Category: Financial

Some security and e-commerce companies have touted a future where consumers can sign in once and use that federated authentication throughout the commercial Web. In the past, Microsoft has tried to turn its Passport online identity system into the backend authentication system for e-commerce providers, but privacy experts worried that the move would give a single company too much power in managing consumer information.

http://www.securityfocus.com/brief/141?ref=rss

On Friday, the paper reported that as many as 200,000 debit-card holders could be affected. “I’ve not seen debit cards stolen like this,” Clements said. “Quite frankly, this is the first piece of the puzzle hackers need to commit full-blown identity theft on consumers.”

http://news.com.com/FBI+makes+connections+in+data+breach+case/2100-1029_3-6038287.html?tag=nefd.hed

Spam? Spyware? Data breaches? Telephone records confidentiality? Old issues. Federal Trade Commission (FTC) Chairman Deborah Platt Majoras wants to know what’s next. Majoras said the FTC plans hearings some time this fall to ponder the next generation of consumer high-tech threats. “At these hearings, we will address a series of critical questions: What have we learned over the past decade? How can we apply those lessons to what we do know, and what we cannot know, as we look to the future?” She said the focus of the hearings will be how best to protect consumers in the virtual marketplace of the future.

“A decade has passed since the FTC held hearings to identity significant consumer protection issues associated with new technologies,” Majoras told a Washington spyware conference. “It is again time to look ahead and examine the next generation of issues to emerge in our high-tech global marketplace.”

Majoras noted that the FTC held similar hearings in 1995. At that conference, more than 70 experts in business, technology, economics and consumer protection analyzed the consumer protection challenges likely to emerge in the late 1990s and early 21st century. “No one even mentioned spyware or similar intrusive software,” she said. “Today, however, spyware is fast overtaking spam as consumers’ top online concern.” She did concede that the hearing participants were unaware of the emergence of spyware. “Ten years now is an eternity for technology, and the technological underpinnings for spyware were just being developed at about the time of the FTC’s hearings.”

Although the 1995 FTC panel missed spyware as an emerging threat, Majoras said four principal lessons from the conference are still relevant.

“First, we must study and evaluate new technologies so that we are as prepared as possible to deal with harmful, collateral developments,” Majoras said. “Second, we need to bring appropriate law enforcement actions to reaffirm that fundamental principles of FTC law apply in the context of new technologies.” Majoras said the third principal lesson is that the FTC must look to private enterprise to implement self-regulatory regimes and “more importantly, to develop new technologies.” Finally, she said, the FTC needs to educate consumers so that they can take the necessary steps to protect themselves.

“It is again time to look ahead and examine the next generation of issues to emerge in our high-tech global marketplace,” Majoras said.

http://www.internetnews.com/xSP/article.php/3584391

“Third-party providers are providing some information, but financial institutions are using their own resources to continue” seeking additional information on a broad array of security details, according to Faith Boettger, a senior consultant to BITS, the industry group behind the project.

The effort is aimed at making it easier on both sides: for the financial institutions that need the information, and for the service providers that are getting deluged with invariably disparate and often redundant requests. The new policy won’t just touch on what level of encryption providers put on data or what security protects databases that contain customer information, although those are two of the granular details it will touch on. The group is putting together a standardized questionnaire that will touch on service providers’ security policy, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, system development and maintenance, business continuity and regulatory issues.

Priscilla Rabbayres, a global regulatory executive in the financial services sector for IBM, told eWEEK that IBM considers the financial institutions’ efforts to be of “enormous importance,” particularly given the times. “If we look back even a year ago, this was an important issue, but it really came to life with the California legislation of 2003 [that required enterprises to inform customers of security breaches],” she said. “One service provider may look at one standard, another at another aspect,” she said.

http://www.eweek.com/article2/0,1759,1917900,00.asp?kc=EWRSS03119TX1K0000594

Five per cent of online bankers have no security software installed on their PC at all. The most common reasons cited include that it is too expensive, that they don’t need it or they don’t understand what it is.
Many banks’ terms and conditions reflect the voluntary Banking Code. The current edition, published March 2005, tells users to use up-to-date anti-virus and spyware software and a personal firewall.

But the FSA found that nearly all users (95 per cent) surveyed believe that at least some security responsibility should lie with the bank while 45 per cent believe banks should take sole responsibility.

According to APACS, the UK payment association, fraud losses through internet banking were £14.5m in the six months to June 2005. Although this is relatively low, losses have more than trebled since the same period in 2004 (£4m). The FSA’s research found that if banks were to tackle these losses by shifting the liability fully towards the consumer, more than three quarters (77 per cent) of users say they would abandon internet banking.

“Most consumers recognise they have some responsibility for security but they are not necessarily following this obligation through,” said Philip Robinson, Financial Crime Sector Leader at the FSA. “To tackle the losses associated with fraud, banks should continue to drive security and this must include educating consumers on the importance of protecting themselves. We recognise that many banks are already taking steps to engage consumers. Initiatives like the ‘Get Safe Online’ campaign between the Government and the private sector show consumer education is beginning to happen. But banks need to look carefully at consumer attitudes and whether their initiatives are effective in maintaining confidence,” he added.

http://www.theregister.co.uk/2006/01/23/online_banking_fraud_fears/