As banking applications evolve, common attacks on banks are becoming correspondingly more sophisticated. Small businesses, municipalities, and moneyed individuals are often targeted for obvious reasons: they have hundreds of thousands of dollars, if not a few million, in the bank, but their security is often no more effective than that of an average American household.
The Federal Financial Institutions Examination Council’s (FFIEC) updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks. Criminals have gotten around the minor hurdles posed by the tools being used to authenticate clients and prevent unauthorized transactions.
Basic multifactor authentication may be relatively effective for bank accounts that generally contain only enough to pay a month’s worth of bills. But high value accounts are more prone to attacks, and require additional levels of security. Ultimately, what is most important is that a security program includes multiple layers of protection rather than relying on a single mechanism of defense.
Using advanced device identification is also essential. The FFIEC suggests complex device identification, which is more advanced than previous techniques, and the leader in this space is iovation Inc. They take complex device identification much further by delivering to financial institutions, a reputation of the device as it accesses their site to apply for credit, create an account, transfer money and more.
This proven strategy not only utilizes advanced methods to identify the devices being used to connect to a bank, it also incorporates geolocation, velocity, anomalies, proxy busting, webs of associations, fraud histories, commercially applied evidence of fraud or abuse, and much more to protect financial institutions from cybercrime.
Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures
About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Why Complex Device Identification Isn’t Enough
“Simple device identification” relies on cookies or IP addresses to confirm that a customer is logging in from the same PC that was used to create the account.
The Financial Federal Institutions Examination Council has explained the fallibility of this system:
“Experience has shown this type of cookie may be copied and moved to a fraudster’s PC, allowing
- What The FFIEC Is Doing to Protect You and Your Bank
FFIEC is the Federal Financial Institutions Examination Council which is a government body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions by and for numerous other government, public, private and financial entities.
If there is a “good” place for your tax dollars to head, it’s to the FFIEC.
- The FFIEC Wants You to Know…
The Federal Financial Institutions Examination Council recently released a supplement to the guide it issued in 2005, on authentication in an Internet banking environment. One of the FFIEC’s key recommendations for eliminating fraud is consumer awareness and education.
At some level, you may be aware that financial institutions have a layered security approach in place. Those layers include
- Javelin Study Shows Increased Credit Card Fraud Risk
Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts.
Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and
- FFIEC Mandates “System Of Layered Security” to Combat Fraud
For any cave-dwelling, living-under-a-rock, head-in-the-sand, naïve, under-informed members of society who aren’t paying attention, we have serious cyber-security issues on our hands.
Black hat hackers, who break into networks to steal for financial gain, are wreaking havoc on banks, retailers, online gaming websites, and social media. Black hats cost these companies and their clients billions of dollars every year. They
Leave a Comment
You must be logged in to post a comment.