When it comes to information security risks to retail and commercial customers, awareness and education programs have been much like the proverbial weather. Many institutions talked about these programs, but few implemented successful ones.
But now, with the advent of the 2011 supplement to the FFIEC Authentication Guidance, banking regulators are putting institutions on notice that they now will be examined on the efficacy of their customer education programs.
In part, this new emphasis is in response to the recent spate of ACH/wire fraud incidents, which defrauded unsuspecting commercial customers - many of whom did not realize their losses were not automatically reimbursed by the institutions.
The new guidance calls for customer awareness and educational efforts tailored for retail and commercial account holders and, at a minimum, to include these elements:
An explanation of protections provided - and not provided - to accountholders;
An explanation of how and why the institution might contact a customer on an unsolicited basis and ask for the customer's electronic banking credentials;
Advice for commercial online banking customers to perform periodic risk assessments;
A listing of risk control mechanisms that customers may consider implementing to mitigate their own risk, or at the very least a listing of available resources where such information can be found;
A contact list for customers to use if they notice suspicious account activity or experience any security-related events.
To offer practical tips from his own institution's experience, Joe Rogalski of First Niagara Bank will outline his robust customer education/awareness program and show how - and where - it touches retail and commercial customers in multiple forms.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
As an extension of Symantec's CTO Office, Joe works closely with Security Business Unit Executives, Sales Organizations and Customers. His responsibilities include providing security strategy and direction, governance and compliance, industry security trends and threat landscape evolution, best practices and trusted advisor to security executives, business leaders, and IT executives and management.
Prior to Symantec, Rogalski served as Information Security Officer and SVP of First Niagara Bank, a top 25 regional bank located in the northeast. Before joining First Niagara, Rogalski led information security risk management for M&T Bank.
Rogalski currently holds CISSP, CISM, and CRISC certifications and has more than 18 years of experience in technology and security in a variety of technical and management positions.