Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Size: px
Start display at page:

Download "Meeting FFIEC Meeting Regulations for Online and Mobile Banking"

Transcription

1 Meeting FFIEC Meeting Regulations for Online and Mobile Banking The benefits of a smart card based authentication that utilizes Public Key Infrastructure and additional mechanisms for authentication and verifying higher risk transactions has been outlined in the 2005 Guidance by the FFIEC. Technological advances by Tyfone, a security company that is currently working with the US Intelligence Community for device and access security based on smart cards using wireless protocols (Connected Smart Card ) overcomes the traditional limitations of the reader based smart card discussed in the 2005 Guidance by the FFIEC and can be used across the complete spectrum of devices used for Online and Mobile banking. The Trend and the Need! Cybersecurity that requires securing of online, cloud, and wireless mobile devices is an important issue facing all organizations including corporations, banks, critical infrastructure, and governments. Hackers are able to steal information such as social security numbers, credit card numbers, bank account details, vulnerability reports of dams, usernames, passwords and all other information stored centrally in the cloud. To make matters worse it is often impossible to catch these criminals as these hacks originate off-shore. And since the crime is virtual, whereby criminals make copies of the data without destroying the data, most organizations and users alike are unaware of the information loss. Recent data indicates the following: Dramatic loss in data 705 million records lost in 2013 OSF Dramatic loss in dollars $445 billion in 2013 CSIS No effective solutions $46 billion spent to prevent loss in 2013 & most of it wasted HP Increase in crime 20% increase in reported crime HP Increase in loss 30% increase in loss per crime HP Most breaches unreported 94% of breaches go unreported FBI Imagine what a security breach of a government agency, banking, or critical infrastructure such as a power grid could cost. Corporations, banks, and governments throughout the world are scrambling to figure out more effective solutions. FFIEC has recognized the need to solve this problem for Financial Institutions and has defined requirements while not requiring or recommending specific implementations. The problem with a majority of existing security solutions is that the implementations have centralized data stores. As demonstrated in the recently publicized cyber-attacks, centralized data stores are a single point of failure of authentication credentials. Such centralized security implementations do not prevent loss and are easy to hack. This is covered in the next section.

2 Security That is Centralized is Insufficient Most state-of-the-art security implementations look like what is shown in the figure below. All security mechanisms, namely, password storage and validation, encryption key storage, threat analytics as well as MFA answers are all centralized and intrusive as well as inconvenient to users. This consolidated approach is not only a lucrative target, but also a single hacking point of vulnerability. Cloud infrastructure for Mobile & internet Banking Core Banking System DATA & TRANSACTIONS PASSWORDS DIGITAL ENCRYPTION KEYS THEART ANALYTICS and MFA Q&A Remote Users Multiple Devices Passwords MFA and Q&C Centralized Password Validation Centralized Encryption Keys Centralized Theart Analytics Consolidated= Lucrative & easy to seal Too many systems. Too many false positives. inconvenients for staff & users. Recent data indicates that it is not prudent to rely solely on centralized security: Passwords are not enough 90% of passwords are vulnerable as of 2013 Deloitte Dramatic password compromises 1.2 billion passwords stolen by one Russian Group in 2014 NY Times Threat analytics have become unmanageable for CIOs Not only are there too many analytic systems to manage and ESG there are too many alerts to deal with, 35% of alerts generated by fraud analytics are false positives By the time analytics capture anomalies it is almost always too Target Chase late. Target was 10 days after the breach and JP Morgan Chase was 2 months after the breach. Members do not want to answer too many MFA questions Private data Members often do not know the answers to knowledge based MFA questions which results in 40% of call center calls for password reset Limitations in ease of enrollment of customers, customer privacy concerns, unquantified liability of loss Threat analytics are almost always too late MFA Q&A to augment passwords too inconvenient Biometrics

3 Multi-factor and Layered Security with Decentralization Plastic cards with smart card security chips that store client side certificates and keys securely just like HSMs store server side certificates and keys are an effective and proven way to enable high-end decentralized security. This is required by and very commonly used by customers and employees of European and Asian Banks in smart card chips in a plastic card form factor. Unfortunately, plastic smart cards cannot be readily used in modern day mobile phones, tablets, laptops and desktops since these devices lack ability to read smart cards. For this purpose we propose the use of what is called as The Connected Smart Card that not only has a smart card security chip, but also has interfaces including Bluetooth radio, Near-field radio and USB allowing the smart card security chip to be made available on any device. This is shown in the figure below. Cloud infrastructure for Mobile & internet Banking Core Banking System DATA & TRANSACTIONS PASSWORDS + DIGITAL ENCRYPTION KEYS THEART ANALYTICS and MFA Q&A DECENTRALIZED ID VALIDATION & KEY STORAGE Benefits of decentralized security includes: Dramatically lowers loss, since the hardware has to be stolen one at a time and a user s password or biometrics needs to be known. Increases convenience, since the user does not have to know hard to remember answers and it is as easy as pressing a button on the hardware. Increases scope of law enforcement, since it requires the physical theft of hardware instead of the remote theft of hacking into a cloud. Increases awareness of loss by user, since the loss is not virtual. Makes fraud analytics more meaningful, since fraudulent transactions will be minimized and therefore alerts will be more meaningful.

4 Apart from the above benefits, the additional benefits of The Connected Smart Card (CSCTM) hardware for decentralizing security that uses miniature smart card chips and existing interfaces to interface with any device are illustrated below: Existing Interface BEBEFITS OF THE CONNECTED SMART CARD Miniaturize Decentralized Password, Biometrics, and Key Storage Leverage billions invested in existing infrastructure Existing industry standards & certifications Certified for ID storage, validation Certified Key storage, cryptography Certified to be Biometric friendly Leverage existing security applets PKCS - Internet and Mobile Banking EMV - Payments CAC/PIV - Govt PIV-I - Enterprise Multiple use of cases form factor agnostic Any Device Any OS Pricing Comparison According to a recent Symantec Publication (A Total Cost of Ownership Viewpoint Two-factor Authenticationii) the average price of ownership for Symantec VIP is expected to be $3.18 per credential per month and that of RSA SecurID is expected to be $6.02 per credential per month. The cost of Tyfone CSC is estimated to be $1.99 per credential per month a savings of 37% over Symantec VIP and 67% over RSA SecurID. There is also further opportunity to decrease Total Cost of Ownership by adding additional credentials to CSC that cannot be accomplished in VIP or SecurID solutions. We envision CSC to not only include Public/Private Key based security for mobile and online banking but also contain EMV payment credentials as US migrates to smart card infrastructure for debit and credit identities.

5 CSC = Next Gen Smart Cards All the benefit and none of the concerns! Apart from the significant pricing benefit over RSA SecurID (or its comparative Symantec VIP) The Connected Smart Card (CSC) that enables device agnostic multi-factor and layered transaction encryption is significantly better than the well-known RSA SecurID. A comparison between RSA SecurID and CSC is provided below. Apart from the major differences highlighted below, since RSA SecurID relies on centralized validation of ID (dynamic password) they was a massive compromise of their centralized infrastructure that in turn compromised 720 companies. RSA SecurID Centralized Security Compromised in mass* Single - purpose Form Factor Agnostic CSC Module (sidekey and sidecard form factors shown on the right) Decentralized Multiple use cases & remote provisioning - Layered Transaction Encryption: Mutually authenticated TLS Connection - Device Agnostic Multi-factor: Cryptographic Strong ID auth - Prevents Man-in-the-Middle attacks through cryptographic validation of recipient account number - Enables remote secure messaging for secondary approval Manual entry Complex pricing and $5 to $7 per credential per month Press of a button & biometric friendly Any device - mobile phone, Tablet, PC $1.99 per credential per month

6 Summary Decentralizing security is rapidly becoming a necessity. Tyfone s CSC is the next generation of smart card based security. It is not only more secure and versatile, it is 67% cheaper to deploy over RSA SecurID (or other equivalents) including decentralization and multiple use cases. FFIEC COMPLIANCE: Tyfone s CSC enables both cryptographic multi-factor authentication as well as an additional layer of transaction encryption, thus making it a cost-effective FFIEC compliant implementation. Tyfone s CSC is device agnostic and therefore makes user experience as simple as pressing of a button for doing electronic banking on phones, tablets and PCs to be FFIEC compliant. The robustness of CSC also makes threat analytics more meaningful since it is expected to dramatically reduce the number of alerts. Tyfone s CSC is currently being tested by the US Intelligence Community through investment made by In-Q-Tel (CIA s venture fund) as well as by CoVantage CU. i ii

Personal Cybersecurity

Personal Cybersecurity Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions

More information

Modern two-factor authentication: Easy. Affordable. Secure.

Modern two-factor authentication: Easy. Affordable. Secure. Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks

More information

Secure Government Computing Initiatives & SecureZIP

Secure Government Computing Initiatives & SecureZIP Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS

More information

SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION

SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION Introduction Why static passwords are insufficient Introducing two-factor Authentication Form Factors for OTP delivery Contact information OTP generating

More information

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com @jgrantindc Digital: The Opportunity

More information

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform

More information

Identity & Access Management

Identity & Access Management Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds

More information

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks

More information

Authentication Methods

Authentication Methods CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks

More information

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the

More information

Data Security Essentials

Data Security Essentials Data Security Essentials Strategies to Protect Non-public Personal Information Oct. 28, 2015 alta.org/titletopics Speakers Chris Gulotta Real Estate Data Shield Chris Hacker ShortTrack Todd Hougaard BeesPath

More information

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Complying with RBI Guidelines for Wi-Fi Vulnerabilities A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines

More information

Applying biometric authentication to physical access control systems

Applying biometric authentication to physical access control systems Applying biometric authentication to physical access control systems Published on 24 Jul 2018 Over the past few years, biometrics has rapidly expanded into consumer applications, like the financial market

More information

Keep the Door Open for Users and Closed to Hackers

Keep the Door Open for Users and Closed to Hackers Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According

More information

Retail Security in a World of Digital Touchpoint Complexity

Retail Security in a World of Digital Touchpoint Complexity Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack

More information

PKI is Alive and Well: The Symantec Managed PKI Service

PKI is Alive and Well: The Symantec Managed PKI Service PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!

More information

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cyber Security Updates and Trends Affecting the Real Estate Industry Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Enabling Compliance for Physical and Cyber Security in Mobile Devices

Enabling Compliance for Physical and Cyber Security in Mobile Devices Enabling Compliance for Physical and Cyber Security in Mobile Devices Brandon Arcement & Chip Epps HID Global Sept 12, 2016 1630-1730 ET Agenda Smart Devices vs. Traditional Cards Mobility Infrastructure

More information

Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS

Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS Topics Consumer identity why it is important How big a problem is identity fraud? What

More information

Paystar Remittance Suite Tokenless Two-Factor Authentication

Paystar Remittance Suite Tokenless Two-Factor Authentication Paystar Remittance Suite Tokenless Two-Factor Authentication Introduction Authentication is the process by which a computer system positively identifies a user It is commonly considered to be one of the

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical

More information

Altitude Software. Data Protection Heading 2018

Altitude Software. Data Protection Heading 2018 Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this

More information

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES: (Solutions Brief) An integrated cybersecurity Administration solution for securing any Large Enterprise. The Industry s most complete protection for the Large Enterprise and Cloud Deployments. KEY SERVICES:

More information

Authentication Technology for a Smart eid Infrastructure.

Authentication Technology for a Smart eid Infrastructure. Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

DigitalPersona for Healthcare Organizations

DigitalPersona for Healthcare Organizations DigitalPersona for Healthcare Organizations RAPID, SECURE AUTHENTICATION FOR MEDICAL PROVIDERS AND STAFF Secure Access to Electronic Health Records Streamline Clinical Workflow Reduce Cybersecurity Costs

More information

Solution. Imagine... a New World of Authentication.

Solution. Imagine... a New World of Authentication. A Solution Imagine... a New World of Authentication. Imagine a World Where Passwords can t be hacked People can t share credentials Users can t pretend to be someone else Where authentication is more Secure

More information

How Next Generation Trusted Identities Can Help Transform Your Business

How Next Generation Trusted Identities Can Help Transform Your Business SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2

More information

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US

More information

The Device Has Left the Building

The Device Has Left the Building The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use

More information

Put Identity at the Heart of Security

Put Identity at the Heart of Security Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology Tadeusz Woszczyński Country Manager Poland, Hitachi Europe Ltd. 20 September 2017 Financial security in the

More information

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers

More information

Five Reasons It s Time For Secure Single Sign-On

Five Reasons It s Time For Secure Single Sign-On Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide

More information

AS emas emudhra Authentication Solution

AS emas emudhra Authentication Solution AS emas emudhra Authentication Solution Create your own trusted enterprise network of users, devices, applications! With malware, ransomware and other cyber threats constantly thrown at Enterprises, a

More information

Security Solutions. End-to-end security. Protecting your physical access control system.

Security Solutions. End-to-end security. Protecting your physical access control system. Security Solutions End-to-end security Protecting your physical access control system. www.nedapsecurity.com security common practice Bringing IT best practices to physical security Often, companies don

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Maintaining Trust: Visa Inc. Payment Security Strategy

Maintaining Trust: Visa Inc. Payment Security Strategy Maintaining Trust: Visa Inc Payment Security Strategy Ellen Richey 2010 Payments Conference Chicago Federal Reserve Global Electronic Payments Protecting the payment system is a shared responsibility among

More information

DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA

DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA 1 SECURING DIGITAL IDENTITY THE KEY TO ASIA S VAST POTENTIAL IN E-COMMERCE We are living through an exciting time for digital commerce in Asia.

More information

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Using Threat Analytics to Protect Privileged Access and Prevent Breaches Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers

More information

How. Biometrics. Expand the Reach of Mobile Banking ENTER

How. Biometrics. Expand the Reach of Mobile Banking ENTER How Biometrics Expand the Reach of Mobile Banking ENTER Table of Contents 01 The Mobile Banking Opportunity 02 What s Suppressing Mobile Adoption? 03 Onboarding Challenges: Proving One s Identity 04 Authentication

More information

Using Smart Cards to Protect Against Advanced Persistent Threat

Using Smart Cards to Protect Against Advanced Persistent Threat Using Smart Cards to Protect Against Advanced Persistent Threat Smart Cards in Government Oct 30, 2014 Chris Williams Export Approval # 14-leidos-1016-1281 Agenda Who is Leidos? The Identity Challenge

More information

6 Vulnerabilities of the Retail Payment Ecosystem

6 Vulnerabilities of the Retail Payment Ecosystem 6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting

More information

Fraud Mobility: Exploitation Patterns and Insights

Fraud Mobility: Exploitation Patterns and Insights WHITEPAPER Fraud Mobility: Exploitation Patterns and Insights September 2015 2 Table of Contents Introduction 3 Study Methodology 4 Once a SSN has been Compromised, it Remains at Risk 4 Victims Remain

More information

January 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers

January 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers January 23, 2012 Online Banking Risk Management: A Multifaceted Approach for Commercial Customers Risk Management Rajiv Donde - CEO Laru Corporation Agenda Risk Premise FFIEC prescription for a layered

More information

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking? The financial sector struggles with data leakage in part because many such organizations rely on dinosaurs - security solutions that struggle to protect data outside the corporate network. These orgs also

More information

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services This document was developed by the Smart Card Alliance Health and Human Services Council in response to the GAO

More information

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO (US) @BEN_SMITH IDENTITY = THE MOST CONSEQUENTIAL ATTACK VECTOR Confirmed data breaches involving weak, default

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

mhealth SECURITY: STATS AND SOLUTIONS

mhealth SECURITY: STATS AND SOLUTIONS mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported

More information

Effective Strategies for Managing Cybersecurity Risks

Effective Strategies for Managing Cybersecurity Risks October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive

More information

Safelayer's Adaptive Authentication: Increased security through context information

Safelayer's Adaptive Authentication: Increased security through context information 1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient

More information

Security Solutions for Mobile Users in the Workplace

Security Solutions for Mobile Users in the Workplace Security Solutions for Mobile Users in the Workplace 1 1 Multitasking means multiple devices for busy end users Introduction Cloud computing helps organizations operate with less infrastructure, reducing

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers AN IPSWITCH WHITEPAPER 7 Steps to Compliance with GDPR How the General Data Protection Regulation Applies to External File Transfers Introduction Stolen personal data drives a thriving black market for

More information

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for

More information

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

Securing Today s Mobile Workforce

Securing Today s Mobile Workforce WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................

More information

4 Ways to Protect Your Organization from a Data Breach

4 Ways to Protect Your Organization from a Data Breach BEST PRACTICES GUIDE Patient Data Security 4 Ways to Protect Your Organization from a Data Breach Patient Data Security 2 It s a treasure trove of personal data. The proverbial pot of data gold. For every

More information

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON W HI T E P A P ER TABLE OF CONTENTS 03 04 06 06 07 08 09 10 10 EXECUTIVE OVERVIEW INTRODUCTION IMPROVING CUSTOMER ENGAGEMENT IS ON YOUR CMO S RADAR BYOD

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

Integrated Access Management Solutions. Access Televentures

Integrated Access Management Solutions. Access Televentures Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information

Cyber Security Guidelines for Public Wi-Fi Networks

Cyber Security Guidelines for Public Wi-Fi Networks Cyber Security Guidelines for Public Wi-Fi Networks Version: 1.0 Author: Cyber Security Policy and Standards Document Classification: PUBLIC Published Date: April 2018 Document History: Version Description

More information

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Privileged Account Security: A Balanced Approach to Securing Unix Environments Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged

More information

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction

More information

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout

More information

To Audit Your IAM Program

To Audit Your IAM Program Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.

More information

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager. London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate

More information

Who s Protecting Your Keys? August 2018

Who s Protecting Your Keys? August 2018 Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and

More information

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP Debi Mohanty Senior Manager Deloitte & Touche LLP Multi-factor (MFA) Authentication September 2018 Spiros Angelopoulos Principal Solutions Architect ForgeRock MFA Evolved Authentication Spiros Angelopoulos

More information

The Cyber War on Small Business

The Cyber War on Small Business The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber

More information

Using Biometric Authentication to Elevate Enterprise Security

Using Biometric Authentication to Elevate Enterprise Security Using Biometric Authentication to Elevate Enterprise Security Biometric authentication in the enterprise? It s just a matter of time Mobile biometric authentication is officially here to stay. Most of

More information

Red Flag Regulations

Red Flag Regulations Red Flag Regulations Identity Theft Put In Context Overview of Topics Red Flag Regulations Overview How UM Protects Information What is the Student Workers role in identity theft prevention? What s this

More information

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Protecting Against Online Fraud. F5 EMEA Webinar August 2014 Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture

More information

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016 Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice

More information

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN? WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.

More information

FOR FINANCIAL SERVICES ORGANIZATIONS

FOR FINANCIAL SERVICES ORGANIZATIONS RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly

More information

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility

More information

Mobile Security / Mobile Payments

Mobile Security / Mobile Payments Mobile Security / Mobile Payments Leslie K. Lambert CISSP, CISM, CISA, CRISC, CIPP/US, CIPP/G VP, Chief Information Security Officer Juniper Networks Professional Techniques - Session T23 MOBILE SECURITY

More information

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS? FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

The Problem with Privileged Users

The Problem with Privileged Users Flash Point Paper Enforce Access Control The Problem with Privileged Users Four Steps to Reducing Breach Risk: What You Don t Know CAN Hurt You Today s users need easy anytime, anywhere access to information

More information

Employee Security Awareness Training

Employee Security Awareness Training Employee Security Awareness Training September 2016 Purpose Employees have access to sensitive data through the work they perform for York. Examples of sensitive data include social security numbers, medical

More information

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,

More information

PKI Credentialing Handbook

PKI Credentialing Handbook PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key

More information

Strong Security Elements for IoT Manufacturing

Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing

More information

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...

More information

Outsourcing & remote teams: cyber security vulnerabilities

Outsourcing & remote teams: cyber security vulnerabilities Outsourcing & remote teams: cyber security vulnerabilities Mobilunity: Cyber security research 2017-2018 In 2017 alone, 978 million people from 20 countries together lost $172 billion to cybercrimes. That

More information