Retail Data Security Practices

🚨 AI Privacy Risks & Mitigations Large Language Models (LLMs), by Isabel Barberá, is the 107-page report about AI & Privacy you were waiting for! [Bookmark & share below]. Topics covered: - Background "This section introduces Large Language Models, how they work, and their common applications. It also discusses performance evaluation measures, helping readers understand the foundational aspects of LLM systems." - Data Flow and Associated Privacy Risks in LLM Systems "Here, we explore how privacy risks emerge across different LLM service models, emphasizing the importance of understanding data flows throughout the AI lifecycle. This section also identifies risks and mitigations and examines roles and responsibilities under the AI Act and the GDPR." - Data Protection and Privacy Risk Assessment: Risk Identification "This section outlines criteria for identifying risks and provides examples of privacy risks specific to LLM systems. Developers and users can use this section as a starting point for identifying risks in their own systems." - Data Protection and Privacy Risk Assessment: Risk Estimation & Evaluation "Guidance on how to analyse, classify and assess privacy risks is provided here, with criteria for evaluating both the probability and severity of risks. This section explains how to derive a final risk evaluation to prioritize mitigation efforts effectively." - Data Protection and Privacy Risk Control "This section details risk treatment strategies, offering practical mitigation measures for common privacy risks in LLM systems. It also discusses residual risk acceptance and the iterative nature of risk management in AI systems." - Residual Risk Evaluation "Evaluating residual risks after mitigation is essential to ensure risks fall within acceptable thresholds and do not require further action. This section outlines how residual risks are evaluated to determine whether additional mitigation is needed or if the model or LLM system is ready for deployment." - Review & Monitor "This section covers the importance of reviewing risk management activities and maintaining a risk register. It also highlights the importance of continuous monitoring to detect emerging risks, assess real-world impact, and refine mitigation strategies." - Examples of LLM Systems’ Risk Assessments "Three detailed use cases are provided to demonstrate the application of the risk management framework in real-world scenarios. These examples illustrate how risks can be identified, assessed, and mitigated across various contexts." - Reference to Tools, Methodologies, Benchmarks, and Guidance "The final section compiles tools, evaluation metrics, benchmarks, methodologies, and standards to support developers and users in managing risks and evaluating the performance of LLM systems." 👉 Download it below. 👉 NEVER MISS my AI governance updates: join my newsletter's 58,500+ subscribers (below). #AI #AIGovernance #Privacy #DataProtection #AIRegulation #EDPB

This is big news. Tokenization is fast becoming the next battleground for financial infrastructure. Goldman Sachs and BNY Mellon just made one of the boldest moves yet. Tokenization transforms real-world assets into digital tokens - unique, programmable representations of value that can be transferred, tracked, and embedded into automated financial workflows. Goldman Sachs and BNY Mellon are turning traditional money-market funds (MMF) into digital tokens. These funds - a $7.1 trillion global market managed by firms like BlackRock, Fidelity, and Federated Hermes - are commonly used by companies and asset managers to hold short-term cash in safe, interest-earning instruments like Treasury bills and commercial paper. But behind the scenes, they still run on decades-old infrastructure, full of manual steps, cut-off times, and delayed settlements. Tokenization changes that. 𝗛𝗼𝘄? By bringing the same speed, transparency, and automation we expect from modern payments and applying it to financial instruments that haven’t evolved in decades. ·      Instant settlement: Instead of waiting hours (or days) for trades to clear, tokenized assets can settle almost instantly - 24/7, without cut-off times. ·      Programmability: Rules and logic (e.g., eligibility checks, compliance constraints) can be embedded directly into the token - reducing manual oversight. ·      Fractional ownership: Investors can hold smaller, more flexible portions of a fund, which is hard to do in traditional structures. ·      Real-time tracking: Every transfer or ownership change is recorded transparently on a blockchain, improving auditability and risk management. ·      Easier collateralization: Tokenized fund shares can be pledged as collateral or moved between counterparties far more efficiently - a big advantage in treasury and liquidity management. 𝗛𝗼𝘄 𝘁𝗵𝗲 𝗽𝗮𝗿𝘁𝗻𝗲𝗿𝘀𝗵𝗶𝗽 𝘄𝗶𝗹𝗹 𝘄𝗼𝗿𝗸: ·      BNY Mellon will distribute tokenized money-market funds to institutional clients via LiquidityDirect - its cash management platform that helps treasurers and asset managers invest short-term liquidity. ·      Goldman Sachs will record and track ownership of the fund tokens on its private blockchain, providing speed, traceability, and operational efficiency. ·      The offering will support tokenized versions of funds managed by major players like BlackRock, Fidelity, and Federated Hermes. 𝗪𝗵𝘆 𝗻𝗼𝘄? The new U.S. Genius Act gives legal clarity for stablecoins and tokenized assets -removing regulatory uncertainty and unlocking tokenization across mainstream finance. 𝗪𝗵𝗮𝘁’𝘀 𝗻𝗲𝘅𝘁? This could reshape expectations around liquidity, treasury operations, and how financial assets are managed and settled. Custodians and asset managers will need to adapt. Tokenized Treasuries, equities, and real estate are already being tested. Opinions: my own, Graphic source: CNBC 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐛𝐞 𝐭𝐨 𝐦𝐲 𝐧𝐞𝐰𝐬𝐥𝐞𝐭𝐭𝐞𝐫: https://lnkd.in/dkqhnxdg

What is "𝐓𝐡𝐞 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 𝐏𝐫𝐨𝐜𝐞𝐬𝐬 𝐢𝐧 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬"? by Checkout.com 👇 ► 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 is the process of replacing sensitive card data (like PANs) with a non-sensitive equivalent known as a 𝐭𝐨𝐤𝐞𝐧. This ensures that actual card details are never exposed or stored during or after a transaction. ► The Goal → reduce fraud, simplify PCI compliance, and power secure, scalable commerce. — 𝐓𝐡𝐞 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 𝐏𝐫𝐨𝐜𝐞𝐬𝐬 — Step by Step 1️⃣ Merchant (GoDaddy, Nike, Sony) ► Captures the customer’s Primary Account Number (PAN) through their website or app. 2️⃣ Vault / PSP (VGS, Checkout.com, Braintree) ► The PAN is sent to a token vault (merchant, third-party, or PSP-owned), where it’s replaced with a network token or PCI token. 3️⃣ Acquirer (Checkout.com, Adyen, Stripe, Nuvei, Getnet) ► Receives the tokenized transaction, which now contains a network-issued token rather than the actual PAN. 4️⃣ Card Network (Visa, Mastercard, American Express, GIE Cartes Bancaires) ► The token is translated back into the actual PAN so the transaction can be routed to the cardholder’s issuer. 5️⃣ Issuer Bank (Citi, Chase, Capital One) ► Validates the original card, checks for fraud, and approves or declines the transaction. — 𝐓𝐡𝐞 𝐃𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐭 𝐓𝐲𝐩𝐞𝐬 𝐨𝐟 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 🔹 𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐓𝐨𝐤𝐞𝐧𝐬  → Issued by card networks (Visa, Mastercard)  → Enhances approval rates by keeping credentials fresh (via account updater)  → Replaces PANs at the scheme level  → Example: Visa Token Service, Mastercard MDES → Provided by Network directly or 3rd Parties (Vault, PSPs etc…) - Checkout.com, VGS 🔹 𝐏𝐂𝐈 𝐓𝐨𝐤𝐞𝐧𝐬 (Merchant Tokens)  → Issued by a token vault provider (VGS, Checkout.com)  → Designed to remove PCI scope from merchants  → PAN is encrypted & stored in a secure vault; merchants only handle tokens 🔹 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐖𝐚𝐥𝐥𝐞𝐭 𝐓𝐨𝐤𝐞𝐧𝐬  → Managed by wallets like ApplePay, Google Pay, Samsung Pay  → Device-specific tokens issued for in-app or contactless payments  → Never exposes the actual card number to the merchant — 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 𝐔𝐬𝐞 𝐂𝐚𝐬𝐞𝐬 — Real-World Applications ✅ 𝐎𝐧𝐞-𝐂𝐥𝐢𝐜𝐤 𝐂𝐡𝐞𝐜𝐤𝐨𝐮𝐭 — Amazon & Shopify store network tokens to enable fast, secure repeat purchases  ✅ 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐩𝐭𝐢𝐨𝐧𝐬 — Netflix and Spotify use PCI tokens to safely charge recurring payments  ✅ 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐖𝐚𝐥𝐥𝐞𝐭𝐬 — ApplePay leverage device-based tokenization for in-store tap payments  ✅ 𝐂𝐫𝐨𝐬𝐬-𝐏𝐒𝐏 𝐑𝐨𝐮𝐭𝐢𝐧𝐠 — VGS and 3rd party vaults, create merchant token vaults transmit the token to route transactions across multiple acquirers — Source: Checkout.com x Connecting the dots in Payments...  ► Sign up to 𝐓𝐡𝐞 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬 𝐁𝐫𝐞𝐰𝐬 ☕: https://lnkd.in/g5cDhnjC  ► Connecting the dots in Payments... | Marcel van Oost

Here are the new fraud risks of agentic commerce nobody's talking about. We're rushing toward a world where AI agents handle our shopping, bill payments, and financial decisions. - Amazon's working on it. - Google's building it. - Startups are raising millions for it. But we're building the commerce layer before we've figured out the security layer. In a recent conversation with Jeff Weinstein (Mr Agentic Commerce from Stripe), he laid out what I'm gonna call the "Weinstein Matrix" - the four new attack vectors that keep him up at night: 1. Agent Takeover (ATO): Or (Bad Human / Good Agent) - Bad actor steals your credentials, - Hijacks your legitimate AI agent, - Goes shopping. Your agent, their wallet access, your problem. 2. Trojan Horse Agents (Good Human / Bad Agent) - You download what looks like a helpful shopping AI. - It actually siphons your payment data or makes unauthorized purchases while appearing to help you save money. 3. Compromised Agent Networks (Bad Human / Bad Agent) - Fraudsters create armies of fake "good" agents - Sell them on dark web markets. - Merchants can't tell the difference between legit assistant and their fraud bot. 4. The Authentication Gap - Even with good humans and good agents, we have no reliable way to prove the link between them. How do you verify that YOUR agent is actually acting on YOUR behalf? We spent decades building fraud detection for humans clicking "buy now." Now we're handing that power to algorithms that can make thousands of transactions per second. The fraud vectors aren't just new - they're exponentially faster. But here's the thing: Every commerce revolution creates new fraud patterns. Credit cards, e-commerce, mobile payments - they all started "unsafe" until we built the right defenses. Agentic commerce won't be different. The risks aren't barriers to scale. They're the roadmap for building it right. If you're thinking about this kind of thing, get in touch. We're doing heavy R&D in this space at Sardine

🚀 India’s Digital Personal Data Protection Regime Goes Live As of today, 14 November 2025, the Ministry of Electronics & Information Technology (MeitY) has officially notified the rules under the DPDP Act, marking a major milestone in India’s data-privacy landscape. 🔍 Why this matters The DPDP Act was passed in August 2023 to govern how digital personal data is processed in India: collecting, storing, using, sharing, deleting, etc. With today’s rules, this framework becomes operational — meaning businesses, tech platforms, service providers must now align to it. The Act applies not only within India, but also to entities outside India offering goods/services to Indian data-subjects and processing their digital personal data. 🧭 Key organizational implications Data fiduciaries (the organizations deciding on the purpose & means of processing) need to overhaul their privacy governance: consent-mechanisms, purpose-limitation, retention policies, data-audits. Special protections for children’s data and persons with disabilities: processing must be cautious, no behavioral tracking or profiling targeted at minors. Cross-border data flows, registration of consent-managers, creation of grievance redressal mechanisms: all now on the table. A transition period: many stakeholders can take up to 12-18 months to comply with all requirements. 💡 What every business leader should ask today Are we fully aware of what “digital personal data” we collect? Do we map the life-cycle of that data? Have we reviewed our consent-workflow: is it free, specific, informed, unambiguous and revocable? (As required under the Act) MeitY Do we have mechanisms for erasure, correction, updating of data when requested by data-principals? Are we ready for audit, and named fiduciary responsibilities that may come under scrutiny? How does this change our risk-profile: reputational, regulatory, operational? 🤝 My view This is a landmark moment: a welcome shift towards building a stronger trust-ecosystem for digital interactions in India. For businesses it means more work — but also an opportunity: to differentiate through transparent, respectful data usage, and to build customer trust. For individuals: greater clarity, better rights, more control. Let’s use this pivot to review our data-practices, upgrade our governance, and treat data not just as a compliance chore, but as a place to build trust and value. ✨ Call to action : If you’re working in tech, legal, compliance, product or operations, I’d love to hear how your organization is preparing for DPDP. What are the biggest gaps you’re seeing? What’s your approach to enable compliance while staying agile? Drop a comment or DM — let’s exchange insights.

After spending the past year leading ransomware incident response, I wanted to share some insights that you should be thinking about in relation to your organization. 1. Leadership clarity is non-negotiable. Multiple executives giving competing directions doesn't just create confusion - it directly impacts your bottom line. Every minute of misaligned leadership translated into increased recovery costs and extended downtime. 2. Trust your IR experts. Yes, you know your environment inside and out. But incident response is their expertise. When you hire specialists, let them specialize. I've seen firsthand how second-guessing IR teams can derail recovery efforts. 3. Master the time paradox. Your success hinges on rapid containment while simultaneously extending threat actor negotiations. If your leadership and IR partnership aren't solid (points 1 & 2), this delicate balance falls apart. 4. Global password resets are deceptively complex. Every human account, service account, API key, and automated process needs rotation. Without robust asset management and IAM programs, this becomes a nightmare. You will discover dependencies that you didn't even know existed. 5. Visibility isn't just nice-to-have - it's survival. Modern security tools that provide comprehensive visibility across your environment aren't a luxury. This week reinforced that every blind spot extends your recovery time exponentially. 6. Data gaps become permanent mysteries. Without proper logging and monitoring, you might never uncover the initial access vector. It's sobering to realize that lack of visibility today means questions that can never be answered tomorrow. 7. Backup investment is incident insurance. Organizations regularly lose millions that could have been prevented with proper backup strategies. If you think good backups are expensive, wait until you see the cost of not having them. 8. Protect your team from burnout. Bring in additional help immediately - don't wait. Your core team needs to be there for the rebuild after the incident, and running them into the ground during response isn't worth it. Spending money on staff augmentation isn't just about handling the immediate crisis - it's about maintaining the institutional knowledge and expertise you'll need for recovery. Remember: the incident ends, but your team's journey continues long after. #Cybersecurity #IncidentResponse #CISO #RansomwareResponse #SecurityLeadership"

How To Handle Sensitive Information in your next AI Project It's crucial to handle sensitive user information with care. Whether it's personal data, financial details, or health information, understanding how to protect and manage it is essential to maintain trust and comply with privacy regulations. Here are 5 best practices to follow: 1. Identify and Classify Sensitive Data Start by identifying the types of sensitive data your application handles, such as personally identifiable information (PII), sensitive personal information (SPI), and confidential data. Understand the specific legal requirements and privacy regulations that apply, such as GDPR or the California Consumer Privacy Act. 2. Minimize Data Exposure Only share the necessary information with AI endpoints. For PII, such as names, addresses, or social security numbers, consider redacting this information before making API calls, especially if the data could be linked to sensitive applications, like healthcare or financial services. 3. Avoid Sharing Highly Sensitive Information Never pass sensitive personal information, such as credit card numbers, passwords, or bank account details, through AI endpoints. Instead, use secure, dedicated channels for handling and processing such data to avoid unintended exposure or misuse. 4. Implement Data Anonymization When dealing with confidential information, like health conditions or legal matters, ensure that the data cannot be traced back to an individual. Anonymize the data before using it with AI services to maintain user privacy and comply with legal standards. 5. Regularly Review and Update Privacy Practices Data privacy is a dynamic field with evolving laws and best practices. To ensure continued compliance and protection of user data, regularly review your data handling processes, stay updated on relevant regulations, and adjust your practices as needed. Remember, safeguarding sensitive information is not just about compliance — it's about earning and keeping the trust of your users.

If you looked at this email fast, you’d swear it came from Microsoft. Same logo, layout, tone - everything checks out. Except for one thing: The sender’s domain was rnicrosoft(.)com instead of microsoft(.)com That tiny swap of “rn” instead of “m” is what’s called typosquatting. Attackers register near-identical domains to catch people who skim their inbox too fast. What makes this effective is how subtle it is. On mobile, you barely see the full address. On desktop, your brain autocorrects it. It feels right and that’s all they need. These kinds of tricks are showing up more often in credential phishing, vendor invoice scams, even internal HR impersonations. How to handle these cleanly (real, practical steps): - Expand the full sender address every time before you click. - Hover the link to view the real href, or long-press the link on mobile to reveal the URL. - Check the Reply-To header -- scammers often route replies elsewhere. - If it’s a password reset you didn’t request, open a new tab and log in from the official site rather than clicking the email. - Forward the phish to your security team or report it (company phishing inbox / your provider’s report feature). Examples of look-alikes to watch for: swapped letters (rn → m), zero for o (micros0ft), added hyphens or extra subdomains (microsoft-support[.]com). Small habit change, big payoff. Teams that rehearse these scenarios stop reflexively clicking.

Everything you need to know about 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗧𝗼𝗸𝗲𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻 in Payments Here's a a beginner friendly step-by-step guide: Network tokenization has been around for over 7 years, yet many businesses are still missing out on its real potential. For example, one subscription company cut churn by 8% in just 30 days after adopting network tokens. 𝗛𝗲𝗿𝗲’𝘀 𝘄𝗵𝘆 𝘁𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝘀: ► Network tokenization replaces sensitive card data (like PANs) with a secure, unique token stored in an encrypted database. This keeps card details secure, never exposing or storing them during or after a transaction ► Network tokens are issued by major card networks like Visa, Mastercard, and American Express. ► Goal→Minimize fraud, streamline PCI compliance, and enable secure, scalable transactions. 𝗛𝗼𝘄 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗧𝗼𝗸𝗲𝗻𝘀 𝗪𝗼𝗿𝗸 𝗦𝘁𝗲𝗽 𝗯𝘆 𝗦𝘁𝗲𝗽: 1️⃣ Merchant (e.g., Spotify, DRESSX) ►Captures the Primary Account Number (PAN) from the customer via the checkout. 2️⃣ Token Vault / PSP / Orchestrator (e.g., Solidgate, AuthorizeNet) ►The PAN is sent to a token vault and replaced with a network-issued token. 3️⃣ Acquirer (e.g., Solidgate, Worldpay, Adyen) ►Receives the network token instead of the original PAN. 4️⃣ Card Network (e.g., Visa, Mastercard, Amex) ►The network token stays within the card network’s secure infrastructure; the actual PAN isn’t exposed. ►The token is updated automatically when the card data is renewed, replaced, or compromised. 5️⃣ Issuer Bank (e.g., JPMorgan Chase, Capital One, HSBC) ►Validates the transaction using the token without needing access to the actual card number. 𝗞𝗲𝘆 𝗕𝗲𝗻𝗲𝗳𝗶𝘁𝘀 𝗼𝗳 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗧𝗼𝗸𝗲𝗻𝘀: → Lower Interchange Fees: Tokens reduce card-not-present fees vs. bank tokens. → Automatic Token Updates: Tokens auto-update if a card expires, is replaced, or compromised, preventing declines. → Reduced Churn: Ensures uninterrupted recurring transactions, boosting subscription retention. → Better Conversion Rates: Increases authorization rates by up to 10%, reducing declines. → Reduced Fraud Risk: Sensitive data stays protected, minimizing fraud. → Improved UX: Frictionless payments and auto-updates improve customer satisfaction. → Acquier-independent: Enables multi-processor routing 𝗥𝗲𝗮𝗹 𝗪𝗼𝗿𝗹𝗱 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀: ✅ Subscriptions – Platforms like Disney+ & Coursera use network tokens for secure auto-billing. ✅ Mobile Wallets – Apple Pay & Google Pay use network tokens to process payments without exposing actual card details. ✅ E-commerce – Online retailers like Amazon tokenize customer card data to enable one-click checkout. ✅Agentic Commerce – AI agents like ChatGPT, Microsoft Copilot, or Perplexity can complete transactions for users. Network tokens enable this by securely providing a reusable, processor-agnostic token. ✅Cross-Border Payments –Platforms like Solidgate can use network tokens to route payments across multiple regional acquirers.

Microsoft AI Teams will soon tell your boss where you are. Starting December 2025, Teams can automatically detect when you connect to your company’s Wi-Fi and update your location to “in the office.” It sounds like a small feature. It isn’t. Location tracking through workplace networks is the newest frontier in digital surveillance, and it’s coming through your collaboration software. Microsoft says the feature is opt-in. That is very good. But, that decision will rest largely with employers and admins, not the average employee trying to meet deadlines. If you work for a Microsoft-using organization, now is the time to ask: Is our company planning to activate this feature? Has consent been properly documented? If you represent a union, this deserves to be on your next agenda. The GDPR and UK Data Protection Act require transparency, necessity, and proportionality for any location tracking. Under the EU AI Act, this may also fall under high-risk processing of biometric and personal data for workplace management. Employers must conduct a fundamental rights impact assessment before rolling it out. This isn’t paranoia. It is risk management, employee rights, and compliance. Workplace tracking without explicit, informed consent can violate privacy law in multiple jurisdictions, and it may open employers to liability under both GDPR and the EU AI Act’s risk provisions. If your organization uses Microsoft Teams with minors, such as schools or training programs, the stakes are even higher. Here’s what to do as an employee, parent, or guardian: 🔹 Ask your IT administrator if “location autodetection” is enabled. 🔹 Request a copy of the company’s Data Protection Impact Assessment (DPIA). 🔹 Ensure opt-in consent is voluntary and revocable. 🔹 Check that logs are deleted regularly and not used for performance evaluation. Transparency is not optional. #DigitalSovereignty #WorkplacePrivacy #AICompliance #GDPR #MicrosoftTeams Image source: SlashGear, https://lnkd.in/di5WvY2e From Microsoft: Microsoft 365 Roadmap: https://lnkd.in/dYc3N9TX Microsoft Learn (Configure auto-detect of work location): https://lnkd.in/dtEkYNqB