CU InfoSECURITY News Providing a brief summary of news and information related to security issues for credit unions - Plus some interesting and fun web sites.
(Click on photos to enlarge)
Wednesday, April 30, 2008
Credit Union Security Conference Set for Las Vegas, June 5-6
Come learn about the latest security trends affecting credit unions while relaxing in luxurious comfort. Your hotel room is included in your conference registration fee! We have negotiated a great rate at the JW Marriott Resort & Spa to bring you the best conference value offered to the credit union movement. Come hear nationally renowned speakers covering a wide range of security issues facing credit unions today. Register now.
.
The JW Marriott Las Vegas Resort is a luxury hotel in Summerlin, Nevada overlooking the Las Vegas strip. The hotel is set against the crimson canyons and rugged cliffs of Red Rock. Guests can enjoy the Mediterranean style spa, championship quality Las Vegas golf courses and several restaurants that epitomize Las Vegas dining. Complete with luxury and sophistication, this resort redefines the Las Vegas hotel experience.
Register now and receive 2-FREE nights lodging.
URGENT! Room block is filling up
and just a limited number of rooms
are available.
Make your reservations today!
Full details, agenda, registration
June 5-6, 2008
.
.
Tuesday, April 29, 2008
In Case You Did Not Know
The following companies just filed for Bankruptcy:
Hollywood Video**
Levitz**
Sharper Image
Performance Team Freight
Linens n Things
Circuit City
If you have gift cards from the above list use them ASAP, they will not be valid for much longer.
**actually have already closed doors....
Hollywood Video**
Levitz**
Sharper Image
Performance Team Freight
Linens n Things
Circuit City
If you have gift cards from the above list use them ASAP, they will not be valid for much longer.
**actually have already closed doors....
Friday, April 25, 2008
Search Engines Other Than Google
Few would argue that Google is set for a fall anytime soon. Here’s a look at a few other search engines taking on Google.
Hakia (ask a question)
http://www.hakia.com
ChaCha (search with human elements)
http://www.ChaCha.com
Top Ten Wholesale (all wholesale merchandise)
http://www.toptenwholesale
Zillow (real estate)
http://www.zillow.com
Kayak (travel, flights, hotel, etc.)
http://www.kayak.com
Live (web, images, news, maps, more)
http://www.live.com
Ask (ask a question)
http://www.ask.com
Hakia (ask a question)
http://www.hakia.com
ChaCha (search with human elements)
http://www.ChaCha.com
Top Ten Wholesale (all wholesale merchandise)
http://www.toptenwholesale
Zillow (real estate)
http://www.zillow.com
Kayak (travel, flights, hotel, etc.)
http://www.kayak.com
Live (web, images, news, maps, more)
http://www.live.com
Ask (ask a question)
http://www.ask.com
Thursday, April 24, 2008
CUNA Survey Finds IT Security atop Spending List
A new CUNA survey finds that security should continue to lead the way in credit union IT budgets over the next three years.
Forty-seven percent of 581 respondents cited IT security as one of their top three technology spends, followed by business continuity planning at 39% and risk management compliance / automation and expanding e-commerce activities tied at 34%.
The responses to the 2008-2009 CUNA Technology and Spending Report came from 3,000 credit unions with $1 million or more in assets invited to participate in the survey, conducted online and by mail from November 2007 to January 2008.
Forty-seven percent of 581 respondents cited IT security as one of their top three technology spends, followed by business continuity planning at 39% and risk management compliance / automation and expanding e-commerce activities tied at 34%.
The responses to the 2008-2009 CUNA Technology and Spending Report came from 3,000 credit unions with $1 million or more in assets invited to participate in the survey, conducted online and by mail from November 2007 to January 2008.
Wednesday, April 23, 2008
Would-Be Mobile Payers State Their Case
Banks have been loudly criticized for getting mobile banking off on the wrong foot. Marketing messages have extolled the miracle of anytime, anywhere account-balance queries, or that life-or-death savings accounts funds transfer that can’t wait a half-hour ‘til the user gets home. By not pressing more about the benefits or possibilities of mobile payments, banks are wasting a crucial period to acclimate users to the non-card, cashless paradigm, argues Forrester ResearchForrester, which recently polled a multi-generational group on their mobile and online payments preferences, has some suggestions.
These customers consider mobile payments’ potential benefits would include time savings; not having to carry cash or writing checks, and greater convenience that credit/debit cards. The latter might be hard to quantify, but Forrester found in its survey that 43 percent think PayPal, Google Checkout and Bill Me Later easier to use than online credit cards.
While not mobile payment plays, “each does reinforce a potential benefit of mobile payments and allows customers to question the value of existing payment choices,” wrote lead analyst Emmett Higdon. When looking at payment options, banks could consider things like two-way actionable alerts (get a message about a bill; then reply to the bank to “pay bill”) and introducing text-delivered, one-time passwords to ratchet up security confidence in the end-user.
And there’s even room for improvement on the balance inquiry: think speed dial.
These customers consider mobile payments’ potential benefits would include time savings; not having to carry cash or writing checks, and greater convenience that credit/debit cards. The latter might be hard to quantify, but Forrester found in its survey that 43 percent think PayPal, Google Checkout and Bill Me Later easier to use than online credit cards.
While not mobile payment plays, “each does reinforce a potential benefit of mobile payments and allows customers to question the value of existing payment choices,” wrote lead analyst Emmett Higdon. When looking at payment options, banks could consider things like two-way actionable alerts (get a message about a bill; then reply to the bank to “pay bill”) and introducing text-delivered, one-time passwords to ratchet up security confidence in the end-user.
And there’s even room for improvement on the balance inquiry: think speed dial.
Paper (checks) or Plastic (cards)
We hear all the time that checks in Europe are dead, but according to a new study from Visa, they’re still on life support —but going fast.
Visa, in a survey it commissioned of retailers in Western Europe, found that more than 20 percent of retailers do not accept checks (er, “cheques”) – and predicts that in a trend hastened by the adoption of cards and mobile payments, 60 percent will no longer accept checks by 2015.
Up to three-quarters of merchants in Sweden, Norway, the Netherlands and UK will be passing on paper by then, according to the study from the Center for Retail Research. Contactless payments will have a major impact, with 32.7 percent of stores accepting phone-enabled payments; 26.4 percent accepting contactless cards; and 19.1 percent key fobs or tags.
Visa, in a survey it commissioned of retailers in Western Europe, found that more than 20 percent of retailers do not accept checks (er, “cheques”) – and predicts that in a trend hastened by the adoption of cards and mobile payments, 60 percent will no longer accept checks by 2015.Up to three-quarters of merchants in Sweden, Norway, the Netherlands and UK will be passing on paper by then, according to the study from the Center for Retail Research. Contactless payments will have a major impact, with 32.7 percent of stores accepting phone-enabled payments; 26.4 percent accepting contactless cards; and 19.1 percent key fobs or tags.
Ex-bank robber offers CUs advice on thwarting heists
Be aware, don't stare," is the best defense against robbery, former robber and now financial institution security expert Troy Evans told the Texas Credit Union League in Houston.
Evans was a former robber who committed crimes at banks and credit unions in several states. At the time of the robberies, Evans was a drug addict and needed money for his next fix, he said. Evans lost his wife and son because of his addiction, and he was desperate. He considered himself as in a "win-win" situation where he would either receive the money he wanted, or die in "suicide by police."
Because robbers are often addicted to drugs, it's hard to predict what they will do, Evans said. "It is imperative that you train your staff members to avoid being the hero if your credit union is robbed," he said.
Credit union staff should greet each person who walks in the door. The last thing a potential robber wants is for someone to make eye contact and start a conversation. The robber "will almost certainly walk out and find another institution to target," Evans added.
Lack of male presence also gives robbers the impression that financial institutions are vulnerable. A male should be present at all times. If that is not possible, one should be present on Friday mornings--when robberies are more likely to happen.
All credit union employees should sign a nondisclosure agreement. "I got away with it for so long because I dated a teller," he said.
Evans was a former robber who committed crimes at banks and credit unions in several states. At the time of the robberies, Evans was a drug addict and needed money for his next fix, he said. Evans lost his wife and son because of his addiction, and he was desperate. He considered himself as in a "win-win" situation where he would either receive the money he wanted, or die in "suicide by police."
Because robbers are often addicted to drugs, it's hard to predict what they will do, Evans said. "It is imperative that you train your staff members to avoid being the hero if your credit union is robbed," he said.
Credit union staff should greet each person who walks in the door. The last thing a potential robber wants is for someone to make eye contact and start a conversation. The robber "will almost certainly walk out and find another institution to target," Evans added.
Lack of male presence also gives robbers the impression that financial institutions are vulnerable. A male should be present at all times. If that is not possible, one should be present on Friday mornings--when robberies are more likely to happen.
All credit union employees should sign a nondisclosure agreement. "I got away with it for so long because I dated a teller," he said.
Monday, April 21, 2008
Use of online banking by Americans decreases
A study shows that the number of US customers who access online banking services at 10 most-visited online banks decreased in 2007 as compared to 2006. The number of customers who logged into a liquid deposit account (checking, savings, or money market account) registered an increase to 8.1 percent in Q4 2007, compared to a 9.5-percent growth rate in 2006.
In Q4 2007, the number of online bankers reached almost 47.3 million, reflecting a growth in comparison with the same period in 2006, when 43.7 million Americans logged on to a liquid online account. From Q2 2007 to Q3 2007, the number of internet banking customers who logged on decreased by almost 1 percent, the first quarterly decline that the industry faced in the past five years.
As far as customer satisfaction across financial service institutions is concerned, 72 percent of respondents (mostly in the younger age group of 24 to 44 years) declared that they are highly satisfied with services offered by banks, a 2 percent growth in number from 2007, 65 percent with services provided by credit card companies and 70 percent with brokerage firms' services.
Online banking customers are also interested in different new media services. 14 percent of respondents claim that they are interested in blogging, 25 percent are interested in chatting with the bank, 30 percent in personal financial management and 23 percent in having a widget that displays their account balance. The interest in mobile banking has grown to 25 percent in 2008, an increase by 2 percent from 2007. 61 percent of clients accessing mobile banking services claim that they would like to get account balance information via text messages and 57 percent by means of a mobile browser.
Nearly 53 percent had their financial statements delivered in a paperless format, while 46 percent prefer to have a hard copy of the statement for record-keeping and 38 percent want to have a paper bill as a reminder to make a payment.
In Q4 2007, the number of online bankers reached almost 47.3 million, reflecting a growth in comparison with the same period in 2006, when 43.7 million Americans logged on to a liquid online account. From Q2 2007 to Q3 2007, the number of internet banking customers who logged on decreased by almost 1 percent, the first quarterly decline that the industry faced in the past five years.
As far as customer satisfaction across financial service institutions is concerned, 72 percent of respondents (mostly in the younger age group of 24 to 44 years) declared that they are highly satisfied with services offered by banks, a 2 percent growth in number from 2007, 65 percent with services provided by credit card companies and 70 percent with brokerage firms' services.
Online banking customers are also interested in different new media services. 14 percent of respondents claim that they are interested in blogging, 25 percent are interested in chatting with the bank, 30 percent in personal financial management and 23 percent in having a widget that displays their account balance. The interest in mobile banking has grown to 25 percent in 2008, an increase by 2 percent from 2007. 61 percent of clients accessing mobile banking services claim that they would like to get account balance information via text messages and 57 percent by means of a mobile browser.
Nearly 53 percent had their financial statements delivered in a paperless format, while 46 percent prefer to have a hard copy of the statement for record-keeping and 38 percent want to have a paper bill as a reminder to make a payment.
Fraudsters Still Find the Phishing Fine
Credit unions continue to attract the attention of phishers, according to the RSA Anti-Fraud CommandCenter.
The 7/24 monitoring/takedown operation of RSA Security said that 42% of American credit unions were targeted in March, compared with 35% of regional U.S. banks and 23% of nationwide banks.
Meanwhile, the so-called Rock Phish gang continues to drain tens of millions of dollars from bank accounts globally, RSA said, and accounts for more than 50% of phishing attacks worldwide.
The group uses a variety of well-known techniques in combinations that have helped it infiltrate thousands of e-mail servers, RSA said.
The 7/24 monitoring/takedown operation of RSA Security said that 42% of American credit unions were targeted in March, compared with 35% of regional U.S. banks and 23% of nationwide banks.
Meanwhile, the so-called Rock Phish gang continues to drain tens of millions of dollars from bank accounts globally, RSA said, and accounts for more than 50% of phishing attacks worldwide.
The group uses a variety of well-known techniques in combinations that have helped it infiltrate thousands of e-mail servers, RSA said.
Saturday, April 19, 2008
Financial Institutions Evaluate BiometricsApr
In a bid to boost security in the financial services industry, ISO, the world's largest developer of international standards, recently issued a new biometrics standard for financial firms.
Citing the trillions of dollars in daily transactions that "expose the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data," ISO pointed to "a strong need for an ironclad authentication method" as a driver behind the new biometrics standard.
The new ISO standard presents architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations for biometric solutions. Biometrics includes technologies such as fingerprinting (many new IBM laptops feature fingerprint scanners); voice identification; iris recognition; hand geometry analysis, which measures various points on the hand and examines how the length of one finger relates to your other fingers; and vein recognition, which uses a light source to examine an individual's specific palm vein pattern.
~~~~~~~~~~~~~
This is an interesting article on biometric identification security. Click here to read more: http://www.wallstreetandtech.com/regulatory-compliance/showArticle.jhtml;jsessionid=DYD3MT23K1MAUQSNDLRSKH0CJUNN2JVN?articleID=207200167&_requestid=490501
or
http://tinyurl.com/5yw76d
Citing the trillions of dollars in daily transactions that "expose the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data," ISO pointed to "a strong need for an ironclad authentication method" as a driver behind the new biometrics standard.
The new ISO standard presents architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations for biometric solutions. Biometrics includes technologies such as fingerprinting (many new IBM laptops feature fingerprint scanners); voice identification; iris recognition; hand geometry analysis, which measures various points on the hand and examines how the length of one finger relates to your other fingers; and vein recognition, which uses a light source to examine an individual's specific palm vein pattern.
~~~~~~~~~~~~~
This is an interesting article on biometric identification security. Click here to read more: http://www.wallstreetandtech.com/regulatory-compliance/showArticle.jhtml;jsessionid=DYD3MT23K1MAUQSNDLRSKH0CJUNN2JVN?articleID=207200167&_requestid=490501
or
http://tinyurl.com/5yw76d
Thursday, April 17, 2008
Internet Scams Cost Consumers $240M
The number of reported Internet scams was down last year in comparison to past years, but the dollar amount lost was up by $40 million, to a new high of $240 million, according to a government report that used data gathered from the Internet Crime Complaint Center. Other statistics from the report indicate an increase in ploys that involved pets, check cashing, and online dating.Furthermore, the amount lost by males was on average higher than females, and the overall amount lost increased with age.
Monday, April 14, 2008
By 2010 US mobile banking users to reach 21.27 million-study
A study reveals that by 2010 the number of users who access mobile banking services will reach 21.27 million in US. The initiative coming from mobile payments and mobile banking provisioners to roll out favourable options for those customers who need access to financial services while on the move is expected to bring improvements to the financial services industry. Nevertheless, these provisioners must face the challenge of gaining subscribers' confidence and educating them on the capabilities of mobile financial services offerings.
Integrated mobile banking and payments services have enough potential to become dominant future trends on the market. Despite the fact that this market may still be divided into mobile payments and mobile banking verticals, future developments could fill this gap by incorporating these functionalities being within a single application from an end-user perspective.
Another report conducted by Boston-based consultancy Aite predicts that mobile banking numbers will increase from 1.6 million in 2007 to 35 million by 2010.
The study was published by research house Frost & Sullivan.
Integrated mobile banking and payments services have enough potential to become dominant future trends on the market. Despite the fact that this market may still be divided into mobile payments and mobile banking verticals, future developments could fill this gap by incorporating these functionalities being within a single application from an end-user perspective.
Another report conducted by Boston-based consultancy Aite predicts that mobile banking numbers will increase from 1.6 million in 2007 to 35 million by 2010.
The study was published by research house Frost & Sullivan.
Stolen bank account data was most advertised item on the internet black market in 2007
In the second half of 2007, stolen bank account details were the most frequently advertised items on the internet black market, states a report. The advertised price for bank account data varied between USD 10 and USD 1000, depending on the location and funds available in the account. According to the report, bank accounts that included higher balances were advertised for much higher prices.
Credit cards were the second most advertised by online fraudsters on underground websites. Criminals were selling 50 credit card numbers for USD 40 (EUR 0.8 each) and 500 numbers for USD 200 (EUR 0.4 each). The report says the bulk rates advertised in the second half of 2007 were lower than those advertised in the first half of 2007, when the lowest purchase price was USD 100 for a package of 100 credit card numbers.
The report shows that full identities were the third most common item advertised for sale on the black market. Identities of EU citizens were more expensive than American ones.Other report findings show a rise in the number of computers hosting phishing websites in the second half of 2007.
There are mentioned 87,963 phishing hosts during the period, up 167 percent on the first six months of 2007. Banks were most targeted by phishers, with 80 percent of brands targeted by attacks during the study period. During the last six months of 2007, 66 percent of phishing websites targeted the financial services sector, down from 72 percent registered in the first half of 2007.
Even though six of the top ten brands targeted by phishers were in the financial sector, the report mentions that the second most frequently attacked brand was a social networking website.
Credit cards were the second most advertised by online fraudsters on underground websites. Criminals were selling 50 credit card numbers for USD 40 (EUR 0.8 each) and 500 numbers for USD 200 (EUR 0.4 each). The report says the bulk rates advertised in the second half of 2007 were lower than those advertised in the first half of 2007, when the lowest purchase price was USD 100 for a package of 100 credit card numbers.
The report shows that full identities were the third most common item advertised for sale on the black market. Identities of EU citizens were more expensive than American ones.Other report findings show a rise in the number of computers hosting phishing websites in the second half of 2007.
There are mentioned 87,963 phishing hosts during the period, up 167 percent on the first six months of 2007. Banks were most targeted by phishers, with 80 percent of brands targeted by attacks during the study period. During the last six months of 2007, 66 percent of phishing websites targeted the financial services sector, down from 72 percent registered in the first half of 2007.
Even though six of the top ten brands targeted by phishers were in the financial sector, the report mentions that the second most frequently attacked brand was a social networking website.
Friday, April 4, 2008
Microsoft: June 30 Windows XP cut-off set in stone
Microsoft made it official on April 3: There will be no new reprieves for Windows XP (other than on Ultra Low-Cost PCs).
Some customers and partners had been hoping the company might extend again the deadline for all PC makers to be allowed to preload Windows XP, rather than Windows Vista, on new PCs. But today, Microsoft officials said the current June 30, 2008 cut-
off date would remain in place for the vast majority of machines.
The one new exception, as some were anticipating, are Ultra Low-Cost PCs (ULPCs), which Microsoft defines as systems like the Asus Eee and Intel Classmate — “significantly more restricted hardware with less expensive processors and more limited graphics capabilities. ULPCs should not be confused with the higher-priced and more robust UMPCs, or Ultra-Mobile PCs (a k a “Origami” devices); Microsoft is continuing to encourage UMPC makers to build their systems around Vista.
As Microsoft officials announced on April 3, makers of ULPCs will be allowed to continue to preload XP on ULPC machines until June 30, 2010, or one year after general availability of the next version of Windows, whichever comes first, according to Microsoft.
(Microsoft has said that its target delivery date for Windows 7, the next version of Windows, is some time in 2010.)
Click here for the rest of the story: http://blogs.zdnet.com/microsoft/?p=1312&tag=nl.e539
Some customers and partners had been hoping the company might extend again the deadline for all PC makers to be allowed to preload Windows XP, rather than Windows Vista, on new PCs. But today, Microsoft officials said the current June 30, 2008 cut-
off date would remain in place for the vast majority of machines.The one new exception, as some were anticipating, are Ultra Low-Cost PCs (ULPCs), which Microsoft defines as systems like the Asus Eee and Intel Classmate — “significantly more restricted hardware with less expensive processors and more limited graphics capabilities. ULPCs should not be confused with the higher-priced and more robust UMPCs, or Ultra-Mobile PCs (a k a “Origami” devices); Microsoft is continuing to encourage UMPC makers to build their systems around Vista.
As Microsoft officials announced on April 3, makers of ULPCs will be allowed to continue to preload XP on ULPC machines until June 30, 2010, or one year after general availability of the next version of Windows, whichever comes first, according to Microsoft.
(Microsoft has said that its target delivery date for Windows 7, the next version of Windows, is some time in 2010.)
Click here for the rest of the story: http://blogs.zdnet.com/microsoft/?p=1312&tag=nl.e539
Wednesday, April 2, 2008
Customer Satisfaction: Could Your Credit Union Do This?
Empowering employees to make a difference
The Ritz Carlton gives each and every employee $2,000 worth of discretionary funds that they're allowed to use in order to make their customers happy and solve disputes. Why? Because it’s part of their culture and a mission that says, “We are ladies and gentlemen serving ladies and gentlemen.”
Just imagine, every employee is empowered to provide instant resolution to any guest’s problem, without the need to get a supervisor’s approval, spending up to $2,000! As I said, it begins at the top. But in every case we talked about top management wasn’t involved much at all. It’s the employees who made the call.
So, hire people who support your core values. Go beyond the resume and look for examples of how candidates care for customers, clients and even strangers. Who knows, you may even have your own legendary story of customer service in the making.
And if you’re looking for a business reason of why customer service is so important, I’ll leave you with this statistic:
One satisfied customer tends to tell one person about their experience. And unfortunately, one very dissatisfied customer will tell eight people. But here’s the good news: one very satisfied customer will tell six people about their experience.
The Ritz Carlton gives each and every employee $2,000 worth of discretionary funds that they're allowed to use in order to make their customers happy and solve disputes. Why? Because it’s part of their culture and a mission that says, “We are ladies and gentlemen serving ladies and gentlemen.”
Just imagine, every employee is empowered to provide instant resolution to any guest’s problem, without the need to get a supervisor’s approval, spending up to $2,000! As I said, it begins at the top. But in every case we talked about top management wasn’t involved much at all. It’s the employees who made the call.
So, hire people who support your core values. Go beyond the resume and look for examples of how candidates care for customers, clients and even strangers. Who knows, you may even have your own legendary story of customer service in the making.
And if you’re looking for a business reason of why customer service is so important, I’ll leave you with this statistic:
One satisfied customer tends to tell one person about their experience. And unfortunately, one very dissatisfied customer will tell eight people. But here’s the good news: one very satisfied customer will tell six people about their experience.
Subscribe to:
Posts (Atom)
