How crime can undermine the convenience of cash

Size: px
Start display at page:

Download "How crime can undermine the convenience of cash"

Transcription

1 How crime can undermine the convenience of cash White Paper next >

2 > How crime can undermine the convenience of cash 3 > Three categories of attack scenarios 5 > Protection against physical attacks 5 > Protection against logical attacks 7 > Protection against fraud attacks 11 > The customer experience continues after the withdrawal 13 > 10 recommendations for greater ATM security 14 > Outlook: Good security solutions think ahead 17 2 of 18

3 How crime can undermine the convenience of cash Cash remains a popular and in many cases the primary means of payment for billions of consumers around the world. Eager to serve them, retail banks have raced to expand their ATM networks, offering 24/7 cash self-service in an ever-growing number of locations. Today, consumers around the world withdraw cash from ATMs five times a month on average. Unfortunately, when it comes to cash, there seems to be no shortage of criminal ingenuity. Year after year, criminals continue to find innovative ways to manipulate ATMs. Their attention is no longer confined to physical manipulation such as card skimming and cash-card trapping but has widened to include logical, software-based attacks. In the past, self-service terminals operated in a largely proprietary environment that delivered a high level of security. Today, however, they are exposed to a range of threats arising from the adoption of common technology, open standards and the nature of the Internet with its standardized web-based technologies, e.g. HTML, web services, etc. However, all the blame cannot be placed on the migration to modern technology alone; the lack of adequate security processes and procedures, insufficient security management and monitoring and even customer behavior all play a major role. Delivering protection and security is a never-ending battle, which can be costly from both a financial and time perspective. In 2014, the European ATM Security Team (EAST) 1 reported more than 17,700 physical attacks on Europe s some 400,000 ATMs. Total damages reached million, up 13 percent from the year before. During the same time, EAST collected statistics for ATM malware after the first incidents were reported in Western Europe. The 51 incidents reported incurred losses of 1.23 million from cash out or jackpotting attacks. 1 EAST European ATM Crime Report of 18

4 On the other hand, upcoming security breaches cause not only financial damages; they undermine client trust, which is absolutely essential for successful banking. In an environment where banks cannot afford to lose credibility but where criminal minds show no lack of fatigue, banks need reliable IT partners able to invest in both people and technology to combat fraud successfully. Even more importantly, they need partners with years of experience and expertise in fighting criminal attacks on unmanned cash systems. Three categories of attack scenarios Essentially, ATM attack scenarios fall into three categories: physical, logical and fraud. Common physical manipulations of ATMs include skimming, cash and card trapping, as well as destruction through explosions and vandalism. Logical attacks range from hacking to malware and the exploitation of what is known as zero-day vulnerabilities. Known methods of fraud include the use of stolen debit and credit cards as well as a manipulation of of the withdrawal process. 365-degree protection The challenge of developing successful security solutions lies in being familiar with all current attack scenarios and preventing them from ever being used while at the same time anticipating new methods. The ideal solution not only provides comprehensive 360-degree system protection but also does so 365 days a year. Logical Attacks Physical Attacks i t y S e c u r F ra u d Atta c ks 4 of 18

5 Security through the onion (layered) system Such all-round protection is based on adopting a layered or onion strategy to security. Similar to an onion, ATMs are surrounded by software and hardware layers that protect the systems not only against unauthorized access to the safe, cassettes, operating system and other terminal applications but also against the execution of any installed malware. Protection against physical attacks Data/Cash Physical Attacks Observation and detection of manipulations to the façade Card readers (motorized/dip card readers) are EMV Level 1 certified Detection of and protection against card trapping attacks Detecting or disturbing skimming attacks Sensor-based detection of output tray manipulation Camera-controlled detection of tampering with the ATM s fascia Locks protect cassettes against unauthorized access to banknotes Inking technology makes banknotes unusable after burglary or ram raids Prevention of collateral damage during explosive or gas attacks For years, skimming has been a popular technique to manipulate ATMs. With this technique, data from the card s magnetic stripe is captured by a concealed reading device that is attached to the card mouth slot. To record the respective card s PIN, an overlay is placed over the ATM s PIN pad or a hidden camera is used on or near the ATM. 5 of 18

6 This process is often referred to as PIN spy-out. These overlays (capture devices) are remarkably realistic and difficult to recognize for bank customers but also for branch employees. Special antiskimming modules can be integrated close to the card input slot, with the anti-skimming device generating a disturbing field with random frequencies against card data capturing. The anti-skimming device and optical solutions can be used to detect this kind of manipulation and prevent alterations to the ATM. Another form of ATM manipulation is cash-trapping. This technique entails placing a cash-trapping device in front of the cash output tray thereby blocking the cash from being presented. The cash-trapper is fitted with an industrial adhesive tape or clamps and thus cannot be pushed from its position, which means the dispensed cash cannot be retracted. In the majority of cases, customers confronted with this form of manipulation assume that the ATM is faulty and notify the ATM operator. Unlike card skimmers, which can be positioned and operated over a long period of time, cash trappers must be collected after every successful attack and placed back on the ATM façade after the cash has been harvested. Optical sensors can be installed within the ATM to check the banknote output slot for any anomalies, preventing notes from being transported or presented to the customer in the event of manipulation. Alternatively, a mechanical solution with two different metal wings on the cash output shutter could be deployed. Card-trapping involves the use of a simple fixture to prevent the card that has been inserted into the card reader from being returned to the customer after a successful cash transaction. As with cash-trapping, the card-trapping devices must be harvested and refitted after every successful attack. Card-trappers can be countered with mechanical devices that do not allow such trappers to be inserted into the card-reader itself or through a mechanical process whereby a fitted card-trapper is identified. Other physical attacks include brute force attacks whereby heavy equipment is used to tear out an entire ATM from the wall. While not preventing such attacks from taking place, structure-borne noise, vibration or anchoring sensors will, however, immediately issue an alarm event to the listening security center. In certain countries/regions, the use of explosives has become a popular attack within some criminal circles. This type of attack 6 of 18

7 entails the insertion of either gas or solid explosives into the safe via the cash slot door. Even if this attack is not successful, it can be quite costly. Collateral damage to buildings causes financial damage that is far greater than the loss of the ATM or, for that matter, the money contained within. There are two approaches to averting such brute force attacks: The first one is to prevent access to cash by equipping ATMs with safes that can t be opened with explosives. These are known as certified ExGas safes. The second is to reduce the attractiveness of an attack by making the stolen cash unusable. The cash contained within ATM cassettes can be protected with an staining system that reacts to certain manipulation parameters, movement or force being applied. The ink cartridges stain the banknotes, rendering them worthless. Signs in branches and on ATMs indicating the deployment of inking technology have also been known to discourage physical attacks from the onset. Protection against logical attacks Data/Cash Logical Attacks Protection against unauthorized booting & access to ATM hard disk Behavioral monitoring File integrity management Protection against unauthorized use of system resources Need to Know Need to Have access control and OS hardening Transaction Integrity via MACing Support for secure communication via SSL/HTTPs Allowing only authorized incoming/outgoing communication Branded and card holder data 7 of 18

8 Various statistics have identified that, over the last few years, the growth in cyber crime or logical attacks has continued, if not accelerated, in the financial services industry. According to Deloitte Center for Financial Services, in the U.S. alone, the financial services sector lost $23.6 million from cybersecurity breaches in This represents the highest average loss across all industries, including retail, defense, energy, hospitality, etc. To underscore the rapid rise in cyber threats, there was an increase of 43.9% compared to the year before (2012), when the financial services industry was ranked third after the defense and utilities & energy industries. Figures collected by EAST (European ATM Security Team) for 2014 showed that ATM malware attacks racked up losses of 1.23 million from cash out or jackpotting attacks. These figures confirm those published by Verizon in its 2014 Data Breach Investigations Report 3, showing not only that the financial sector is the target of choice but that logical attacks are the method of choice. Number of breaches per threat action category oder time (Source: Verizon 2014 Data Breach Investigations Report) Hacking Malware Social Physical Misuse Error Figure 1 Number of breaches per threat action category over time While this may not come as a surprise, what is surprising is the targeted asset of choice. According to the same report, organized crime while also targeting back office, payment and core banking applications, etc. focuses on points of customer interaction such as ATMs and POS terminals (figure 2). 2 Source: Deloitte Center for Financial Services, 2014: Transforming cybersecurity: New approaches for an evolving threat landscape. 3 Source: Verizon 2014 Data Breach Investigations Report 8 of 18

9 Victim Industry Region of Operation Common Actions Targeted Assets Desired Data Organized Crime Finance Retail Food Eastern Europe North America Tamering (Physical) Brute force (Hacking) Spyware (Malware) Capture stored data (Malware) Adminware (Malware) RAM Scraper (Malware) ATM POS controller POS terminal Database Desktop Payment cards Credentials Bank account info Figure 2 Points of customer interaction are preferred targets for cyber criminals When it comes to logical attacks, cyber criminals are adopting evermore creative and sophisticated tactics. It just blows you away how sophisticated these folks are in thinking this stuff up, said Bryan Sartin, director of the team at Verizon Communications that investigates all types of data breaches. The biggest coup to date was in early 2015 when the malware Carbanak was found on the IT systems of at least 100 banks in 30 countries. The spyware allowed hackers to infect computer systems with malware that allowed them to observe the functions and tasks that users performed on their systems. In the case of Carbanak, cyber criminals broke into bank systems, observed employees over a long period of time and then imitated their typical behavior patterns. The warning mechanisms failed to detect the fraudulent transactions. According to various reports, the criminals not only transferred money to their own accounts but also manipulated ATMs to dispense money at selected ATMs at a certain time to be collected by an accomplice. 9 of 18

10 It is suspected that the criminals were able to steal between $2.5 and $10 million ( 2.2 to 8.8 million) from each bank, representing a potential total loss of up to $1 billion. Ploutus is another strain of malware that is primarily deployed for ATM attacks. Installed on an ATM s drive via a USB stick or CD- ROM, Ploutus enables criminals to trigger the dispensing of all cash from the ATM outside of a normal transaction process. Logical attacks can be prevented by ensuring that ATMs check all software requests for legitimacy in an isolated environment. This can be accomplished by sandboxing the respective software layers. This principle guards access to resources such as data, the operating system and all internal/external communication channels. Depending on the assigned sandbox, access (read/write/ execute, etc.) is either granted or denied, thereby preventing unauthorized behavior. Communications between the ATM s embedded computer and the central bank s server can also be attacked (man-in-the-middle attacks). Secured communication channels together with Message Authentication help ensure that data cannot be intercepted or manipulated while in flight. Another issue that is relatively invisible to the industry is the decommissioning of systems. This spare parts market, while catering to organizations legitimately seeking inexpensive equipment to refurbish older ATMs, also offers criminal groups the means to retrieve core system intelligence and practice their developed techniques. By analyzing the hardware, software stacks, communications between individual components, etc., they are able to tailor their attack vectors to particular types of terminal, even taking the system s number of cash cassettes into consideration. Hard disk encryption, for instance, would prevent criminals from reading the software and data and preparing large-scale attacks. 10 of 18

11 Data/Cash Protection against fraud attacks Fraud Attacks Transaction monitoring & behavioral scoring Channel authentication (device authentication, IP profiling, biometrics) Strong authentication (password, PIN, biometrics OTP, CVV, 3DS) Device protection Regulatory compliance (PCI DSS, EMV, ISO 27001) A widespread type of ATM fraud is the misuse of copied or skimmed cards. In this fraud, stolen card data is written to the magnetic stripe of a card and can be used to carry out transactions at the cost of cardholders. The introduction of the EMV chip, commonly referred to as Chip and PIN, has reduced this type of fraud, but in most cases, the copied cards are used in non-emv countries where card data is still read exclusively from magnetic stripes. If the misuse remains undetected, cardholders can face enormous losses on their accounts. There are several ways of blocking this form of attack. One way is the implementation of geo-blocking whereby cards (debit/credit) have to be explicitly permitted to be used outside their originating country/region. Another way is via behavioral monitoring. Such solutions utilize behavior patterns to immediately recognize anomalies in withdrawals. They are able to detect unusually frequent withdrawals with high amounts over a short period of time and at different locations in real time and subsequently block the terminal. 11 of 18

12 Such a fraud management solution would have recognized the spectacular hacker attack on an IT service provider two years ago, when criminals canceled the limits for credit card withdrawals and withdrawal teams swarmed out around the world using copies of only 20 credit cards to withdraw a total of 34 million in 23 countries within just a few hours. Another type of manipulation is known as transaction reversal fraud. With this technique, the criminal uses a valid card to withdraw cash but only removes some of the banknotes from the cash dispenser, leaving a number of notes in the dispenser mechanism. The ATM detects that the notes have not been taken, considers the transaction uncompleted and therefore retracts the cash for security reasons. However, when retracting the banknotes, the terminal doesn t recognize that some notes are missing and subsequently cancels the posting. An error during the dispensing process can also be caused by mechanical manipulation. In this way, criminals can carry out repeated manipulations using the same card. At end of the day, large sums of money are missing, since the actual amount of cash in the ATM is lower than it should be according to the software protocol. This manipulation method can be countered with the help of software that monitors all process steps after the authorization of the transaction and during the withdrawal and immediately recognizes anomalies. Manipulation attempts are detected and can be stopped instantly. Comprehensive prevention of payment transaction-related misuse requires highly intelligent transaction monitoring that links cardbased transactions with those from online and mobile banking, evaluates them in real time and prevents withdrawals if there is a suspicious history, for example credit transfers from suspect accounts or at illogical times or locations. 12 of 18

13 The customer experience continues after the withdrawal Given all the criminal activity buzzing around ATMs, customer confidence is essential to financial institutions and must be preserved at all costs. Banks need to protect their customers not only from transaction tricks at ATMs but also from unauthorized access to data flowing between ATMs and bank databases. Software solutions must ensure that communications are secured not only in the individual channels but across the entire network. These solutions use industry standards such as EMV and the Payment Card Industry Data Security Standard (PCI DSS), deploy best practices and can also be used on multivendor banking systems as well as across different sectors, for example on POS systems in the retail sector. To ensure the greatest possible security of their ATMs, cash recyclers and self-service terminals today and in the future, vendors should work closely with the ATM Security Association (www.atmsecurityassociation.com). One of the primary goals of the association is to create security standards for combating both hardware- and software-related threats. 13 of 18

14 10 recommendations for greater ATM security Security should not just encompass software or hardware but also processes and policies. It should cover the whole range from software deployment to cash handling, thus covering any avenue that the criminals might attempt to exploit. 1. Regular maintenance The older the self-service terminal is, the more attractive it is to criminals. Old systems are attacked because they typically lack the latest security features. Banks should always keep their hardware and software up to date. ATMs require regular hardware maintenance to detect whether skimming modules have been attached or additional keyboards, mobile phones or drives have been connected to the internal computer. At the same time, the software should be checked regularly to determine whether it is up to date or has been changed. The operating system should be updated regularly. Many ATMs still use older Windows operating systems. Windows XP remains widespread, even though Microsoft has discontinued its support and thus fails to meet PCI compliance. A supported operating system such as Windows 7 is recommended. Applications should always be up to date and meet the PCI requirements. 2. BIOS security The BIOS should be hermetically sealed so that the system cannot be started via unauthorized media such as CD-ROMs or USB sticks. 3. Protected communication Communication with cash handling devices, card readers and encrypted PIN pads needs to be protected. Data traffic for the above-mentioned devices should be encrypted so that intercepted data is rendered useless. Attacks like Black Box could have been prevented if encrypted communication between the PC unit and the dispenser module had been activated. 4. Operating system hardening Operating system hardening and an ATM Security Governance framework should be employed. The disabling of unnecessary ser- 14 of 18

15 vices, applications, etc., and the maintenance of proper user access policies are necessary ingredients for a secure modern self-service environment. The Microsoft Windows operating system was developed for desktops with the home PC market in mind. With Windows 7 and 8, Microsoft placed special emphasis on mobile and surface usage. Containing programs and services primarily for the non-embedded (self-service terminal) segment, these offer potential vulnerabilities (zero-day) for criminals and their malware. Unnecessary Windows programs, services, etc. should be disabled/ removed from self-service systems to close potential security gaps. Operating system hardening in accordance with PCI Data Security Standards should be enforced as a minimum. 5. Protected access to self-service terminals for technical staff Dedicated operating processes should be introduced for technical staff so that only those employees have access based on Need to Know Need to Have principles. Good user privilege governance can reduce potential internal attack vectors significantly. A review of all system and user configurations/settings should be performed and those found to be self-service-incompatible removed or disabled. Similarly, from a physical perspective, calibration/configuration of the self-service terminal s cassettes and security sensors should not be possible with appropriate authentication. 6. Protection against malware and hacking via end-point protection Over the last few years, numerous attacks on ATMs have been successfully initiated by booting the ATM via a bootable CD-ROM, usually with a Linux variation (see: and in particular Infection Mode ). Once booted, the attackers copy their malware onto the ATM s hard disk. With their malware on the machine, the attackers reboot the ATM, using the standard boot process. While 100% protection does not exist, much can be done to make it next to impossible for criminals to succeed. Ideally, ATM s operators should use an end-point terminal security solution specifically designed for the self-service environment that delivers seamless protection for self-service terminals against the various forms of software attacks, whether it is protection against booting from removable mediums, sandboxing of the various self-service termi- 15 of 18

16 nal software layers, hardening of the Microsoft operating systems or de-encryption of the self-service terminals hard disks. 7. Encryption of the hard disk Security is greatly enhanced through hard disk encryption. Even if criminals manage to physically get their hands on the entire hard disk, they are unable to make use of it. The installed encryption software ensures that they can neither read data from the hard disk for use in fraud attacks nor install malware. 8. Security for off-shore (ISOs/IADs) self-service terminals ATMs that are not in the banking network but located in retail stores shopping malls, for example should not be operated via an Internet connection using open-source VPNs. Such infrastructures do not offer the security required and may enable criminals to retrieve information on the software installed (stack), operating system updates deployed (or not) and cassette cash totals. Additionally, such infrastructures could allow man-in-the-middle attacks or jackpotting to take place via so-called zero-day exploits. In remote locations, the ATM should additionally be firmly fixed to the floor with an anti-lasso device so that the system cannot be torn out. Real-time monitoring together with strong TLS/SSL and message authentication should be deployed in general but especially in such off-site locations. 9. Reducing the risk of damage through detonation and theft By using special ExGas safes, banks can prevent collateral damage in branches due to explosive attacks on ATMs from the outset. 10. Monitoring systems and transactions Seamless real-time monitoring of transactions across all channels and the consolidation of the acquired information creates security, since anomalies concerning withdrawals or cardless transactions can be detected on the basis of behavior patterns in order to prevent manipulations. Fraud correlation systems utilize a holistic, dynamic security approach, taking information retrieved from all security systems e.g. sensors, anti-skimming modules, alarm systems and video surveillance, etc. into consideration. Messages from these systems are registered, correlated and compared on the basis of predefined parameters. Deviations or irregularities are detected, reported and can be analyzed immediately. As a result, protection against attacks like skimming, cash trapping or detonation can be increased significantly. 16 of 18

17 Outlook: Good security solutions think ahead As technology advances, so does the ingenuity of criminals. Ploutus was followed by Carbanak, and presumably some cyber criminal has already developed the next generation of malware. With the increasing spread of smartphones and their use for banking and payment transactions, attacks on these channels are becoming more attractive and therefore more frequent. While particular media used to be considered safe, multi-level Trojans now not only intercept PINs used for online banking but also text messages on mobile phones containing TANs. These interlinked attacks, which are no longer made only via one channel but rather tamper with several devices and transmission channels, are increasing dramatically and will continue to do so. Even outside the virtual realm, banks face previously unknown attacks. Ever since the introduction of the infrared camera as a smartphone accessory, criminals only have to be next in line at the ATM or payment terminal in the supermarket and take a picture of the keypad. Different shades of color show which keys were pressed and the order of depression. New encrypted PIN pads dissipate the warmth from the fingers more quickly and diffusely, making the spying out of PINs next to impossible. In the battle to keep cash transaction terminals profitable and safe to use for their customers, banks need to stay one step ahead of criminals by deploying the latest security solutions. That is in their best interest, both from a financial and trust perspective. 17 of 18

18 Published by Wincor Nixdorf International GmbH Heinz-Nixdorf-Ring Paderborn Germany Phone: +49 (0) / Wincor Nixdorf International GmbH Published: May of 18 < back

ATM FRAUD AND COUNTER MEASURES

ATM FRAUD AND COUNTER MEASURES ATM FRAUD AND COUNTER MEASURES GENESIS OF ATMs An automated teller machine was first introduced in 1960 by City Bank of New York on a trial basis. The concept of this machine was for customers to pay utility

More information

Name of the Project: e.g. Organization Development. By Roland Cheung @HKCERT

Name of the Project: e.g. Organization Development. By Roland Cheung @HKCERT Name of the Project: e.g. Organization Development By Roland Cheung @HKCERT Agenda Malware Trend Security Risk on Industry Sector Case Study Security Mitigations Malware Trend Reason Fun Profit Direct

More information

Video Intelligence Platform

Video Intelligence Platform Security Whitepaper Five Tips to Fight ATM Skimming ATM skimming is a global crime that incurs annual losses of $1 billion. At the basic level, thieves seek to extract cash from bank accounts; however,

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

ATM Fraud and Security

ATM Fraud and Security WHITE PAPER ATM Fraud and Security Minimizing loss, mitigating risk and maintaining consumer confidence in the ATM channel Since the introduction of the first automated teller machine (ATM) in 1967, perpetrators

More information

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

White Paper: Are there Payment Threats Lurking in Your Hospital?

White Paper: Are there Payment Threats Lurking in Your Hospital? White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY

More information

PAYMENT SECURITY. Best Practices

PAYMENT SECURITY. Best Practices PAYMENT SECURITY Best Practices At VeriFone, the protection of cardholder information is a top priority. To ensure merchants have secure payment solutions for their customers, and to help protect merchants

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

Franchise Data Compromise Trends and Cardholder. December, 2010

Franchise Data Compromise Trends and Cardholder. December, 2010 Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee

More information

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online. 1 February 2010 Volume 2, Issue 1 The Merchant Serving Florida State University s Payment Card Community Individual Highlights: Skimming Scam 1 Skimming at Work 2 Safe at Home 3 Read your Statement 4 Useful

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY FRAUD ALERT THESE SCAMS CAN COST YOU MONEY Phishing spear phishing vishing smishing debit card skimming fake check scams THE COMMON SENSE PRECAUTIONS INSIDE CAN KEEP YOU SAFE! SCHEMES SCAMS FRAUDS Criminals

More information

March 2014. Skimming Prevention Kit. For Business Owners 1

March 2014. Skimming Prevention Kit. For Business Owners 1 Skimming Prevention Kit For Business Owners 1 Contents Introduction:... 3 Debit Card Fraud:... 3 What is Debit Card Skimming?... 3 Who is Affected?... 3 Impact on Consumers... 3 Impact on Financial Institutions...

More information

Securing Remote Vendor Access with Privileged Account Security

Securing Remote Vendor Access with Privileged Account Security Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials

More information

PCI DSS: An Evolving Standard

PCI DSS: An Evolving Standard White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Why Data Security is Critical to Your Brand

Why Data Security is Critical to Your Brand Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009 Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

DATA SECURITY: EVERYTHING YOU NEED TO KNOW

DATA SECURITY: EVERYTHING YOU NEED TO KNOW DATA SECURITY: EVERYTHING YOU NEED TO KNOW! Data Breaches: Where, What and Why! Federal and State Regulations to Protect Data! EMV Chip Technology! PIN or Signature?! Existing and Emerging Security Options!

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Cyber Security Response to Physical Security Breaches

Cyber Security Response to Physical Security Breaches Cyber Security Response to Physical Security Breaches INTRODUCTION Physical break-ins and other unauthorized entries into critical infrastructure locations, such as electrical power substations, have historically

More information

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

Payment Card Industry (PCI) Policy Manual. Network and Computer Services Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology

More information

Payments Fraud: It's Not Fun & Games

Payments Fraud: It's Not Fun & Games Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice

More information

Statement of Stephen W. Orfei General Manager PCI Security Standards Council

Statement of Stephen W. Orfei General Manager PCI Security Standards Council Statement of Stephen W. Orfei General Manager PCI Security Standards Council Before the Committee on Financial Services, United States House of Representatives Protecting Consumers: Financial Data Security

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Langara College PCI Awareness Training

Langara College PCI Awareness Training Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Data Security for the Hospitality

Data Security for the Hospitality M&T Bank and SecurityMetrics Present: Data Security for the Hospitality Industry Featuring Lee Pierce, SecurityMetricsStrategicStrategic Accounts Dave Ellis, SecurityMetrics Forensic Investigator Doug

More information

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention

More information

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

SECURITY IS EVERYONE S RESPONSIBILITY. Group Security. ATM Card Skimming and PIN Capturing Customer Awareness Guide

SECURITY IS EVERYONE S RESPONSIBILITY. Group Security. ATM Card Skimming and PIN Capturing Customer Awareness Guide SECURITY IS EVERYONE S RESPONSIBILITY Group Security ATM Card Skimming and PIN Capturing Customer Awareness Guide What is ATM Card Skimming and PIN Capturing? ATM Skimming and Personal Identification Number

More information

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers

More information

IQware's Approach to Software and IT security Issues

IQware's Approach to Software and IT security Issues IQware's Approach to Software and IT security Issues The Need for Security Security is essential in business intelligence (BI) systems since they have access to critical and proprietary enterprise information.

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009 AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application

More information

Prevention Is Better Than Cure EMV and PCI

Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

Best Practices in Account Takeover

Best Practices in Account Takeover WHITEPAPER Best Practices in Account Takeover July 2013 2 Table of Contents Introduction 3 Account Takeover is Painful 4 Differences between Account Takeover and Account Compromise 4 Why Account Compromise

More information

VALTX ABSOLUTE SECURITY

VALTX ABSOLUTE SECURITY VALTX ABSOLUTE SECURITY Technical Whitepaper Securing Endpoint Computers with Absolute Certainty - Combating Cyber Warfare, Cyber Crime, Cyber Espionage & Cyber Terrorism Dennis Meharchand CEO, Valt.X

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv

PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE

More information

Anti-skimming ATM Lobby Card Access Control

Anti-skimming ATM Lobby Card Access Control Anti-skimming ATM Lobby Card Access Control READER Anti-skimming ATM Lobby Card Access Control Skimming is growing a world-wide problem. Nowadays, increasing facts of skimming attacks on ATM Access Control

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Injazat s Managed Services Portfolio

Injazat s Managed Services Portfolio Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.

More information

Your Customers Want Secure Access

Your Customers Want Secure Access FIVE REASONS WHY Cybersecurity IS VITAL to Your retail Businesses Your Customers Want Secure Access Customer loyalty is paramount to the success of your retail business. How loyal will those customers

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Statement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the

Statement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the Statement of Carlos Minetti Discover Financial Services Before the Subcommittee on Oversight and Investigations of the Committee on Financial Services United States House of Representatives July 21, 2005

More information

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches. Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown

More information

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM tokenex.com OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM A TokenEx Case Study Case Study OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM TABLE OF CONTENTS Understanding Data Security

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions File Integrity Monitoring Challenges and Solutions Introduction (TOC page) A key component to any information security program is awareness of data breaches, and yet every day, hackers are using malware

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

2015 CENTRI Data Breach Report:

2015 CENTRI Data Breach Report: INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF

More information

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing Kaspersky Fraud Prevention platform: a comprehensive solution for secure Today s bank customers can perform most of their financial operations online. According to a global survey of Internet users conducted

More information

W.A.R.N. Passive Biometric ID Card Solution

W.A.R.N. Passive Biometric ID Card Solution W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 The most significant trend is decreasing paper payments and increasing electronic payments. Many organizations are also seeing

More information

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants UT System Administration Information Security Office Agenda Overview of PCI DSS Compliance versus Non-Compliance PCI

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

DATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union 3/18/2015

DATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union 3/18/2015 DATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union TABLE OF CONTENTS Data Breach Trends Financial Institutions Impact How First Citizens

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Selecting the right cybercrime-prevention solution

Selecting the right cybercrime-prevention solution IBM Software Thought Leadership White Paper Selecting the right cybercrime-prevention solution Key considerations and best practices for achieving effective, sustainable cybercrime prevention Contents

More information

Global IT Security Risks

Global IT Security Risks Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation

Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation June 2009 Cairo, Egypt Joanna P. Crane Identity Theft Program Manager Senior Attorney The views

More information

10 Top Tips for Data Protection in the New Workplace

10 Top Tips for Data Protection in the New Workplace 10 Top Tips for Data Protection in the New Workplace Balancing Workplace Security with Workforce Productivity One of the key things that keeps CIOs awake at night, is worrying about the loss or leakage

More information