Revised guidance from the National Institute of Standards and Technology, SP 800-63-1, could help organizations protect themselves from a growing threat to their information assets: the insider.
Telephonic authentication as we know it today is dying, and enterprises can no longer trust Caller ID or Automatic Number Identification (ANI). Annual total fraud costs U.S. businesses $62 billion - due in part to phone hacking and caller ID spoofing, which are outpacing risk mitigation strategies.
Spoofed Caller...
Donna Flynn says Liberty Bank discovered three key gaps when it tackled FFIEC authentication guidance compliance. Two were easy to fill. The third required an out-of-the-box solution.
According to a June 2011 report from the FFIEC: "institutions should no longer consider such basic challenge questions [like mother's maiden name], as a primary control, to be an effective risk mitigation technique." Regulatory bodies recognize the gaps in using Knowledge-based Authentication, or "KBA," as a primary...
Despite the FFIEC authentication guidance and the growth of online fraud, financial institutions still rely on outdated practices that expose customers to risk. How can institutions update their security measures?
It's a corporate account takeover scheme - with a twist. The scam involves money mules and distributed denial of service attacks. "This is an entirely different scenario," says Mike Smith of Akamai Technologies.
A card compromise at a California-based grocery chain has raised questions about the efficacy of PCI-DSS. Experts say even if merchants are compliant, fraudsters can easily get around the security measures.
In their efforts to conform with the FFIEC authentication guidance, many financial institutions are caught off-guard by the overall cost of enhanced detection and authentication for online banking. Why?
Retailers and fast-food chains throughout the world are reporting an uptick in point-of-sale skimming incidents. Why do fraudsters find retailers and restaurants so easy to target?
Bank of America, a pioneer in mobile banking, says mobile is hot, but it also opens financial institutions to unknown risks. What proactive steps should banks and credit unions take to ensure they're ready?
We all know the online shopping risks consumers face on CyberMonday. But how does the BYOD mobile computing trend impact risks to organizations from their own employees shopping on the job?
ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.
Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.
Pradeep Moudgal says the U.S. is migrating toward EMV. But how much new investment are card issuers going to have to make, and what steps does the collective industry need to take to ensure the transition from the mag-stripe to the chip is a smooth one?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.