Category: Financial

His descriptions of Key Indicators for the Financial Sector: What to Monitor and Log showed the approaches to logging and monitoring and noted that while regulatory rules mandate that banks regularly monitor event logging, it is growing more popular among institutional management as a way to protect not only the perimeter of the institution’s operations, but the data at rest too. Centralized monitoring offers institutions economies of scale through consolidated reporting, and correlation opportunities on an enterprise-wide effort.

Among other presenters was Karl Kasper, of JP Morgan Chase who spoke on “Security Architecture as a Foundation for Risk Analysis.”

Parker Foley of Wachovia spoke on Trends in Information Security Standards. Foley’s take on the drivers behind the trend toward higher-level models in policy structure and distributed models in management responsibility include the move to a business approach to security and the pressures of efficiency and cost reduction at larger banks.

Keynotes were presented by Thomas Dunbar, Global IT Chief Security Officer of XL Capital; Anish Bhimani, Managing Director of IT Risk Management for JP Morgan Chase Bank, and Ron Insana, Senior Analyst for CNBC. Dunbar’s keynote on Beyond the Expected: The Impact of Sarbanes-Oxley on Information Security Management, showed the direct link between a strong InfoSec department effectively dealing with Information Security as a business risk management issue and compliance with SOX.

Bhimani sees the evolution of information security into risk management as necessary to align with operational risk, regulatory compliance; and the partnership of information security with IT Audit in larger organizations will help make info security more visible.

http://www.bankinfosecurity.com/articles.php?art_id=172&PHPSESSID=1162cdc3d2eaefeb8ecf4017f0b2e046

For the past year, the University of Wisconsin Credit Union in Madison has been using software from Corillian Corp. to authenticate its online users during log-in and, to a limited extent, in the transaction stage. Eric Bangerter, the credit unions director of Internet services, said the software lets the financial institution profile users systems and online behavior and then challenge them to provide extra proof of their identity if any changes from the norm are detected. The credit union also plans to add a stronger out-of-band process, in which automated phone calls will be made to account holders if theres still reason to doubt their identity, Bangerter said.

Chad Graves, vice president of IT at Ent Federal Credit Union in Colorado Springs, said the FFIECs guidelines should be adequate for dealing with current threats such as phishing. But he said that Ent Federal may have to add transaction-level controls if it decides to support electronic clearinghouse or wire-transfer transactions.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=274881

Among the solutions provided, there exist data encryption, IT auditing services, application security solutions, biometrics, end-to-end infrastructure management… Whether your institution requires simple IT risk assessment or a full-enterprise database infrastructure centralization and standardization, InfoSec NY provided a complete spectrum of provider solutions.

In a world where both threats and solutions are constantly evolving, educating yourself about the various security providers available is no longer an issue of compliance and best-practices. InfoSec NY provided both elements by offering informative sessions hosted by field experts and other authorities in addition to vendor resources.

Out of the companies surveyed, the study found 72 percent of breaches occurred because of a lack of protection. Yet regardless of this fact, the costs caused by breaches are primarily reactive, with costs increasing with relation to collateral mitigation, such as:

– a 55 percent focus in marketing costs
– a 34 percent focus in customer support costs
– an 11 percent focus in legal, audit, and risk management cost
– a 0 percent focus in IT security costs

With the IT department bearing none of the costs related to addressing data breaches, such a trend will continue for those who do not maintain a best-practices information security posture.

From attending InfoSec NY, the tracks available satisfied every information security need for all financial institutions, whether they attended to simply touch base with the industry trends, or to gain insightful methods into improving their business posture. As for the general atmosphere of the discussion panels, the warm reception and the number of pleased nods the sessions provoked was a good indicator of the audience’s approval.

http://www.bankinfosecurity.com/articles.php?art_id=167&PHPSESSID=5d300b3be8332b81086b766592012ed5

A majority of banks currently use Fair Isaac Corp.’s Falcon fraud-detection system and their own homegrown systems for dealing with payment card fraud, she said. “But MasterCard, along with Visa, is in a better position to see networkwide transactions,” which can be an advantage in detecting fraud, Litan said.

MasterCard’s Online Fraud Monitor service will use a proprietary risk-scoring model that will look at factors such as account spending, transaction histories and device-level activity to calculate the likelihood of fraud on an individual ATM transaction, Sargent said. For instance, if a card that in the past has been used only domestically were to be used in a large transaction in a foreign country, the transaction would automatically be flagged as high-risk for follow-up action.

MasterCard already offers a similar fraud-detection capability for credit card and signature-based ATM transactions via its Expert Monitoring System and MasterCard Alerts services.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004681&source=NLT_AM&nlid=1

TD Ameritrade Chief Executive Joseph Moglia told Reuters that all those who stole clients’ identities did so by using public computers rather than hacking into the Omaha, Nebraska-based company’s internal systems. Moglia blamed the share price fall on a cut on its projections for 2007 earnings.

Both E*Trade and TD Ameritrade said they are working with investigators at the SEC, U.S. Federal Bureau of Investigation and other agencies to crack down on the scammers.

In many of the schemes outlined recently by SEC officials, crooks will load a victim’s computer or a public PC with a spy program to monitor a user’s activities and capture vital information, such as account numbers and passwords. Once inside, the thief may sell off an account’s portfolio and take the proceeds. Or electronically hijacked accounts may be used for “pump-and-dump” schemes to manipulate stock prices for profit, SEC officials have said.

http://news.yahoo.com/s/nm/20061025/tc_nm/financial_discountbrokerages_fraud_dc

http://www.vnunet.com/vnunet/news/2164096/fifth-third-bank-heads-august