News and Events

September 13, 2017

Authenticating users in card not present (CNP) transactions continues to be a challenge for e-commerce payments. In this session "No Card? No Problem" NCCoE's Deputy Program Manager Brian Abe and Orvis' Head of IT Security, Compliance and Risk Management Tyson Martin will discuss approaches being developed by the NCCoE in conjunction with industry partners to implement multifactor authentication to address these challenges and implement stronger authentication mechanisms to ensure a customer is authorized to use a credit card for e-commerce transactions. The NCCoE example implementation will introduce multifactor authentication that ties to existing web analytics and contextual risk calculation to reduce the risk of false online identification and authentication fraud.

June 19, 2017

NCCoE security engineer Bill Fisher will be presenting a session on NCCoE projects on June 19 from 9am to 12pm at the Cloud Identity Summit. Presentations will include overviews of the Mobile Application Single Sign-On project and the Multifactor Authentication for e-Commerce project. NCCoE security engineer Christopher Brown will present a deeper dive on the NCCoE's Derived PIV Credentials project on June 22 at 11:15am. The summit brings together the best of industry and enterprise presenters and experts to share insights and to synthesize new ideas. The summit will be held from June 19-22 at the Sheraton Grand...

December 20, 2016

The National Institute of Standards and Technology has announced a new opportunity for industry collaboration on multifactor authentication technology, in an effort to increase the security of online identities and reduce risk of online fraud.

November 14, 2016

We know the importance of safeguarding our credit cards—we don’t leave them laying around in plain sight and we don’t share our PIN numbers. We are discriminating about where we save our credit card information online, and most of us try to use good passwords. However, we also know that there are malicious actors that want this information and are increasingly adept at retrieving it despite our best efforts.

June 05, 2016

NCCoE security engineer Bill Fisher will be presenting a session on multifactor authentication in the retail sector and identity and access management in the Internet of Things (IoT) space on June 6 from 9am to 12pm at the Cloud Identity Summit. The summit brings together the best of industry and enterprise presenters and experts to share insights and to synthesize new ideas. The summit will be held from June 6-9 at the Mariott New Orleans in New Orleans, LA.

May 17, 2016

According to the National Cybersecurity Center of Excellence (NCCoE), there’s evidence that PII is now worth much more on the black market than credit card numbers, and the implementation of EMV in the U.S. will likely lead to a surge in counterfeit cards and other types of fraud. Regulations and standards around protecting PII have emerged overseas, but not so much in the U.S. So, the NCCoE is taking public comment on a project around securing non-credit card and sensitive consumer data.

May 15, 2016

The National Cybersecurity Center of Excellence (NCCoE) is seeking public comment on a project aimed at reducing retail fraud in the U.S. The catalyst for the project is the uptick in fraud among European retailers since the rollout of EMV chip-and-PIN (CNP) technology a decade ago.

April 24, 2016

NIST Deputy Director and NCCoE Senior Security Engineer Bill Newhouse will present Working Together: Addressing Retail Cybersecurity with Standards and Best Practices on Monday, April 25 from 10:40am to 11:30am at the Retail Cyber Intelligence Summit in Chicago. This session will focus on specific challenges in the retail and payment ecosystems and how the NCCoE is working with stakeholders from across the retail ecosystem to address important retail cybersecurity issues.

Hyatt Regency Chicago
151 East Wacker Drive
Chicago, Illinois 60601

March 21, 2016

Cybersecurity incidents affecting consumer-facing businesses threaten the financial security of companies and the public, weakening consumer confidence, eroding individual privacy protections, and damaging the brand value and reputation of businesses.

Join the National Cybersecurity Center of Excellence (NCCoE) for a public workshop to help consumer-facing businesses improve the security around their payment ecosystem and better protect consumer information. Dive into technical issues, architectures, standards, and best practices surrounding multifactor authentication of online transactions and secure handling of sensitive, non-credit card consumer data with some of the brightest minds in this area.

March 10, 2016

With attacks on America’s largest retailers continually in headlines, adaptable secure solutions are required. A 2014 Deloitte report on retail cybersecurity revealed that 100% of retailer survey respondents listed “theft of customer data” as their primary concern, followed by breach-related costs, and financial fraud. The retail industry is hungry for solutions that can not only be implemented today to solve current problems, but can also help mitigate future security issues. While challenges persist, innovative advances in cybersecurity technologies present new opportunities to increase security while maintaining business operations. To...

November 18, 2015

Recent, well-publicized cybersecurity incidents within the retail space has impacted the industry—weakening consumer confidence, eroding privacy, and damaging businesses’ brand and reputation. As the holiday season approaches, increasing cybersecurity at the point of sale and for payment technologies has become a critical priority for consumer-facing businesses. Join us for a lively discussion on the trends and challenges to improving cybersecurity in the retail industry.

Registration is free and required. 


Time: 10:30 am - Noon

Agenda and Speakers:

May 17, 2015

The National Institute of Standards and Technology announced Friday it is extending the deadline for public comment on a draft report on securing consumer data until July 17.

May 14, 2015

To allow industry more time to prepare and submit comments, the National Institute of Standards and Technology (NIST) has extended the deadline for comments on its draft NISTIR 8050 report, focused on cybersecurity challenges in consumer-facing industries. 

April 02, 2015

The National Institute of Standards and Technology is seeking public comments on a new list of proposed technology demonstration projects aimed at improving cybersecurity for consumer-facing businesses

April 01, 2015

The National Institute of Standards and Technology (NIST) invites the public to comment on a report from the Feb. 12, 2015, Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy. The workshop, a collaboration with Stanford University, brought together chief technology officers, information officers and security executives to discuss the challenges their organizations and industrial sectors face in implementing advanced cybersecurity and privacy technologies. NCCoE played a large role in organizing the meeting, and the summary document is posted on this website.