From the exposure of thousands of Citi cardholders to the Michaels debit breach, fraud continues to impact card issuers. Involving the consumer in prevention is a step financial institutions must take, says Javelin's Phil Blank.
You know the tune: Cyber thieves pirated the town's banking credentials, arranged some bogus "payroll transactions" with the town's bank and then next thing you know ... money mules are transferring funds to the Ukraine.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
Former banking regulator William Henley has simple advice for banking institutions wondering how to comply with the new FFIEC authentication guidance update: "Start immediately, develop a plan, and document your progress."
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
Doug Johnson of the American Bankers Association says banking institutions should spend the next five months focusing on their risk assessments, as they work to meet the FFIEC's new authentication guidance update.