Security News Curated from across the world
“The Federal Reserve will continue to work with our counterparts in the federal government to encourage enhanced feedback on how reporting is contributing to our common fight against money laundering and terrorism,” Bies said.
http://www.marketwatch.com/News/Story/Story.aspx?guid=%7B16693B48-1BEC-4B01-B138-7812489927B4%7D&siteid=google
http://www.xatrix.org/article.php?s=4393
Ingram said there is a belief that customers are safe and privacy is protected through the use of SSL but “this is not the truth”. His statement was backed up by AusCert’s analysis and assessment manager Kathryn Kerr, who said it is a serious issue for any organization offering Internet banking as well as anyone using VPNs or remote work.
Neal Wise, director of security firm Assurance Pty Ltd., said SSL does serve a good purpose but leaves users prone to a “man in the middle”-type attack. “Unfortunately the only controls a bank can rely on for users to transport data is SSL encryption; it leaves them in an interesting situation having to cover related security issues they have not created,” Wise said. “We will see financial institutions, as part of shoring up their own risks, providing cut-price antivirus and content checking tools for their clients, because right now if someone manages to put a keystroke logger on a client computer, and a banking session gets recorded, banks have to cover that risk and it is not their fault.”
While security experts claim Internet banking fraud drains as much as two to five percent of revenue, the financial services industry isn’t as forthcoming when it comes discussing online threats, and the Australian Bankers Association (ABA) refuses to comment.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000457&source=rss_news85
“Today, the requirement is to make all information unreadable wherever it is stored,” Maxwell said.
In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said.
The challenge with encryption is that older payment systems were not built to support the scrambling technology, said Qualys CEO Philippe Courtot.
http://news.com.com/Credit+card+security+rules+to+get+update/2100-1029_3-6072594.html?tag=nefd.top
“We hear many credit union prospects say they can’t imagine a hacker would want to target them because they are small,” said Ramsey. “I believe these findings illustrate how important it is for all financial organizations to be diligent and thorough in implementing and maintaining a strong, defense-in depth IT security plan,” continued Ramsey.
http://www.it-observer.com/news/6270/credit_unions_attacked_by_hackers_more_than_banks/
RSA says the trend is down to a combination of factors including an increase in the number of online banking users in Europe and Asia Pacific, banks offering increased functionality as part of online services, and heightened sophistication on the part of hackers.
Fraudsters are essentially crooked entrepreneurs; they are constantly looking for the greatest return for the smallest investment, and financial institutions in relatively untapped markets with users unfamiliar with phishing attacks are an attractive target.
http://www.theregister.co.uk/2006/04/26/international_phishing_survey/