Latest opinions that Stephen Wilson has shared on Finextra

Join the Community

23,263

Expert opinions

43,814

Total members

393

New members (last 30 days)

186

New opinions (last 30 days)

29,062

Total comments

Join Sign in

Stephen Wilson

Managing Director

Lockstep Consulting

Member since

24 Apr 2008

Location

Sydney

View Stephen Wilson's full profile

Stephen's opinions

Now is not the time to go soft

Online computing represents probably the first new platform in thirty years. Not since the PC have we seen a whole new hardware-software-solution-product environment emerge. It's understandable that there's a mad land grab for app-driven market share. But you'd think that the rush to market would be moderated by a realisation that we ought to b...

03 August 2012 /security /payments

How much worse can CNP fraud get?

The Australian Payments Clearing Association (APCA) releases card fraud statistics every six months for the preceding 12m period. For the first time in many years, Australian card fraud has grown in all categories. The ratio of Card Not Present fraud to all fraud remained steady at just under three quarters. An up-turn in skimming and counter

17 July 2012 /security /payments

Credit card numbers are like nitroglycerine

It's terrific that merchants are increasingly pushing back on PCI-DSS. It really is high time we shifted the emphasis from ad hoc stop gap compromise measures, onto tackling the real problem: the replayability of account data. Credit card numbers are a bit like nitroglycerine: handle them with great care or they'll blow up! The slightest slip-up,...

13 January 2012 /security /payments

Banks really know their customers

A few months ago, the Australian banking consortium BPAY announced the cancellation of its promising and well funded account portabilty MAMBO. What does this mean for the even more audacious plans for federated identity in banking? The US government's National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions using university studen...

13 December 2011

Taking full advantage of Chip

The Atlanta Federal Reserve's Cindy Merritt -- assistant director of the Retail Payments Risk Forum -- offers a refreshing, plain talking critique of the PCI-DSS regime. She goes to the heart of the matter; the rewards for organised crime are simply so vast that a process and audit based security regime like PCI-DSS doesn't stand a chance. PCI (li...

02 June 2011

Do digital wallets leave 3D Secure behind?

Visa's digital wallet seems to take a different path from 3D Secure. If it's "digital" I wonder if it's interoperable online and how might it work over Internet? The digital wallet will store Visa and non-Visa payments accounts and support NFC through payWave, letting customers complete transactions online, with their mobile, on social ne...

11 May 2011 /payments

Is Sony PCI DSS compliant?

It's been over a week and a zillion blog posts and tweets have already circulated about the PlayStation Network breach. Yet one security issue has yet to be canvassed. I'm more than a little surprised. Sony advised its customers: "If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we ar...

27 April 2011

What to do about the SecurID hack?

RSA's public response to the compromise of its famous SecurID One Time Password is curious. On the one hand, it's admirable to have disclosed that they've been 'hacked'; on the other hand, their public releases have been short on details, and some corporate customers who have enjoyed private briefings say they're none the wiser. By way of count

21 March 2011 /security

Are banks ready for the new identity ecosystem?

The National Strategy for Trusted Identities in Cyberspace (NSTIC) released by the Whitehouse last month, is a proposal for a new “ecosystem” of diverse Internet IDs. It is the latest incarnation of Federated Identity, where identification established with one service provider can be re-used with other services. In the words of Whitehouse cyber...

26 January 2011 /security

Can't we simplify digital identity?

Why is digital identity so tricky? The past decade is littered with earnest initiatives that failed to meet expectations (like the Australian Trust Centre) or consortia that over promised and under delivered (such as Liberty Alliance). Now we have the Open Identity Exchange which is said to reflect an "ecosystem" of identity provide

25 August 2010