Wednesday, April 1, 2015

Bridging the Endpoint Security Gap

Current PC and Server security standards are no longer adequate to stop the latest generation of attackers. Despite your investments in security you are at greater risk than ever. You've spent a great deal of money and time building a multi-layer, defense-in-depth security strategy for your organization. But, is it enough?

Image source: Matrix White Paper
IT security vendors have acknowledged their inadequacy and are now pushing analytics – after an attack has been successful, learn about it faster than you do today. According to the latest Mandiant threat report, M-Trends 2015, based on their research the time from an organization’s earliest evidence of compromise to discovery of compromise in 2014 was 205 days. Further, only 31% of victim organizations discovered the breach internally while 69% were notified of the compromise by an external entity such as law enforcement.

Global uptake of biometrics expected to rise in 2015

ABI Research forecasts $3.1 billion global revenues in 2015 for biometrics in the consumer and enterprise sectors, with much of the growth coming from smartphone solutions.

Image source: EyeVerify
Rapid advances in the biometrics field will drive further smartphone hardware upgrades. Meanwhile, pioneering algorithm design and cloud computing services are transforming user authentication.

Are you using biometrics such as EyeVerify to protect mobile operations in your Credit Union?

Security firm reports vulnerabilities in 70 percent of mobile banking apps

People are becoming increasingly concerned about their security. They use two-step authentication, login alerts, and third-party security services to better protect their email and social media accounts.

Image source: Article
However, apparently we are all mistaken in that as many as 70 percent of the top 100 mobile banking apps on the Android operating system in the APAC region are vulnerable to security attacks and data leaks.

Think that because you are in North America that you're safe?

Tuesday, March 31, 2015

CU InfoSecurity Conference 2015 in Las Vegas

The Credit Union InfoSecurity Conference, the original and premier conference dedicated solely to credit union security, is holding its next summit on June 3-5, 2015 at the Golden Nugget Hotel & Casino in the heart of Fremont Street in Las Vegas.

Register for the event

Image source: CU News
The conference, which features industry leaders in their respective fields sharing their firsthand knowledge and practical advice on securing credit unions, is an incredible opportunity to gain new insight, network with credit union peers, and browse the Security Vendor Reception.

Possible topics to be covered at the upcoming summit include ransomware, active defense, cloud security, data encryption, breach prevention, pervasive security, device configuration, social media compliance, virtual branch security, virtual machine security, account takeover prevention, network security strategies, and cyber security intelligence.

If you are interested in attending the event, be sure to register here (

Thursday, March 26, 2015

Gmail Bill Pay a Bigger Threat to Banks than Google Wallet

Google's planned integration of bill pay and presentment with its immensely popular Gmail service could quickly scoop away one of the stickiest offerings of online banking sites.

Image source: Article
The product, reportedly called "Pony Express," would allow Gmail users to examine and pay emailed bills without navigating to another site.

Does your CU typically rely on emailed notifications to prompt customers to log into your own site, where you can sell upgrades and provide customer service?

Wednesday, March 25, 2015

Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide

Security researcher has discovered some new features in the most dangerous Vawtrak, aka Neverquest, malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network.

Image source: Article
Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces.

What protection measures do you have in place to protect your systems and your members?

Monday, March 23, 2015

Facebook marks its territory in mobile payment with peer-to-peer tool

Facebook announced this week that it's adding a new payment feature to its Messenger app.

Image source: Wired
The peer-to-peer payments service, which will roll out in the U.S. in a few months, allows desktop and mobile users to link their debit card information to Messenger and instantly send money to Facebook friends through the app.

What, if any, implications the service will have for your CU and your members?

Friday, March 20, 2015

Data Breaches Hit Half of America: Verizon Report

Almost half of all American consumers (45%) said data security breaches have compromised their personal payment information or that of a household member, according Verizon’s 2015 PCI Compliance Report.

Image source: Hubspot
Verizon Enterprise Solutions, a subsidiary of the communication firm, published the report March 12. It was the fourth year Verizon has published the report, which looks into how firms comply with the Payment Card Industry Data Security Standard.

Are you using firewalls, antivirus, and authenticated access portals to protect your systems and your clients?

Tuesday, March 17, 2015

Cyber-Security Is Center Stage

Sen. Elizabeth Warren (D-Mass.) met with credit union executives following her general session address. The group discussed regulatory burden, cybersecurity and other key issues that concern credit unions.

Image source: Article
Cybersecurity emerged as the most prevalent theme, however, and every general address speaker covered the topic.

Do you share other CU executives' concern about cybersecurity?

Monday, March 16, 2015

Preparing for E-Discovery

One of the critical steps in managing litigation is properly handling electronically stored information, or “ESI.”

Image source: Article
The seismic shift to ESI is a significant challenge for businesses, but it doesn’t have to be overwhelming. Taking steps now to prepare for e-discovery will pay off in the future with significant savings in time and money. You can think about e-discovery in three stages: (1) prior to litigation; (2) anticipating litigation; and (3) during litigation.

Are you waiting until after you've been sued to think about e-discovery?

Friday, March 13, 2015

MasterCard to Bring Biometric Security to Silicon Valley Credit Union

MasterCard is diving deeper into biometric security with a new credit union partnership, according to a Credit Union Times article by Roy Urrico. The company has teamed up with Silicon Valley’s First Tech Federal Credit Union.

Image source: Article
How the biometric technology will fit in with the rest of the security program is to be determined but MasterCard has confirmed that they will be exploring a multi-modal system employing face, fingerprint, and voice recognition.

Are you forward-thinking when it comes to biometric technologies?

Wednesday, March 11, 2015

The Best and Worst Credit Union Apps

Consumers want easy access to their funds and the ability to check balances on the go, make transfers in transit and deposit checks without heading into a local branch.

Image source: Article
Credit unions often get an unjust reputation as being behind the technological curve, but a 2014 analysis by Magnify Money shows 8 of the top 10 mobile banking apps were from credit unions.

Read the article to see which apps stand out from the rest. How do you stack up against the competition?

Tuesday, March 10, 2015

U.S. credit unions locked in cyber battle with their regulator

For Debbie Matz, the head regulator for 6,350 of the nation's credit unions, it's an easy answer: a cyber hacker sneaking in through a credit union vendor, cracking through to the larger U.S. financial system and wreaking havoc along the way.

Image source: Article
For years, Matz has warned about a general vulnerability of third-party vendors in U.S. financial markets, with little success.

Have you heeded the warnings?

Monday, March 9, 2015

XML Files Used to Distribute Dridex Banking Trojan

Cybercrooks have been leveraging malicious macros hidden inside XML files to distribute the Dridex financial malware, researchers have warned.

Image source: Article
It’s not uncommon for cybercriminals to use specially crafted Microsoft Office files that contain macros for malware distribution. However, attackers usually rely on Microsoft Word and Excel documents, not the XML (Extensible Markup Language) format.

Are you detecting these types of trojans?

Using Smart Phones to Improve Bank and Apple Pay Security

Recently, we've seen a lot of media coverage around Apple Pay being used for fraudulent activities by criminals with stolen identities and credit cards.

Image source: Article
Many of the articles highlight that fraud is stemming from a back door in the activation process called the “yellow path”. The yellow path is the process by which the bank can put the card activation on hold to do additional verifications.

Is your firm prepared to move beyond old fraud prevention technologies?
Post provided by:

Wednesday, March 4, 2015

How Same-Day ACH Transactions Will Affect Your Fraud Prevention Operations

by Damien Hugoo, Product Manager, Easy Solutions

The implementation of same-day Automated Clearing House (ACH) transactions has been getting a good amount of media attention lately. American Bankers Association (ABA) believes that widespread adoption of same-day ACH transactions represents a fundamental step to promote faster payments across the entire industry.

Image source: Article
Initial reaction has been that same-day settlement will pinpoint fraud more rapidly and as a result, customers will be alerted quicker. While part of this is true, there is major work to be done to pinpoint fraud faster.

In terms of fraud operations, right now most banks processes have a 2-day timeframe to tell the Federal Reserve that they want to return the ACH debit. With Same-Day ACH, banks will be forced to reengineer their entire fraud program and compress all their current processes into the 2-hour window. Subsequently, all ACH fraud prevention processes will have to start to be automated for those transactions.

Is your credit union prepared for these changes?

For information about real-time transaction monitoring download this whitepaper: An Introduction to Transaction Anomaly Detection.

Post provided by:

Tuesday, March 3, 2015

Apple Pay a haven for 'rampant' credit card fraud, say experts

Apple and its banker pals may have inadvertently lowered the barrier to credit card fraud by adding pay-by-wave technology to iPhones, security experts fear.

Image source: Article
Payment cards can be added to Apple Pay by taking a photo of the card, and allowing a device to run optical character recognition over the image to fill out the long card number, expiry dates and other details. These numbers can be entered manually, so physical access to a card is not needed.

Are you an early adopter putting your members at risk?

Monday, March 2, 2015

Brian Panicko demos CellTrust SecureLine for Good

With the integration of CellTrust SecureLine for Good and Good Work, financial advisors, agents, analysts, brokers and wealth managers can seamlessly and securely access corporate email, make secure phone calls to business contacts, and send secure text messages all from their personal device.

Because the employees’ personal devices are equipped with a second mobile business number, business and personal communications are kept separate and private.

Go to to learn more about CellTrust SecureLine for Good for financial services organizations. Alternatively, if you're ready, give the app a try.

Mobile Security By The Numbers

As ubiquity of mobility paired with the availability of cloud continues to drive major technological disruptions within just about every type of enterprise transacting business today, CIOs and CISOs are increasingly put on notice to incorporate mobile into their security plans or risk irrelevance.

Image source: Article
Over the past several months, numerous surveys and studies have done a good job offering up some statistical proof points about the scope of the mobile security dilemma.

Read the article to see a collection of salient stats, including: