Banks must pay up for security

Posted on by admini

Thanks to home PCs, the Web and broadband, banks have been given the chance to revolutionise their business model. Rather than employ an army of well turned-out staff in branch offices across the land, banks now encourage their customers to visit them online.

Online transactions cost a tiny fraction of those conducted over a counter, or even on the telephone, and have undoubtedly helped raise profits. But the smell of the money has attracted a new generation of criminals in the shape of phishers who try to trick the unwary into handing over their personal details, or fool them with fake sites. This technique, called pharming, is particularly devious because users don’t even need to click on an email link to get to the fraudulent site.

Savvy users already know that clicking on a URL in an email does not necessarily take them where they think they are going. But most people have a comfortable level of trust in the fact that if they type a URL in themselves, they know where they will end up.

The solution is for the banks — and major e-commerce sites too — to stop relying just on passwords. No longer is it enough for banks to verify their users online; they need to start now providing a mechanism by which users can verify the banks online.

In the UK, Citibank is tackling keystroke loggers by making users use an onscreen keyboard, but it still does not prove to a user that what lies behind that onscreen keyboard really is Citibank.

Latest figures show that online fraud cost the UK banking sector £12m last year — which should concentrate a few minds.

http://comment.zdnet.co.uk/0,39020505,39190646,00.htm

Read more

Compliance legislation ‘making fraud easier’

Posted on by admini

And data “gluttony”, as one analyst branded it, may be setting companies up for a fall further on down the line.

Peter Dorrington, head of fraud solutions at SAS, told ZDNet UK sister site silicon.com companies are blindly storing vast amounts of data while giving little thought to what is actually being stored. “There is just a lot of storage going on,” said Dorrington. “Fraudsters are reliant upon their transaction being a tree hidden a forest,” said Dorrington, adding that the vast amounts of data being stored post-SOX are simply increasing the size and density of that forest.

James Governor, analyst at Red Monk, said: “Any company which simply stores everything is creating problems for themselves further down the line. Storing everything is just abdicating responsibility, rather than following policy and understanding what they should be storing”. While such policies must be adhered to they create a no-win situation in which they also conflict with the retention requirements of other regulation such as SOX, said Governor. “Rather than just spending more and more money on storage it would make sense to invest a lot more money in working out exactly what companies need to store.”

Shaun Fothergill, security strategist and compliance expert at Computer Associates, believes despite problems settling in, SOX will improve matters for business when implemented effectively. Fothergill said: “Compliance and regulation is forcing the business of IT to do things right. So organisations will begin to measure and monitor more than they did before.”

As the anomalies and fraud issues are corrected the indicators of problems will be moved from red to amber then to green.

Such confusion may be one reason why the SOX deadline for companies based in European countries has been put back a further year this week. Originally the controversial section 404, which outlines the requirement to archive data, was to come into effect on 15 July 2005.

http://news.zdnet.co.uk/business/legal/0,39020651,39190561,00.htm

Read more

IM Threats Growing 50 Percent Per Month

Posted on by admini

“IM viruses and worms are growing exponentially,” said IMlogic chief technology officer Jon Sakoda, in a statement.

Seven out of ten attacks put MSN Messenger, Windows Messenger, and the MSN IM network in the crosshairs, reported the center, while Yahoo and AOL have been the target of just 18 and 12 percent of the attacks, respectively.

http://www.techweb.com/wire/security/159400873

Read more

Gartner: Outsourcing raises costs

Posted on by admini

The research found that outsourced operations are 30 percent more expensive than the top quartile of in-house customer service operations.

Alexa Bona, research director at Gartner, said firms often fail to take hidden costs such as in-house back-up support to the outsourced function into account. “The outsourced service is often more efficient but then outsourcers need to make a profit too,” she said.

Gartner also claims that 80 percent of organisations who outsource their customer management operations purely to cut costs will fail, while 60 percent of those who outsource parts of the customer-facing process will have to deal with customer defections and hidden costs that outweigh any potential savings offered by outsourcing. “If all you are trying to do is save money you are not going to be successful,” said Bona.

The worldwide market for customer service outsourcing is predicted to grow from $8.4bn in 2004 to $12.2bn in 2007, although the offshore element will still only account for five percent of that market by 2007.

Bona said organisations are still being very selective about which customer-facing functions they are prepared to send overseas. “Most [offshore deals] are for level-one enquiries but not the full end-to-end customer service. People are sending bits of processes but they have got wise as to what is and what is not suitable to be sent offshore,” she said.

The Indian start-up business process outsourcing (BPO) firms — as opposed to the big established players like Infosys, TCS and Wipro — are also set to undergo radical consolidation, with Gartner predicting 70 percent of the top 15 will be acquired, merge or disappear by the end of 2005.

“Many of those smaller companies are owned by VCs. They have grown really dramatically and when you are growing at that rate processes break down and it becomes harder to retain staff,” she said.

Despite all this, companies can still achieve cost savings of 25 to 30 percent if they outsource successfully.

http://news.zdnet.co.uk/business/management/0,39020654,39190514,00.htm

Read more

Tech Heavies Throw Weight Into Compliance

Posted on by admini

The group, made up of Oracle (Quote, Chart), Hewlett-Packard (Quote, Chart), Veritas, Sun Microsystems (Quote, Chart), Open Text, Hitachi Data Systems, Network Appliance (Quote, Chart) and Plasmon, expects to have resources available on the Internet Law & Policy Forum (ILPF) Web site in the next six months.

The ILPF is a non-profit organization that provides a neutral forum for challenges posed by the Internet on law, policy, technology and businesses worldwide.

The CMEI site will host documentation on best practices for information retention and maintenance regulations, provide counsel and exchange information with various businesses, legislative bodies and regulatory agencies in various workshops, and publish checklists and summaries of legal and regulatory requirements for interested companies.

Those sorts of conflicting policy goals, as well as some of the weak language found in ambiguous regulations was the main reason for the formation of the working group, according to Harald Collet, CMEI chairman and Oracle records management and compliance support product manager. With businesses focused on complying with the deadlines of specific regulations, he said, such as Sarbanes Oxley, they now have to work on building a framework that is more all-encompassing.

Collet points to research conducted recently by AMR Research, which said companies would spend $6.1 billion in 2005 just to gain compliance with the regulations contained in the Sarbanes-Oxley Act; of that $6.1 billion, $1.7 billion will go toward the technology that helps companies meet compliance standards. But while companies within the working group would stand to gain from selling their products directly to customers — Oracle sells software like its E-Business Suite 11i.9 to help get companies in line with regulations like Sarbanes Oxley and HIPAA — Collet said the goal of the working group is to help customers by finding the best answers for them.

“The vendors that are involved in this all go into it with a spirit of trying to address the technology issues around this,” he said, “and I think that everyone who is involved in trying to solve this issue on the vendor side, they have an interest in clarifying the obligations and issues and pointing the way towards technology solutions that can help with this; it’s a win-win for everyone.

Collect said membership is open for any vendor looking to join the CMEI working group, after paying the admission price of $10,000.

http://www.techweb.com/wire/security/159400873

Read more

No Glee for VoIP

Posted on by admini

But while opinion about the suitability of the latest telephony technology, the Voice over Internet Protocol (VoIP), has been vacillating between whether to adopt it or not within financial institutions, Nymex is holding firm in ruling out the possibility of using the technology for now.

When Nymex officials opted for a digital voice network to replace the legacy V Band analog turret system, they explicitly opted out of using VoIP for the more than 700 trading turret positions. According to John Barbara, director of telecommunications for the IS department of Nymex, the exchange chose the BT ITS voice trading system over a similar offering from rival IPC Information Systems. “Both BT and IPC came up with a four-handset solution, so we put two four-handset turrets in each booth.

Nymex chose the BT ITS solution for its 450 trading position on the Nymex trading floor, where traders deal in energy, crude oil, gasoline, heating oil, natural gas markets and platinum group metals. Nymex also purchased and implemented 290 positions at its sibling Comex division, where traders deal in gold, silver, copper and aluminum.

http://db.riskwaters.com/public/showPage.html?page=210399

Read more