Banks gear up for battle|
With the rise in cyber attacks targeting banks and other financial industry organizations, a joint effort is being coordinated by big banks and security officials from Wall Street giants Morgan Stanley and Goldman Sachs to fight back against hackers. Teaming up with Polytechnic Institute of New York University, the group will create a center for collaborating and sorting through bank databases to identify potential threats and attacks. Threatpost has the details.
Crime superstore shut down
Working in partnership with federal agencies, local police, banks and credit card companies, the FBI has closed down a cyber crime superstore in the Garden State of New Jersey. Beginning with stealing Social Security numbers of unsuspecting victims and creating fake identities, the Park criminal enterprise grew into a full blown cybercrime operation that built bogus credit histories and opened fraudulent bank accounts and credit lines. The Fed's bust netted 43 members of the crime ring and 10 other individuals charged with related offenses in the sophisticated scheme responsible for stealing millions of dollars from financial institutions, retailers, car leasing companies, and even the IRS. FBI.gov has the details.
High tech bank robber busted
Manhattan U.S. Attorney Preet Bharara referred to ATM skimmers as "high tech bank robbers" following the apprehension of Romanian national Laurentiu Balat for his alleged role in an ATM card skimming operation targeting 40 HSBC ATMs in New York. These high tech thieves replace a gun and a note with fake card readers and hidden cameras to steal victims' information and their money. Balat's operation got away with at least $1.5 million before bank surveillance cameras captured Balat in the act of installing the skimmers and pin-hole cameras. TechWorld has the story. If convicted on charges of conspiracy to commit bank fraud and one count of bank fraud, Balat could spend up to 60 years in prison.
Big bank breaches customer info
The fourth largest bank in the U.S., Wells Fargo (which recently acquired Wachovia), is under investigation by the Connecticut Attorney General for releasing Social Security numbers of multiple clients during a fraud investigation. Wells Fargo received subpoenas from the state department of Social Security requesting financial information, and subsequently gave some of its customers copies of the subpoenas, which included Social Security numbers of a number of individuals. Reuters has the story. Wells Fargo is scrambling to make the best of its faux pas and will offer identity theft protection for the affected individuals.
A different kind of online attack
Banks are vulnerable to varied degrees of attacks that can, and often do, open the door for cybercriminals to pilfer large sums of money from banks' customers or the banks themselves. You work hard to protect your institution against the obvious threats we read about and report on each week. But what about logical security flaws in financial systems whose exploitation can be actually be "legal?" One such flaw is in the way rounding is done in currency exchange that allows users to effectively influence the currency exchange rates. Help Net Security reports on how currency rounding errors can be profitable and the countermeasures banks can employ to eliminate their losses.
The game is not over
To innocent victims who lose hundreds or thousands (maybe even millions) of dollars to fraudsters in sophisticated scams and phishing expeditions, losing their funds to cyber thieves is anything but a game. The FBI is alerting consumers about the increase in a newer variant of the ZeuS malware dubbed "Gameover," which targets users' bank account logins and defeats commonly used authentication methods. The phishing scam hooks unsuspecting consumers with seemingly legitimate-looking emails from official financial agencies, like the Federal Reserve, FDIC and NACHA. Network World has more on the alert that you need to share with your customers along with a reminder to not open unsolicited email attachments. Find out more about how this malicious malware operates at Help Net Security.
Smart move to mobile
With fifty percent of smartphone owners using mobile banking according to Javelin Research's 2011 Mobile Banking Financial Scorecard, mobile banking has shifted from concept to reality. Cost remains a major consideration for financial institutions who have not yet adopted the technology. But the benefits, increased profit margins, and cross selling opportunities of providing your customers with a mobile banking application can reap valuable returns on the investment - and meet the growing needs of your customers. Bank Systems & Technology shares some insight moving toward the direction of smartphone banking apps.
NFC phones certified by Visa
The Samsung Galaxy, LG Optimus and select BlackBerry models have been certified by global payments giant Visa for NFC (near field communications) payments using Visa payWave terminals in Europe. Visa's payWave technology enables users to conduct wireless payment transactions by simply waving their mobile device in front of a compatible payment terminal. PC World has the details.
Coming soon: FFIEC guidelines
Formal assessments for compliance with the Federal Financial Institutions Examination Council's (FFIEC) online authentication guidance begin this month. As banking applications evolve, security precautions currently in place become ineffective in the face of new, more sophisticated attacks. The supplement highlights the need for better risk assessments, effective strategies for mitigating online risks, and improved customer and employee fraud awareness. Infosec Island has five FFIEC compliance tips to help banks understand what the guidance entails and what is expected of financial institutions.