Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Size: px
Start display at page:

Download "Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat."

Transcription

1 Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity of cybercriminals. As a result, online banking users face an expanding range of attack types with potentially devastating results. Over the past few years, the internet community has witnessed a proliferation of cyber-attacks of increasing sophistication. New attacks are being crafted in shorter timeframes by a highly organised fraud industry with growing access to funds, cutting-edge technology and IT expertise. While this trend has serious implications for every computer user, it is particularly important for online banking clients, who face an expanding range of attack types with potentially devastating consequences. Successful attacks not only result in short-term monetary loss, they can also cause significant and lasting brand damage to targeted organisations, undermining consumer trust and impacting revenues over the long term. In this whitepaper, we explore the scope of the problem and examine the most common attack types, before outlining the key features of our solution. A global problem Cybercrime is a growing global problem, with consumers in the developed economies increasingly targeted by cybercriminals across the globe. According to a July 2012 European Commission report, an estimated 1 million people worldwide become victims of cybercrime every day. Twelve per cent of Internet users across the European Union have experienced online fraud, and 8% have experienced identity theft. 1 Internet security provider VeriSign (now part of Symantec) found in a 2010 survey that 11% of UK Internet users had been victims of online ID fraud in the previous 12 months, losing an average of 352 each. 2 Similarly, in North America, Visa s online payment subsidiary CyberSource reports that fraud cost US and Canadian businesses an estimated $3.4 billion in lost revenue during European Commission Directorate-General for Home Affairs, Cybersecurity, Special Eurobarometer 390, July VeriSign, VeriSign Online Fraud Barometer, March CyberSource Online Fraud Survey, The Australian experience One in five Australian businesses detected a cyber incident in a 12 month period Australia is no exception to the global trend. A 2012 survey of 255 businesses around Australia by the federal government s Computer Emergency Response Team (CERT) concluded that: 20% of businesses had detected cyber incidents during the previous 12 months despite the fact that 90% of those surveyed had firewalls and antivirus software Of the businesses affected by cyber incidents, 65% had detected more than five incidents and 20% had detected more than 10 9% of businesses could not tell whether they had suffered a cyber-incident It was likely that other businesses had suffered incidents and either failed to detect them or declined to report them.

2 Of those who had detected a cyber incident: 17% lost confidential or proprietary information 10% suffered financial fraud 44% reported the incident to a law enforcement agency, while 20% chose not to report it because of a fear of negative publicity One in 10 Australian Internet users was a victim of fraud According to VeriSign, one in 10 Australian Internet users was a victim of fraud in the 12 months to July 2010, losing an average of $1,000 each, or a total of $1.286 billion over that 12 month period 4. Credit, debit and charge card fraud is rising Statistics from the Australian Payments Clearing Association (APCA) show that while fraud for other payment types has fallen, the value of credit, debit and charge card fraud has skyrocketed, from cents per $1,000 transacted in December 2009, to 87.7 cents per $1,000 transacted in July More than 78% of those fraudulent transactions were card not present transactions, many of them online 5. So, while fraudulent transactions still represent a small proportion of financial transactions overall, the threat is growing. 4 VeriSign, VeriSign Online Fraud Barometer, July APCA, 2012 Financial Year Fraud Statistics. Instrument No. of Fraud Fraud Perpetrated on Australian Issued Payment Instruments 1 July June 2012 Value ($) of Fraud Total No. of all ($ thousands) Total Value of all ($ million) Fraud as % of Total No. of Fraud as % of total value ($) of Cheque 718 7,855, ,008 1,242, % 0.00% Proprietary 38,666 14,094,304 3,124, , % 0.00% Debit Cards Scheme 1,166, ,572,333 2,260, , % 0.09% Credit, Debit and Charge Cards Total 1,205, ,522,392 5,626,040 1,827, % 0.02% Source: APCA, 2012 Financial Year Fraud Statistics Scheme Credit, Debit and Charge Card Fraud Perpetrated in Australia and Overseas on Australia-issued Cards 1 July June 2012 Category In Australia Overseas Total Number Value ($) Number Value ($) Number Value ($) Lost/ Stolen 59,380 11,151,568 22,318 7,198,342 81,698 18,349,910 Never Received 17,613 4,942, ,693 18,414 5,208,443 Fraudulent 4,069 2,202, ,960 4,314 2,290,528 Application Counterfeit/ 45,800 15,589,324 95,515 29,756, ,315 45,346,055 Skimming Card Not Present 313,660 76,958, , ,523, , ,481,678 (CNP) Other 3,307 1,561,538 2, ,181 5,352 1,895,719 Total 443, ,405, , ,166,389 1,166, ,572,33 Source: APCA, 2012 Financial Year Fraud Statistics CBA Page 2 of 5

3 Types of attack Not only has the number of attacks increased, but consumers are continually confronted with a wider variety of attacks, exploiting a growing number of vectors. Here are the most common types of attack affecting Australian online banking users today: Attack type What is it? Example Solutions Phishing Man-in-the-middle Man-in-the-browser Insider fraud An attempt to acquire information including user names, passwords, credit card details and sometimes, indirectly, money using s masquerading as communications from a trustworthy entity An attempt to intercept communications between customers and their service providers, then modify the content of the communication by swapping account details, for example An attempt to take control of the user s internet browser, often by infecting the computer with a Trojan virus, to inject and modify the content of messages displayed on the user s computer Deliberate fraud on the part of employees or other authorised insiders A fake claiming to be from a service provider asks for personal information or prompts consumers to click on a link. This link directs the person to a webpage that looks real but whose only purpose is to steal confidential information, such as login IDs and passwords Hackers create an unencrypted Wi-Fi connection and eavesdrop the communication of people who inadvertently use that connection. They then modify the content of the messages sent between the person and the website they are visiting. The user visits a website that installs malware on the user s computer. When the user transfers funds on that computer, the malware injects code to replace destination account with the fraudster s account and steal the money. An employee prompts a user to reveal confidential information such as their login ID and password, then steals money from the user s account. Ultimately, the only truly effective technique for preventing users from clicking on Phishing links is consumer education. But the following solutions can help mitigate the impact of customers affected by Phishing. Strong user verification process to avoid identity take-over. Multi-factor authentication requiring a physical device for access Access controls that require multiple users to create or authorise transactions Locked sessions secured by strong encryption Anti-Phishing measures (described above) Installation of anti-virus software A secured browser run from a separate, secured device Access controls that require multiple users to create or authorise transactions Access controls that restrict user activities and require multiple users to create or authorise transactions Audit trails to facilitate the detection and resolution of unauthorised activities CBA Page 3 of 5

4 Our solution To be effective, a solution must be comprehensive, flexible, portable and easy to use. CommBiz is a business banking platform that meets all of these requirements, with industry-leading security and usability. With the range and severity of attacks increasing, solutions must adopt a variety of measures to address different categories of threat. But they must also be easy for users to implement and maintain, as well as supporting changing user preferences and transaction styles, including the trend towards mobile access. Key requirements To be effective, a solution must be: Comprehensive: effective against all major attack types including phishing, man-in-the-browser, man-in-the-middle and insider fraud at all possible stages from compromised credentials to transaction creation, authorisation and processing. Flexible: addressing emerging threats and future trends. Agile: able to adapt in a short timeframe to deal with new threats. Universal: catering for access from different operating systems and portable devices. Portable: able to be carried conveniently by users, wherever and whenever they need access. Reliable: guaranteeing secure 24/7 access. CommBiz and NetLock Developed by the Commonwealth Bank for business clients, CommBiz meets all of these requirements. In addition to industry-standard security features like strong 128-bit SSL encryption, CommBiz combines a range of advanced security features to counter both existing and emerging threats, while still offering outstanding usability and accessibility. Advanced security features include: User access controls: multi-factor authentication for all users empowered to administer users and authorise transactions. User roles and permissions: a unique system of users roles, giving authorised clients an unprecedented level of control over user access within their organisation, including the accounts users can access, the activities they can perform and the dollar value of transactions they can create or approve. NetLock: One of the first devices of its kind, NetLock combines a USB device with proprietary security software to create a locked session that is impermeable to a variety of attack types. User access controls As well as a unique user name, users with authoriser or administrator access carry a unique physical token that generates a one-time password for each session. Organisations can choose to use either one-factor or two-factor tokens, which require users to enter a PIN to generate each one-time password. Clients can also choose to make tokens mandatory for all of users, including those with view-only access. Combined with NetLock security, these controls provide true multi-factor authentication. User roles and permissions Sophisticated user roles and permissions, combined with a comprehensive audit trail, allow organisations to exercise a high degree of control over the activities of users. Authorised administrators can control: Access hours: defining the days and times when each user can access CommBiz. Account permissions: controlling which users can view or transact on each account. Account authority: defining how many authorisers are required to authorise a transaction on each account, depending on transaction size. CBA Page 4 of 5

5 Payables and receivables caps: setting a cap for each user, limiting the total dollar value of transactions that user can create each day. Payment restrictions: ensuring users can only make payments to existing address book entries. Payment templates: ensuring users can only create payments from one or more predefined payment templates, with the source and target accounts already specified. Profile verification: ensuring that changes to user profiles are created by one administrator and authorised by a second administrator. NetLock Launched in 2009 and significantly enhanced and extended since then, NetLock is a USB device that uses Public Key Infrastructure and digital certificates to guarantee an exceptional level of encryption while authenticating user connections to CommBiz through a locked session. Based on digital certificates from world-leading security provider IdenTrust, NetLock also has the capability to electronically sign future transactions. In addition, NetLock uses a modified version of the Firefox browser to prevent code injection and potential Trojan infections. As a result, NetLock is highly effective against both man-in-the-middle and man-in-the-browser attacks. NetLock is portable and extremely easy to use, requiring no technical knowledge on the part of the user. It has zero footprint, with no need for the client to install software on their computer, enhancing mobility and reducing opportunities for attack. Because the Commonwealth Bank can push remote updates to devices in the field, NetLock allows us to address emerging threats rapidly. When required, we even have the capability to turn each USB into a read-only device, making it impermeable to attacks. NetLock is currently available to Windows users, with versions for the Apple operating system and mobile devices in development. For more information on IdenTrust, visit the website at Conclusion Challenge your financial institution on how they are protecting your money and if you are not happy with the answer, consider choosing a financial institution that invests heavily in security to stay ahead of cybercriminals. CBA Page 5 of 5

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Developments in cybercrime and cybersecurity

Developments in cybercrime and cybersecurity Developments in cybercrime and cybersecurity Developments in cybercrime and cybersecurity As customers and clients increasingly go online to do their banking with convenience, privacy and security their

More information

Malware Analysis Summary: Dyre. F5 Security Operations Center November 2014

Malware Analysis Summary: Dyre. F5 Security Operations Center November 2014 Malware Analysis Summary: Dyre F5 Security Operations Center November 2014 WHY MALWARE MATTERS Long gone are the days when fraud was perpetrated primarily by forging checks or IDs to assume a stolen identity.

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

CYBERCRIME AND THE HEALTHCARE INDUSTRY

CYBERCRIME AND THE HEALTHCARE INDUSTRY CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

Deception scams drive increase in financial fraud

Deception scams drive increase in financial fraud ADDRESS 2 Thomas More Square London E1W 1YN WEBSITE www.financialfraudaction.org.uk DIRECT LINE 020 3217 8436 NEWS RELEASE EMAIL press@ukcards-ffauk.org.uk Deception scams drive increase in financial fraud

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

Basic Security Considerations for Email and Web Browsing

Basic Security Considerations for Email and Web Browsing Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable

More information

Online Banking Risks efraud: Hands off my Account!

Online Banking Risks efraud: Hands off my Account! Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Tips for Banking Online Safely

Tips for Banking Online Safely If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining

More information

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA Australian Payments Clearing Association AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA 214 Australian Payments Clearing Association Limited ABN 12 55 136 519 CONTENTS OVERVIEW 1 SECTION 1 Fraud rates 4 SECTION

More information

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention

More information

IDENTIFY YOUR CUSTOMERS

IDENTIFY YOUR CUSTOMERS CONFIDENTID MOBILE USER AUTHENTICATION IDENTIFY YOUR CUSTOMERS BEYOND A SHADOW OF A DOUBT solutions for SECURE MOBILE AND ONLINE BANKING AUTHENTICATE WITH CONFIDENCE RECOGNIZE YOUR CUSTOMERS AND YOUR RISKS

More information

NetBank security guide

NetBank security guide NetBank security guide Commonwealth Bank Personal 1 Contents Page 4 5 5 5 7 7 9 9 9 11 12 12 13 13 13 14 14 14 16 16 16 17 18 18 19 19 20 21 Section Peace of mind with NetBank What are the common online

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

What are the common online dangers?

What are the common online dangers? ONLINE SECURITY GUIDELINES Internet Banking is convenient and times saving. You can do remittances, place online deposit and other transactions through online banking with the convenience and privacy of

More information

Online Account Takeover. Roger Nettie

Online Account Takeover. Roger Nettie Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013 Session Outline Types of attacks Movement of funds Consumer

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

Phishing The latest tactics and potential business impacts

Phishing The latest tactics and potential business impacts WHITE PAPER: Phishing White paper Phishing The latest tactics and potential business impacts Phishing The latest tactics and potential business impacts Contents Introduction... 3 Phishing knows no limits...

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

Cybersecurity Best Practices

Cybersecurity Best Practices Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%

More information

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention

More information

How Extended Validation SSL Brings Confidence to Online Sales and Transactions

How Extended Validation SSL Brings Confidence to Online Sales and Transactions WHITE PAPER: HOW EXTENDED VALIDATION SSL BRINGS CONFIDENCE TO ONLINE SALES AND TRANSACTIONS White Paper How Extended Validation SSL Brings Confidence to Online Sales and Transactions How Extended Validation

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz Internet Banking Attacks Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz Contents Agenda Internet banking today The most common attack vectors The possible countermeasures What protection

More information

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper STOP Cybercriminals and security attacks ControlNow TM Whitepaper Table of Contents Introduction 3 What the headlines don t tell you 4 The malware (r)evolution 5 Spear phishing scams 5 Poisoned searches

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing Kaspersky Fraud Prevention platform: a comprehensive solution for secure Today s bank customers can perform most of their financial operations online. According to a global survey of Internet users conducted

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

Review of.au domain name policy framework Submission to.auda

Review of.au domain name policy framework Submission to.auda Review of.au domain name policy framework Submission to.auda 15 June 2007 Background AusCERT is the national Computer Emergency Response Team (CERT) for Australia and a leading CERT in the Asia/Pacific

More information

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches. Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown

More information

Trust Digital Best Practices

Trust Digital Best Practices > ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or

More information

OC Business Council Cybersecurity Task Force Meeting Online Fraud Update. April 2015

OC Business Council Cybersecurity Task Force Meeting Online Fraud Update. April 2015 OC Business Council Cybersecurity Task Force Meeting Online Fraud Update April 2015 2014 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or

More information

Overall, which types of fraud has your organisation experienced in the past year?

Overall, which types of fraud has your organisation experienced in the past year? 1) Overall, which types of fraud has your organisation experienced in the past year? Insider fraud Corporate Account Takeover Consumer Account Takeover ATM/ABM (skimming, ram raid, etc.) Bill pay Cheque

More information

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

CYBERCRIME AND THE HEALTHCARE INDUSTRY

CYBERCRIME AND THE HEALTHCARE INDUSTRY CYBERCRIME AND THE HEALTHCARE INDUSTRY Executive Summary Healthcare professionals are in a tight spot. As administrative technologies like Electronic Health Records (EHRs) and patient and provider portals

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern

More information

Presented By: Corporate Security Information Security Treasury Management

Presented By: Corporate Security Information Security Treasury Management Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical

More information

SAFE AND SECURE PAYMENTS: THE MASTERCARD APPROACH

SAFE AND SECURE PAYMENTS: THE MASTERCARD APPROACH SAFE AND SECURE PAYMENTS: THE MASTERCARD APPROACH Global point of view For nearly 50 years MasterCard has been safeguarding the way you pay. We have been innovating solutions driven by data and insights

More information

Welcome to the Protecting Your Identity. Training Module

Welcome to the Protecting Your Identity. Training Module Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting

More information

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security location of optional horizontal pic Corporate and Investment Banking Business Online Information Security Business Online Information Security Risk reduction: Ensuring your sensitive information is secure

More information

Almost 400 million people 1 fall victim to cybercrime every year.

Almost 400 million people 1 fall victim to cybercrime every year. 400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked

More information

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES 01 One must remember that everyone and anyone is a potential target. These cybercriminals and attackers often use different tactics to lure different

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

NEW ZEALAND S CYBER SECURITY STRATEGY

NEW ZEALAND S CYBER SECURITY STRATEGY Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital

More information

Visa CREDIT Card General Guidelines

Visa CREDIT Card General Guidelines Visa CREDIT Card General Guidelines General Account Information Phone Numbers and Addresses It is very important to keep us up-to-date with your correct address and phone number. Card reissues/replacements

More information

AusCERT Home Users Computer Security Survey 2008

AusCERT Home Users Computer Security Survey 2008 AusCERT Home Users Computer Security Survey 2008 Kathryn Kerr Manager, Analysis and Assessments 1 Agenda Scope Purpose Methodology Key findings Conclusion Copyright 2007 AusCERT 2 Survey scope Random sample

More information

Phishing for Fraud: Don't Let your Company Get Hooked!

Phishing for Fraud: Don't Let your Company Get Hooked! Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior

More information

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;

More information

ACI Response to FFIEC Guidance

ACI Response to FFIEC Guidance ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention

More information

Website Security: It s Not all About the Hacker Anymore

Website Security: It s Not all About the Hacker Anymore Website Security: It s Not all About the Hacker Anymore Mike Smart Sr. Manager, Products and Solutions Trust Services & Website Security Website Security 1 Website Security Challenges Evolving Web Use

More information

Card and Account Security. Important information about your card and account.

Card and Account Security. Important information about your card and account. Card and Account Security. Important information about your card and account. 2 Card and Account Security 1. Peace of mind As a Bendigo Bank customer you can bank with confidence knowing that, if you take

More information

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer CYBERCRIME: What your Bank should be doing to Protect your Business David Pollino Senior Vice President Fraud Prevention Officer Agenda Changing Landscape Case of Efficient Services Escrow Group Six key

More information

Protecting Against Online Fraud with F5

Protecting Against Online Fraud with F5 Protecting Against Online Fraud with F5 Fraud is a relentless threat to financial services organizations that offer online banking. The F5 Web Fraud Protection solution defends against malware, phishing

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper A data breach has the potential to cost retailers millions in lost customers and sales. In this paper we discuss a number of possible

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

Secure Web Applications. The front line defense

Secure Web Applications. The front line defense Secure Web Applications The front line defense Agenda Web Application Security Threat Overview Exploiting Web Applications Common Attacks & Preventative techniques Developing Secure Web Applications -Security

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Reducing Fraud whilst Keeping Transactions in Motion

Reducing Fraud whilst Keeping Transactions in Motion Reducing Fraud whilst Keeping Transactions in Motion Fraud Today Following a decrease in 2012, fraud is on the rise again, and so are the costs involved in managing it. These factors are in turn driving

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes

More information

Protecting your business from some of the current fraud threats

Protecting your business from some of the current fraud threats Protecting your business from some of the current fraud threats This literature provides guidance on fraud prevention and is provided for information purposes only. Where noted the guidance provided has

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Christopher T. Van Marter Senior Deputy Prosecuting Attorney Chief White Collar Crime Unit Department of the Prosecuting Attorney

More information

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Jim Bray, Cyber Security Adviser InfoSight, Inc. Best Practices for protecting patient data Training and education is your best defense! Presented by Jim Bray, Cyber Security Adviser InfoSight, Inc. 2014 InfoSight Cyber Security starts with education

More information

2015 CENTRI Data Breach Report:

2015 CENTRI Data Breach Report: INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer

More information

Advice about online security

Advice about online security Advice about online security May 2013 Contents Report a suspicious email or website... 3 Security advice... 5 Genuine DWP contacts... 8 Recognising and reporting phishing and bogus emails... 9 How DWP

More information

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Safe Practices for Online Banking

Safe Practices for Online Banking November 2012 Follow these guidelines to help protect your information while banking online. At First Entertainment Credit Union, our goal is to provide you with the best all around banking experience.

More information

AN INDUSTRY APPROACH TO FRAUD PREVENTION The Current State of Play

AN INDUSTRY APPROACH TO FRAUD PREVENTION The Current State of Play AN INDUSTRY APPROACH TO FRAUD PREVENTION The Current State of Play This paper has been prepared by the Industry Policy unit of APCA in response to a request by the Australian Payments Forum for the purpose

More information

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Go Digital Kuranda Workshop Manual

Go Digital Kuranda Workshop Manual Go Digital Kuranda Workshop Manual Topic 5 Ecommerce Session 2 Get Set! Ecommerce in Depth 1 Topic 4 Ecommerce Session 1 Get Ready! Ecommerce Basics Session 2 Get Set! Ecommerce in Depth Session 3 Get

More information

ecommercial SAT ecommercial Security Awareness Training Version 3.0

ecommercial SAT ecommercial Security Awareness Training Version 3.0 ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account

More information

To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g

To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g The Internet offers the opportunity to bank and shop in safety whenever you want. More than 15 million people in the UK now use

More information

Securing mobile devices in the business environment

Securing mobile devices in the business environment IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information