Wish List from Financial Institutions to Our Customers
As the weather outside gets colder and the year draws to an end, we're thinking of what would be some of the things we'd like to give and receive as gifts during the holidays. While your personal list may be longer than this, here's the 12 things we wish all of...
With the December deadline approaching for implementing better authentication for online banking systems, financial institutions are hard-pressed to come up with technology solutions that will satisfy regulators. It's going to be a race to the finish line to meet the deadline set by the Federal Financial Institutions...
The FAQs recently published by the FFIEC on August 15, 2006, is an attempt by the FFIEC to answer questions asked of them about their guidelines on Internet Banking Authentication published October 12, 2005. The 2005 guidelines were an outgrowth of a previous guidance document issued in 2001.
As with all federal...
Exploitations that threaten security are on the rise. Every day, news stories document the rampant growth of attacks and exploits. The types of attacks vary - Denial of Service (DoS), buffer overflow, identity theft, session hijacking, website defacements, email viruses, worms, phishing scams, and the list goes on. ...
Bank fraud and identity theft are a frightening reality, both for the banker and the consumer. The number of consumers affected by widespread debit card fraud may be a good thing. The impact on people's bank accounts may have increased acceptance towards "disruptive technologies", i.e., hardware tokens. This may be...
Who knows? Maybe two and three–factor authentication will become a thing of the past and five–factor authentication will take its place. The same issue with encryption has been encountered over the years. With this example in mind, does it make sense for law to be involved in the technological details?...
Account fraud is frequently the result of single-factor (e.g.,ID/password) authentication exploitation. As a result, the FFIEC is now urging financial institutions to deploy multi-factor authentication and assess the adequacy of their authentication techniques in light of new or changing risks such as phishing,...
Andrew Miller - BankInfoSecurity.com Editor
In October, the Federal Financial Institutions Examination Council (FFIEC) issued guidance for authentication in the Internet banking environment. Financial institutions are expected to achieve compliance by year-end 2006. The guidance states: "The agencies consider...
Omar A. Herrera Reyna – CISA, CISSP(omar.herrera@oissg.org)November 2005 (If you missed Security solutions for e-banking and e-commerce with credit/debit cards,- Part 1: Analyzing the Security Issues click here)While there are some good solutions available from a security perspective, I believe that we...
To help verify a user's identity in the case of a lost password, many Web applications use secret questions. By answering a pre-selected question, a user can demonstrate some personal knowledge of the account owner. A classic example is asking to provide a mother's maiden name.
Answering secret questions requires...
Omar A. Herrera Reyna – CISA, CISSP(omar.herrera@oissg.org)November 2005 IntroductionWith all sort of attacks against e-banking and e-commerce systems targeting primarily customers, securing transactions has become increasingly difficult for banks and online stores.There is a widespread use of credit and...
Omar HerreraIf we analyze the impact of certain types of security incidents (e.g. system intrusion, fraud, denial of service, leak of confidential information) on several types of industries, we will see that the impact will be higher on banks and financial institutions than any other organization.If you study the...
Description: Final Rule  The OCC has issued a final rule governing national banks’ ability to conduct business using electronic technologies. The regulation was published in the Federal Register on May 17 and, except for one provision, is effective on June 17. The exception is a provision...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
