BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
March 16, 2012

Welcome to Tech Talk!
Here are the selections Tech Talk Editors George Milner and Teri Wesley have collected from this week's tech news:
  • Remote controlled banking trojan
  • Mobile banking fraud
  • Fraud detection app
  • Check that check - now
  • Trust is on the (phishing) line
  • The tax scams cometh
  • Citi teams up with Watson
  • New, improved e-signatures
  • PCI: the obscure risk
  • Spam, Scams & Breaches
  • Updates, Patches and Alerts...
  • and on the lighter side...
Remote controlled banking trojan
The rise in Android malware to plunder financial information from unsuspecting mobile users is constantly evolving. The most recent malicious malware discovered, Android/FakeToken.A, has man-in-the-middle functionality but, unlike its notorious predecessors Zeus and SpyEye, can be controlled remotely by thieves. Disguised as an Android app, the trojan poses as a Token Generator application and targets specific well-known financial entities using the logo and colors of the institution in the icon, lending it credibility with consumers. Threatpost has the details.

Mobile banking fraud
It seems the more mobile consumers become, the more motivated and ingenious fraudsters get. Security firm Trusteer is warning mobile users that cybercriminals are impersonating users in order to obtain replacement SIM cards from the victims' mobile carriers. Variants of the Gozi trojan are being used to trick victims into exposing their phone's IMEI (international mobile equipment identity) number, which is used by the fraudsters to report the mobile device as lost or stolen and to obtain a new SIM card. The victims' online banking and other one-time passwords are then sent to the fraudulently-controlled device. Get the details about this and another newly discovered attack targeting your mobile customers at Help Net Security.

Fraud detection app
More than 11.6 million adults in the U.S. were victims of identity theft last year, according to Javelin Strategy & Research. Many of those cases resulted from phishing emails and malware, with consumers having no idea their information had been stolen until fraudulent charges surfaced. A Texas-based security firm is offering identity fraud protection with AllClear ID, a free mobile app that will alert consumers if their personal data has been stolen and is being used by cybercriminals. MSNBC has more details. With the rise in mobile banking and mobile fraud, this is an invaluable service worth sharing with your customers.

Check that check - now
Despite a reduction in the number of checks written each year, check fraud is responsible for billions of dollars of merchant and bank losses due to ineffective and outdated fraud detection methods. Signature management systems leader SoftPro has announced the release of its check verification solution, FraudOne, that enables banks to detect fraud in real-time when a check is deposited at the teller, ATM or using a mobile device. FraudOne’s Combined Risk Score engine compares the signature on a check with a reference signature on file and evaluates data from other fraud engines and external bank systems to determine the validity of a check being processed. ATM Marketplace has the details.

Trust is on the (phishing) line
Back in the day - before email, online banking and electronic bank statements - identity thieves would scour neighborhoods for unsecure mailboxes to procure bank and card statements and steal personal information. In this electronic age, cybercriminals have turned to email accounts as the avenue for bank fraud schemes...and as low-tech as it might seem, it's working. Technology may change but these attacks target a facet of human nature that remains an age-old security vulnerability: trusted relationships between customers and their banks. Krebs on Security has some insight into how the thieves are pulling off their financial phishing ploys.

The tax scams cometh
Tax refund time is one of the most anticipated seasons of the year for taxpayers who have big plans for the return of some of their hard-earned money. With the added convenience of online tax filing, consumers can get their refunds within a matter of days or weeks. So can identity thieves who have big plans for those tax refunds too. Tax and wage-related fraud is on the rise, accounting for 24 percent of consumer complaints to the FTC last year - up from 12.7 percent in 2009, reports Infosec Island. Educate your customers to help protect them from tax season scams with some tips from USA Today.

Citi teams up with Watson
Sometimes we could all use a helping hand. Even the world's most famous fictional detective had a right-hand man. Dr. Watson provided Sherlock Holmes with practical assistance in the conduct of his cases. Citigroup is teaming up with IBM's Watson - a high-performance supercomputer with data management and analytics technology. Citigroup will explore how Watson's technology can assist them with providing innovative and secure services designed around their customers' ever-evolving digital and mobile lives. Banking Technology has the details.

New, improved e-signatures
In June 2000, the Electronic Signatures in Global and National Commerce Act (ESign) was enacted to facilitate the use of electronic records and signatures. The benefits of e-sign for the financial services industry include quicker processing for time-sensitive transactions like loan applications, account openings, and more. Two new e-signature devices are now available from authentication provider VASCO, offering enhanced convenience with the ability to transmit the signature via sound or a scanned image. TechWorld has the details.

PCI: the obscure risk
Financial institutions are faced with myriad security and operational risks. The PCI (Payment Card Industry) Data Security Standards were developed to enhance cardholder data security and facilitate globally consistent data security measures. Some financial institutions that outsource merchant services are failing to implement and maintain effective risk programs in compliance with the standards set forth by the PCI. The failure to adequately manage these relationships might be viewed as facilitating fraudulent activity and lead to the bank being held liable. Bank Systems & Technology has more on what banks should be doing to mitigate the risks related to payment cards.

Updates, Patches and Alerts...
  • US-CERT: Current Activity
  • PC Magazine: Patch Tuesday: Microsoft fixes critical remote desktop flaw
  • Computerworld: Apple patches record number of Safari 5 bugs with monster update
  • PC Magazine: After Delay, Firefox 11 Arrives With Add-on Sync, Dev Tools
  • Threatpost: Microsoft adds new exploit mitigations to IE 10

  • Join
    Paul Carrubba and Dan Fisher

    in a 2-hour
    LIVE Webinar

    Payment Processor Relationships - Revised Guidance

    April 10, 2012

    The FDIC's Financial Institution Letter (FIL-3-2012) on payment processor relationships instructs FDIC-supervised institutions to exercise additional care when establishing relationships with vendors that offer payment processing. Today's technology adds to the complexity of relationships and can be exploited by fraudsters if the appropriate level of due diligence and care is not applied by institutions. This webinar will provide a comprehensive review of all technology-related guidance recently issued and the components of a vendor outsourcing agreement.

    Can't attend?
    Order the CD ROM of the program now.
    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    Happy St. Patrick's Day!
    Around any holiday, online users must remain vigilant and be especially cautious about clicking on links and opening questionable emails that may contain a virus.
    In the Banker Store
    CD ROM Training
    FFIEC Supplement to Authentication Guidance
    CD ROM Training
    Corporate Account Take-Over and Securing your Internet Banking Site
    CD ROM Training
    Is Your Bank Penetrable?

    Subscribe to Tech Talk and BOL Tech Advisories
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.