Friday, May 22, 2015

Massive Clinton-era Internet bug shows pitfalls of Obama's 'backdoor' proposal

This week, computer researchers announced they found a massive weakness in Internet software. "Logjam," as they called it, allows hackers to spy on your online communications.

Image Source: Article
Logging into your email, bank or Facebook (FB, Tech30) on public Wi-Fi or over a virtual private network (VPN) isn't safe.

Read the full article.

Thursday, May 21, 2015

Cyber attacks a growing threat for US financial system

Online attacks by ever-skillful hackers are a growing threat to the stability of the US financial system, according to a report by a top-level government panel released Tuesday.
Image Source: Article
The 2015 report by the Financial Stability Oversight Council said that although US banks and financial businesses have been leaders in erecting barriers to hackers, cyber attacks still present a potential systemic danger.

Read the full article.

Financial Firms ‘Take Up To Three Months’ To Detect Cybersecurity Threats

Companies are putting themselves at significant risk of being hit by damaging cyber-attacks by not being able to detect advanced threats quickly enough, a report has claimed.

Image Source: Article
A study by the Ponemon Institute and sponsored by security firm Arbor Networks found that the ‘dwell time’ (the time taken for businesses to realise the possible threat) can be as much as several months, meaning they are not able to prepare and protect themselves adequately.

Read the full article.

Wednesday, May 20, 2015

Business continuity and disaster recovery planning: The basics

Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those events might include a hurricane or simply a power outage caused by a backhoe in the parking lot.

Image Source: Article
The CSO's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency.

Read the full article.

Can Financial Services Use Social Media Right?

Did you know a tenth of HSBC’s workforce is in compliance?

Image Source: Article
Meanwhile, similar trends are being seen in the U.S. and around the world. The regulatory clampdown is happening at the same time that technology is transforming our world.

Read the full article.

The Art of (Cyber) War: Cybersecurity Tactics for All Financial Institutions

As financial institutions of every type and size -- national, regional and community banks, thrifts, mutuaIs, credit unions, and non-bank lenders -- increase their collection of personal information about their customers and employees, they become larger targets for a data privacy incident.

Image Source: Google Images
Financial institutions are truly in a cyber war and must fight this battle on four fronts: external threats, intentional misappropriation by rogue employees, data accidentally lost or misplaced, and vendor negligence; accordingly, proper tactics and strategy are essential for survival.

Read the full article.

Saturday, May 16, 2015

Five tips to comply with the new PCI requirements

At the end of June, merchants that accept payment cards have five new security requirements to comply with -- and significant fines and other costs if they don't.

Image Source: Article
The new rules are part of the new Payment Card Industry Data Security Standard.

Read the full article.

Wednesday, May 13, 2015

Banks Eye IoT And Wearable Tech Apps

Banks and other transaction-focused companies are increasing their efforts to bring apps to the Apple Watch and other wearable technology – with an eye on creating a seamless shopping, payment and even budgeting experience for consumers via the Internet.

Image source: Article
Driven in part by the Internet of Things trend, Royal Bank of Canada and MasterCard are working with Bionym, maker of a wristband that authenticates consumers via biometrics, according to American Banker.

Read the full article.

Tuesday, May 12, 2015

Cyberattacks Target Mobile Banking

Reports of 2.2 billion malicious attacks on computers and mobile devices in 2015’s first quarter and an evolving Dyre Wolf malware threat are reminders of the continuing need for financial institutions to remain vigilant.

Image Source: Article
In an epic quarter, Moscow-based security firm Kaspersky Lab released the “IT Threat Evolution Report for Q1 of 2015.”

Read the full article.

When is a breach detection system better than an IDS or NGFW?

How would you describe the difference between a breach-detection system and a traditional intrusion detection/prevention system or next-generation firewall, particularly from the perspective of how each type of device interacts with network traffic?

Image Source: Article
In which enterprise settings would a breach-detection system be more appropriate to leverage?

Read the full article.

CU InfoSecurity Conference 2015 in Las Vegas

The Credit Union InfoSecurity Conference, the original and premier conference dedicated solely to credit union security, is holding its next summit on June 3-5, 2015 at the Golden Nugget Hotel & Casino in the heart of Fremont Street in Las Vegas.

Register for the event

Image source: CU News
The conference, which features industry leaders in their respective fields sharing their firsthand knowledge and practical advice on securing credit unions, is an incredible opportunity to gain new insight, network with credit union peers, and browse the Security Vendor Reception.

Possible topics to be covered at the upcoming summit include ransomware, active defense, cloud security, data encryption, breach prevention, pervasive security, device configuration, social media compliance, virtual branch security, virtual machine security, account takeover prevention, network security strategies, and cyber security intelligence.

If you are interested in attending the event, be sure to register here (https://www.cunews.com/infosecurity-conference.html).

Monday, May 11, 2015

MasterCard Speaks on Importance of Biometrics

MasterCard has been speaking about its digital securitization efforts at this year’s Risk to Reward conference in London, according to a Business Reporter article by Joanne Frearson. To that end, the company says it’s developing fingerprint and facial biometric systems.

Image source: Article
It has also been working on its own biometric credit cards, which have already been tested in a pilot project in Norway and are slated to further expand their presence.

Read the full article.

Friday, May 8, 2015

Credit Unions Seek Better AML Technology: Celent

A new report from Boston-based research firm Celent looked at how continuously evolving regulations, coupled with recent instances of money laundering rule violations, have led to the need for better technology in managing AML operations.

Image source: Article
In the report titled, “Emerging Solutions in Anti-Money Laundering Technology,” Celent discussed a number of innovative solutions in the AML/Know Your Customer (KYC) space. Faced with pressures from growing compliance requirements and the need to cut costs, financial institutions are seeking technology that increases efficiency and frees up resources, Celent said.

Read the full article.

Thursday, May 7, 2015

LA Suit Accuses Wells Fargo Of Misusing Consumer Data

The City of Los Angeles is suing Wells Fargo, alleging some bank employees in the state have been pressured to adopt “unfair, unlawful and fraudulent conduct” against customers, including but not limited to misusing confidential data.

Image source: Article
In a civil suit filed Monday (May 4), L.A. City Attorney Mike Feuer claimed that Wells Fargo opened unauthorized accounts in customers’ names, refused to close those accounts even after those customers complained, and even “raided” client accounts for funds to open new accounts – all in an effort to meet sales quotas.

Read the full article.

Wednesday, May 6, 2015

HR Answers: Prevent internal fraud

For credit unions nationwide, internal fraud represents a significant and growing problem.

Image Source: Article
The financial services sector has the highest incidence of internal fraud across 23 industries, according to the Association of Certified Fraud Examiners’ 2012 Global Fraud Survey: about 17 percent of all insider fraud incidents, vs. just over 10 percent each for government/public administration and manufacturing.

Read the full article.

Chip Card Shift Projected To Be Nearly Done By 2017

As the Oct. 1 deadline for the EMV merchant-liability shift inches closer, there’s going to be a lot more reports about which type of merchants are ready, and which aren’t.

Image source: Article
There’s also going to be plenty of reports on which issuers have their credit and debit cards EMV-chip enabled (and which are behind).

Read the full article.

Tuesday, May 5, 2015

Anti-sandbox capabilities found in Dyre malware

A new version of Dyre malware, which recently reemerged to plague financial institutions in the form of the Dyre Wolf campaign, is now employing anti-sandbox techniques to avoid security professionals and pose a more insidious threat to financial enterprises.

Image Source: Article
New research from cloud-based security firm Seculert revealed that Dyre is capable of bypassing sandboxes by checking the system for processor cores. If only one core is found, Dyre terminates instantly.

Read the full article.

Stop Sending Me Threat Intelligence in Email

I’ve been talking to many different organizations recently about their sources of threat intelligence, and one thing I’ve heard numerous times is that some of the most timely, valuable threat intelligence they are receiving is via email.

Image Source: Article
I’ve even heard that we’ve made some progress with STIX, as sometimes STIX content is attached to the emails—poor TAXII must feel so left out.

Read the full article.

Banks and Credit Unions Decide Whether to Support Wearables

The official inauguration of Apple Watch brings great expectations inclusive of changing the way we think about how to gather data and turn it into information. Until now, achieving information gathering meant entering information via keyboard, voice or video.

Image source: Article
More and more, bank and credit union customers prefer to bank wherever they are, using their smartphones, tablets or wearables as the remote control for their financial management. If consumers are using mobile-connected devices to streamline their to-dos, then what is next for these tiny, mobile computers?

Read the full article.

Monday, May 4, 2015

Why Has Mobile Banking Growth Stalled? Blame Hackers

After several years of dramatic growth, the adoption rate for mobile banking in the U.S. has slowed dramatically. Those who like to bank this way are doing it more often, but the industry is struggling to get more customers to go mobile.

Image source: Article
A recent report from the Federal Reserve (Consumers and Mobile Financial Services 2015) found that 52 percent of smartphone owners with a bank account did at least one mobile banking transaction last year. That's not much of an increase from the 51 percent reported in 2013.

Read the full article.

New payment systems put consumer data at risk: Ponemon

With new payment systems comes more risk to consumer data, a new survey indicates.

Image Source: Google Images
About 68% of payment-systems professionals say pressure to migrate to new payment systems puts customer data at greater risk instead of making it safer, according to a new survey by Experian and the Ponemon Institute.

Read the full article.

Takeaways From the 2015 Verizon Data Breach Investigations Report

Verizon’s annual Data Breach Investigations Report (DBIR), published since 2008, has become one of the most anticipated information security industry reports.

Image Source: Article
Think of it as the Data Breach Bible, as it dissects thousands of confirmed data breaches and security incidents from around the globe into emergent and shifting trends, providing us with insightful guidance to apply to our own security practices.

Read the full article.

Saturday, May 2, 2015

Three Keys to a Successful Cybersecurity Defense Program

Normally, the bait used to get the attention of senior accounting and finance members were topics like, “Trends to Fund Your Next Acquisition,” “Key Tax Strategies for the New Millennium,” “How to Attract and Retain High Performing Teams,” etc.

Image Source: Article
However, recently, I’ve noticed a new topic cropping up about this new business risk of “protecting your data” and “cybersecurity defense.”

Read the full article.

Friday, May 1, 2015

Forrester estimates that broad EMV chip adoption is half a decade away

Forrester Research predicts that “broad adoption” of plastic EMV chip-and-signature and chip-and-PIN payments in the U.S. will take several years, despite the looming fraud liability shift taking effect in October.

Image Source: Article
In a new report (PDF)published this week, called “Prioritize Tokenization to Secure the Payment Chain,” co-authors Andras Cser, Ed Ferrara and John Kindervag, said that widespread EMV adoption wouldn't occur until 2020.

Read the full article.

Thursday, April 30, 2015

Regulator Sets New Rules on Credit-Union Membership

The chief regulator of U.S. credit unions passed a new rule designed to curtail how some in the industry gather new members, a move credit unions say is too tough and rival banks say is too weak.

Image source: Article
The National Credit Union Administration, the regulator for the more than 4,000 federally chartered credit unions, on Thursday approved final rules that prohibit credit unions from setting up charities and other associations designed solely to attract customers who otherwise wouldn’t be eligible for membership.

Read the full article.

Payment Innovation Outpacing Security: Study

Security hasn’t kept pace with technology and there is widespread concern that new payment technology such as virtual currencies, mobile payments and e-wallets increase a breach risk, according to a new study.

Image source: Article
The study found that emerging payments technologies coming in the wake of 2014’s mega retail breaches are threatening a landscape in which financial institutions, retailers, payment processors and credit card brands are facing more scrutiny than ever before.

Read the full article.

Credit Unions May Partner With Bitcoin Exchanges to Offer Competitive Products

Credit unions may consider partnering with Bitcoin exchanges such as Coinbase if they are to continue offering competitive international payments services to their customers.

Image source: Article
In the report titled Understanding Bitcoin’s Implications for Credit Union Services, the group touches upon the two grave concerns stemming the rise of Bitcoin, High Volatility and Security. Should the digital currency’s volatility reduce to generally acceptable levels and the security of private keys is ensured, credit unions may replace their core functions with Bitcoin.

Read the full article.

The Opportunity (In New Members, Revenue) For CUs In Mobile Wallets

In financial services, nobody builds personal relationships like credit unions can—and nobody understands your credit union’s members better than you do.

Image source: Article
More and more members want to connect with their credit union through the mobile channel.

Read the full article.

Next Frontier for Mobile Payments: Adding Loyalty Programs

Even as credit unions are figuring out the emerging space that is mobile payments, there already are glimpses of the next frontier — adding loyalty programs to mobile.

Image source: Article
For years the concept of loyalty was simple: consumers used their credit and debit cards to make purchases and earned rewards by doing so. With the advent of mobile payments, however, suddenly the picture becomes much murkier.

Read the full article.

Design Is The New Differentiator In Mobile Banking

As understanding of basic mobile banking applications increases and the differentiation between mobile banking apps becomes less defined, the importance of mobile design takes center stage. The key is to combine functionality with simplicity.

Image source: Article
A study from the Federal Reserve shows that there are untapped markets waiting for mobile banking. Millions of consumers are going to start banking on mobile in the next twelve months. But millions more aren’t interested.

Read the full article.