Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.
U.S. and Estonian authorities have broken up one of the largest Internet crime schemes that allegedly netted $14 million in fraudulent advertising fees and infected 4 million computers in 100 countries.
Occupy supporters plan today to protest at several banks' headquarters in NYC. Coming on the heels of cyberattacks that targeted police in Boston, how worried should banks be about growing physical threats and cyberattacks waged by Occupy sympathizers?
What fraud and security issues does Paul Smocer, the new president of BITS, see as being top concerns in the coming year? Mobile payments, social media, and a strong need for institutions and organizations to comply with existing guidance top the list.
"Organizations are putting in layers of security and tools to safeguard information and assets, however, the fraudsters are attacking our weakest link, the consumer," says Anthony Vitale of Patelco Credit Union.
A California judge handed down a 12-year prison sentence to a phisher who stole financial details from more than 38,000 online accountholders. Observers say the sentence signals a changing attitude about the severity of cybercrimes.
Corporate account takeover events are reigniting the debate between banks and their former commercial customers, about everything from fraud liability and the "good faith" standard to commercially reasonable security.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
Sony Corp.'s announcement that hackers may have accessed data on 77 million gamers follows a long line of recent breaches. And Neal O'Farrell of the Identity Theft Council says the string of incidents has led to consumer 'breach fatigue.'
While the cause of the Epsilon e-mail breach has not been publicly disclosed, the incident's aftermath has seen a growing list of organizations impacted by the breach. It also has ignited a new debate about the sensitivity of e-mail addresses.
As details about the Epsilon e-mail breach unfold, the list of affected companies grows, including major banks and merchants. Here is the latest list of the companies known to have been impacted by the incident.
When it comes to e-marketing and the reliance on third parties such as Epsilon, Nicolas Christin of Carnegie Mellon University says banks and merchants should "come clean" about the information they share with outside entities.
Communicating with customers about the incident and warning them not to click links in phishing e-mails are all these impacted institutions and companies really can do, says Jeremiah Grossman, chief technology officer of WhiteHat Security.
Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.