BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
March 9, 2012

Welcome to Tech Talk!
Here are the selections Tech Talk Editors George Milner and Teri Wesley have collected from this week's tech news:
  • Payments security task force
  • Banks have digital advantage
  • la carte cards and accounts
  • Another tricky bank trojan
  • Hactivists hit by hackers
  • Visa shutting down spammers
  • Gaping holes in bank apps
  • Mobile payments burgeoning
  • And the award goes to...
  • Spam, Scams & Breaches
  • Updates, Patches and Alerts...
  • and on the lighter side...
Payments security task force
Payments technology is evolving rapidly with advancements in e-commerce, mobile payments, and other cutting-edge data technologies, and security is at the forefront of it all. An assembly of bankers from financial institutions across the country have come together to form a joint task force led by the ABA (American Bankers Association). The Payment Systems Task Force will work toward developing safe and efficient payment technologies provided by banks that will afford enhanced security for consumers, reports Finextra. Stay tuned for more on this group's efforts toward increasing card security.

Banks have digital advantage
Consumers have a growing interest in digital wallets and mobile payment technologies, and in who they trust to provide those services. A survey of 6,000 consumers conducted by business advisory firm Alix Partners in December found that banks have a significant advantage over nonbank players when it comes to consumer trust. Consumers interested in using a digital wallet rate their primary bank highest in safeguarding their personal information and would choose the bank as their preferred provider over digital or retailer providers. Bank Systems & Technology has more on the survey that shows how banks should leverage consumers' trust to get into - or stay in - the race for the digital wallet.

la carte cards and accounts
Underground carding shops are a dime a dozen. Named after the underweb's most notorious carder, distinguishes itself from the myriad of underground carding shops by its slick interface and lower-than-average prices. It offers an a-la-carte, card-checking service that allows buyers to gauge the validity of stolen cards, has its own bug bounty program and advises users to avoid using Internet Explorer. Krebs on Security has the details and screenshots of the site selling what could be your consumers' stolen data to cybercriminals.

Another tricky bank trojan
Security solutions provider M86 Security Labs has uncovered a banking trojan targeting 137 financial organizations around the globe. The attacks started with recent spam campaigns luring victims to compromised WordPress-based websites that, in turn, led users to pages infected with the Phoenix exploit kit, which downloads a trojan known as Cridex, Carberp or Dapato. Once installed on the victim's machine, the tenacious trojan takes over and collects information that could enable cybercriminals to make fraudulent transactions. The malware flies under the radar of all but 10 of the 43 anti-virus programs. Infosecurity has the details.

Hacktivists hit by hackers
And then there are the "bad" guys who get hit by the other bad guys. Hackers duped hacktivist group Anonymous supporters into installing the ZeuS botnet. Security researchers from Symantec report that hackers modified a link on PasteBin for a distributed denial-of-service (DDoS) attack tool, directing users to a ZeuS trojan instead. In addition to performing the DoS attacks, the modified ZeuS-laden download also steals banking and email credentials. InformationWeek has the details.

Visa shutting down spammers
Businesses that process card transactions need banks to process their transactions - that includes cybercriminals. A study conducted last year found that a total of 13 banks (including a major US bank) had processed spam transactions with the majority of those serviced by just three banks. Despite the study, there has been little effort by banks to remove accounts used by spammers - until now. Working with the International Anti-Counterfeiting Coalition, which investigates and reports complaints related to fraudulent transactions, Visa contacts the banks holding the accounts used by the spammers and forces them to shut down the accounts. Help Net Security has more on Visa's efforts to fight back against spam and fraud.

Gaping holes in bank apps
A study of the structural quality of applications conducted by software analysis company Cast Software reveals that customer-facing bank applications contain structural holes that could lead to outages, data corruption and unauthorized breaches. The second annual CRASH (Cast Report on Application Software Health) report examined 745 enterprise software applications in 160 organizations across industries, including the banking industry, wherein older, back-end applications usually sit on mainframes with little to no exposure to the internet. The disparity of the structural soundness occurs when newer, customer-facing apps provide exposure to the internet and open the door for hackers to come in, reports Bill Curtis, SVP of Cast and co-author of the CRASH report. Bank Systems & Technology has more on the CRASH report and how to fill in the security holes in banking applications.

Mobile payments burgeoning by billions
Has your institution jumped on the mobile payments bandwagon yet? If not, they might want to think about catching that ride. The increasing use of mobile devices as an alternative to payment cards is one of the fastest growing segments of the mobile commerce market. A new study by Juniper Research forecasts that global NFC (near field communications) payment transactions will soar to nearly $74 billion within the next three years. Juniper's Mobile Commerce Markets report also predicts significant growth in other non-NFC segments, such as banking and money transfers. TechCrunch has the details.

And the award goes to...
The Academy of Motion Picture Arts and Sciences Oscar Awards is the Super Bowl of the film industry held each year in February. Awards are presented for outstanding individual or collective efforts in up to 25 categories. Email security solution provider Agari announces its first Annual Sumo Awards to "dishonor" the biggest contributors and enablers of phishing attacks against the banking industry. To find out what schemes led the attacks against the financial industry in four leading categories, go to Help Net Security.

Updates, Patches and Alerts...
  • US-CERT: Current Activity
  • Threatpost: Adobe issues emergency fix for Flash Player vulnerabilities
  • ZDNet: Google patches 14 high risk Chrome browswer holes
  • Sophos: 25 Verisign Trusted shops found to have XSS holes

  • Spring Ahead This Weekend
    Daylight Saving Time begins Sunday, March 11th. Remember to set your clocks ahead one hour. Don't forget desktops, laptops, mobile devices, cameras, security recorders and devices with clocks that don't have DST automatic adjustment capabilities. Don't forget the vault timers! Set them to open one hour earlier. This is also a good time to change smoke detector batteries. Send reminders to your colleagues with a BOL e-Card.
    Paul Carrubba and Dan Fisher

    in a 2-hour
    LIVE Webinar

    Payment Processor Relationships - Revised Guidance

    April 10, 2012

    The FDIC's Financial Institution Letter (FIL-3-2012) on payment processor relationships instructs FDIC-supervised institutions to exercise additional care when establishing relationships with vendors that offer payment processing. Today's technology adds to the complexity of relationships and can be exploited by fraudsters if the appropriate level of due diligence and care is not applied by institutions. This webinar will provide a comprehensive review of all technology-related guidance recently issued and the components of a vendor outsourcing agreement.

    Can't attend?
    Order the CD ROM of the program now.
    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    We all have a little sweet tooth that can cause us to crave a sugar fix any time of the day or night. A bakery in Los Angeles is catering to those with late night cravings in a unique way.
    In the Banker Store
    CD ROM Training
    FFIEC Supplement to Authentication Guidance
    CD ROM Training
    Corporate Account Take-Over and Securing your Internet Banking Site
    CD ROM Training
    Is Your Bank Penetrable?

    Subscribe to Tech Talk and BOL Tech Advisories
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.