THE FFIEC CHALLENGE A Call for Reliable Authentication
|
|
- Homer Williams
- 8 years ago
- Views:
Transcription
1 THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT
2 Agenda The FFIEC Challenge Current/Future Authentication Scenarios The Authentication Risk Assessment Customer Security Awareness Evaluation Authentication Vendors/Technology Options Questions/Comments/Discussion 2
3 The FFIEC Challenge New Accounts & Other Frauds Misuse of Existing Accounts (credit card & non-credit card) All Identity Theft Number of Persons 3.25 Million 6.68 Million 9.93 Million Loss to Financial Institutions $32.9 Billion $14 Billion 46.9 Billion Loss to Victims $3.8 Billion $1.1 Billion $5 Billion Cost Spent Resolving Issues 194 million hours 100 million hours 297 million hours FTC,
4 FFIEC Guidance Requirements The new guidance states that, financial institutions regulated by the agencies should conduct risk-based assessments, evaluate customer awareness programs, and develop security measures to reliably authenticate customers remotely accessing their Internet-based financial services. 4
5 The Challenge - Scope The FFIEC guidance is focused on highrisk transactions that include, access to customer information or the movement of funds to other parties. 5
6 The Challenge - Scope Access to customer information includes data types that can be used for account hijacking or identity theft, such as names, addresses and phone numbers, social security numbers, bank account numbers and account details held for bill payment purposes (credit cards and other bills paid through online banking). 6
7 The Challenge - Scope The movement of funds to other parties should include bill payment, wire transfers, transfers to accounts not held by the customer at that given institution, and transfers to other accounts held by the customer outside of a given institution. 7
8 Strong Authentication Other Drivers The call to action may also come from: Customers Competitors Regulatory Compliance Audit Reports Past Security Incidents 8
9 Current Authentication Scenarios Today, most financial institutions use singlefactor authentication, such as usernames and passwords, to restrict Internet access to their websites: Current State Authentication Single Factor Key 9
10 Future Authentication Scenarios Future State Authentication Two Factor Keys 10
11 Future Authentication Scenarios The guidance also takes into consideration a layered-security approach: Future State Authentication Transaction-Level Protection Transaction A Internet Banking Customer Username & Password Website Authentication Financial Institution Website Transaction B Personal/Financial Data PIN Website Authentication 11
12 Defining The Authentication Future State Customers Demand security Demand simple solutions Have varying needs by type FI Management Wants a flexible solution Demands value maximization Seeks to minimize risk and ensure compliance 12
13 Authentication Risk Assessment - Overview Authentication Risk Assessment The objectives of the authentication risk assessment are to identify and evaluate risks in the financial institution s Internet product and service offerings. Once identified, the risks should be measured against the effectiveness of the Internet authentication controls. 13
14 Authentication Risk Assessment - Overview Included in the scope of the assessment should be a review of current Internet authentication capabilities, as well as the technology which supports user authentication or the layers of security around authentication (e.g. perimeter security, anomaly detection and user account provisioning). 14
15 Authentication Risk Assessment - Overview Per each customer type and type of transaction: Calculate impact and likelihood of an authentication compromise Identify and score current security and authentication control strength Should a need for stronger authentication or layered security exist, define an action plan 15
16 Authentication Risk Assessment - Overview Risk Assessment Steps Classify/Define Data Identify Data Stores Identify Data Flows/Transactions (Internet only) Group Data Transactions Analyze and Assign Transaction Risk Factor, Likelihood Analyze Control Effectiveness 16
17 Internet Transaction Risk Scorecard Risk Factor (Impact) Likelihood (1-5) Inherent Risk Score Control Strength Score Residual Risk Score (1-5) (RFxL) (ExF) (IR-CS) Application I Transaction Group A (Initiate) Transaction Group B (Modify) Transaction Group C (Execute) Non-Transaction Specific Data
18 Sample Risk Factors Customer Type I (Retail) Transaction Group A (Initiate) Create Account Open Account Transaction Group B (Modify) Change Address Establish Bill Pay Transaction Group C (Execute) Transfer Funds, High-Dollar Transfer Funds, Non High-Dollar Pay Bill Risk Factor
19 Typical Controls Examined Sample Manual Controls Security organization structure and authority Existing Internet risk-management activities Policies and procedures for user account provisioning, access and management Policies and procedures for password use, i.e. length, complexity, re-use, forced change Customer training/literature on the FI website on how to define strong usernames and passwords 19
20 Typical Controls Examined Sample Manual Controls Customer training on phishing, malware, etc. /written notification to customers that the FI will never ask for the username, password or social security number Fraud reporting process for customers Vendor oversight Implementation of layered security, i.e. is a separate pin to execute high-dollar fund transfers 20
21 Typical Controls Examined Sample Automated Controls Authentication controls, ranked according to the NIST Assurance Level Automatic termination of internet sessions after a period of inactivity Encryption of passwords Hidden entry of passwords System capabilities to use special characters in passwords 21
22 Typical Controls Examined Sample Automated Controls Secure browsing of website (e.g. SSL) Account lockout after multiple failed attempts Integration with anomaly/fraud detection Data Integrity transmission controls Firewalls, Intrusion Detection systems Anti-virus protection on server network 22
23 Customer Security Awareness Customer Security Awareness Assessment financial institutions regulated by the [FFIEC] agencies should conduct risk-based assessments, evaluate customer awareness programs,.. 23
24 Customer Security Awareness The Customer Security Awareness Assessment focuses on the evaluation of the institution s existing Internet customer security awareness program(s), such as the institution s efforts to educate customers in the risks associated with increased Internet threats (e.g. pharming, phishing and malware) and the controls used to reduce these threats. 24
25 Customer Security Awareness Evidence of Customer Awareness The number of customers who report fraudulent attempts to obtain their authentication credentials The number of clicks on information security links of the financial institution s website The number of education statements issued via direct mail by the bank 25
26 Customer Security Awareness Evidence of Customer Awareness Low dollar losses relating to identity theft Other Activities Sample customer fraud claims Review customer response, acceptance and adoption of current security protocols and technologies. 26
27 Authentication Vendors/Technology Options Three security categories are identified through the FFIEC guidance: Authentication Layered Security Other Types of Security (not studied here) 27
28 Authentication Vendors/Technology Options KPMG divided solutions for authentication into three major areas including: Basic Authentication, Token-based Authentication Biometric Authentication 28
29 Authentication Vendors/Technology Options We then divided layered security solutions into three areas: Pattern Detection Software Installation Out-of-Band 29
30 Authentication Vendors/Technology Options Our evaluation We defined a total of 28 evaluation criteria. Each of the vendors was listed and offerings compared to each of the criteria identified. 30
31 Criteria Authentication Type Layered Security Software Basic Token-Based Biometric Pattern Detection Installation Out-of-band Vendor Challenge/Response Username/Password Digital Certificate Grid Card / Scratch Pad Hand-held Devices One-time password Phone/PDA Smartcard Software token USB Watermark Fingerprint pattern Keystroke Voice recognition Activity monitoring Behavioral Aalysis Device Forensics Device Identification Network Forensics Transaction analysis Cookie-based Digital Image Plug in Telephone dial-back Telephone Authentication Knowledge Based Auth Cross-industry collaboration Actimize X X X X X X X X Authentify X X X Corillian X X X X X X X Digital Resolve X X X X X X X Entrust X X X X X X X X X X X X MultiFactor Ath X X X X X X PassMark X X X X X X X X X X X X RSA/Cyota X X X X X X X X X X X X X Strikeforce X X X X 41st Parameter X X X X X TriCipher X X X X X X 31
32 Evaluation Scalability Time Estimates Costs (Hardware/Software, Deployment, Incremental, Maintenance Actimize Scalable based on # of servers deployed 4-6 months to implement, which includes fine tuning of models [rules] after historical data is analyzed No data provided No theoretical limitations Current deployment in the millions 6 weeks - enable time only; includes 2 weeks of QA Small deployment -Setup $15,000-$40,000 Authentify Authentify, the company, can handle 33,000 calls per hour. Does not include effort by company to formally roll-out. Large deployment - Setup $50,000 - $90,000 Corillian In recent testing of IA, authentication transactions averaged a 1/10 of a sec response time, when an excess of 1 million users were enrolled; 1 day for installation 2 to 4 weeks for implementation and deployment depending on the size of the deployment. No data provided Digital Resolve 500 transaction second on one dual processor server 9-12 wks $2000 per day for consulting services Currently deployed with 600,000 users Theoretical potential 65 million 3-4 weeks for 3000 user project User and Server license ($8.00 per user; server license is 15K - 25K per server Entrust 50,000 users to several millions theoretical (3-4 servers) Cost of cards (1.00 per card) Multi-Factor Authentication They claim that they can handle 40,000 users con-current (3,000,000) users. 5 working day to setup 3 or 4 weeks for deployment, training, & Q/A Med size 100,000 to 150,000 users 1.99 per year for license 32
33 Questions Questions/Comments/Discussion 33
34 Thank You / Contact Thank You John Moore Senior Manager, KPMG LLP JDMoore at kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. 34
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationBriefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.
Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationInternet Banking Authentication Guidance is Out
Brace Yourself: Updated d FFIEC Internet Banking Authentication Guidance is Out October 13, 2011 Paul Rainbow, Manager David Dyk, Manager 1 The material appearing in this presentation is for informational
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationE-Banking Regulatory Update
E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org
More informationELECTRONIC AUTHENTICATION. Understanding the New. Multi-factor authentication and layered security are
Understanding the New ELECTRONIC AUTHENTICATION Multi-factor authentication and layered security are helping assure safe Internet transactions for credit unions and their members. Assuring Your Online
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationFFIEC BUSINESS ACCOUNT GUIDANCE
FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds
More informationAre All High-Risk Transactions Created Equal?
Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationInformation Technology. A Current Perspective on Risk Management
Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationFFIEC Authentication Guidance Examination in 2012: Are You Prepared?
FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.
More informationFrequently Asked Questions on FFIEC Guidance on Authentication in an Internet Banking Environment. August 15, 2006
Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Frequently
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationElectronic Fraud Awareness Advisory
Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved
More informationOnline Banking Risks efraud: Hands off my Account!
Online Banking Risks efraud: Hands off my Account! 1 Assault on Authentication Online Banking Fraud Significant increase in account compromises via online banking systems Business accounts are primary
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationTop Authentication & Identification Methods to Protect Your Credit Union
Top Authentication & Identification Methods to Protect Your Credit Union Presented on: Thursday, May 7, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Tammy Behnke Credit
More informationAuthentication in an Internet Banking Environment
Federal Financial Institutions Examination Council FFIEC Logo 3501 Fairfax Drive Room 3086 Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 516-5487 http://www.ffiec.gov Authentication in an Internet
More informationBusiness Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
More informationBusiness ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationInternet Banking Authentication Methods in Nigeria Commercial Banks
Internet Banking Authentication Methods in Nigeria Commercial Banks 1 Corresponding Author: lawal5@yahoo.com 1 O.B. Lawal Computer Science Department, Olabisi Onabanjo University Consult, Ibadan, Nigeria
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationUnderstanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners
Understanding It s Me 247 Security A Guide for our Credit Union Clients and Owners October 2, 2014 It s Me 247 Security Review CU*Answers is committed to the protection of you and your members. CU*Answers
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents
More informationOut-Of-Band Authentication Using a Real-time, Multi-factor Service Model
Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Andrew Rolfe Authentify, Inc. Andy.Rolfe@Authentify.com Presentation Overview Authentication basics What is OOBA? Why is it important?
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationTwo-Factor Authentication and Swivel
Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More informationJim Bray, Cyber Security Adviser InfoSight, Inc.
Best Practices for protecting patient data Training and education is your best defense! Presented by Jim Bray, Cyber Security Adviser InfoSight, Inc. 2014 InfoSight Cyber Security starts with education
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationOnline Account Takeover. Roger Nettie
Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013 Session Outline Types of attacks Movement of funds Consumer
More informationReliance Bank Fraud Prevention Best Practices
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationSecurity Guidelines and Best Practices for Retail Online and Business Online
Best Practices Guide Security Guidelines and Best Practices for Retail Online and Business Online Evolving security threats require the use of evolving controls and methods to protect all transaction activity
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationThe Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device
The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-668-6536 www.phonefactor.com Executive
More informationCentral and Eastern European Data Theft Survey 2012
FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans
More informationIT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationSecurity Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant
Security Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant Prepared for: By: Wesly Delva, SSCP, Information Security
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationTechnical User Group Agenda
Technical User Group Agenda December 16, 2014 Web Conference Information URL: https://www.connectmeeting.att.com Meeting Number: 8665282256 Access Code: 5251941 10:00 a.m. 10:30 a.m. (Pacific Time) Conference
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationAUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationTelemedicine HIPAA/HITECH Privacy and Security
Telemedicine HIPAA/HITECH Privacy and Security 1 Access Control Role Based Access The organization shall provide secure rolebased account management. Privileges granted utilizing the principle of least
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationJort Kollerie SonicWALL
Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential
More informationYour security is our priority
Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationMobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX
Mobile Banking Secure Banking on the Go Matt Hillary, Director of Information Security, MX Mobile Banking Channels SMS / Texting Mobile Banking Channels Mobile Web Browser Mobile Banking Channels Mobile
More informationCITRUS COMMUNITY COLLEGE DISTRICT GENERAL INSTITUTION COMPUTER AND NETWORK ACCOUNT AND PASSWORD MANAGEMENT
CITRUS COMMUNITY COLLEGE DISTRICT GENERAL INSTITUTION AP 3721 COMPUTER AND NETWORK ACCOUNT AND PASSWORD MANAGEMENT 1.0 Purpose The purpose of this procedure is to establish a standard for the administration
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationIdentity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office
Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention
More informationDeter, Detect, Defend
Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationSecurity & Compliance, Sikich LLP
Mark Shelhart, CFI, CISSP, QSA Security & Compliance, Sikich LLP 1. Credit card breaches 2. Disgruntled IT, bad leaver 3. Personal records breach 4. Vendor network connections (and contracts) 5. Everything
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationNetwork Security. Intertech Associates, Inc.
Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture
More informationEntrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant Sam.linford@entrust.
Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments Sam Linford Senior Technical Consultant Sam.linford@entrust.com Entrust is a World Leader in Identity Management and Security
More informationSecurity Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide
Best Practices Guide Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision Evolving security threats require the use of evolving controls and methods
More informationComodo Authentication Solutions Overview
Comodo Authentication Solutions Overview Client Authentication Certificates Two-Factor Authentication Content Verification Certificates Mutual Authentication Foreword Conducting business online offers
More informationOnline Banking Fraud Prevention Recommendations and Best Practices
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know
More informationESET Secure Authentication
ESET Secure Authentication Second factor authentication and compliance Document Version 1.2 6 November, 2013 www.eset.com ESET Secure Authentication - second factor authentication and compliance 2 2 Summary
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationVoice biometrics. Advait Deshpande. 2002-2013 Nuance Communications, Inc. All rights reserved. Page 1
Voice biometrics Advait Deshpande 2002-2013 Nuance Communications, Inc. All rights reserved. Page 1 Imagine a world without PINS/Passwords 2002-2013 Nuance Communications, Inc. All rights reserved. Page
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationSOLUTION BRIEF CA ADVANCED AUTHENTICATION. How can I provide effective authentication for employees in a convenient and cost-effective manner?
SOLUTION BRIEF CA ADVANCED AUTHENTICATION How can I provide effective authentication for employees in a convenient and cost-effective manner? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationE-MAIL & INTERNET FRAUD
FRAUD ALERT! FRAUD ALERT! Guarding Against E-MAIL & INTERNET FRAUD What credit union members should know to counter Phishing Pharming Spyware Online fraud On-Line Fraud Is Growing E-Mail and Internet Fraud
More informationhow can I provide strong authentication for VPN access in a user convenient and cost effective manner?
SOLUTION BRIEF CA Advanced Authentication how can I provide strong authentication for VPN access in a user convenient and cost effective manner? agility made possible provides a flexible set of user convenient,
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationHow To Choose An Authentication Solution From The Rsa Decision Tree
White paper The RSA Decision Tree: Selecting the Best Solution for Your Business What is the best authentication solution for my business? This is a recurring question being asked by organizations around
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationIT Architecture Review. ISACA Conference Fall 2003
IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture
More information