It's been nearly two years now since the corporate account takeover spree began. So, what exactly are the courts, institutions and the financial services industry doing today to prevent further incidents of fraud?
ThreatMetrix's Taussig says strong authentication should be part of every financial institution's layered security approach. And according to expected changes to the Federal Financial Institutions Examination Council's 2005 online authentication guidance, that means proven measures to enhance device identification.
In the wake of recent data breaches, industry experts fear that consumers and employees alike will start exhibiting signs of "breach fatigue" and treat such incidents apathetically. Here are tips for how to ward off apathy.
Bankers aren't waiting for the FFIEC to act on the release of its updated online authentication. Instead, they've already begun to comply with the major points recommended in the draft. And the death of Osama bin Laden has heightened concerns terrorists' efforts to launder money through legitimate banking channels.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
In the absence of the FFIEC's new guidance, industry experts say banks need to act now to help mitigate online risks associated with commercial accounts. "You can be sure the attacks won't abate until banks fight back," says Gartner's Avivah Litan.
Between March 2010 and April 2011, 20 incidents of wire fraud hit small and mid-sized U.S. businesses. All of the transactions involved payments routed to Chinese economic and trade companies located near the Russian border.
Gigi Hyland, board member of the National Credit Union Administration, says the latest draft of authentication guidance is awaiting final signoff from just one member agency of the Federal Financial Institutions Examination Council.
Banking/security leaders aren't crazy about banking regulators telling them they could have done a better job detecting ACH fraud, and they're eager for more specific guidance on what to do going forward.
Recent incidents of corporate account takeover have pushed regulators, associations and practitioners to call for greater awareness and more collaboration between commercial customers and banks. But is there an ROI to enhanced awareness?