Category: Financial

To guarantee that the SA notification e-mails are received, institutions should ensure that their network spam filters are set to accept all e-mails from fdic.gov.

Institutions without Internet access may request to continue receiving SAs through the mail by completing the attached paper-delivery request form and faxing it to the FDIC at (703) 465-4314. The FDIC also offers electronic distribution of SAs through its online subscription service. Since this service is not secure, confidential SA attachments of fraudulent and genuine instruments are not included.

To decrease the number of unnecessary e-mails, institution users of this on-line subscription service may wish to discontinue receiving SAs through this mechanism.

http://www.bankinfosecurity.com/regulations.php?reg_id=220&PHPSESSID=0c468c65f2007d6227f7a3a2c3db0faf

Phishing scammers recently hacked the web sites of three Florida banks and redirected their customers to spoof pages, marking an apparent milestone in phishers’ use of bank web sites to construct more credible frauds. The intrusion was detected about an hour after it started, ElectroNet CEO Allen Byington told the…

In terms of the background of this case, as set forth by the FTC, CardSystems provided merchants with products and services used for obtaining approval for credit and debit card purchases from banks that issued cards.

The FTC specifically charged that CardSystems created unnecessary risks in storing information, did not adequately assess the vulnerability of its computer network to commonly known attacks, did not implement low-cost and available defenses to such attacks, failed to use strong passwords to ward off hackers, did not use available security measures to limit access between its computer network and the Internet, and failed to employ adequate measures to detect unauthorized access to personal information.

http://news.com.com/2010-1029_3-6047097.html?part=rss&tag=6047097&subj=news

Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users.

Essentially, an organisation that is joining another’s authentication network must have confidence in the checks that have been carried out to guarantee the identity of the user.

Privacy laws have further compounded this as one organisation is unlikely to be able to share any meaningful information with another organisation to prove that these checks are robust.

http://www.net-security.org/article.php?id=904

And on the surface it appears that forcing banks to add a second factor of authentication could improve the well-documented, rapidly deteriorating state of online security. It’s not clear, for example, that a second factor will significantly reduce “modern” risks; we could be preparing for the next war by planning for the last one.

It’s also unclear if financial companies can balance the cost of scaling two-factor authentication for the masses versus the benefit of whatever risk reduction it might provide.

The FFIEC guidance is the latest incarnation of a security truism: Threats don’t disappear, they migrate, or else over time they mutate to overcome the defenses deployed against them.

http://www.csoonline.com/read/020106/second_thoughts.html

Many UK accounting organisations, however, have no current plans to watch over client-related emails sent from staff.

PKF IT director Jim Greenfield said the firm did not attempt to monitor or restrict emails in terms of client information, as it tried to ‘strike a balance’ to allow communication with clients. But he would not rule out the possibility that a similar type of system being implemented by Deutsche Bank could be used by accounting firms in the future.

A PricewaterhouseCooper’s spokeswoman added the firm’s staff undertook market abuse training and were aware that communications could be monitored. ‘It may seem to be another example of staff freedom being chopped, but better management is essential for professional firms,’ said Reynolds.

‘One problem is that email has grown exponentially from something that was “nice to have” to representing 80% of business communications.’Deutsche Bank head of compliance for Britain and Western Europe, Andrew Proctor, said that the bank was in discussion with software vendors about implementing a new system over the next two months. Although Proctor said the policy was not linked to any events at the bank, he highlighted an ongoing investigation by the Financial Services Authority into a Deutsche Bank official who was suspected of using email to give a misleading impression of how well a sale of shares had gone.

Information commissioner Richard Thomas has launched a code of practice setting out that employees must be made aware of any monitoring of their email and internet usage, apart from the most ‘exceptional circumstances’.

http://www.accountancyage.com/accountancyage/news/2150523/email-monitoring-rejected