BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
December 9, 2011

Welcome to Tech Talk!
Here are the selections Tech Talk Editors George Milner and Teri Wesley have collected from this week's tech news:

  • From Romania with...fraud
  • Two-factor authentication thwarted
  • Mobile financial fraud rising
  • Enhanced mobile security
  • Banking ID safety scorecard
  • Card security loopholes
  • The more mobile the merrier
  • Successful e-banking strategies
  • Merry season for malware
  • Spam, Scams & Breaches
  • Updates, Patches and Alerts...
  • and on the lighter side...
  • Get the details below.
    From Romania with...fraud
    Four Romanian cyber criminals have been charged with conspiracy to commit computer fraud, wire fraud and access device fraud for remotely hacking into more than 200 point-of-sale (POS) systems at retailers in the U.S. to steal payment card data. Accused of compromising card accounts of more than 80,000 consumers, the four defendants conducted millions of dollars in unauthorized purchases using the stolen information. How they pulled off their attacks and the sentences they face for this multi-million dollar fraud are reported in TechWorld.

    Thieves thwart two-factor authentication
    Employing social engineering tactics and taking advantage of the mobile phone number portability regulation that permits wireless users to transfer their existing phone number to another line, cyber criminals pilfered $45,000 from an Australian business owner's bank account. Armed with details obtained by calling the victim's office and home under false pretenses, the fraudsters were able to have his mobile number “ported” to a new device. With calls being routed to a phone operated by the thieves, they obtained an account verification code the bank sends to users' mobile devices as part of their two-factor authentication security measures. Help Net Security has more on how the perpetrators pulled off this scam before the activity was detected by the bank. If your institution sends verification codes to mobile devices, make sure you have a system in place to verify that the mobile number has not been recently ported.

    Mobile financial fraud rising
    Cyber criminals are increasingly moving from targeted email phishing attacks to mobile messaging. Financial fraud via SMS (short messaging service) is growing at a rate of over 300 percent year over year. Global messaging security solutions provider Cloudmark reports that it's presently tracking more than 20 unique, financial related SMS attacks in the U.S., with thousands of variants on each attack. These targeted attacks appear as if they are coming from a major bank or credit card company and are designed to extract users' financial account information for fraudulent use. In some cases, users are tricked into thinking they have received a gift card - a ploy that consumers are especially vulnerable to at this time of year. PC Magazine has more details, including a link to the Cloudmark article containing images of sample messages being sent to victims' mobile devices.

    Enhanced mobile security solution
    With sensitive corporate and personal information now regularly stored on mobile devices, the need for enhanced mobile security incorporating more stringent authentication is greater than ever. Srikar Sagi, a security architect for PayPal, has developed an experimental method that links user accounts to usernames and specific phones. Password Less Authentication (PLA) gathers authentication data over the Internet as well as carrier cellular networks and ties them together to positively identify the user logging into online banking accounts and other secure websites. Using this method of authentication, an attacker would need to have the username, password and the mobile device in his possession to compromise an account. Network World has more details.

    Banks score low on identity safety
    Despite updated online authentication guidance from the FFIEC, a study conducted by Javelin Strategy & Research reveals that top U.S. banks and credit unions are putting their customers at risk for identity theft. Javelin's 7th Annual Banking Identity Safety Scorecard surveyed the country's top 25 banks and credit unions (by deposit size) and found that many institutions continue to rely on Social Security numbers for authentication, such as verifying a customer's identity over the telephone or to reset an online password. The New York Times has more on the study and why using Social Security numbers for authentication leaves consumers vulnerable to identity theft.

    Card security loopholes
    Card security measures put in place by major card providers Visa and MasterCard may not be as secure as you think. Visa's Verified by Visa and MasterCard's SecureCode are part of “3 Domain Secure (3DS),” a program designed to reduce card fraud and shift fraud liability from online merchants to the card-issuing banks. Researchers from Trend Micro have brought to light a security loophole in the program's authentication process, reports Krebs on Security. This may be the first time you're hearing about this but data thieves have been on to this vulnerability for quite some time.

    The more mobile the merrier
    Development of new payments-related mobile products and services targeted at financial institutions and mobile network operators will be the goal as major players mFoundry and MasterCard team up on mFoundry's SaaS (software-as-a-service) mobile banking platform. SaaS enables banks and other providers to offer their customers mobile banking options, including payments. Its partnership with MasterCard will provide the opportunity for bank users to take advantage of PayPass and NFC (near field communication) technology and may expand to mobile contactless payments. TechCrunch has the details.

    Successful e-banking strategies
    According to a recent ABA survey, 62 percent of U.S. adults polled cited online banking as their preferred banking method, up from just 36 percent in 2010. For consumers, e-banking is time-saving, cost-effective, and convenient. For financial institutions, e-banking has a number of advantages like low set up and operational costs, offering personalized services to a more far-reaching customer base, and reduced burden on in-branch banking. The greatest risk of e-banking to both consumers and banks is the security of their financial data. Bank Systems & Technology explores the path to navigating e-banking success with strategies for account opening, personal financial management, and addressing the next-generation of security threats.

    Merry season for malware
    'Tis the season for giving and receiving gifts from friends and loved ones. Gift cards are a great option when you aren't sure what to buy someone and provide the recipients the flexibility to purchase something they want. Cyber crooks are taking advantage of the holiday season spirit of giving to spread malware disguised as gift cards from the nation's leading online retailer Amazon. An Adobe software upgrade notification is also making the rounds in a phishing email containing the ZeuS banking trojan, reports MSNBC. US-CERT has issued its holiday season advisory for consumers and businesses with tips at Infosec Island you can share with your customers on staying alert and protecting their financial data from holiday grinches.

    The latest reports on spam, scams and breaches:

    Paul Carrubba
    and Dan Fisher

    in a 2-hour
    LIVE Webinar

    January 25, 2012

    Mobile Banking

    Smart Phones and Wi-Fi availability are placing extreme pressure on financial institutions to keep up with the pace of change. It is no longer a matter of what to do as much as it is a matter of when your institution will implement a mobile banking solution. Customers are mobile and you need to be too! Learn more about your mobile banking options and the legal and regulatory issues to consider in this information-packed two-hour presentation by Paul Carrubba and Dan Fisher.

    Can't attend?
    Order the CD ROM of the program now.
    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    'Tis the season for sending out holiday greetings to family, friends and co-workers. Whether it's spiritual, traditional or funny, many people choose holiday cards that fit their personality or interests.
    In the Banker Store
    CD ROM Training
    Customer Authentication: The Bar Has Been Raised
    FACTA: Responding to Identity Theft (Video)
    Video Training
    Responding to Identity Theft
    CD ROM Training
    Consumer and Small Business Mobile Capture - Deposits on the Move!
    Updates, Patches and Alerts...
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.