The Double Edged Sword of Mobile Banking
|
|
- Hugh Milo Woods
- 6 years ago
- Views:
Transcription
1 The Double Edged Sword of Mobile Banking Meeting client demand for mobile services while mitigating escalating fraud threats White Paper
2 The Double Edged Sword of Mobile Banking: Meeting client demand for mobile services while mitigating escalating fraud threats Table of Contents INTRODUCTION... 1 THE USE OF MOBILE BANKING IS EXPANDING RAPIDLY... 1 MOBILE DEVICES ARE UNDER ATTACK... 3 MALWARE- INFECTED MOBILE APPS... 4 IMPACT ON FINANCIAL INSTITUTIONS... 6 FIS ARE INCREASING TECHNOLOGY BUDGETS ALLOCATED TO THE ONLINE & MOBILE CHANNELS... 7 MOBILE SECURITY STRATEGY... 7 FFIEC GUIDANCE SUPPLEMENT MOBILE IS NOT EXEMPT... 8 APPLY LESSONS LEARNED THE HARD WAY FROM ONLINE BANKING FRAUD... 8 ANOMALY DETECTION FOR MOBILE BANKING DEVICE INDEPENDENT PROTECTION... 9 FRAUDMAP MOBILE: ANOMALY DETECTION FOR THE MOBILE CHANNEL CONCLUSION ABOUT GUARDIAN ANALYTICS The Double Edged Sword of Mobile Banking
3 Introduction Financial institutions (FIs) are facing a difficult challenge account holder demand for services that are rife with fraud threats. Expand services too quickly and they risk fraud losses. Expand too slowly and they risk losing customers. It s truly a double- edged sword that financial institutions must wield very carefully. The mobile banking channel is expanding very rapidly, more quickly than was ever seen for the online banking channel. FIs are actively developing and releasing mobile banking capabilities in response to client demand, with risk increasing proportionally to the increased utility those clients are seeking. However, mobile banking users to date have not applied the hard- learned lessons from the online channel to mobile banking, engaging in careless behavior that they would never consider with their computer or online banking. The result is a highly attractive opportunity for fraudsters consisting of a device that contains rich personal information, lax security, and a market that is expanding faster than the rate at which security controls are being deployed. As financial institutions consider how to secure the mobile channel, they must start with an important premise: the device has been compromised. Smartphone owners behavior combined with very rapidly deployed malware has resulted in a very high infection rate, to the point where attempting to draw the battle lines at the device is sure to fail. The good news is that anomaly detection solutions that have proven so effective at protecting the online channel are just as effective at protecting the mobile banking channel. The Use of Mobile Banking is Expanding Rapidly Consumers and businesses are embracing mobile banking, adopting it at a much higher rate than they did for online banking. Based on a study by Aite Group, over 50% of consumers already use online banking, and 20% already use mobile banking (see Figure 1). Furthermore, Mobile Only users, while currently only 7% of the population, are the fastest growing group as financial institutions deploy mobile banking apps that don t require clients first to be online banking users. Fig 1: Consumer Use of Mobile and Online Banking The escalating mobile banking adoption rate (see Figure 2) is fueled primarily by smartphone penetration. According to Nielsen, nearly half of US adults now have a smartphone. Guardian Analytics The Double Edged Sword of Mobile Banking Page 1
4 As consumers dip their toe into the mobile banking waters, they naturally expect the same features and functionality through their smartphone as they are used to getting online, pushing financial institutions to expand services. This has become a further driver of adoption as the rich functionality attracts new users to mobile banking. Fig 2: U.S. Mobile Banking Users 2007 to e2013 (millions) Also, tablets blur the line between online and mobile, enabling a richer consumer experience while maintaining mobility, so further speeding the adoption curve. In response to such growing demand, financial institutions are progressing rapidly along the mobile banking product continuum: Increasing Customer Utility / Increasing Risk Mobile Banking Services: 1. Balance checking account very low risk, but limited utility. 2. Maintain account includes low- risk activities such as checking balances; still no transactions involved. 3. Pay bills Increased utility, but risk is limited by controlling the list of merchants. 4. Alerts increased value to consumers while also used for out- of- band authentication, so this introduces risk of enabling fraud in other channels. 5. Remote Data Capture (RDC) Most commonly used for taking a photo of a check in order to deposit it remotely (more on this later); increasingly deployed both to consumers and small business. Increased risk due to account information stored as part of the check image. 6. Transfer funds This was just getting started in 2011, but really ramping up in 2012 for point- to- point retail payments. Now also used in the business- to- business environment. This is fraudsters bread and butter as they use stolen credentials to transfer funds into their own accounts. 7. Mobile payments Not a lot of financial institutions are offering this yet because of the high level of risk involved, but it is top of mind because they don t want consumers to be shutting down their FI- developed mobile banking app and launching third- party apps in order to make mobile payments. Guardian Analytics The Double Edged Sword of Mobile Banking Page 2
5 According to a study conducted by Aite Group in the fall of 2011, both consumer and business banking platforms are seeing mobile banking traction: Among large financial institutions, all have mobile banking either already available or on the roadmap for business and/or consumer use: 47% already have deployed mobile banking for both business and consumers 29% have deployed mobile banking for consumers and have business on the roadmap 12% have deployed for consumers only 12% have not yet deployed it but it s on their roadmap Among mid- size financial institutions, again all have mobile banking either available now or on their roadmap: 45% have deployed mobile banking for consumers and have business on the roadmap 9% have deployed for consumers only 45% have not yet deployed, but it s on the roadmap Mobile Devices are Under Attack Financial institutions key challenge in regards to mobile banking is that consumers do not treat their smartphones like computers. The industry has trained online banking users about what to avoid on their computer. We now need that same level of education on mobile devices. For example, consumers are willing to go to an app store and download a game, not knowing if it s the real one or a fraudulent, malware- infested knock- off. Or they ll click on a QR (Quick Response) code those black checkerboard patterns that are showing up everywhere not knowing with confidence just what will be downloaded. For example, fraudsters have been known to overlay their QR Codes on otherwise legitimate signs and displays. Smartphones are a very attractive target for fraudsters because they provide easy access to consumers personal info: Where they ve been Who they know What social networks they use Where they shop Where they bank Smartphones also provide easy access to two common security measures used by financial institutions for confirmation, validations, and other authentication intended to prevent fraud. Access to the smartphone means fraudsters can: Forward and delete so the victim never sees messages sent by their financial institution when something suspicious is observed Guardian Analytics The Double Edged Sword of Mobile Banking Page 3
6 Forward or redirect SMS messages so they can capture one- time passwords sent to the mobile device, with the intent of preventing the very fraud that it s now enabling There are three types of mobile banking capabilities, each of which introduces a range of risks: SMS These are text messages received on a mobile device. This is currently used for online banking for out of band authentication and one- time passwords (mobile transaction authorization numbers). ZitMo (Zeus in the Mobile) is a variation of the well- known ZeuS Trojan specifically designed to intercept these text messages and forward them to the fraudster. SMishing ( SMart phone phishing ) also is very common today good old fashioned phishing that is used to target smart phones. Fraudsters send messages to smart phones with enticing- links to malware, and consumers are more than willing to click on these random messages, resulting in malware being downloaded. Indeed, 70% of mobile malware is delivered via SMS messages. Mobile Web This is using a smartphone- based browser to log into online banking. And all of the same threats that exist with online banking apply here keylogging Trojans to steal login credentials, malware that changes the payee, and malware that enables the fraudster to completely take over the online banking session from the smartphone. Custom Mobile Apps These are apps that financial institutions make available to account holders specifically for the purpose of mobile banking. The feature set can vary widely (see the mobile banking product continuum presented earlier). Fraudsters offer spoofed versions of these mobile apps as well as distribute malware through spoofed everyday, non- banking apps that are readily available on mobile apps stores. This topic warrants further discussion. Malware- infected Mobile Apps The App store may be the greatest malware distribution platform ever invented, possibly second only to . The Android OS currently is criminals new favorite distribution platform. Consider that: 100% of new mobile malware strains detected in 3Q 2011 were on Android OS (source: McAfee Threat Report). From 2010 to 2011, the one- year increase in Android- based malware was 3,325% (Source: Juniper Networks). Android users are two and a half times as likely to encounter malware today than 6 months ago and three out of ten Android owners are likely to encounter a web- based threat on their device each year (source: Lookout Mobile Security) Guardian Analytics The Double Edged Sword of Mobile Banking Page 4
7 Mobile malware distributed via mobile apps including but not limited to mobile banking apps lends itself to a wide range of distribution methods including app stores, social networks (e.g. Facebook), and WiFi networks (see Post Office WiFi Hotspots sidebar). Malware is used to control the phones, access data stored on smartphones, capture login credentials, and redirect transactions. But the malware doesn t necessarily have to be used to compromise mobile banking directly. For example, fraudsters can use the installed malware to secure credentials from the mobile banking app, and then use it to log into online banking and commit fraud there. Some malware strains are starting to take advantage of unique abilities of mobile device. One strain of mobile malware records voice conversations and sends the recording to the Command & Control server for fraudsters to use for spoofing biometrics, social engineering, or other schemes. Post Office WiFi Hotspots Here s an example of how fraudsters already are tapping into unique characteristics of smartphones. Fraudsters configured smartphones to act as WiFi hotspots with long- life batteries. They then mailed the phones to known undeliverable addresses so the phones land in the dead mail bin at the local post office. As customers wait in line, they notice a WiFi hotspot, and naturally trusting the post office, they check or access the Internet. As soon as they do so, the fraudster device would download malware onto their smartphone. The result is a range of fraud schemes that can be carried out directly through the mobile device or elsewhere. The major categories of fraud perpetrated using mobile malware are: Identity theft collecting personal information from the mobile device to be used separately or to be resold to other cyber criminals. Mobile fraud execute directly in the mobile channel, such as using bill pay to transfer funds to a fraudster s account. Cross- channel fraud for example, capturing login credentials from the mobile device and then logging into online banking, or viewing stored check images and then using the routing number, account number and signature to submit wire transfers through customer service. Online threats still far outweigh mobile risks there are only 1,800 unique strains of mobile malware vs. 75 million known malware strains on computers. However, mobile malware is increasing at a much faster rate, and as we see increasing functionality deployed to the mobile platform plus the resulting increase in transactions, fraudsters increasingly will be interested in the mobile channel. One aspect of mobile banking fraud that has risk professionals most scared is that there are new and different capabilities on mobile devices that are not an issue in the online channel, such as the earlier example where the fraudster recorded a voice conversation. Everyone is worried that the bad guys will figure these out first and take advantage of the loopholes before the industry is able to plug them. Guardian Analytics The Double Edged Sword of Mobile Banking Page 5
8 Impact on Financial Institutions Among global risk executives, 88% believe that mobile fraud is the next big point of exposure in financial services fraud (source: Aite Group). The number one reason that consumers don t adopt mobile banking is concern about security (Javelin). Mobile banking by corporate users is further hindered by security concerns due to the large dollar amounts at risk. Forty three percent of corporate treasurers will not allow corporate banking via mobile devices (Aite Group). The resulting impact on financial institutions is an overall hesitancy to expand mobile services until they re confident that fraud threats are minimized and they can avoid the hard lessons learned in the online channel. Risk exposure is possible on a number of fronts: BYOD The bring your own device phenomenon is cause for concern, especially in a business environment where the device use is blended with personal use. For example, parents often hand their smartphone (which contains extensive personal information) to a child to keep him quiet during a drive at which time there s no control over what the child clicks on or downloads, then the parent brings it right back into the office with access to networks, servers, and . Also, it s easier to lose a cell phone typically with no password protection than a notebook computer, exposing personal information, images, and more to whoever happens to find the phone (see Symantec Honey Stick Project sidebar). Remote Data Capture (RDC) A highly visible application of this is using the smartphone to deposit a check by taking a photo and then sending the image into the bank. This is a great consumer service. But banks that are looking to deploy it have a lot to think through. How is the check image stored on the mobile device? Is the transfer secure? Is sensitive information being deleted after it s sent? Symantec Honey Stick Project Symantec conducted a very interesting study that highlights the vulnerability of personal data stored on a smartphone, even when there are no professional cyber criminals involved. They configured 50 smartphone with custom software that would remotely monitor all activity, and then intentionally lost them. What is interesting is what the finders random, ordinary people did with the phones. Only 50% tried to return the phones, and most did some snooping first. 96% of the phones were accessed by the finder 60% attempted to access social media info and 43% of finders attempted to access the banking app 57% of finders accessed the saved password file Mobile Payments This introduces many different players that don t have security experience but are involved in point- of- sale transmissions to their FI through ACH or credit cards. Lots of players + limited security experience = very high risk. Guardian Analytics The Double Edged Sword of Mobile Banking Page 6
9 FIs are Increasing Technology Budgets Allocated to the Online & Mobile Channels A survey recently completed by ismg about banking fraud and conformance with the FFIEC Guidance found that 61% of respondents more than any other response said they will invest in fraud detection and monitoring solutions in the next 12 months. It also found that only 20% of financial institutions plan on decreasing (3%) or leaving the same (17%) resources personnel and budget dedicated to preventing fraud. Looking more closely at the fraud prevention budget, according to Aite Group the budget primarily is going to remote channels (see Figure 3). Fig 3: Business Units with Highest Priority for Fraud Prevention Technology Investments Three in every four FIs are prioritizing remote channels, putting commercial online business (48%) and online/mobile (29%) at the top of their technology investment priority list. This prioritization is driven by a potent combination of corporate account takeover threats that could result in financial loss and reputational risk and compliance mandate as a result of the June 2011 FFIEC guidance. They also recognize that online and mobile channels are where fraud threats are most intensive. 50 percent said that the type of threat that is causing them the most pain is cybercrime and malware (source: Aite Group). Mobile Security Strategy In developing a strategy for securing the mobile channel, the key question is, how do FIs secure the channel when the device is compromised? You can t rely on purely device- centric solutions because of the high level of vulnerability of the smartphone. And you can t rely on authentication because criminals have the means to control the phone and thereby defeat many forms of multi- factor authentication. To secure the mobile channel, financial institutions: Need a layer of security separate from the device Need to know how customers behave specifically in the mobile channel, without which they can t tell if current mobile banking behavior is legitimate or fraudulent. Guardian Analytics The Double Edged Sword of Mobile Banking Page 7
10 FFIEC Guidance Supplement Mobile is not exempt While the title of the Guidance Supplement refers to Internet authentication, the definition of layered security used within guidance refers to electronic banking and electronic transactions, effectively including all online and mobile transactions as subject to the guidance. Supplement to Authentication in an Internet Banking Environment, page 5: Layered security controls should include processes designed to detect anomalies and effectively respond to suspicious or anomalous activity related to: initial login and authentication of customers requesting access to the institution s electronic banking system; and initiation of electronic transactions involving the transfer of funds to other parties. This has been confirmed through numerous conversations with examiners that Guidance does indeed apply to mobile channel. Furthermore, all aspects of the Guidance apply to the mobile channel: Deploy layered security for the mobile channel Simple device ID and challenge questions cannot be a primary control Enhance controls over administrative rights Complete or update risk assessments as the current threat environment changes and as new features are deployed Offer customer education specifically for mobile banking Apply Lessons Learned the Hard Way From Online Banking Fraud The banking industry has lost a lot of money to fraudsters through the online channel. It s essential that we all learn from this experience, and not repeat the same mistakes in the mobile channel. Lessons learned in the online banking channel include: Don t store personal identification information locally; store it in the cloud Apply layered security, understanding that at some point fraudsters will figure out how to defeat any single security mechanism Anomaly detection that monitors individual account holder activity has been proven to be effective at detecting fraud Guardian Analytics The Double Edged Sword of Mobile Banking Page 8
11 Anomaly Detection for Mobile Banking Device Independent Protection Behavior- based anomaly detection for the mobile (or online) channel monitors individual account holder behavior for every mobile banking session. Referring to the diagram below, the process includes: 1) Monitoring customer behavior to develop a unique profile or mobile DNA for each account holder 2) Looking for anomalies when compared to typical behavior; something taking place in this session that is unusual or unexpected for this mobile banking user 3) Intervening when warranted, including increasing monitoring of other channels for compromised accounts and client outreach (4). The most effective anomaly detection solutions offer the following key capabilities: Monitors individual account holder behavior, instead of comparing session activity to generalized population level behavior Builds separate account holder profiles for the mobile and online channels (see examples below) Monitors all activity, from login to logout, not just the transaction (see Figure 4) Guardian Analytics The Double Edged Sword of Mobile Banking Page 9
12 Client behavior is different in online vs. mobile banking. Therefore, mobile and online sessions must be monitored and analyzed separately. For example: Log- in events often occur at different times and from different places: Online from a computer at work or home, usually at consistent times Mobile from cell phone network at any time of day, including evenings and weekends Different activities are possible in online vs. mobile banking: Online complete financial management Mobile pre- defined mobile activities, typically a sub- set of the full online banking site Different transactions as well: Online broad array of transactions Mobile typically limited to transfers and bill pay Behavior- based anomaly detection offers benefits beyond just preventing fraud: Complete protection Automatically covers 100 percent of account holders with no adoption issues Stops widest array of fraud attacks, including newly emerging schemes Long lifespan transparent to fraudsters so can t be studied, and not threat specific No impact on customer experience No action required of account holders; no software to download and maintain Doesn t change mobile banking experience; transparent to users Customers respond positively with increased trust and loyalty SaaS solutions are easy to deploy and manage Fast time to security Doesn t require IT resources, and no hardware to purchase, install, and maintain Minimal workload for financial institution with a low number of alerts Guardian Analytics The Double Edged Sword of Mobile Banking Page 10
13 FraudMAP Mobile: Anomaly Detection for the Mobile Channel FraudMAP Mobile is the first and only behavior- based anomaly detection solution purpose built for the mobile channel. It uniquely uses behavioral analytics to transparently monitor every mobile banking session and identify suspicious activity and anomalous transactions in the mobile banking channel. Using activity data from the mobile banking platform, FraudMAP Mobile monitors all activity for all users from login to logout to identify suspicious activity relative to the expected behavior for that user (see Figure 4). And because FraudMAP Mobile is not dependent on pre- defined fraud rules or algorithm training, new and emerging threats are detected before the money is gone. Fig 4: Behavior-based anomaly detection solutions monitor all activity for each mobile banking users, from login to logout Capabilities: Monitors all mobile banking activity to develop a mobile banking- specific profile of each user Develops an overall behavioral fingerprint, taking channel use and preferences into account For integrated online/mobile banking platforms, delivers a combined view of each client s online and mobile banking activity, distinguishing between the two where needed Looks for unexpected mobile activity and suspicious behavior to identify fraudulent account access, reconnaissance, fraud setup, and anomalous transactions Prioritizes mobile banking alerts solely based on risk of the mobile banking activity Proactively identifies multiple mobile accounts at risk or under attack Offers search, analysis, and reporting features that are optimized for mobile banking activity Benefits: Implement a layer of security that is completely independent of the device itself Increase client trust in mobile banking and increase mobile adoption Enhance mobile banking features knowing that you re proactively detecting mobile banking threats Guardian Analytics The Double Edged Sword of Mobile Banking Page 11
14 Automatically protect all mobile banking users Proactively and accurately detect fraudulent mobile banking account access and fraudulent transactions Understand mobile usage and mobile risks Conform to FFIEC expectations for anomaly detection Conclusion In response to growing customer demand, financial institutions are expanding mobile banking services. Given the rich personal information available, lax consumer behavior, and increased mobile banking capabilities, mobile devices are becoming increasingly attractive to fraudsters. Financial institutions must operate under the assumption that the device a smartphone or tablet computer has been compromised and implement security strategies that are completely independent from the device. Furthermore, FIs must implement security strategies that recognize the fundamental differences between the mobile and online channels, and how account holders use each. Behavior- based anomaly detection solutions such as FraudMAP Mobile automatically monitor all mobile banking activity to establish user- specific profiles distinct to the mobile channel, and then look for anomalous behavior that could indicate fraud. Financial institutions using anomaly detection to secure the mobile channel can expand services with confidence, meeting client expectations while increasing users trust and confidence in mobile banking and in the financial institution. About Guardian Analytics Guardian Analytics was founded and is completely focused on fraud protection for financial services institutions. We re proud to serve banks and credit unions that are taking a proactive step to lead the way in fraud prevention. Our customers take the promise of security very seriously as an essential element of their brand, reputation and their commitment to protect their institution and their account holders from fraud attacks. Our behavior- based anomaly detection solutions, FraudMAP Online and FraudMAP Mobile, were developed by leveraging our employees direct experience and deep expertise in electronic banking fraud prevention including solving actual fraud cases built up over many years with extensive investment in intellectual property. Guardian Analytics The Double Edged Sword of Mobile Banking Page 12
Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014
Fraud Update: Why Fraudsters Love Wires and How to Stop Them Luis Rojas, Director, Product Management WesPay 2014 Competitive Pressures Drive Fraud and Operational Risk Availability Of Information Creates
More informationBest Practices for Detecting Banking Fraud. White Paper
Best Practices for Detecting Banking Fraud White Paper Best Practices for Detecting Banking Fraud Table of Contents INTRODUCTION... 1 OVERALL FRAUD PREVENTION STRATEGIES... 1 MONITORING ACCOUNT HOLDER
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationUsing Security to Lock in Commercial Banking Customers
EXECUTIVE SUMMARY Webinar Using Security to Lock in Commercial Banking Customers Commercial banking is a market opportunity that financial institutions (FIs) should not ignore. Tens of billions of dollars
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationA Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services
A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers
More informationUniversal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS
Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS Topics Consumer identity why it is important How big a problem is identity fraud? What
More informationProtect Your Data the Way Banks Protect Your Money
Protect Your Data the Way Banks Protect Your Money A New Security Model Worth Understanding and Emulating Enterprise security traditionally relied on a fortress strategy that locked down user endpoints
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationHow. Biometrics. Expand the Reach of Mobile Banking ENTER
How Biometrics Expand the Reach of Mobile Banking ENTER Table of Contents 01 The Mobile Banking Opportunity 02 What s Suppressing Mobile Adoption? 03 Onboarding Challenges: Proving One s Identity 04 Authentication
More information2010 Online Banking Security Survey:
2010 Online Banking Security Survey: ZeuS-Like Malware Rapidly Outpaces All Other Online Banking Threats PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536
More informationThe security challenge in a mobile world
The security challenge in a mobile world Contents Executive summary 2 Executive summary 3 Controlling devices and data from the cloud 4 Managing mobile devices - Overview - How it works with MDM - Scenario
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationASSESSMENT LAYERED SECURITY
FFIEC BUSINESS ACCOUNT GUIDANCE RISK & ASSESSMENT LAYERED SECURITY FOR ONLINE BUSINESS TRANSACTIONS New financial standards will assist banks and business account holders to make online banking safer and
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationKey Authentication Considerations for Your Mobile Strategy
Key Authentication Considerations for Your Mobile Strategy The Need for Mobile Authentication Reaches Critical Mass According to an old adage, consumers speak through their pocketbooks. While that saying
More informationFighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection. IBM Security s Brooke Satti Charles on the Power of These New Capabilities
Fighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection IBM Security s Brooke Satti Charles on the Power of These New Capabilities SPONSORED BY As fraudsters continually refine their techniques
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationJanuary 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers
January 23, 2012 Online Banking Risk Management: A Multifaceted Approach for Commercial Customers Risk Management Rajiv Donde - CEO Laru Corporation Agenda Risk Premise FFIEC prescription for a layered
More informationFFIEC Guidance: Mobile Financial Services
FFIEC Guidance: Mobile Financial Services Written by: Jon Waldman, CISA, CRISC Partner and Senior Information Security Consultant Secure Banking Solutions, LLC FFIEC Updates IT Examination Handbook to
More informationAccount Takeover: Why Payment Fraud Protection is Not Enough
Cybercrime Protection Account Takeover: Why Payment Fraud Protection is Not Enough Mustafa Rassiwala, ThreatMetrix, Inc. April 2014 1 Agenda 1. Customer Accounts Blessing or Curse? 2. Passwords Weakest
More informationWire Fraud Begins to Hammer the Construction Industry
Wire Fraud Begins to Hammer the Construction Industry Cybercriminals are adding new housing construction to their fraud landscape and likely on a wide scale. Created and published by: Thomas W. Cronkright
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationCorporate Mobile Banking: A Treasury Perspective
Corporate Mobile Banking: A Treasury Perspective AFPA Education Day August 20, 2014 Howard N. Forman Senior Vice President Head of Online Treasury Solutions Session Outline Mobile Landscape Data Points
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationWhite Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security
White Paper The Impact of Payment Services Directive II (PSD2) on Authentication & Security First Edition June 2016 Goode Intelligence All Rights Reserved Published by: Goode Intelligence Sponsored by:
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationRegulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013
Regulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013 Tony DaSilva, AAP, CISA Senior Examiner Federal Reserve Bank of Atlanta Disclaimer The views and
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationOnline Security and Safety Protect Your Computer - and Yourself!
Online Security and Safety Protect Your Computer - and Yourself! www.scscu.com Fraud comes in many shapes and sizes, but the outcome is simple: the loss of both money and time. That s why protecting your
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationAdobe Security Survey
Adobe Security Survey October 2016 Edelman + Adobe INTRODUCTION Methodology Coinciding with National Cyber Security Awareness Month (NCSAM), Edelman Intelligence, on behalf of Adobe, conducted a nationally
More informationAccelerating growth and digital adoption with seamless identity trust
Accelerating growth and digital adoption with seamless identity trust IBM Trusteer helps organizations seamlessly establish identity trust across the omnichannel customer journey Let s get started 3 Introduction
More informationADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationHow Next Generation Trusted Identities Can Help Transform Your Business
SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationWHITE PAPER Fighting Mobile Fraud
WHITE PAPER Fighting Mobile Fraud Protecting Businesses and Consumers from Cybercrime Table of Contents Executive Summary 1 Introduction 2 The Challenge 3 Keeping Pace with Mobile Innovation 4 Business
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationUsing Biometric Authentication to Elevate Enterprise Security
Using Biometric Authentication to Elevate Enterprise Security Biometric authentication in the enterprise? It s just a matter of time Mobile biometric authentication is officially here to stay. Most of
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS In order to better assist you with the transition to our new home banking service, we wanted to provide you with a list of anticipated questions and things that may need your
More informationAuthentication and Fraud Detection Buyer s Guide
Entrust, Inc. North America Sales: 1-888-690-2424 entrust@entrust.com EMEA Sales: +44 (0) 118 953 3000 emea.sales@entrust.com November 2008 Copyright 2008 Entrust. All rights reserved. Entrust is a registered
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationSecuring today s identity and transaction systems:! What you need to know! about two-factor authentication!
Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!
More information9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR
1 2 1 Agenda: Types of Fraud Things you can do internally Things that companies can do Services Provided by the Bank 3 Because that is where the money is. 4 2 Checks Credit Cards ACH (Debits / Credits)
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationFive Reasons It s Time For Secure Single Sign-On
Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationAdding Mobile App Payments at PacifiCorp
Adding Mobile App Payments at PacifiCorp Industry Overview Rob Gilpin Changing Customer Expectations Then Fair value for fair price Responsive service Quality and reliability Courtesy and empathy Ease
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationThe Future of Authentication
The Future of Authentication Table of Contents Introduction Facial Recognition Liveness Detection and Multimodal Biometrics FIDO: Standards-Based, Password-Free Authentication Biometric Authentication
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationMOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)
MOBILE SECURITY Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device) INTRODUCTION BYOD SECURITY 2014 It s no surprise that there are many articles and papers on Bring Your
More informationBehavioral Biometrics. Improve Security and the Customer Experience
Behavioral Biometrics Improve Security and the Customer Experience Table of Contents Reader ROI & Introduction 1 The challenges of authenticating mobile customers 2 The need for transparent customer authentication
More informationSouth Central Power Stop Scams
Don t get tricked. People around the country have been receiving emails and phone calls from scammers. South Central Power wants to help you keep your money and prevent scams. Review the helpful tips below.
More informationSecurity Solutions for Mobile Users in the Workplace
Security Solutions for Mobile Users in the Workplace 1 1 Multitasking means multiple devices for busy end users Introduction Cloud computing helps organizations operate with less infrastructure, reducing
More informationThe BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO
The BUSINESS of Fraud. Don t let it put you out of business. Veenindra J. Singh, First Vice President, Treasury Management Consultant California Bank & Trust 300 Lakeside Drive, Suite 800 Oakland, Ca 94612
More informationMDM is Calling: Does Your Business Have an Answer? arrival. Here To Go. Lunch Dinner. continue. Riiinnggg. Dec. 12
MDM is Calling: Does Your Business Riiinnggg arrival flight itinerary PLACE ORDER Here To Go Lunch Dinner continue Dec. 12 Riiinnggg Office answer MDM is Calling: Does your Business MDM is Calling: Does
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationMake security part of your client systems refresh
Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for
More informationRSA Fraud & Risk Intelligence Solutions
RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1 Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing
More informationCLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies
Fraud Overview and Mitigation Strategies SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS
More informationCO-OP Mobile: Mobile App for ipads. April 18, 2013
CO-OP Mobile: Mobile App for ipads April 18, 2013 1 Today s Presenters DIANEZABLIT Product Marketing Manager RANDYTHOMPSON Senior Product Manager 2 Agenda Marketplace Mobile Trends CO-OP Mobile Overview
More information2018 Mobile Security Report
2018 Mobile Security Report CONTENTS Introduction 3 Businesses suspect their mobile workers are being hacked 4 Cafés, airports and hotels: a hotspot for Wi-Fi related security incidents 5 BYOD: Bring Your
More informationSmall Business Is Big Business in Cybercrime A TrendLabs Primer
Small Business Is Big Business in Cybercrime A TrendLabs Primer Things Every Small Business Should Know About Web Threats and Cybercrime For cybercriminals, no business is too small to exploit. Albeit
More informationMobile Cash Management
Mobile Cash Management Best Practices Presented by: Dawn Papadatos Date: April 24, 2017 Agenda I. Current Mobile Banking Landscape II. Benefits of Corporate Mobile Banking III. Mobile Security IV. The
More informationMobile Payments. Moving at the Speed of Innovation. Eric Kuhn, Enterprise Digital Product Development April 2017
Mobile Payments Moving at the Speed of Innovation Eric Kuhn, Enterprise Digital Product Development April 2017 Agenda Mobile Payments Landscape Why Your Digital Products are Essential for Growth How to
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationMobile Security / Mobile Payments
Mobile Security / Mobile Payments Leslie K. Lambert CISSP, CISM, CISA, CRISC, CIPP/US, CIPP/G VP, Chief Information Security Officer Juniper Networks Professional Techniques - Session T23 MOBILE SECURITY
More informationAdaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
Adaptive Authentication Adapter for Juniper SSL VPNs Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationKEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic
KEY FINDINGS INTERACTIVE GUIDE Uncovering Hidden Threats within Encrypted Traffic Introduction In a study commissioned by A10 Networks, Ponemon surveyed 1,023 IT and IT security practitioners in North
More informationMaintaining Trust: Visa Inc. Payment Security Strategy
Maintaining Trust: Visa Inc Payment Security Strategy Ellen Richey 2010 Payments Conference Chicago Federal Reserve Global Electronic Payments Protecting the payment system is a shared responsibility among
More informationOnline Services User Guide
Online Services User Guide Welcome to Online & Mobile Banking! Whether you re online or using a mobile device, manage your money whenever and wherever it s convenient for you. Access Visit BankMidwest.com
More informationText Messaging Helps Your Small Business Perform Big
White Paper Text Messaging Helps Your Small Business Perform Big Sponsored by: AT&T Denise Lund August 2017 IN THIS WHITE PAPER This white paper introduces small businesses to the benefits of communicating
More informationMachine-Powered Learning for People-Centered Security
White paper Machine-Powered Learning for People-Centered Security Protecting Email with the Proofpoint Stateful Composite Scoring Service www.proofpoint.com INTRODUCTION: OUTGUNNED AND OVERWHELMED Today
More informationWelcome to Numerica Credit Union s Amazon Alexa * Skill
Welcome to Numerica Credit Union s Amazon Alexa * Skill The Numerica Skill can provide financial information and process transactions from your Amazon Echo device. Using the Numerica Skill, you can do
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationMobile Cash Management
Mobile Cash Management Best Practices Presented by: Ed Hiddleson Date: April 19/20, 2018 Agenda I. Current Mobile Banking Landscape II. Benefits of Mobile Banking III. Mobile Security IV. The Future of
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Quick Heal Mobile Security Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights Complete protection for your Android device that simplifies security
More information