Friday, January 30, 2015

North American bank IT spending climbs as firms invest in external services

Banks in North America are ramping up IT spending on retail banking services and digital channels this year, with total IT spend expected to reach $64.8 billion by 2016. The figures represent a 4.5% increase this year, as financial institutions increasingly turn to external software provider and specialists to bolster their abilities.

Image source: Article
IT security is expected to prove quite a struggle for banks in the coming years, as banks are effectively locked in an endless battle with fraudsters.

Where will your spending be focused in 2015?

Data Breaches Affect Credit Unions More Compared to Large Banks

The breach of data at retailers like Staples, Target and Home Depot have a crippling effect on the member services of the credit unions, namely as the expense of ensuring the privacy of customers post breaches is the responsibility of non-profit financial institutions. As one example, the Desert School Credit Union, in 2013, was forced to reissue about 40,000 credit and ATM cards after a data breach.

Image source: Article
CUNA, which claims to represent almost 90 percent of total US credit unions numbering almost 6,700, has plans to push the issue to the Congress and also seek the legislation to protect the values of members. The Dodd-Frank legislation also impacts the credit unions.

What is your position on this legislation?

Thursday, January 29, 2015

Spike in Fake ID Schemes Confounds Banks' Fraud Filters

Identity fraud, especially so-called synthetic schemes that use completely or partly made-up identities, is on the rise and hitting banks hard. Using new techniques, hackers can stitch digital data together and sell it on the black market as a fully emulated debit card that allows an individual to walk up to an ATM, enter the PIN and withdraw cash.

Image source: Article
It is hard to measure the frequency of synthetic ID fraud, in large part because "there’s no self-reporting victim," notes Richard Parry, a consultant and a former security executive at JPMorgan Chase, Citigroup, and Visa.

Credit unions have an obligation to "know their customer". What is your firm doing to identify and combat identity theft and fraud for your members?

Wednesday, January 28, 2015

'Masquerading': New Wire Fraud Scheme

A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.

Image source: Article
Once inside and posing as company executives, the criminals could send e-mails to the bank to request wire transfers from the business's account to a bogus account.

Is your firm susceptible to this attack?

Monday, January 26, 2015

Heartbleed Alert: Vulnerability Persists

The Heartbleed bug remains present on about 250,000 servers and other systems that connect to the Internet. Multiple security experts say that while they don't have the means to independently verify them, the continuing prevalence of Heartbleed bugs in systems does not surprise them.

Image source: Article
Heartbleed was fixed with OpenSSL version 1.0.1g, which was released on April 7, 2014, after which many enterprises went into furious patching mode, beginning with their OpenSSL-using Apache servers.

Have you addressed the Heartbleed bug yet?

Friday, January 23, 2015

When good security advice...isn't

Have you ever had one of those moments, while discussing security techniques with other clueful individuals, where one of you confesses to disagreeing with a common piece of advice? While it may be completely logical that you must account for context when giving appropriate advice, sometimes we may forget that we must also do this when we’re discussing security.

Image source: Article
Perhaps we should be asking ourselves more specific questions when we give others security decrees.

Is there any piece of common security advice that you find you disagree with?

Wednesday, January 21, 2015

AppSec California Top-Notch Training - Register Today and Save

Held again at the Annenberg Community Beach House on a fantastic stretch of beautiful Santa Monica beachfront property, AppSec California 2015 is sure to be a huge success as it’s bringing together multiple security experts from the likes of Veracode, LinkedIn, Twitter, Cigital, NCR, Qualcomm, Bugcrowd, Salesforce.com, and HackerOne. The speakers are all revved up and ready to getting us all thinking about our own contributions to information security as they engage with us during the West Coast’s leading InfoSec event.

Use the code sean25 and save 25% off training!
Register for the event
Image source: AppSecCali

And, if you sign up for a training, you will get another code for 50% off of the conference!

The breadth and depth of training and content available is sure to draw in huge crowds, likely topping the nearly 300 information security attendees from last year’s event. According to the event’s organizers, we can expect to see even more senior executives, technical experts, and information security practitioners participating this year.

Regardless of your role, you’ll find a plethora of content to be discussed and knowledge to be gained. Want to see more than what I’ve highlighted here? The full agenda can be viewed at https://2015.appseccalifornia.org/schedule/.

If you are interested in attending the event, be sure to register here (http://re4.ms/AppSec15). And, don't forget to use the sean25 savings code.

We hope to see you there!

Protecting Your Agile Data Center: You Can't Fight the New War With Old Tools

Data infrastructure and function has experienced a paradigm shift with the enterprise progressing steadily in the age of cloud, apps and mobility, marking the end of the “perimeter” era for the computing environment.With the proliferation of the cloud, mobile, and Internet of Things (IoT), information continues to be virtualized and mobilized, and blind spots unknowingly created, sitting undetected and vulnerable to new attack vectors.

Image source: Wikipedia
While most security technologies have not evolved over the past decade to meet this need, new cloud-based security technologies designed for the virtual, mobile and automated environments will protect data that old solutions fail to even see.

Is your firm ready for the next frontier?

Tuesday, January 20, 2015

10 Mobile Predictions For 2015

It’s always interesting to review and compare the concepts and product announcements presented at CES to my predictions. After nearly a week of gadget heaven, I can firmly state that nothing revealed at the show has changed my perspective.

Image source: Article
Prediction No. 1: 2015 will be the year of the enterprise mobile app and enterprise micro apps will grow into richer apps.

Be sure to read the remaining 9 predictions from Maribel Lopez!

Monday, January 19, 2015

Credit Union Deploys First Video Teller in Idaho

Pioneer Federal Credit Union in Mountain Home, Idaho, has deployed video teller technology to its ATMs, presumably the first financial institution in Idaho to deploy the virtual teller technology. Tellers will be able to use interactive video technology to take control of two new ATMs at the credit union's Boise branch, which recently opened. NCR Corporation of Duluth, Ga., will support the terminals.

Image source: Wikipedia
Video collaboration and transaction processing can both reduce operating costs by centralizing tellers across multiple branches, while still connecting customers and tellers in a face to face, highly personal engagement. NCR Interactive Teller helps free branch staff to focus on the service needs of customers visiting the branch.

Do you plan to use remote assisted service to bring a unique and efficient banking experience to their customers – without losing that human touch>

Thursday, January 15, 2015

Six More Credit Unions on Apple Pay

Six more credit unions are now live in Apple Pay, bringing the total number in the industry to 15. Newcomers included the $550 million Consumers Credit Union in Kalamazoo, Mich., the $2.6 billion Virginia Credit Union in Richmond, Va., the $672 million Cyprus Credit Union in West Jordan, Utah, the $1.7 billion Fairwinds in Orlando, Fla., the $4 billion Mountain America Credit Union in West Jordan, Utah, and the $1.2 billion Partners Federal Credit Union in Burbank, Calif.

Image source: Wikipedia
Less than two dozen banks are now live in Apple Pay. Among them are Chase, Bank of America, Citi, and Wells Fargo.

Is your firm planning to support Apple Pay?

The Making of a Cybercrime Market

How two underground entities surfaced, battled, aligned, and ultimately extracted billions from some of the world’s largest financial institutions via unsuspecting, everyday banking client victims.

Image source: Article
As the events described unfolded, we begin to see into the business minds of the cybercriminals they described. This article looks at the how the business was formed, how it grew, and captures a list of best practices and lessons learned.

Don't miss this script-worthy story that is rooted in reality.

Bank Fraud Toolkit Circumvents 2FA & Device Identification

Another user-friendly attack toolkit is on the market, and it's perfect for the budding Brazilian banking fraudster. It's got an attractive, user-friendly interface that includes a "start phishing" button. And it effectively circumvents both two-factor authentication and device identification protections.

Image source: Article
The toolkit is distributed by being embedded in other malware. It comes preloaded with a list of targeted banking URLs. When the infected user visits one of those sites, the malware operator gets an alert and can then decide whether or not to proceed with an attack.

If the toolkit surfaces in English, is your firm prepared to detect the toolkit that leverages a malware infection, the use remote access tools, abnormal browser patterns, or other abnormal transactions?

Credit Union Watchdog Shoots Down Data Encryption Rule

Even after suffering a data breach, the organization in charge of overseeing the needs of credit unions has cast off the idea of implementing a rule mandating the use of encryption for data transfers.

Image source: Article
It’s expected the NCUA will make further decisions regarding shoring up its security as soon as its Inspector General concludes his look at the incident.

What is your firm's position on this topic?