JHA_HeaderImage_Blog_v2.png

Card-Not-Present Fraud: How to Save Consumers from Themselves

Posted by Hayley Turpen

Jun 21, 2017 11:45:00 AM

Consumers are less concerned with the cost of fraud due to the fact they are rarely, if ever, held responsible for the actual fraud loss and therefore suffer little to no financial repercussions. However, they are greatly inconvenienced if the fraud occurs on their debit cards, and the funds in their underlying DDA account are used. On the other hand, the costs incurred due to fraud weigh heavily on the shoulders of financial institutions. As with all fraud prevention measures there is a delicate balance between the added security measures and customer experience and card fraud is no exception.

Read More

Topics: Cybersecurity

To Pay Or Not to Pay… And Then What?

Posted by Tammy Bangs

May 31, 2017 11:55:00 AM

 

I’ve been getting a lot of questions recently about the meaning of Cyber Resiliency.

What is Cyber Resiliency?

Wikipedia’s definition: “Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events.” In other words, it’s a migration from the strategy of protection by prevention only – into a posture of proactive readiness to address a cyber security breach or hack on every level, when it occurs, in a manner that is much less reactive than previously deemed acceptable. It’s not if you experience a breach … it’s when.

Identifying the steps that are necessary to recover and resume your business operations once a breach occurs is absolutely critical for your FI. Having rehearsed those steps, answered the myriad of questions, and identified multitudes of “what ifs” is a huge part of what could equate to your successful recovery from such an incident. If you fail to plan, you plan to fail. This is never as true as in the incident of recovery from some kind of catastrophe – cyber or otherwise. As the rate of malware infections rise exponentially, and the rate of ransomware reaches an all-time high, we understand the duty you have to protect your customers’ information and to resume your operations as swiftly and efficiently as possible after the event.

Read More

Topics: Cybersecurity, Data Management

Question: When Does “It” End? Answer: “It” Doesn’t.

Posted by Craig Laures

Mar 1, 2017 11:30:00 AM

Generalities aside, the “it” referenced is representative of the constant and difficult movements financial institutions (FIs) must accomplish. Movements that protect the FI and its customers from a wide array of current cyber-criminal threats, evolving threats, and the constant evolution of regulatory compliance for direction in how to manage these potentially devastating attacks.

The menace of cyber-crimes against FIs and their customers continues to evolve in frequency, on-the-surface simplicity, and behind-the-scenes complexity. Ransomware, malware, and phishing tactics are now new lines of business for criminals. In fact, criminals like to call their victims “customers,” and they work hard to provide great service to their customers in order to receive payment/ransom for returning stolen data.

Now that FIs are required to address the role of Information Security Officer (ISO), the hero-of-the-day role is filled.

Read More

Topics: Information Security, Cybersecurity

Security in the Financial Services Industry

Posted by Stephen Gilmour

Oct 12, 2016 10:15:00 AM

Have you heard of Sutton’s Law?

It’s the principle of focusing on the obvious answer to a problem. You might recognize it better from its source, the convicted bank robber Willie Sutton, who is alleged to have answered, “Because that’s where the money is,” when asked why he robbed banks. In his autobiography, Sutton says that while he probably would have said it if asked, he actually robbed banks because he enjoyed it, loved it even. Well, that’s where the money still is – in financial institutions – and it stands to reason that the attackers targeting them enjoy what they do and find it profitable. The methods used by the attackers may have moved on, with cybercrimes rising at an alarming rate, but the end result is the same: financial loss. So what is security in the financial services industry? More to the point, how do you know if you’re being effective with your approach to security?

Read More

Topics: Information Security, Cybersecurity

Identifying Gaps in your Cyber Resilience Strategy

Posted by Jackie Marshall

Oct 5, 2016 10:30:00 AM

According to the 11th Annual Global information Security Survey conducted by PWC and CSO, 84% of CEOs, 82% of CIOs and 78% of CISOs are confident in their organization’s formal cybersecurity program. However, the number of organizations reporting losses of more than $10 million per incident is up 75% since 2012. Why do these C-level members believe their cybersecurity programs are doing more than an adequate job? Perhaps it’s because their organizations are most likely spending more of their annual budget on cybersecurity defenses and applying more internal resources to manage cybersecurity controls.

Read More

Topics: Information Security, Cybersecurity

Improving Your Institution’s Readiness and Your Next IT Exam Results with One Simple Strategy

Posted by Eric Flick

Sep 28, 2016 10:15:00 AM

Sounds too good to be true, doesn’t it? I promise, this isn’t one of those teaser or click-bait headlines just to draw you to something not really related to the topic. And, for those that know me, know that I deplore that strategy. In the case of this article, the title seemed very appropriate, both from a descriptive standpoint, and in an effort to entice both IT managers and executives to check out this simple strategy.

Ladies and gentlemen, I give you two words that could change your life: progressive testing. That is not intended to sound over dramatic, but for many of us, it is a dramatic shift in the way we approach our annual business continuity and disaster recovery testing.

Read More

Topics: Cybersecurity, Business Continuity

Am I Really Expected to Remember My Password - N@mE61520?

Posted by Hayley Turpen

Jun 8, 2016 10:00:00 AM

It has been reported that the average internet user has approximately 20 passwords. I must not be average, because when I sat down to try to count mine I came up with 75... and I probably forgot a few! That is a lot of passwords to remember. I can’t even fathom a guess as to what the password was for half of these sites. So when I try to login, I will cycle through the passwords that I “think” I used. If none of them work, then I will click the link stating I forgot my password.

Read More

Topics: Information Security, Cybersecurity

Get a Head Start with Education on Pending Social Media Guidance

Posted by Karen Crumbley

Aug 28, 2015 4:26:54 PM


 “Hey, look here…” as Uncle Si from the Duck Dynasty TV show would say, “I live by my own rules (reviewed, revised and approved by my wife)…but still my own.” 

Si’s quote reminds me of Social Media: Consumer Compliance Risk Management Guidance: Proposed Interagency Guidance, an OCC bulletin released in January of 2013 that outlines proposed guidelines for Financial Institutions (FIs) communicating via social media channels.  Similar to Si’s comment, FI personnel will soon be required to follow social media communication standards that are reviewed, revised and approved by FI management. The OCC bulletin [Docket No. FFIEC-2013-0001] provides straightforward insight for managing risks related to social media.  However, even with the detail provided there is still much to learn about this guidance.  For example:

Read More

Topics: Risk Mitigation, Cybersecurity

April 2014: A Busy Month for Fraud Alerts!

Posted by Jennifer Roland-Vlach

Aug 13, 2015 9:10:46 AM


Here we are at the end of April and my Inbox has had quite a few email alerts from various regulatory entities. These alerts have covered an array of topics with the most prevalent being an apparent current uptick in cyber-related risk. So, in case you may have missed one of these, among the multitude of emails you probably receive each day, I thought I would use this opportunity to provide a brief overview of this recent flurry of activity plus suggested steps to address outlined objectives.

Read More

Topics: Information Security, Cybersecurity

Social Engineering, Phishing, Vishing: 3 Common Elements & How to Combat Them

Posted by Tammy Bangs

Aug 11, 2015 12:59:49 PM

 

 

Phishing and social engineering accounted for 15 percent of cyber-crime costs incurred by U.S. companies in 2014, according to Statista.comFurthermore, 44% of U.S. companies responding to a recent survey stated that they were targets of social engineering or phishing schemes (Statista).

Social engineering, phishing and vishing are everywhere you look these days.  Fake IRS telephone scammers, recent large financial institution (FI) breaches via email scams, penetration testing failures, executive level breaches, you name it – it has happened. 

Have you been lucky enough to receive a telephone call from the ‘Department of the IRS’ this year?  No?  I actually received two. Being the risk mitigation geek that I am, I couldn’t resist baiting the fraudster just a bit, asking as many questions as I could muster, keeping him on the line with me for as long as possible.  It was a fascinating glimpse into the not-so-sexy world of the vishing scheme. They were probably armed with little more than a search engine and a telephone. They didn’t even know enough about the Internal Revenue Service to use proper nomenclature. 

Read More

Topics: Risk Mitigation, Cybersecurity

Subscribe to Email Updates

Untitled Document Untitled Document