As financial institutions continue to migrate their services and operations online, the Office of the Comptroller of the Currency reminds national banks and their technology service providers about the importance of application security as a component of an information security program.
A new OCC bulletin...
Let's cut to the chase: PCI compliance for retailers, banks and service providers is hard.
Michael Gavin, security strategist at Security Innovation, a PCI QSA and ASV assessment firm, offers his insights on PCI compliance struggles, i.e. the Hannaford breach, and the reality that there is no absolute security. A...
The Federal Bureau of Investigation (FBI) released a comprehensive new report on mortgage fraud that doesn't paint a pretty picture of what's happening in the housing market.
The facts stare out from the page - mortgage fraud is on the rise. The agency has no central way to track the total extent of mortgage fraud,...
The era of Suspicious Activity Reports (SARs) in the United States began with the Annunzio-Wylie Anti-Money Laundering Act of 1992, which required regulated financial institutions to report transactions that they suspected might involve illicit funds or purposes.
You may ask yourself every time you complete a SAR,...
Interview with David Jevans, Director, Anti-Phishing Working Group
Phishing, vishing, whaling - there are a growing number of electronic social engineering threats to unsuspecting consumers and their identities. Financial institutions and their customers increasingly are targets of these attacks. But they're also...
Imagine the scenario: Your institution has a customer who does all of his banking online -- bill pay, transfers, account balances. This customer calls after seeing an unauthorized transaction. After tracing the account transfers, which were wired overseas, you find the customer's computer loaded with crimeware. Your...
It's not always easy to decide to stop doing business with a person or entity. In fact, it might be a decision that many bankers aren't willing to face. However, when an institution sees a growing amount of fraud losses on a customer's online banking account due to their negligence,
In case you missed it - because it wasn't a huge headline anywhere - here's a bit of news about First Pryority Bank, a 108-year-old community bank based in Pryor, OK.
Well, first a bit of background. First Pryority was founded in 1900 by W.A. Graham,
Diana Kelley, partner at Security Curve, an information security advisory company that performs PCI audits shares her insights into the PCI issues facing both financial institutions and retailers.
Kelley, a former information security analyst at Burton Group, was previously an information security advisor at top...
More than 5,000 customer records from 40 international financial institutions were discovered last month on a computer server in Malaysia.
Dubbed a "crime server" by Finjan, the information security vendor that discovered it, this machine held more than 1.4 gigabytes of business and personal data stolen from...
Let the countdown begin.
As of May 1, U.S. financial institutions have just six months left to comply with the new Identity Theft Red Flag Rules, which (among other things) mandate new levels of documentation, training and awareness.
Red Flags is one of the top regulatory priorities of the year, and for many...
Given the news in recent weeks - the controversy surrounding New York's ex-Gov. Eliot Spitzer, the $15 million fine assessed against United Bank for Africa, PLC - we knew the crime of money laundering had taken on a life of its own.
But who knew that it also had crept into Second Life?
Real crimes in the virtual...
Interview with DLP Expert Jared Thorkelson
Data loss prevention (DLP) is a challenge for institutions of all sizes. But not all banking/security leaders understand the scope of the threat, where it originates and how best to eradicate it. In this interview, DLP expert Jared Thorkelson discusses:
What's most...
Arizona Central Credit Union of Phoenix, AZ., was hit with a phishing attack via text message to its members in March. While the attack was distributed on a small scale and didn't have much impact, the incident did roust the credit union staff into quick action.
Sadly, such incidents are a familiar...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
