"We're continually testing our controls and the effectiveness of our controls. We do a lot of emerging-threats monitoring ... so we can react," says First Niagara's Joe Rogalski.
A California judge handed down a 12-year prison sentence to a phisher who stole financial details from more than 38,000 online accountholders. Observers say the sentence signals a changing attitude about the severity of cybercrimes.
Corporate account takeover events are reigniting the debate between banks and their former commercial customers, about everything from fraud liability and the "good faith" standard to commercially reasonable security.
The fight against cyberattacks is a top priority for financial institutions, and industry insiders are optimistic about President Obama's plan to thwart cyberattacks that lead to corporate account takeover and other forms of fraud.
The Fed's ruling on interchange cuts mandated by the Durbin Amendment will aid fraud prevention and could accelerate a move to chip-based payments, says Randy Vanderhoof, director of the Smart Card Alliance.
"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
"Simple passwords alone do not provide sufficient commercially reasonable security," says Jim Payne of fraud victim Choice Escrow. "Where is the principle of doing what is right and just?"
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
Authentication expert Steve Dispensa says banking institutions need to realign their authentication infrastructures to include a mix of in-band and out-of-band measures.
ID fraud prevention requires partnership, and according to Javelin, the future of fraud-detection should be built around integrating a bank's back-end solutions with the fraud-prevention and detection solutions in which consumers are already investing.
FDIC warns of phishy e-mails hitting business owners. The fraudulent e-mails purport to be from the banking regulator, claiming to have important information about business bank accounts.
Online security has come a long way in recent years, but so have phishing attacks. As the Epsilon e-mail breach proves, fraudsters are honing their attacks through the acquisition detailed e-mail profiles and sensitive information connections, says ID security expert Tim Rohrbaugh.
"The phishing only works if the consumer participates; they have to click on something; they have to open something," says Neal O'Farrell of the Identity Theft Council. "So, based on that assumption, shouldn't we be doing more to educate them?"
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.