The financial services industry is in the midst of sweeping change. Earlier this year, we saw one of the latest shifts with the introduction of the European Union's revised Payment Services Directive (PSD2). PSD2's Strong Customer Authentication (SCA) section requires two factors for authentication.
Financial...
Traditional Authentication is not a standalone fraud killer. One Time Passwords, Biometrics, Mobile Authentication via PUSH or SMS, these technologies by themselves are being subverted by new attacks. 15 years ago, with FFIEC guidance, One Time Passwords reduced fraud by themselves by over half. Today, new forms of...
In June, Maryland authorities used facial recognition capabilities to comb through 10 million images and identify Jarrod Ramos, the suspect in the Capital Gazette shooting, which left five people dead. One public safety official described the technology as "a valuable tool for fighting crime."
But what are the...
Data encryption, advanced authentication, digital signing and other cryptography-based security functions have come to play a vital role in organizations' cybersecurity and regulatory compliance initiatives.
To secure their digital assets effectively, organizations must protect their cryptographic keys, much like...
As businesses evolve to support a complete digital experience, a challenge has emerged to one of the most basic questions of doing business: How can I truly trust I know my customer?
In the world of data breaches and identity theft, legacy programs of identity proofing and authentication do not instill a high level...
Technology, regulations and customer expectations all have evolved, but what does this mean for how organizations secure identities?
This evolution has proven to be a two-sided coin, particularly for financial institutions. It's not only allowing financial institutions to offer new, innovative products where...
According to a recent report, The Identity Fraud Study, released by Javelin Strategy & Research, it showed in 2015, there were more than 1.5 million new account fraud victims that accounted for losses of $2.8 billion. This number increased by 40% in 2016, and there is no reason to believe that this trend is stopping...
Despite the known risks, passwords remain the most common method of user authentication. The increased number of apps employees need for their jobs, coupled with the effort required to migrate to new authentication technologies, means that pros need to plan for password coexistence. EPMs help manage passwords until...
If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
By exploring the answers to a series of novel questions (e.g. what do mobile payments and driverless cars have in common?), this talk will illustrate new approaches to preventing and stopping fraud by first illustrating the paradoxes of applying traditional approaches to a variety of new and emerging use cases (cloud,...
As of Q1 2018, the global cybersecurity community finds themselves inundated with both internal and external advanced threat actors who are stealthier, more resilient and sadly, more effective than they have ever been before. Many organizations are coming to terms with deciding whether their security posture is...
With advances in big data, artificial intelligence, machine learning and more, healthcare is primed to innovate. But do HIPAA, GDPR and other regulatory standards inhibit the ability to innovate? Scott Whyte of ClearDATA discusses healthcare's complex convergence of innovation and compliance.
The endpoint security market continues to expand with vendors old and new marketing their solutions as "next-generation" game-changers. However, closer inspection reveals that many new solutions have been built on old platforms, many of which still rely heavily on signature-based detection and obsolete architecture....
Transport Layer Security (TLS), if implemented correctly, can ensure that no third party will tamper with a sensitive email message. The Challenge? Mandatory TLS is cumbersome, costly, and time consuming. Opportunistic TLS cannot ensure the sensitive email is actually sent securely. Read more in our e-Book about the...
The financial industry continues to be a high-risk target for fraud, primarily fueled by the sale of stolen credentials, account numbers, pins, and personal and financial information.
While larger financial institutions have dedicated in-house teams and sophisticated technologies in place to detect incidents,...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.