Account fraud is frequently the result of single-factor (e.g.,ID/password) authentication exploitation. As a result, the FFIEC is now urging financial institutions to deploy multi-factor authentication and assess the adequacy of their authentication techniques in light of new or changing risks such as phishing,...
Strong authentication based on X.509 PKI (Public Key Infrastructure) is available in a number of protocols and provides both security and administrative benefits and drawbacks. This paper looks at the security and administrative benefits (and drawbacks) of using strong authentication. This paper looks at generic...
Organizations publish information online including confidential data. Data is rendered in varied formats; it can vary from simple HTML pages to documents in Adobe's PDF or Microsoft's Word/Excel formats. Confidential data is restricted to a set of users who have to login and be authenticated on the website. A common...
This paper discusses and analyzes the internet-based, password reset functionality provided by many organizations for their customers. The average application user is being forced to remember more and more complex passwords to accomplish their daily routines. The very nature of complex passwords, sometimes results in...
Andrew Miller - BankInfoSecurity.com Editor
In October, the Federal Financial Institutions Examination Council (FFIEC) issued guidance for authentication in the Internet banking environment. Financial institutions are expected to achieve compliance by year-end 2006. The guidance states: "The agencies consider...
Omar A. Herrera Reyna – CISA, CISSP(omar.herrera@oissg.org)November 2005 (If you missed Security solutions for e-banking and e-commerce with credit/debit cards,- Part 1: Analyzing the Security Issues click here)While there are some good solutions available from a security perspective, I believe that we...
To help verify a user's identity in the case of a lost password, many Web applications use secret questions. By answering a pre-selected question, a user can demonstrate some personal knowledge of the account owner. A classic example is asking to provide a mother's maiden name.
Answering secret questions requires...
Omar A. Herrera Reyna – CISA, CISSP(omar.herrera@oissg.org)November 2005 IntroductionWith all sort of attacks against e-banking and e-commerce systems targeting primarily customers, securing transactions has become increasingly difficult for banks and online stores.There is a widespread use of credit and...
Omar HerreraIf we analyze the impact of certain types of security incidents (e.g. system intrusion, fraud, denial of service, leak of confidential information) on several types of industries, we will see that the impact will be higher on banks and financial institutions than any other organization.If you study the...
Description: Final Rule  The OCC has issued a final rule governing national banks’ ability to conduct business using electronic technologies. The regulation was published in the Federal Register on May 17 and, except for one provision, is effective on June 17. The exception is a provision...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.