Fraud expert Ori Eisen says banks spend too much time reacting to ACH fraud, rather than trying to stop it. Now that the FFIEC's new online authentication guidance is official, banks must focus on eliminating outdated solutions and moving toward automated solutions for device identification and log analysis.
Dave Jevans of the Anti-Phishing Working Group says most U.S. banking institutions are ill-equipped to fight 2011's latest and greatest security threats, including automated malware.
Greg Rattray, VP of Security at BITS, says we can't necessarily stop the spread of dangerous malware like Zeus, but banking institutions can do a better job of mitigating the risk and damage that follow such an attack.
"Simple passwords alone do not provide sufficient commercially reasonable security," says Jim Payne of fraud victim Choice Escrow. "Where is the principle of doing what is right and just?"
Six months after Michigan-based Experi-Metal Inc. sued Comerica Bank after a breach that resulted in $1.9 million in ACH and wire fraud, a U.S. District Court has favored the commercial customer.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
Information Security Media Group announces the launch of FFIEC Authentication Guidance, a resource center dedicated to providing in-depth news and views on the pending online authentication guidance.
"I'd like to make sure our recommendations fit with what the FFIEC is recommending, to continue to help us mitigate risk," says Michael J. Wyffels, SVP and CTO of QCR Holdings Inc. "But the hackers seem to continue to find new ways to exploit vulnerabilities."
Strong authentication, using both fact-based and behavioral-based fraud detection solutions, should be part of every financial institution's layered security approach, says Reed Taussig, CEO of ThreatMetrix.
David Navetta, an attorney who specializes in IT security and privacy, says the magistrate's recommendation, if accepted by the judge, could set an interesting legal precedent about the security banks are expected to provide for commercial customers.
Authentication expert Steve Dispensa says banking institutions need to realign their authentication infrastructures to include a mix of in-band and out-of-band measures.
For nearly two years, banks and businesses across the U.S. have been plagued by a wave of corporate account takeover. And while there's no one answer, Texas bank examiner Phillip Hinkle sees ways that institutions can better detect and prevent these crimes.
New authentication guidance, when it is passed down, needs more attention on mobile, says Fraud Red Team's David Shroyer,a former Bank of America security executive.
Payment card fraud. ACH and wire transfers. ATM skimming. And especially insider crimes. These are among today's top information security threats to institutions, says banking regulator Gigi Hyland in an exclusive interview.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.
