BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
April 20, 2012

Welcome to Tech Talk!
Here are the selections Tech Talk Editors George Milner and Teri Wesley have collected from this week's tech news:
  • Stolen IDs used for tax fraud
  • RAT checks in at hotels
  • Card-issuing ATMs
  • Cards replace money mules
  • Threats from within
  • Big Apple is first for fraud
  • Mobile will be the way to pay
  • The freedom to go mobile
  • More mobile not always merrier
  • Spam, Scams & Breaches
  • Updates, Patches and Alerts...
  • and on the lighter side...
Stolen identities used for tax fraud
April is the month taxpayers either look forward to in anticipation or dread, depending on the status of their annual tax filing. It's also a popular time of year for identity thieves and fraudsters to crawl out from under their cyber rocks. Russian citizen Petr Murmylyuk, a.k.a. Dmitry Tokar, residing in New York, was a member of the latter group. The 31-year-old Brooklyn resident set up a bogus online employment search website where unemployed workers could apply for what were non-existing jobs. Murmylyuk used personal information he gathered from the victims to file fraudulent income tax returns and collect refunds of nearly half a million dollars. Sophos has the story and additional charges the thief is facing for hacking brokerage accounts.

RAT checks in at hotels
When choosing a hotel for business or leisure travel, some travelers may get more than the hospitality they bargain for when checking in. Security firm Trusteer has discovered a remote access trojan (RAT) being sold in underground forums that is designed to steal credit card information from hotel point of sale (PoS) applications. Thieves who install this program can pilfer credit card and other personal data of travelers by collecting screenshots of their information when they check in at the hotel's front desk. Sellers offering the RAT online for $280 are providing a "non detection by anti-virus program" guarantee. IT World has the details. This threat illustrates how criminals are targeting enterprise networks to collect financial information instead of end users' devices.

Card-issuing ATMs
Automated teller machines (ATMs), originally developed to serve as just cash dispensers, have evolved to include many other banking and account management functions. Mobile and Internet software developer and kiosk solutions provider Portlogic has designed banking kiosks that not only enable users to complete applications for loans, insurance products and other financial services, but also take applications for Visa cards and, upon approval, issue the card to the customer right from the machine. That means no waiting for the card to arrive in the mail or taking the risk of having cards stolen from unsecured mailboxes. ATM Marketplace has the details.

Cards replace money mules
Business psychologist and former Forbes columnist Srully Blotnick said you have to spend money in order to make money. Cybercriminals often "hire" money mules to help them extract funds from victims' bank accounts and transfer the funds to their overseas accounts. But money mules come at a price to the thieves - they keep a percentage of the profits for their role in the scheme and they present certain risks due to human error or greed. Recent evidence suggests that cyber gangs are wising up and saving themselves the costs and the risks of using money mules by using prepaid cards to launder stolen funds. Krebs on Security has more on this alarming new trend that could result in greater losses to financial institutions if the prepaid card approach proves successful for cyber thieves.

Threats from within
Hacking, identity theft, social engineering, and malware-laced attacks are the outside forces we work hard to protect our networks and our customers' personal and financial data from. But sometimes our most formidable and least expected foes are working within the very network or business infrastructure we strive to protect. The economy - or sometimes just plain greed - can lead trusted employees down the path of insider theft. It's often carried out by those who are trusted the most, as was reported this week by MSNBC when the chief financial officer of a small city in Illinois was arrested and charged with wire fraud for stealing $30 million in city funds. The most notable aspect of this story is the glaring lack of controls in place to prevent this type of loss. While there is no approach that will completely guarantee your defense against insider theft, Infosec Island has ten tips you can employ to help mitigate that risk.

The Big Apple is first for fraud
New York City is the most populous and the most popular city in the United States, famous for its arts, finance and cultural contributions - and also apparently the favored city for cyber criminals. Cybercrime prevention company ThreatMetrix ranks New York City as number one in e-commerce fraud in its ranking of the top 150 cities based on their percentage of high and medium risk transactions during the first quarter of 2012, reports Help Net Security.

Mobile will be the way to pay
The popular slogan "what's in your wallet?" is likely to be replaced by "what phone are you paying with?" by the end of this decade, according to the results of a survey conducted by Pew Research Center. The study, which polled over 1,000 technology experts and other online users, revealed that 65% of the respondents expect mobile wallets to replace cash or credit cards by 2020. There is skepticism from some experts who feel that a lack of trust in mobile technology with the potential security and privacy implications will impede many consumers from leaving home with just their phone. CIO has more details.

The freedom to go mobile
More evidence of the growing need for mobile payments - in this case specifically targeting underbanked consumers - financial services provider Bank Freedom has entered into a multi-year agreement with FIS, the world's largest provider of banking and payments technology. Bank Freedom, a subsidiary of PrepaYd, Inc, will offer a mobile application for its customers that have PrepaYd's cell phone service and Bank Freedom's prepaid debit card. This will enable the majority of their customers who do not have traditional bank accounts, or good credit usually required for a cell phone contract, to manage their finances via mobile phone technology. Finextra has the details.

More mobile not always merrier
With mobile payments and mobile device usage burgeoning, companies are exposed to increased mobile use and security risks by employees. If you have a few employees that don't have a mobile device, they are most likely in the minority these days. A recent survey by PwC and Infosecurity Europe reveals that many businesses, in their efforts to remain flexible and open to allowing staff to use mobile devices at work, overlook the need for secure mobile use policies, and leave their corporate date at massive risk of exposure. The study found that 82% of large organizations reported security beaches caused by staff, and less than half of those encrypt data that is downloaded to mobile devices. Help Net Security has more on the survey and the threats mobile devices are bringing into your offices and branches.

Updates, Patches and Alerts...
  • Help Net Security: Apple enhances Apple ID account security
  • Infosec Island: Oracle releases critical patch updates for April 2012
  • Infosec Island: Apple releases Flashback malware removal tool and patches
  • Join
    Susan Orr

    in a 2-hour
    LIVE Webinar

    Technological Advances to Improve Security: What's Available?

    May 25, 2012

    The technology age has brought a plethora of products and services that have changed how we live, work, and play. Look at the technology and processes your institution has implemented: Websites, email, online banking, bill payment, merchant capture, mobile banking, and more! These technological advances come with increased risks and the need for security and monitoring. This presentation will provide an overview of some of the products and services available to help financial institutions improve security, reduce risks, and increase productivity.

    Can't attend?
    Order the CD ROM of the program now.
    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    She liked her job (at Microsoft, Project Manager). She's moving on (to a startup). Maybe this is the future of tech transitions from one job to another.
    In the Banker Store
    CD ROM Training
    When Social Media Attacks
    CD ROM Training
    Payment Processor Relationships - Revised Guidance
    CD ROM Training
    Is Your Bank Penetrable?

    Subscribe to Tech Talk and BOL Tech Advisories
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.