Category: Financial

But while opinion about the suitability of the latest telephony technology, the Voice over Internet Protocol (VoIP), has been vacillating between whether to adopt it or not within financial institutions, Nymex is holding firm in ruling out the possibility of using the technology for now.

When Nymex officials opted for a digital voice network to replace the legacy V Band analog turret system, they explicitly opted out of using VoIP for the more than 700 trading turret positions. According to John Barbara, director of telecommunications for the IS department of Nymex, the exchange chose the BT ITS voice trading system over a similar offering from rival IPC Information Systems. “Both BT and IPC came up with a four-handset solution, so we put two four-handset turrets in each booth.

Nymex chose the BT ITS solution for its 450 trading position on the Nymex trading floor, where traders deal in energy, crude oil, gasoline, heating oil, natural gas markets and platinum group metals. Nymex also purchased and implemented 290 positions at its sibling Comex division, where traders deal in gold, silver, copper and aluminum.

http://db.riskwaters.com/public/showPage.html?page=210399

The company hopes to improve the reliability and availability of the financial news and market data it provides to financial firms.

‘That information needs to be accurate and there when they need it,’ Malcolm Kelly, global IT security director at Reuters, told the RSA Conference. ‘It’s about achieving the balance between availability, security and integrity.’

Kelly says Reuters needs to deal with any threats to information that might materialise. ‘That’s not just viruses and worms, but data availability and storage,’ he said.

Kelly has outsourced penetration testing and vulnerability management, and says firms need more holistic IT security strategies.

Reuters hopes to benefit from the Symantec and Veritas merger, with security covering anti-virus software to data storage and disaster recovery systems.

http://www.computing.co.uk/news/1161479

The regulations arise from the agencies’ interpretation of several provisions of the Gramm-Leach-Bliley Act. Those provisions call on financial institutions to prevent unauthorized access and use of customer information and to address any such incidents that do occur.

“We do expect our institutions to follow this guidance,” said David Barr, a spokesman for the Federal Deposit Insurance Corporation, or FDIC, one of the agencies involved. Whenever we examine institutions, we will look at…whether they have these consumer safety measures in place.”

The finance industry and the data collection industry are reeling from the fallout of several recent high-profile data leaks. In late February, financial services giant Bank of America alerted government workers that backup tapes containing their sensitive data had gone missing. In addition, data brokers LexisNexis and ChoicePoint have revealed large-scale data leaks.

The latest government rules say that if a bank becomes aware of “an incident of unauthorized access to sensitive customer information,” the institution should investigate. They also require the company to notify account holders quickly if it’s “reasonably possible” that the personal details will be misused.

The regulations apply to banks and savings and loan institutions, and not to credit unions, which fall under a different agency, the National Credit Union Administration. The regulations only cover nonpublic consumer information, not details on businesses or commercial accounts. The rules were established after a period of public comment. They partly resemble California’s Security Breach Information Act, which requires all companies to notify consumers when sensitive personal information may have been compromised.

Others that helped author the regulations include two agencies that are part of the U.S. Treasury Department: the Office of the Comptroller of Currency and the Office of Thrift Supervision. The Board of Governors of the Federal Reserve System also helped issue the guidelines.

http://news.com.com/Banks+ordered+to+tell+customers+about+breaches/2100-7348_3-5635399.html?tag=nefd.top

The same protocol could be employed in many computer networks in which two computers, hand-held communication devices or network nodes need to simultaneously verify the identity of each other.

The protocol – called “delayed password disclosure” – was created by Markus Jakobsson and Steve Myers of Indiana University.

It may have application in any environment where “mutual identity authentication” is required, the researchers say.

This new security protocol could help to prevent consumers from getting tricked into connecting to a fake wireless hub at an airport, for example.

Or the protocol could notify you that the link included in a legitimate-looking e-mail points to a fake website set up to steal your sensitive information, such as passwords and PINs to bank accounts, credit cards numbers and account numbers for online fund-transfer services.

The safety measures also might help stop organized crime and terrorist-funding groups from collecting large numbers of fund-transfer account numbers that could be used for money laundering, the researchers say.

The new protocol is meant to strengthen such networks, using a type of electronic “interrogation” to ensure they are not compromised.

For network attackers to launder money through online fund-transfer accounts of unsuspecting individuals, the criminals must stop email notifications from the fund-transfer company to the account holder.

“Denial of service attacks” and other kinds of network attacks could be employed to stop such notification emails, the researchers say.

http://www.innovations-report.com/html/reports/information_technology/report-40656.html

The credit card company has signed on mBlox to provide an SMS alert system, aimed at providing an extra safety barrier against potentially fraudulent credit card transactions.

European banks will be the first to be able to use the SMS system, which will be bundled with MasterCard’s own anti-fraud tool.

It will query high-risk transactions by sending an SMS to account holders, asking for their confirmation that the transaction is a genuine purchase. Cardholders will be able to give their mobile number over online banking channels or over the counter. If the cardholder confirms the transaction is fraudulent, the card can be blocked in minutes, instead of having to go via the bank’s call centre operatives.

The companies claim the SMS system will cut the response times by 90 per cent and costs by 20 to 30 per cent.

Citibank UK is the first financials institution to review the technology, Johan Gerber, associate VP, risk products at MasterCard, said. “We expect an answer from them soon,” he added.

The service will be mooted to Asia-Pacific, North America and other regions later in the year, with the anti-fraud SMSes expected to hit customers from the second half of the year, Gerber said.

http://software.silicon.com/security/0,39024655,39127779,00.htm