Inadequate authentication is among the greatest security challenges for online payments, says Scott Dueweke of Booz Allen Hamilton, who suggests biometrics needs to play a bigger role.

Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.

Banking executives were among the CEOs who met with President Obama at the White House to discuss cybersecurity strategies. Paul Smocer of BITS explains how this discussion may pay off for financial institutions.

Pennsylvania Chief Information Security Officer Erik Avakian explains how the commonwealth is using a $1.1 million federal grant to pilot a program to furnish single identities to residents who transact state business over the Internet.

For years, researchers have studied malicious insider threats. But how can organizations protect themselves from insiders who make a mistake or are taken advantage of in a way that puts the organization at risk?

The good news is: U.S. banks have learned valuable security lessons from defending against recent distributed-denial-of-service attacks. The bad news? DDoS has evolved into new and improved assaults.

Article 4A of the Uniform Commercial Code, which deals with reasonable security measures for banks, needs a major update, says attorney Dan Mitchell, who represented PATCO Construction in a high-profile account takeover dispute.

Using "synthetic identities" to commit fraud is becoming easier, but it's increasingly difficult for organizations to detect this type of deception, says Claudel Chery of the U.S. Postal Inspection Service.

Rather than waiting until they're a breach victim, organizations should reach out to law enforcement officials to develop a good working relationship in battling cybercrimes, federal prosecutor Erez Liebermann says.

Organizations must develop a "defensible response" to data breaches and fraud incidents because of the likelihood of a regulatory investigation or legal action, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.