NextGen VPN for FIs |
The Federal Reserve Banks' multi-year effort to create a solution for keeping pace with evolving cyber threats and enhancing its security standards has culminated in the launch of its next generation Virtual Private Network (VPN) initiative. Those organizations that access critical payment and information services from the Federal Reserve Banks will be required to replace their current VPN devices with the newer VPN device. Enhanced customer experience, shorter lead times for installations and modifications, and more robust self-service functionality are improved features in the new solution. FRB Services has the details.
Social media mining
Financial institutions have long been familiar with the term "Know Your Customer" as it refers to the process of due diligence in ascertaining relevant information about the persons or entities conducting financial transactions. In this digital age, the availability of data and the process of mining data from myriad sources can not only help banks know their customers and mitigate potential fraud, it can also be used to enhance customer experience and increase customer retention. Forbes has more on how banks are leveraging the power of data analytics through social media channels.
Heist highlights weakness
"Only the foolish learn from experience — the wise learn from the experience of others." (Romanian Proverb) In the wake of the $45 million cyberheist from global ATMs we reported in last week's Tech Talk, weaknesses in the banks' security measures that left them vulnerable to the thefts have come to light. The heist was perpetrated using prepaid debit cards after thieves hacked into accounts and raised ATM withdrawal limits. An analysis by risk and compliance management company TraceSecurity Inc. reveals a lack of monitoring controls in place for prepaid cards and the absence of analytics to detect the repeated use of the same card. Financial institutions can learn valuable lessons from a case highlighted in IT World.
High-tech bank robbery
Physical bank robberies by masked bandits are being eclipsed by high-tech multimillion dollar cybercrime heists that go undetected longer and can be harder, if not impossible in many cases, to track back to the person(s) ultimately responsible. As with the recent $45 million scam, the methods cyber gangs are using can range from sophisticated to simplistic in nature. Chief executive of Security Compass Nish Balla, who gets paid by banks to break into their systems, shows CNN how "easy" it was to pull off a high-tech $14 million heist from a bank.
Recovering cyber losses
When banks are targeted by cyber attacks - a trend that is increasing at an alarming rate - often the focus is on the losses experienced by the customers or businesses whose bank accounts are drained by the thieves. More often than not, banks are left holding the bag and taking the hits. Reuters explores the challenges financial institutions encounter in the wake of cyberheists and their efforts to recover from the monetary damage.
FBI reaches out to banks
In recent months, U.S. financial institutions have taken some heavy hits from targeted DDoS (distributed denial-of-service) attacks. The sheer scale of these attacks and number of compromised websites is alarming. In an effort to foster increased communication and joint cooperation between public and private sectors on matters of cybersecurity, the Federal Bureau of Investigation (FBI) granted temporary security clearances to bank executives who participated in a videoconference briefing by the FBI on these attacks. reports InformationWeek.
Mobility attracts malfeasors
The trend toward mobile payments has gone global with the future mobile payments market predicted to reach the trillions. Following on the heels of the mobile device explosion is the rise in mobile malware. Spyware, direct phishing attacks, trojans, and malware-laden apps designed to pilfer data and funds from mobile users are just a few of the methods data thieves are developing for the mobile market. The Anti-Phishing Working Group has released a white paper calling for a coordinated global response to these emerging threats. Finextra has the details and a link to download the full white paper.
OneID for dual authentication
In 2012, cybercrime cost financial institutions an estimated $3.5 billion dollars - an alarming trend that continues to rise as cybercriminals become more prolific. In response to these ever-increasing threats, banks need to deploy enhanced security solutions and stronger authentication. Digital identity provider OneID has developed a customizable two-factor authentication solution for the financial industry that provides multiple authentication triggers, mobile support, and more. Help Net Security has the details.
Time to ask the right questions
Challenge questions used by many websites today, including banks, have been rendered nearly ineffective by the emergence of the social media landscape. Popular questions such as mother's maiden name, city of birth, and name of high school can be easily and quickly found online - not just by users' social networks but by enterprising cybercriminals as well. Bank Systems & Technology has more on why it's time to change up your challenge questions and suggestions on implementing those changes.
Updates, Patches and Alerts...
US-CERT: Current activity
Help Net Security: Microsoft fixes 33 vulnerabilities
Threatpost: Firefox 21 fixes three critical flaws, introduces new health report
PC World: Adobe releases critical security updates for Reader, Flash Player and Cold Fusion
InfoWorld: Internet Explorer 10 beats Chrome and Firefox at blocking malware downloads