflecting the PCI SSC's commitment to global inclusion. Members come from a wide range of sectors, including issuers, acquirers, merchants, processors, service providers, and technology companies. Nitin Bhatnagar, Regional Director India, South Asia and Middle East, PCI Security Standards Council said, 'Al Etihad Payments' participation on the new 2025-2027 board of advisors from the Middle East (UAE) region is a critical voice that will help ensure greater regional input into our payment security standards, providing even more opportunities for discussion and collaboration with some of the most innovative voices in our industry. This term, in acknowledgment of the payments industry's ever-changing needs, the Board of Advisors has been expanded to a record 64 stakeholders, providing the Council with a broader range of views. The Board of Advisors will also be responsible for voting on new standards and major revisions to existing standards prior to their release. We are thrilled to welcome Al Etihad Payments to the newly elected 2025-2027 Board of Advisors.' AEP continues to play a key role in advancing the UAE's digital economy through initiatives such as Aani, the real-time payments platform, and Jaywan, the domestic card scheme. AEP is building a secure, resilient, and inclusive payments ecosystem. Both platforms are designed to meet local market needs while embedding global best practices for data protection and transaction security. By joining the PCI SSC Board of Advisors, AEP strengthens its commitment to adopting and shaping industry-driven, flexible, and effective security standards that safeguard sensitive payment data across every layer of the digital payments journey from cards to real-time transfers. About Al Etihad Payments Al Etihad Payments (AEP), a subsidiary of the Central Bank of the UAE, is the national payments entity of the UAE, leading the development and operation of world-class payment infrastructure. Its mission supports the government's push towards a digitally advanced society. AEP is focused on delivering innovative, easy-to-use payment solutions, helping financial institutions improve customer experience, and building a strong, secure, and efficient financial ecosystem for the country. For more information, visit
