As part of the updated FFIEC Authentication Guidance, U.S. banking regulators mandate that financial institutions conduct periodic risk assessments of their electronic banking services.
But in the face of evolving threats, a growing online customer base and emerging mobile technology, what is the most effective...
As U.S. banking institutions work to conform with the FFIEC Authentication Guidance, are they now doing better jobs of detecting and preventing incidents of ACH and wire fraud?
Financial institutions still have a long way to go to fight fraud and mitigate online banking vulnerabilities. But what exactly are the top vulnerabilities, and what can institutions do about them?
"Banks and businesses have to realize: It's not a matter of 'if' when it comes to these attacks," says Barry Rich, CFO of Tennessee's CapitalMark Bank & Trust. "it's just a matter of when."
ACH/Wire fraud was the big story in 2010 and helped influence the updated FFIEC Authentication Guidance. So, have incidents of corporate account takeover decreased in 2011, or are we just hearing less about them?
When Liberty Bank began reviewing online risks to conform with the FFIEC Authentication Guidance, layered security came up as a weak spot. So how did this community institution address its risks?
Revised guidance from the National Institute of Standards and Technology, SP 800-63-1, could help organizations protect themselves from a growing threat to their information assets: the insider.
Telephonic authentication as we know it today is dying, and enterprises can no longer trust Caller ID or Automatic Number Identification (ANI). Annual total fraud costs U.S. businesses $62 billion - due in part to phone hacking and caller ID spoofing, which are outpacing risk mitigation strategies.
Spoofed Caller...
Donna Flynn says Liberty Bank discovered three key gaps when it tackled FFIEC authentication guidance compliance. Two were easy to fill. The third required an out-of-the-box solution.
According to a June 2011 report from the FFIEC: "institutions should no longer consider such basic challenge questions [like mother's maiden name], as a primary control, to be an effective risk mitigation technique." Regulatory bodies recognize the gaps in using Knowledge-based Authentication, or "KBA," as a primary...
Despite the FFIEC authentication guidance and the growth of online fraud, financial institutions still rely on outdated practices that expose customers to risk. How can institutions update their security measures?
It's a corporate account takeover scheme - with a twist. The scam involves money mules and distributed denial of service attacks. "This is an entirely different scenario," says Mike Smith of Akamai Technologies.
A card compromise at a California-based grocery chain has raised questions about the efficacy of PCI-DSS. Experts say even if merchants are compliant, fraudsters can easily get around the security measures.
In their efforts to conform with the FFIEC authentication guidance, many financial institutions are caught off-guard by the overall cost of enhanced detection and authentication for online banking. Why?
Retailers and fast-food chains throughout the world are reporting an uptick in point-of-sale skimming incidents. Why do fraudsters find retailers and restaurants so easy to target?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
