|03 Mar 2010||#1|
| || |
Regulators Revisit E-Banking Security Guidelines.
Prodded by incessant reports of small- to mid-sized business losing millions of dollars at the hands of organized cyber criminals, federal regulators may soon outline more stringent steps that commercial banks need to take to protect business customers from online banking fraud and educate users about the risks of banking online.
At issue are the guidelines jointly issued in 2005 by five federal banking regulators under the umbrella of the Federal Financial Institutions Examination Council (FFIEC). The guidance was meant to prod banks to implement so-called “multifactor authentication” — essentially, to require customers to provide something else in addition to a user name and password when logging into their bank accounts online, such as the output from a security token.
The FFIEC didn’t specify exactly how the banks had to do this, and indeed it left it up to financial institutions to work out the most appropriate approach. However, many banks appear to have gravitated toward approaches that are relatively inexpensive, easy to defeat, and that may not strictly adhere to the guidance, such as forcing customers to periodically provide the answer to “challenge questions” as a prerequisite to logging in to their accounts online.
Unfortunately, as I have documented time and again, organized computer criminals are defeating these solutions with ease. Experts say part of the problem is that few of these solutions can protect customers whose systems are already infected with password-stealing malicious software. What’s more, few banks have put in place technology on their back-end systems to monitor customer transactions for anomalies that may indicate fraudulent activity, much in the way that the credit card industry sifts through data in real time and alerts the customer if a transaction or set of transactions radically deviate from that customer’s usual purchasing habits.
Krebs on Security
|My System Specs|
|Similar help and support threads for2: Regulators Revisit E-Banking Security Guidelines.|
|Revisit: Send to Compressed Folder (ZIP)||General Discussion|
|Regional banking Trojans sneak past security defences||News|
|Online Banking / Browser Security Test - Day 1||System Security|
|Article from 2008 that needs a revisit||News|
|Scheduled Task revisit...||General Discussion|
|Cloud Security Alliance issues new guidelines||Security News|
|Add-on Guidelines in action – AVG Security Toolbar||News|
|Our Sites ||Site Links ||About Us ||Find Us |
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 10:30 PM.