BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
March 30, 2012

Welcome to Tech Talk!
Here are the selections Tech Talk Editors George Milner and Teri Wesley have collected from this week's tech news:
  • Open season for credit reports
  • ID thief aimed high
  • Wave and pay for fraud
  • Real time fraud monitoring
  • The real bank fraud victims
  • Bank trojan back up to bat
  • Striking out against cybercrime
  • Cybercrime ranks #2 for FIs
  • A financial fortress
  • Spam, Scams & Breaches
  • Updates, Patches and Alerts...
  • and on the lighter side...
Open season for credit reports
With the rise in credit card and identity theft, consumers have been urged to check their credit reports frequently for signs of fraudulent activity. Now consumers are being warned that identity thieves are getting their information from the very sites they rely on to help protect them fraudulent activity. Hackers have devised relatively easy formulas for accessing consumer credit reports in stealth mode. Dan Clements from Internet security firm provides insight into how credit reporting agencies, and websites that offer credit reports, are being targeted by cyber criminals and increasing consumers' risk of identity theft. MSNBC has the story.

ID thief aimed high
Everyone likes to think that identity theft only happens to other less-cautious consumers, certainly not to tech savvy experts who feel secure in their ability to protect themselves from cybercrime. But billionaire Microsoft co-founder Paul Allen found out firsthand that no-one is out of reach for identity thieves. An AWOL (absent without leave) Army soldier, Brandon Lee Price, changed the address on a Citibank account held by Allen from his Seattle address to an address in Pittsburgh, and then had a debit card sent to that address which was used for fraudulent activity. Citibank was alerted to the fraud when Price attempted a $15,000 Western Union transaction. Computerworld has the story. The unanswered question here is how was Price able to change the address on Paul Allen's bank account by phone? What security measures were missed here to prevent this type of socially engineered fraud?

Wave and pay for fraud
One of the world's largest retail and commercial banking providers with card-holding consumers in the U.S. and abroad is reportedly exposing its customers who use "wave and pay" cards to fraud. An investigation conducted by digital forensics and security firm ViaForensics found that Barclays' contactless cards contain unencrypted data that can be purloined by thieves quickly and easily using a smartphone without the consumer even realizing it, until the damage has been done. TechWorld has more on the investigation into this flaw in Barclays' - and perhaps other - contactless technology.

Real-time fraud monitoring
MasterCard is arming merchants with a new weapon in the war against online shopping fraud. Using fraud detection models designed specifically for eCommerce merchants, MasterCard's "Expert Monitoring Fraud Scoring for Merchants" provides merchants with a predictive fraud score for Card-Not-Present (CNP) transactions in real-time. The service reviews and evaluates the buyer's history and provides the merchant with a relative score that measures the likelihood that a transaction is fraudulent. Bank Systems & Technology has more on this innovative technology that will help mitigate fraud losses for your retail business customers and consumers.

The real bank fraud victims
The Electronic Fund Transfers Act (Regulation E) establishes the rights, liabilities, and responsibilities of consumers who use electronic fund transfer services and the financial institutions that offer these services. In most cases, when a consumer experiences losses due to bank or card fraud, the consumer is made whole again under Regulation E. In other words, they get their money back and life goes on. But the unseen victims are the middle men (and women) used by many cyber criminals to transfer stolen funds from point A to point B. These middle men are known as money mules. Not protected by anti fraud laws or as unreachable as the often overseas crime gangs who hire them, money mules become the "fall guys" and the real victims of bank fraud, according to recent research conducted by Microsoft. Threatpost has the details.

Bank trojan back up to bat
As Major League Baseball swings into its 2012 season, we recall the words of one of baseball's greats and former MVP, "Yogi" Berra, who said "it ain't over till it's over." Last week we reported on the arrest of a criminal gang using the Caberb trojan to pilfer millions of dollars from innocent victims' bank accounts. While Russian authorities struck out that gang and finished that inning ahead, prepare your outfielders for more Caberp criminals coming up to bat as the developers of the malicious bank trojan draft more cyber crooks online. Threatpost has the details.

Striking out against cybercrime
Microsoft is on a mission to take down cybercrime networks responsible for worldwide fraud and identity theft. Partnering with several financial services industry heavy hitters, the software giant has successfully executed a damaging strike against the disruptive ZeuS bank trojan botnet, resulting in the seizure of command and control servers in two hosting locations along with valuable data and virtual evidence from the botnets. Two Internet Protocol addresses behind the ZeuS command and control structure were taken down in the operation, enabling Microsoft to identify thousands of computers infected by the malicious malware. MSNBC has the story.

Cybercrime ranks #2 for FIs
Cybercrime has become the second-largest source of criminal activity against the financial sector, according to results of a Price Waterhouse Cooper (PwC) survey released this week. Of the more than 3,800 respondents spanning the 78 countries surveyed, the financial services sector represented 23 percent of them. According to PwC's Global Economic Crime Survey, 45 percent of financial services organizations have suffered fraud in the past 12 months, and nearly a third of the staff working in the financial services sector did not have any cyber security training in the last 12 months, reports Finextra. The full Financial Services sector report from the Global Economic Crime Survey can be downloaded from PwC.

A financial fortress
What takes up 8-acres of land, can withstand earthquakes and hurricane-force winds up to 170 mph, is powered by enough energy to generate electricity for 25,000 homes, and is guarded by a crack team of former military personnel? It may sound like a description of Fort Knox, an Army facility that houses the majority of U.S. gold. But it's actually Visa's top-secret data Operations Center East. Here you'll find a billion reasons why security goes above and beyond the norm at the facility designed to keep hackers out and safety in for the global network that processes 2,500 transactions per second. Read more about Visa's financial fortress at NewsFactor.

Updates, Patches and Alerts...
  • Computerworld: Adobe streamlines Flash player updates by going silent
  • Threatpost: Google releases Chrome 18, fixes nine security flaws
  • Help Net Security: Free online tool teaches IT security procedures
  • Infosec Island: Installation of Vendor's Patch Does Not Guarantee Security

  • Join
    Paul Carrubba and Dan Fisher

    in a 2-hour
    LIVE Webinar

    Payment Processor Relationships - Revised Guidance

    April 10, 2012

    The FDIC's Financial Institution Letter (FIL-3-2012) on payment processor relationships instructs FDIC-supervised institutions to exercise additional care when establishing relationships with vendors that offer payment processing. Today's technology adds to the complexity of relationships and can be exploited by fraudsters if the appropriate level of due diligence and care is not applied by institutions. This webinar will provide a comprehensive review of all technology-related guidance recently issued and the components of a vendor outsourcing agreement.

    Can't attend?
    Order the CD ROM of the program now.
    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    March winds bring April showers...and maybe some tech-inspired pranks on April 1st.
    In the Banker Store
    CD ROM Training
    FFIEC Supplement to Authentication Guidance
    CD ROM Training
    Corporate Account Take-Over and Securing your Internet Banking Site
    CD ROM Training
    Is Your Bank Penetrable?

    Subscribe to Tech Talk and BOL Tech Advisories
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.