FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager"

Transcription

1 FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager

2 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28, 2011 for the purpose of, 1) reinforcing the 2005 Guidance titled Authentication in an, and 2) providing an update to address current security threats within the Internet Banking environment by establishing expectations for institutions to implement additional controls for customer authentication, layered security, and consumer education and awareness. The FFIEC member agencies have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the supplement beginning January 1, This will provide institutions and their service providers with sufficient time to address the expectations as outlined in the new supplemental guidance. In summary, the supplement provides additional guidance for: Performing risk assessments continuously assess the threat environment, with focus on malware attacks, and maintain up-to-date controls as threats evolve, Implementing effective strategies for mitigating identified risks, including using different controls at various layers of the transaction to reduce risks of account takeovers and financial losses, and Raising customer awareness of potential risks, fraud prevention, and communicating to the financial institution about suspicious account activity. Risk Assessments Under the 2005 Guidance, institutions were directed to perform periodic Internet banking risk assessments and enhance their customer authentication controls as appropriate to address existing threats to customers Internet banking accounts. Under this guidance, institutions are expected to review and continually update their risk assessments: As new threats both internal and external are introduced, As new electronic banking services and customer functionality are implemented, or At least every 12 months. Additional factors should be considered in the updated risk assessments including 1) changes in the customer base adopting Internet banking, and 2) actual incidents of security breaches, identity theft, or fraud experienced by the institution or the industry. With the new guidance, the agencies are reiterating and stressing the expectation for financial institutions to perform periodic risk assessments at least annually FIS and/or its subsidiaries. All Rights Reserved. 2

3 Authentication for High-Risk Transactions High-risk transactions are defined as electronic transactions resulting in access to customer information or the movement of funds from customer accounts to other parties. The risk assessment should: Identify and risk-rate Internet banking activities and transactions, Assess the adequacy of existing controls, and As appropriate based on risk level, implement more robust mitigating controls. As not every Internet banking transaction has the same level of risk, the controls in place should be commensurate with the risk. In recent years, commercial Internet banking transactions tend to be higher risk, due to higher account balances, commercial type transactions, and larger transaction amounts. The new guidance suggests implementing layered security controls consistent with risk. For all commercial Internet banking customers, multi-factor authentication should be implemented. The new supplemental guidance includes an appendix titled Threat Landscape and Compensating Controls which discusses new threats such as keylogging malware, man-in-the middle, and man-in-the browser attacks, and identifies minimum control expectations which should be in place to provide the level of security that customers expect and that protect institutions from financial and reputation risk. Controls for mitigating these risks may be software tools that require interfacing with Internet banking systems or the institution s internal network infrastructure such as anti-malware software, transaction monitoring/anomaly detection software, out-of-band authentication and verification alerts, and USB devices providing session security. Layered Security Program Implementing various security controls at different points in a transaction process is layered security. Using this method, the strength of one control will generally compensate for the weakness in another control. The new guidance emphasizes the need for financial institutions to implement a layered approach to strengthen the security for high-risk Internet-based systems. Financial institutions will be expected to include the following two elements within their layered security program: 1) Detect and Respond to Suspicious Activity initial login/authentication and EFT transactions. Monitoring controls, both manual and automated, for detection and response to anomalous activity should be implemented to help prevent fraudulent high risk transactions such as ACH and wire transfers from being originated by unauthorized parties. Some examples of these types of controls are: Unusual login activity report Security alerts to end-users for password, , mobile phone number and security question/answer changes Large bill payment transaction report 2013 FIS and/or its subsidiaries. All Rights Reserved. 3

4 Bill payment new payee alerts to end-users ACH origination and customer summary reports Wire transfer summary reports Large transaction reports Large transaction alerts via or SMS text New payee alerts for ACH origination and wire transfers Transaction monitoring software for detecting unusual ACH transactions 2) Control of Administrative Functions for business customers, the layered security should include enhanced controls for system administrators to more effectively reduce fraud. Examples of detective and preventative controls are: Dual control for Cash Management administrator activity Mandatory dual control for ACH origination and wire transfer activity Administrator access restriction by IP address and time of day Out-of-band (e.g., via SMS, , phone call) authentication, verification, and alerts Transaction limits for high-risk transaction types Customer Awareness and Education Financial institutions are expected to increase their customer awareness and education efforts, providing advice to both retail and commercial account holders on security risks and recommendations on how to improve the security of their computers and browsers in order to mitigate vulnerabilities and attacks. Awareness and education efforts can be accomplished through security links on the institution s web site, branch lobby signs and brochures, customer educational seminars, and statement mailers. The agencies are requiring at a minimum, the financial institutions to implement the following elements for customer awareness and educational efforts: Disclosures providing explanation of protections provided, and not provided, to account holders relative to electronic funds transfers under Regulation E, applicable to the types of accounts with Internet access; Explanation that the institution will not contact the customer on an unsolicited basis to request the customer s electronic banking credentials; Suggestion to commercial Internet banking customers to perform a related risk assessment and controls review periodically; A list of risk mitigation controls that customers should implement to reduce their exposure to fraudulent account activity, or a listing of available resources where information concerning these controls may be found; and, 2013 FIS and/or its subsidiaries. All Rights Reserved. 4

5 Contact information at the financial institution for customers to use in the event they notice suspicious account activity or experience customer information security-related events. Examples of controls that customers may consider implementing to mitigate the risks of account takeover and fraudulent account activities are as follows: Maintain up-to-date operating system security patches and virus/spyware protection software; Implement firewall and intrusion detection/prevention software or services; Safekeeping and confidentiality of Internet banking authentication credentials; Implement dual control for initiating and approving high risk Cash Management transactions such as ACH origination and wire transfers; Daily account activity monitoring via Internet banking account transaction history review; Refraining from opening unsolicited and attachments; and Refraining from providing authentication credentials to callers claiming to be representing the financial institution. Action Plan Conduct an updated Internet banking risk assessment Implement appropriate layered security controls Work with Internet Banking and Cash Management service providers to implement additional layered controls. Ensure customers are provided with enhanced security awareness and education Perform ongoing periodic risk assessments Contact us FIS Enterprise Governance, Risk and Compliance (EGRC) Solutions FIS and/or its subsidiaries. All Rights Reserved. 5

Supplement to Authentication in an Internet Banking Environment

Supplement to Authentication in an Internet Banking Environment Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in

More information

ACI Response to FFIEC Guidance

ACI Response to FFIEC Guidance ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention

More information

FFIEC BUSINESS ACCOUNT GUIDANCE

FFIEC BUSINESS ACCOUNT GUIDANCE FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

FFIEC Authentication Guidance Examination in 2012: Are You Prepared?

FFIEC Authentication Guidance Examination in 2012: Are You Prepared? FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.

More information

Presented by: Mike Morris and Jim Rumph

Presented by: Mike Morris and Jim Rumph Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

Frequently Asked Questions on FFIEC Guidance on Authentication in an Internet Banking Environment. August 15, 2006

Frequently Asked Questions on FFIEC Guidance on Authentication in an Internet Banking Environment. August 15, 2006 Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Frequently

More information

Alternatives for Managing Commercial Payments Risk

Alternatives for Managing Commercial Payments Risk Alternatives for Managing Commercial Payments Risk FDIC Symposium Arlington, VA May 11, 2010 Deborah Shaw Managing Director, Network Enforcement & Risk Management NACHA The Electronic Payments Association

More information

Online Account Takeover. Roger Nettie

Online Account Takeover. Roger Nettie Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013 Session Outline Types of attacks Movement of funds Consumer

More information

Internet Banking Authentication Guidance is Out

Internet Banking Authentication Guidance is Out Brace Yourself: Updated d FFIEC Internet Banking Authentication Guidance is Out October 13, 2011 Paul Rainbow, Manager David Dyk, Manager 1 The material appearing in this presentation is for informational

More information

Information Technology. A Current Perspective on Risk Management

Information Technology. A Current Perspective on Risk Management Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Customer Security Awareness Education For Both Retail and Business Customers

Customer Security Awareness Education For Both Retail and Business Customers Customer Security Awareness Education For Both Retail and Business Customers For most of us the Internet has become a basic part of daily life. As the comfort level with the internet continues to grow

More information

Are All High-Risk Transactions Created Equal?

Are All High-Risk Transactions Created Equal? Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention

More information

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer

CYBERCRIME: What your Bank should be doing to Protect your Business. David Pollino Senior Vice President Fraud Prevention Officer CYBERCRIME: What your Bank should be doing to Protect your Business David Pollino Senior Vice President Fraud Prevention Officer Agenda Changing Landscape Case of Efficient Services Escrow Group Six key

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners Understanding It s Me 247 Security A Guide for our Credit Union Clients and Owners October 2, 2014 It s Me 247 Security Review CU*Answers is committed to the protection of you and your members. CU*Answers

More information

WHITE PAPER Moving Beyond the FFIEC Guidelines

WHITE PAPER Moving Beyond the FFIEC Guidelines WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

BEST PRACTICES IN COMBATING CYBERCRIME

BEST PRACTICES IN COMBATING CYBERCRIME BEST PRACTICES IN COMBATING CYBERCRIME SOUTHEAST BANKERS OUTREACH FORUM SEPTEMBER 30, 2014 Tony DaSilva, AAP, CISA Senior Examiner, Federal Reserve Bank of Atlanta The opinions expressed are those of the

More information

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud Presented by Tom Garcia President / CEO InfoSight, Inc. 2014 InfoSight What we ll cover today 1. The MFA & NACHA

More information

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide Best Practices Guide Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision Evolving security threats require the use of evolving controls and methods

More information

A Practical Guide to Anomaly Detection

A Practical Guide to Anomaly Detection A Practical Guide to Anomaly Detection Implications of meeting new FFIEC minimum expectations for layered security White Paper A Practical Guide to Anomaly Detection: Implications of meeting new FFIEC

More information

Online Banking Risks efraud: Hands off my Account!

Online Banking Risks efraud: Hands off my Account! Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary

More information

Get on First Base with your Regulators and Cyber Security

Get on First Base with your Regulators and Cyber Security Get on First Base with your Regulators and Cyber Security Secure Banking Solutions Chad Knutson 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance

More information

Keep Your Business Banking

Keep Your Business Banking Keep Your Business Banking Safe in the Digital Age By Erin Fonté As a business executive, you have many choices in conducting banking activities, including online and mobile banking options. But with increasing

More information

Securing Online Payments in ACH Client and Remote Deposit Express

Securing Online Payments in ACH Client and Remote Deposit Express Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 The Transaction Process 5 Layered

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

ROOBA SM. Frequently Asked Questions. Regions Out-of-Band Authentication. It s time to expect more. Regions Bank Member FDIC Revised 041415

ROOBA SM. Frequently Asked Questions. Regions Out-of-Band Authentication. It s time to expect more. Regions Bank Member FDIC Revised 041415 ROOBA SM Frequently Asked Questions Regions Out-of-Band Authentication It s time to expect more. Regions Bank Member FDIC Revised 041415 Frequently Asked Questions: ROOBA (Regions Out of Band Authentication)

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Securing Online Payments in ACH Client and Remote Deposit Express

Securing Online Payments in ACH Client and Remote Deposit Express IMAGING & PAYMENTS PROCESSING Securing Online Payments in ACH Client and Remote Deposit Express sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 Layered

More information

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only. Before acting on any ideas presented in this session;

More information

CORE Security and GLBA

CORE Security and GLBA CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com

More information

Operational Means to Fraud Mitigation and BSA/AML Compliance

Operational Means to Fraud Mitigation and BSA/AML Compliance Operational Means to Fraud Mitigation and BSA/AML Compliance Brad Johnson Director of Business Development Centrix Solutions Helen May SVP, Director of Operations Bank of Tampa www.centrixsolutions.com

More information

ACI SELF-SERVICE BANKING

ACI SELF-SERVICE BANKING DELIVERS CONTROL, CHOICE AND FLEXIBILITY PRODUCT FLYER ACI SELF-SERVICE BANKING SINGLE INTEGRATED PLATFORM FOR ONLINE, MOBILE AND VOICE EXTENSIBLE REAL-TIME CONSUMER AND BUSINESS TRANSACTIONS AND PAYMENTS

More information

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the

More information

Best Practices: Corporate Online Banking Security

Best Practices: Corporate Online Banking Security Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive

More information

Security Guidelines and Best Practices for Retail Online and Business Online

Security Guidelines and Best Practices for Retail Online and Business Online Best Practices Guide Security Guidelines and Best Practices for Retail Online and Business Online Evolving security threats require the use of evolving controls and methods to protect all transaction activity

More information

Online Banking Fraud Prevention Recommendations and Best Practices

Online Banking Fraud Prevention Recommendations and Best Practices Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

Online Cash Management Security: Beyond the User Login

Online Cash Management Security: Beyond the User Login Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

www2.acams.org/webinars ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security

www2.acams.org/webinars ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security www2.acams.org/webinars ACH/Wire and Online Banking Fraud: The Impetus Behind FFIEC s Guidance for Layered Security www2.acams.org/webinars Today s Presenters www2.acams.org/webinars BRENDAN BROTHERS Co-Founder

More information

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014) Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

E-Banking Regulatory Update

E-Banking Regulatory Update E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org

More information

Best Practices: Reducing the Risks of Corporate Account Takeovers

Best Practices: Reducing the Risks of Corporate Account Takeovers Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States

More information

CU*BASE AND THE FFIEC SUPPLEMENT TO AUTHENTICATION IN AN INTERNET BANKING ENVIRONMENT

CU*BASE AND THE FFIEC SUPPLEMENT TO AUTHENTICATION IN AN INTERNET BANKING ENVIRONMENT August 5, 2015 CU*BASE AND THE FFIEC SUPPLEMENT TO AUTHENTICATION IN AN INTERNET BANKING ENVIRONMENT Your Guide to Compliance LEGAL DISCLAIMER The information contained in this document does not constitute

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Security Bank of California Internet Banking Security Awareness

Security Bank of California Internet Banking Security Awareness Security Bank of California Internet Banking Security Awareness INTRODUCTION Fraudsters are using increasingly sophisticated and malicious techniques to thwart existing authentication controls and gain

More information

An IBA Preferred Service Provider CISSPs, CISAs, CISMs, CRISCs, CPAs The Customer Awareness Control. my.infotex.com Page 1 of 12

An IBA Preferred Service Provider CISSPs, CISAs, CISMs, CRISCs, CPAs The Customer Awareness Control. my.infotex.com Page 1 of 12 my.infotex.com Page 1 of 12 Executive Summary: Within the context of your existing Awareness Training Program, the new FFIEC Supplement requires that you focus on customer awareness controls. Meanwhile,

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

THOUGHT LEADERSHIP FIGHTING ONLINE FRAUD: AN INDUSTRY PERSPECTIVE VOLUME 3

THOUGHT LEADERSHIP FIGHTING ONLINE FRAUD: AN INDUSTRY PERSPECTIVE VOLUME 3 THOUGHT LEADERSHIP FIGHTING ONLINE FRAUD: AN INDUSTRY PERSPECTIVE VOLUME 3 1 TABLE OF CONTENTS INTRODUCTION... 3 CYBERCRIME AND ONLINE FRAUD: AN EVOLVING THREAT... 3 FIGHTING ONLINE FRAUD REQUIRES A MULTI-LAYERED

More information

Information Security Awareness

Information Security Awareness Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation

More information

Transforming the Customer Experience When Fraud Attacks

Transforming the Customer Experience When Fraud Attacks Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking

More information

DNA of Cybersecurity Risks. Credit Union Executive Leadership Symposium

DNA of Cybersecurity Risks. Credit Union Executive Leadership Symposium DNA of Risks Credit Union Executive Leadership Symposium CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited 2016 CUNA Mutual Group, All Rights Reserved. What s in store for

More information

Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES

Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

Top Fraud Trends Facing Financial Institutions

Top Fraud Trends Facing Financial Institutions Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond

More information

RSA Web Threat Detection

RSA Web Threat Detection RSA Web Threat Detection Online Threat Detection in Real Time Matthew Joseff, Sr. Technology Evangelist, RSA 2 RSA Web Threat Detection Online Threat Detection in Real Time Matthew Joseff, Sr. Technology

More information

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization

More information

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Takeover & Information Security Awareness. Customer Training Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN

More information

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC. Top Ten Fraud Risks That Impact Your Financial Institution Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC Agenda Education on understanding the fraud risk Take away.. Education to

More information

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers WHITE PAPER Fighting Banking Fraud Without Driving Away Customers Effective Methods for Targeting Cybercrime in Financial Services Table of Contents Introduction 1 Stopping Fraud: One Goal Among Many 2

More information

Questions You Should be Asking NOW to Protect Your Business!

Questions You Should be Asking NOW to Protect Your Business! Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional

More information

Online Banking Customer Awareness and Education Program

Online Banking Customer Awareness and Education Program Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Account-to-Account Transfer Services Risk

Account-to-Account Transfer Services Risk Account-to-Account Transfer Services Risk This white paper is part of the Risk Management White Paper Series, which CUNA Mutual Group provides exclusively to its Bond policyholders. TABLE OF CONTENTS Table

More information

Phishing for Fraud: Don't Let your Company Get Hooked!

Phishing for Fraud: Don't Let your Company Get Hooked! Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

UF IT Risk Assessment Standard

UF IT Risk Assessment Standard UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved

More information

Guideline on Auditing and Log Management

Guideline on Auditing and Log Management CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius

More information

LogRhythm and NERC CIP Compliance

LogRhythm and NERC CIP Compliance LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate

More information

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Cybersecurity Issues for Community Banks

Cybersecurity Issues for Community Banks Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging Log Management Standard Effective Date: 7/28/2015 1.0 INTRODUCTION The California State University, Chico system/application log management standard identifies event logging requirements, log review frequency,

More information

2015 CENTRI Data Breach Report:

2015 CENTRI Data Breach Report: INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer

More information

Multi-Factor Authentication of Online Transactions

Multi-Factor Authentication of Online Transactions Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best

More information

Securing Online Payments in the EPS Merchant and Partner Portals

Securing Online Payments in the EPS Merchant and Partner Portals IMAGING & PAYMENTS PROCESSING Securing Online Payments in the EPS Merchant and Partner Portals sales@profitstars.com 877.827.7101 Contents Overview 3 Purpose 3 Customer/Member Education 4 Threats 4 Layered

More information

Business Online Banking & Bill Pay Guide to Getting Started

Business Online Banking & Bill Pay Guide to Getting Started Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re

More information

University of Cincinnati FACTA Red Flag Identity Theft Prevention Program

University of Cincinnati FACTA Red Flag Identity Theft Prevention Program FACTA Red Flag Identity Theft Prevention Program FACTA Red Flag Policy Program, page 1 of 6 Contents Overview 3 Definition of Terms 3 Covered Accounts..3 List of Red Flags 3 Suspicious Documents...4 Suspicious

More information

CORPORATE ACCOUNT TAKEOVER INFORMATION FOR ACH ORIGINATORS/BUSINESS INTERNET BANKING CUSTOMERS (2015)

CORPORATE ACCOUNT TAKEOVER INFORMATION FOR ACH ORIGINATORS/BUSINESS INTERNET BANKING CUSTOMERS (2015) CORPORATE ACCOUNT TAKEOVER INFORMATION FOR ACH ORIGINATORS/BUSINESS INTERNET BANKING CUSTOMERS (2015) Please review this important information regarding the ACH Origination and/or Internet Banking services

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information