ThreatMetrix's Taussig says strong authentication should be part of every financial institution's layered security approach. And according to expected changes to the Federal Financial Institutions Examination Council's 2005 online authentication guidance, that means proven measures to enhance device identification.
BITS and the ABA are interested in managing future domains affiliated with bank brands and financial interests. If approved, their domain oversight would allow them to control certain domain names registrations.
When it comes to hot topics, they don't get hotter than authentication, cloud computing and IT governance - all of which I've discussed at length in recent interviews with industry thought-leaders. Let's review some highlights from these conversations.
In the wake of recent data breaches, industry experts fear that consumers and employees alike will start exhibiting signs of "breach fatigue" and treat such incidents apathetically. Here are tips for how to ward off apathy.
ThreatMetrix's Taussig says device identification must be part of layered security measures. Banking regulators want financial institutions to deploy multiple layers of online security. But what does that expectation mean when it comes to investments in fraud detection?
Bankers aren't waiting for the FFIEC to act on the release of its updated online authentication. Instead, they've already begun to comply with the major points recommended in the draft. And the death of Osama bin Laden has heightened concerns terrorists' efforts to launder money through legitimate banking channels.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
ID fraud prevention requires partnership, and according to Javelin, the future of fraud-detection should be built around integrating a bank's back-end solutions with the fraud-prevention and detection solutions in which consumers are already investing.
In the absence of the FFIEC's new guidance, industry experts say banks need to act now to help mitigate online risks associated with commercial accounts. "You can be sure the attacks won't abate until banks fight back," says Gartner's Avivah Litan.
Between March 2010 and April 2011, 20 incidents of wire fraud hit small and mid-sized U.S. businesses. All of the transactions involved payments routed to Chinese economic and trade companies located near the Russian border.
A U.S.-based hacker just pleaded guilty to stealing more than 675,000 credit cards that led to more than $36 million in fraud. "These SQL injections are allowing someone in through the side fence, not the front door," says information security attorney Randy Sabett.
"We took our understanding of the tools, tradecraft and techniques used by these malicious actors, and converted it into actionable information that ... would lower their risk to the type of attack we saw at RSA," DHS Secretary Janet Napolitano says.