Security leaders are quickly evolving in their roles to focus more on the business of banking, less on the technology of information security.
This is the main message delivered by the results of ISACA's recent Information Security Career Progression Survey of 1400 Certified Information Security Managers (CISMs) in...
There was one thing that always bugged Steve Jones when he thought about customer data protection at his credit union - email via the Internet.
Email is so ubiquitous -- essential to communications both within the institution and with the outside world, including customers. But it's also fraught with security...
During March 2006, Mexican banking authorities established the use of a second factor authentication based on "dynamically generated information" -- in addition to username and password -- as a requirement for doing monetary operations through e-banking systems. This regulation allowed the use of one-time access code...
EDITOR'S NOTE: This is the first installment of an occasional series summarizing key banking/security regulatory documents.
The Business Continuity Planning manual is part of the IT Examination Handbook from Federal Financial Institutions Examination Council (FFIEC). The March 2008 version of the BCP manual has...
The blaring headlines about New York Governor Eliot Spitzer's fall from power brought the public's attention to a relatively hidden group of people that financial institutions must keep their eyes on - the politically exposed person (PEP).
Are banks and credit unions required to monitor PEPs? The answer is "Yes" or...
Just when you thought PCI deadlines were behind you ...
The deadline for compliance with the Payment Card Industry's Data Security Standard DSS (PCI-DSS) 6.6 requirement is June 30. This requirement describes security steps that are intended to address threats to web applications.
But industry analysts project...
The road to PCI compliance for retailers and financial institutions may have many wrecks along the way. But there are also some solid best-practices to lead the way for PCI laggards, says David Taylor, Research Director at the PCI Alliance.
What makes one company a compliance leader and another a loser when it...
An unencrypted backup tape is missing from the Bank of New York Mellon, potentially exposing information on 4.5 million customers of that bank and of People's United Bank of Bridgeport, CT.
The missing tape contains social security numbers and bank account information on 4.5 million customers - including several...
New Hampshire customers of TD BankNorth were notified earlier this week that their Visa debit or credit cards have been compromised, and the likeliest culprit is the recent Hannaford Brothers Supermarkets security breach.
"We became aware during the last few days that there was some fraudulent activity on some of...
Phishing, vishing, whaling - there are a growing number of electronic social engineering threats to unsuspecting consumers and their identities. Financial institutions and their customers increasingly are targets of these attacks. But they're also fighting back.
Listen to this interview to hear:
What are the...
As financial institutions continue to migrate their services and operations online, the Office of the Comptroller of the Currency reminds national banks and their technology service providers about the importance of application security as a component of an information security program.
A new OCC bulletin...
Let's cut to the chase: PCI compliance for retailers, banks and service providers is hard.
Michael Gavin, security strategist at Security Innovation, a PCI QSA and ASV assessment firm, offers his insights on PCI compliance struggles, i.e. the Hannaford breach, and the reality that there is no absolute security. A...
The Federal Bureau of Investigation (FBI) released a comprehensive new report on mortgage fraud that doesn't paint a pretty picture of what's happening in the housing market.
The facts stare out from the page - mortgage fraud is on the rise. The agency has no central way to track the total extent of mortgage fraud,...
The era of Suspicious Activity Reports (SARs) in the United States began with the Annunzio-Wylie Anti-Money Laundering Act of 1992, which required regulated financial institutions to report transactions that they suspected might involve illicit funds or purposes.
You may ask yourself every time you complete a SAR,...
Imagine the scenario: Your institution has a customer who does all of his banking online -- bill pay, transfers, account balances. This customer calls after seeing an unauthorized transaction. After tracing the account transfers, which were wired overseas, you find the customer's computer loaded with crimeware. Your...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
