The Finnish security provider F-Secure concludes the attack e-mail doesn't look too complicated. In fact, it's very simple. But the exploit inside Excel was a zero-day attack at the time and RSA couldn't have protected against it by patching its systems.
The bright spot is that 36 percent of the takeover incidents reported in 2010 were stopped before fraudulent funds transfers were approved. That's an improvement from 2009, when only 20 percent were thwarted.
A new twist in the ongoing online security battle between banks and their commercial customers was reported this week after a corporate account in Omaha, Neb., was hit with thousands in fraudulent ACH transactions.
This $38 billion bank has invested a great deal of time and effort into its online security program, continuously conducting risk assessments and making strides to ensure commercial customers stay informed about evolving online-banking risks.
Eduardo Perez says, simply, the "time was right" for Visa's introduction of chip-based payments incentives for U.S. merchants. Visa's new mobile-to-EMV program offers PCI-audit-compliance waivers to qualified merchants who implement dual-interface contact and contactless acceptance.
When economists dissected July's 0.1 point drop in overall unemployment, to 9.1 percent, they attributed the decline mostly to fewer people seeking work. But that's not the case for IT security professionals. There are few discouraged workers in the information technology occupation categories these days.
Banking institutions have a lot to do in order to prepare for the Jan. 2012 deadline to conform with the new FFIEC authentication guidance, and former banking regulator William Henley has one, simple piece of advice: start now.
Despite previously announced plans to appeal last month's ruling in the ACH fraud lawsuit filed by Experi-Metal Inc., Comerica Bank now says it has resolved to pay the $560,000 in damages and close the case.
With the issuance of the final FFIEC Authentication Guidance, institutions need to start moving forward on conformance, and taking a risk-focused approach is the first step, says Matthew Speare, SVP of IT for M&T Bank Corp.
Associations representing clinic administrators, healthcare CIOs and health information managers are asking federal regulators to go back to the drawing board on the access report provision of a proposed Accounting of Disclosures rule.
On June 28, the FFIEC released its final, formal version of its Authentication Guidance. Not even one month later, we've created three new training programs to help banking institutions understand and conform with the guidance.