Apr 18, 2018 11:00:00 AM
Apr 4, 2018 11:00:00 AM
Effective April 2018, all major card brands including American Express, Discover, Mastercard, and Visa will modify requirements to allow U.S. merchants the discretion to choose whether to prompt for a cardholder’s signature on a transaction receipt or electronic reader. This is true for both credit and debit cards in a face-to-face transaction environment. This change is not expected to alter risk or add to fraud losses, as merchants and card issuers increasingly rely on EMV chips, tokens, biometrics, and other security tools available today.
Feb 21, 2018 12:30:00 PM
Shortly after Christmas, I made my semi-annual pilgrimage to the AT&T store to pick up a new phone. As an early adopter of the original iPhone®, I’ve stayed with iOS devices over the years, but I know other manufacturers are producing amazing phones of their own. (This article is not about iPhones, it’s about the technological evolution of user authentication and what that means for financial services. If you’re not an iPhone user, this article is still for you!)
Dec 20, 2017 11:00:00 AM
We live in a time where most of the information and services we use in our day-to-day lives can be accessed online. Being able to handle day-to-day tasks online is quicker and more economical than having to get in your car, drive somewhere, and stand in line. For businesses, providing online access makes helping customers more efficient while providing many of the same services that are available in person. But with these online conveniences comes the need to have extra precautions when it comes to your data. Your data is out on the world wide web and potentially available for professional hackers to get a hold of it.
Companies with an online presence go to great lengths to protect your data. The time and effort that goes into security research increases each year. At the same time, websites and their infrastructures are getting more robust to provide the needed security in today’s world. Even if you use a site with state-of-the-art technology, as a consumer you can help better protect your data by understanding some of the potential threats and following some simple guidelines when it comes to password protection.
Jun 21, 2017 11:45:00 AM
Consumers are less concerned with the cost of fraud due to the fact they are rarely, if ever, held responsible for the actual fraud loss and therefore suffer little to no financial repercussions. However, they are greatly inconvenienced if the fraud occurs on their debit cards, and the funds in their underlying DDA account are used. On the other hand, the costs incurred due to fraud weigh heavily on the shoulders of financial institutions. As with all fraud prevention measures there is a delicate balance between the added security measures and customer experience and card fraud is no exception.
May 31, 2017 11:55:00 AM
I’ve been getting a lot of questions recently about the meaning of Cyber Resiliency.
What is Cyber Resiliency?
Wikipedia’s definition: “Cyber Resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events.” In other words, it’s a migration from the strategy of protection by prevention only – into a posture of proactive readiness to address a cyber security breach or hack on every level, when it occurs, in a manner that is much less reactive than previously deemed acceptable. It’s not if you experience a breach … it’s when.
Identifying the steps that are necessary to recover and resume your business operations once a breach occurs is absolutely critical for your FI. Having rehearsed those steps, answered the myriad of questions, and identified multitudes of “what ifs” is a huge part of what could equate to your successful recovery from such an incident. If you fail to plan, you plan to fail. This is never as true as in the incident of recovery from some kind of catastrophe – cyber or otherwise. As the rate of malware infections rise exponentially, and the rate of ransomware reaches an all-time high, we understand the duty you have to protect your customers’ information and to resume your operations as swiftly and efficiently as possible after the event.
Mar 1, 2017 11:30:00 AM
Generalities aside, the “it” referenced is representative of the constant and difficult movements financial institutions (FIs) must accomplish. Movements that protect the FI and its customers from a wide array of current cyber-criminal threats, evolving threats, and the constant evolution of regulatory compliance for direction in how to manage these potentially devastating attacks.
The menace of cyber-crimes against FIs and their customers continues to evolve in frequency, on-the-surface simplicity, and behind-the-scenes complexity. Ransomware, malware, and phishing tactics are now new lines of business for criminals. In fact, criminals like to call their victims “customers,” and they work hard to provide great service to their customers in order to receive payment/ransom for returning stolen data.
Now that FIs are required to address the role of Information Security Officer (ISO), the hero-of-the-day role is filled.
Oct 12, 2016 10:15:00 AM
Have you heard of Sutton’s Law?
It’s the principle of focusing on the obvious answer to a problem. You might recognize it better from its source, the convicted bank robber Willie Sutton, who is alleged to have answered, “Because that’s where the money is,” when asked why he robbed banks. In his autobiography, Sutton says that while he probably would have said it if asked, he actually robbed banks because he enjoyed it, loved it even. Well, that’s where the money still is – in financial institutions – and it stands to reason that the attackers targeting them enjoy what they do and find it profitable. The methods used by the attackers may have moved on, with cybercrimes rising at an alarming rate, but the end result is the same: financial loss. So what is security in the financial services industry? More to the point, how do you know if you’re being effective with your approach to security?
Oct 5, 2016 10:30:00 AM
According to the 11th Annual Global information Security Survey conducted by PWC and CSO, 84% of CEOs, 82% of CIOs and 78% of CISOs are confident in their organization’s formal cybersecurity program. However, the number of organizations reporting losses of more than $10 million per incident is up 75% since 2012. Why do these C-level members believe their cybersecurity programs are doing more than an adequate job? Perhaps it’s because their organizations are most likely spending more of their annual budget on cybersecurity defenses and applying more internal resources to manage cybersecurity controls.
Sep 28, 2016 10:15:00 AM
Sounds too good to be true, doesn’t it? I promise, this isn’t one of those teaser or click-bait headlines just to draw you to something not really related to the topic. And, for those that know me, know that I deplore that strategy. In the case of this article, the title seemed very appropriate, both from a descriptive standpoint, and in an effort to entice both IT managers and executives to check out this simple strategy.
Ladies and gentlemen, I give you two words that could change your life: progressive testing. That is not intended to sound over dramatic, but for many of us, it is a dramatic shift in the way we approach our annual business continuity and disaster recovery testing.