November 20, 2009
Update covering November 13 - 19, 2009
Welcome to Tech Talk! In this edition, Tech Talk Editors Andy Zavoina and John Burnett write about MasterCard plans, skimming losses, Hippos, and more.
Our selections from this week's tech news:
- Mobile verification
- ATM scam losses mounting
- Revolutionary Amex
- The mobile ownership question
- Mobile attacks begin
- Better browsing security coming
- Loyalty program scams attacked
- Legal and PR firms targeted
|
- Madoff minions charged
- A cybercrime sampler
- Targeting a BlueHippo
- Dealing with the Win 7 bug
- Faulty Flash Player problem
- HP sued for defect
- Scoping out Skype
- and on the lighter side...
|
Get the details below.
|
Join
Paul Carrubba
and
Dan Fisher
in a 2-hour
LIVE Webinar
Wednesday,
December 16th
RDC Risk Management and FFIEC Compliance: It is harder than you think!
Whether you have already rolled out a Remote Deposit Capture service for your customers or are still just contemplating the move, or if your only exposure to imaging is a current or planned teller or branch image capture system, you need to know how your plans and operations can be affected by the FFIEC's remote deposit capture risk management guidance. Regardless of the technology you deploy, attend this important two-hour presentation by remote deposit experts Paul Carrubba and Dan M Fisher to get a clear understanding of the compliance implications of the FFIEC's guidance.
Can't attend?
Order the CD ROM of the program now.
|
Payment Card Industry Data Security Policy Template
|
On the lighter side ...
If you want to walk down memory lane, look at these 25 vintage tech ads from PCWorld. Like your old wardrobe or hair, you may wonder how we got where we are based on where we were.
|
MasterCard and mobile authentication
MasterCard will implement a new security procedure to thwart hackers beginning in the first six months of next year. An online transaction will be validated with the cardholder's mobile phone and a one-time password. While it's not guaranteed security, MasterCard believes this procedure will help stop hackers and man-in-the-middle attacks. Read more on this at Computerworld.
ATM skimming losses escalate
React quickly to scams and thefts affecting your customers or watch your losses mount. We have followed a developing story from Nashville where ATMs were tampered with and cards were skimmed. This isn't a new theft technique, but in this first story from WSMV you will see they report that 300 customers were hit for losses of $23,000. But in this subsequent story the number has risen to 600 customers and thefts are between $500 and $1,000 each. Using your established methods to make your customers aware of such scams is both a service to them and a way to save your bank money in ATM claim losses.
Amex to grab more e-payments
American Express is expanding its reach into electronic payments with its purchase of Revolution Money. The acquisition will give the well-established credit card company a new market — Revolution Money has about one million merchants participating in its program, which offers unmarked prepaid cards and facilitates person-to-person funds transfers. Read more on this AP story at Google.
Should your bank provide cell phones?
Does your bank prefer to own the contract for your employees' cell phones, or do you ask employees to pick their phone and contract and receive reimbursements? This article recognizes that more and more companies are subscribing to the latter, perhaps because of IRS rulings. But it cautions you that the employee-owned choice may well not be in the best interest of your company. Learn why in NetworkWorld.
Man-in-the-middle attacks on smartphones
SMobile Systems, a security research company, has released details of successful man-in-the-middle attacks on four smartphones. While you promote the convenience of Internet banking, a smartphone browser isn't necessarily as secure as the browser on a customer's personal computer. Read how logon credentials can be compromised in this ZDNet blog.
Verizon cell phone customers need to be alert. SonicWall, an antivirus company, reports detecting 200,000 email messages per hour with a trojan attached. The messages report that the addressees are over their Verizon Wireless usage limits and they need to install a "balance checker" program, conveniently linked in the email. That link, of course, leads to the trojan payload. Read Computerworld for the details.
VeriSign security enhancement
VeriSign manages the Domain Name Server database that allows a name, such as "BankersOnline.com" to be translated into its IP address, 64.135.90.198 (you can type those ten digits and periods into your browser's address bar and get to BOL). To better secure web browsing, VeriSign plans security improvements for 2011. The enhancements should help protect against domain name poisoning or pharming attacks. Read more about them at ZDNet.
Loyalty program scam earns $1.4B
Your bank may face potential customer disputes from upset customers due to a loyalty program scam that was the subject of Congressional hearings this week. Congress directed its attention to a scheme that has netted $1.4 billion for some major retailers. Here's how it works: Your customer goes to Fandango, Orbitz, Priceline or any of the several other web retailers and places an order. They are then asked for an email address to get a savings coupon. Good deal? Not if the fine print says the retailer will give their card info to this coupon company to enroll them in a program, and charge that card. Read more on the retailers involved and their upset customers in CNet News.
Spearfishing for lawyers and PR types
If there are legal or public relations firms in your customer base, you should consider calling their attention to FBI reports of spearfishing attacks on such businesses. Law firms and PR companies often include detailed information about key individuals in their organizations on websites, making them attractive targets for spearfishing scams. Successful attacks can lead to the compromise of online banking logon credentials and other confidential information. There's more information on the FBI's E-Scams & Warnings page.
Madoff programmers arrested
At the heart of Bernie Madoff's Ponzi scheme were the false statements sent to investors. The FBI arrested Jerome O'Hara and George Perez last Friday. They are two of the programmers who wrote the program which created the statements. O'Hara and Perez were charged with conspiracy, falsifying books and records of a broker-dealer, and falsifying the books and records of an investment advisor. The SEC also brought civil charges against the two in federal court. eWeek has more.
More cybercrime
Many bankers are telling us their commercial customers are experiencing an unprecedented amount of insider fraud. As one recent case illustrates, it often stems from lack of appropriate internal controls. Regina Schenck was a manager of a law firm in California. Using computer fraud she stole from her company for six years. She was ordered to pay $1.3 million in restitution, and more. Read this article to see what she owes the IRS, how much jail time she was sentenced to and how she conducted her scam, in Law.com.
Cybercrime often starts within an organization, as seen above. From the U.K. comes a warning that T-Mobile customers must now be on alert for misuse of their private information. T-Mobile employees in the U.K. sold the personal data of thousands of customers. While they face fines, the law doesn't allow for jail time. Read more in PCWorld.
Not all cybercrime is internal. Security researchers report more than 200,000 websites have been compromised. They deliver misdirected search engine results and offer scareware to the user. ZDNet has more on this story.
BlueHippo – bad business
BlueHippo promised computers to people regardless of their credit. Unfortunately, it didn't deliver. In 2008 the company entered into a settlement with the U.S. District Court and agreed to make good on its promises. The FTC maintains BlueHippo has since delivered to less than one percent of its buyers and should be held in contempt. Read more at the PCWorld Business Center.
Win 7 bugged already
We wrote about a bug in Windows 7 in last week's Tech Talk. Microsoft has confirmed that a zero-day bug exists, but says users can protect themselves by blocking two ports with their firewalls. The Server Message Block protocol has a vulnerability that will allow a denial of service, but won't allow a computer to be taken over or have software installed. Get the rest of this story and a link to Microsoft's security advisory at NetworkWorld.
Microsoft has provided some guidance to deal with this new threat until a patch is released. The PCWorld Business Center explains the details.
Adobe Flash flaw could attack viewers
There is a vulnerability in Adobe Flash that could allow malicious code attacks when a user views a picture on popular user-generated content sites such as social network or photo sharing sites. While such attacks ARE possible, it isn't known that the vulnerability has actually been used. What can you do to protect your computers? Find the answer at CNet News.
Class action against HP?
Michael Kent has filed a suit against Hewlett-Packard and is requesting class action status. He maintains that HP's Pavilion Elite desktop computers are defective. There have been many complaints that after about 20 minutes, these computers will crash with a "blue screen of death," or just freeze. For more on the models and specs in question, read Computerworld.
Call 1-800-SKYPE
If you have been working on lowering the costs you pay every month for your phone bill, Skype may be the answer. Until now it has not been highly recommended by some analysts because there were doubts over ownership of the code itself and changes in control of the company. Those concerns seem to be settled for now. Having your customers contact your bank and call centers on Skype may help to reduce your costs for toll-free lines. Be sure to check out this article and the links it has to consider whether Skype could be part of your bank's call center plans. It is in NetworkWorld.
Happy Thanksgiving!
Due to the holiday, there will be no edition of Tech Talk next week, but we'll have all the hot tech stories for you again on Friday, December 4, 2009.
|
Print Friendly Version!
Email This Article!
Discuss NOW!
