FINANCIAL INFOSECURITY NEWSLETTER

April 2017

The Impact of Bank Data Breaches on Customer Loyalty and Retention

Devesh Panchwagh, Delta-risk.net, March 24, 2017

There’s no doubt that bank data breaches cost businesses money, but there are costs associated with breaches that add up beyond a round dollar figure. Most studies that calculate the costs from breaches focus on short-term quantifiable costs such as discovering and mitigating the breach and recovering assets. But the long-term, indirect breach costs — costs such as hits to the stock price, brand reputation, and reduced customer loyalty — can be harder to quantify.

Read More

Banking, Cyber And Social: How To Protect Your Firm From A Dangerous Combo

Joanna Belbey, Forbes.com, March 30, 2017

At a recent financial services event, leading cyber security experts explored how employees using social media can enable a cyber-attack at your firm. Greg Ruppert, Senior Vice President, Chief, Financial Crimes Investigations Group, Charles Schwab & Co., Inc. moderated a panel of Malcolm Palmore, Assistant Special Agent in Charge, Federal Bureau of Investigation, Patrick A. Westerhaus, Director, Cyber Crime Intelligent Unit of Enterprise Information Security, Wells Fargo & Company and Dan Nadir, VP of Product Management, Proofpoint to discuss the risks of social media and how fight back. (Contributor’s note: Dan Nadir is my colleague at Proofpoint.)

Read More

Banks Just Can’t Find Enough Cyber Security Talent

Dan Butcher, efinancialcareers.com, March 14, 2017

Banks are desperate to hire cyber security professionals and a shortage of talent means they’re looking outside of the financial services industry. Goldman Sachs turned to the White House for its new cyber security lead, while Morgan Stanley hired a counter-terrorism expert and BNP Paribas recruited from consulting.

Read More

Google Points to Another POS Vendor Breach

Brian Krebs, Krebsonsecurity.com, March 16, 2017

For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.

Read More

Ransomware Onslaught Continues: Old Foes, New Defenses

Mathew J. Schwartz, Bankinfosecurity.com, March 6, 2017

Indeed, the Crypt0L0cker ransomware – originally tied to the Gameover Zeus gang – has returned, researchers warn, and in some cases is digitally signed to make it appear legitimate. And various attack campaigns continue to spread other types of crypto-locking ransomware, for example fling Cerber and Sage Locker via emails sent from short-lived domain names.

Read More

6 Security Areas Fintech Needs to Patch This Year

Elena Prokopets, Tech.co, March 1, 2017

If there ever was a tech revolution that is impacting every corner of the world, it is fintech. Traditional financial institutions are being forced to re-think their products and services. Previously unbanked individuals are now getting banked through mobile providers. Personal finance management is largely shifting online – you can get insured, invest in stocks or pay your bills through an app.

Read More

How’s Your Online Bank Security Looking? The Dutch Studied Theirs And… Yeah, Not Great

Kieren McCarthy, Theregister.co.uk, February 22, 2017

The Dutch banking industry is doing a terrible job of online security, according to the company that runs the country’s .nl internet domains. In a new report published Tuesday, the internet registry SIDN was surprised to find that just six per cent of banks using .nl internet addresses have the security protocol DNSSEC in place to protect their digital assets and their customers.

Read More

It’s Raining. It’s Pouring. This Fake Weather App Is Stealing Your Credentials

David Bisson, Grahamcluley.com, February 24, 2017

A new Android banking trojan poses as a legitimate weather forecast app in an effort to steal users’ banking credentials.

Read More

More on Bluetooth Ingenico Overlay Skimmers

Brian Krebs, Krebsonsecurity.com, February 26, 2017

This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

Read More

‘It Takes a Village’ to Protect Financial Sector From Cyber Threats (Opinion)

Algirde Pipikaite, Thehill.com, March 29, 2017

U.S. financial service companies are among the favorite targets of hackers and cyber thieves. An effective attack may result in millions of dollars in gains. One successfully-executed cyberattack might bring wealth that lasts a lifetime.

Read More

New York’s New Financial Cyber Security Laws Have Canadian Experts Taking Note

Justin Samanski-Langille, Business.financialpost.com, March 8, 2017

Last week, New York State’s new cyber security requirements for financial institutions came into full effect, including mandatory minimum standards for protecting customer data for firms that fall under the state financial watchdog’s purview. But it isn’t just Wall Street giants who are being affected.

Read More