As banks and credit unions assess online risk, in light of the updated guidance from the FFIEC, financial fraud analyst Tom Wills says they should consider mobile as a viable layer for out-of-band authentication.
A new twist in the ongoing online security battle between banks and their commercial customers was reported this week after a corporate account in Omaha, Neb., was hit with thousands in fraudulent ACH transactions.
This $38 billion bank has invested a great deal of time and effort into its online security program, continuously conducting risk assessments and making strides to ensure commercial customers stay informed about evolving online-banking risks.
Australian authorities this week said two more arrests have been in connection with an international POS skimming scheme that targeted merchants in the United Kingdom, mainland Europe and North America. So far, 27 people have been charged.
"Organized crime sees that this is a good business to come in, exploit and take advantage of the loopholes," says L.T. Lafferty, criminal defense attorney and mortgage fraud expert, on the schemes that cost banks billions each year.
Debit fraud and skimming are growing problems, and they're why California-based Fremont Bank is switching from mag-stripe to chip-based debit cards, says Chris Olson, the bank's chief operating and enterprise risk officer.
A months-long investigation led Australian investigators to more than 50 stolen POS terminals, dozens of card skimmers and more than 18,000 blank and counterfeit cards. So far, 25 people have been arrested and charged for their parts in the alleged scheme.
Eduardo Perez says, simply, the "time was right" for Visa's introduction of chip-based payments incentives for U.S. merchants. Visa's new mobile-to-EMV program offers PCI-audit-compliance waivers to qualified merchants who implement dual-interface contact and contactless acceptance.
Adoption of chip technology will not only help the U.S. payments infrastructure prepare for expected acceleration in mobile-based payments, Visa says, but will improve transaction security by providing dynamic authentication.
With the extension of ENISA's mandate into 2013 by the European Parliament & Council, the agency can continue to educate and collaborate with other nations on cybersecurity issues, an area of constant importance.
Bob Russo says the long-awaited PCI guidance on tokenization should provide merchants with a baseline for standardization and best practices, and serve as a roadmap for how tokenization can complement compliance with the PCI-DSS.