1 / 37

Financial Data Protection

Financial Data Protection . Financial Data Protection. Financial Data is an Asset??!! The Compromise Your Bank’s Security The Weakest Link Solutions for Safety. Our Most Valuable Asset……. Before the Internet. Today’s Valuable Assets. Personal Financial Data =. What is Financial Data?.

manton
Download Presentation

Financial Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Financial Data Protection

  2. Financial Data Protection • Financial Data is an Asset??!! • The Compromise • Your Bank’s Security • The Weakest Link • Solutions for Safety

  3. Our Most Valuable Asset……. Before the Internet

  4. Today’s Valuable Assets Personal Financial Data =

  5. What is Financial Data? • SSN# and DOB • Address • Mother’s Maiden name • Credit / Debit card and Account numbers • User Name and Passwords • Drivers license or identification numbers • Check Information

  6. How is Data Compromised? POS / ATM Skimming

  7. How is Data Compromised? POS / ATM Skimming

  8. How is Data Compromised? Data Breach - Headlines TJX - Between 47 and 200 Million Cards Compromised • Weak encryption on TJX’s wireless network allowed the theft of card information. 26.5 Million Veteran’s personal records exposed • An employee’s computer was stolen containing unencrypted information on 26.5 million people. The information included names, social security numbers, date of birth and other personally identifiable information

  9. How is Data Compromised? Internet Usage • Viruses, Malware & Keyloggers • Man in the Middle • Man in the browser • Social Networking • Games • Video link

  10. The Reality of Computer Security • 22.7 million computers scanned 48.35% compromised • A micro study of 10,000 computers • 55% of computers equipped with up to date antivirus and security software, were not able to detect and remove the Zeus virus • 14% had antivirus that was not up to date • 31% did not have antivirus at all Source: APWG Q3, 2009 Report

  11. How is Data Compromised? Email and Phone • Phishing / Vishing • Data Leakage • Clicking on links in text messages or email • Nigerian fraud / money mules

  12. What do they do with it? • Account Take Over • Check Fraud • Credit / Debit Fraud • Identity Theft • Take out loans • Open deposit accounts • Apply for credit cards

  13. Account Takeover • Fraudster hacks into your PC • Downloads malware such as a keylogger to gain your online log on credentials • Logs on with complete access to your account information and features • Sets up a new payee and initiates a transfer of funds via ACH or Wire • The money is sent to the money mule and is then emptied and abandoned

  14. Online banking “just makes life simpler” Internet Usage in 2010 was 36% Internet Usage in 2011 was 62% Source: ABA survey

  15. Your Bank’s Security Obligations Gramm Leach Bliley Act “GLBA” (Customer) 1999 FFIEC Internet Authentication Guidance 2005 & 2011 MA 201 CMR 17.00 Mass Residents - 2010

  16. Anti Virus Software Anti Spam Software Patching Software Upgrades Penetration Testing Vulnerability Testing Auditing Firewalls Web Filters Annual Training Vendor Management Secured Storage Password Requirements Encryption Policies & Procedures Provide Encrypted Removable Media Computer Logs Document shredding Secured trash disposal Secure Email Minimum Standards of ProtectionGLBA & MA 201 CMR 17

  17. FFIEC Internet Authentication Guidance • Current Security • Reverse Phishing • Multi Factor Authentication (device ID - cookie) • Challenge Questions at Log In • New security • Complex Device Identification • Complex Challenge Questions • Layered security for high risk transactions • Detect and respond to anomalous/suspicious activity at log in and transaction level • Out of band authentication • Dual Control, Isolated PC for Online Banking

  18. What makes us the weakest link? Convenience There is an inverse relationship between convenience (ease-of-use) and security. As you increase security, you lose convenience. Security

  19. What Makes Us the Weakest Link? • Easily guessed passwords • Too short, too simple, common words • Not keeping secrets • Writing passwords down, sending confidential data in e-mails • Trusting things we get from others • Opening email attachments, clicking on links

  20. Social Engineering Is the art of manipulating people into performing actions or divulging confidential information

  21. What do you have that they want? • Money • Customer Information • Employee Information • Business Information • Access to Systems • Why do they want access to Systems?

  22. Social Networking Danger • http://www.youtube.com/watch?v=ASV25lLoROg&feature=related

  23. Social Networking Danger Phone profile and friend request (phishing attempt) • 43% accepted the friend request • 72% gave email address • 84% gave full DOB • 87% gave details about workplace or education • 78% listed current address or location • 23% listed current phone number • 26% provided their IM screen name In most cases, access to photos, likes, dislikes, hobbies, employer detail and other personal information was also accessed. Source: Sophos YouTube video – Identity theft made easy

  24. The Risk of Convenience • Analysis of 32 million passwords stolen • 20% or 6.4 million used only 5000 different passwords! #1 123456 (used 290,731 times) #2 12345 #3 123456789 #4 password #5 iloveyou Source: Imperva

  25. Strong Passwords Long passwords, mixing letters, numbers, and symbols are tough to crack. Best passwords are memorable but hard to type! • 8 Characters long • Contains Upper and Lower case letters • Contain at least one number or special character • Is not a dictionary word in any language • Cannot be easily guessed • Changed every 90 days • Don’t tell anyone your password • Don’t write your password down anywhere

  26. Mnemonics Made Easy • “Water, water everywhere and not a drop to drink” (Rhyme of the Ancient Mariner) converts to Wwe&nadtd. • “We Three Kings from Orient Are” converts to w3KfOr3691.

  27. Strong Passwords • http://www.youtube.com/watch?v=ap6QnMv0fBo&feature=related

  28. Security Measures • Review accounts frequently • Be suspicious of emails and links • Sign up for alerts • Never register a foreign computer • Note the https • Note the banks web address • Save any shortcuts under a fake name

  29. Online Banking Security • http://www.youtube.com/watch?v=mWNEoBIxhSs

  30. Identity Theft Red Flags • You order new checks or a debit card and never receive them • You see unauthorized activity on your account or credit report • You receive a change of address notice from your bank • You begin to receive calls for debt collection

  31. Additional Security Measures • Guard SSN, DOB, Mother’s Maiden Name • Guard your mailbox • Sign up for electronic statements • Take your receipts (ATM, Debit, Credit) • Order your credit report annually • Equifax, Experian, TransUnion • www.annualcreditreport.com • Shred, Shred, Shred

  32. Identify Theft Prevention • http://www.youtube.com/watch?v=H35DASgwPZc&feature=related

  33. Online Security Convenience There is an inverse relationship between convenience (ease-of-use) and security. As you increase security, you lose convenience. Security

  34. In order to WIN, we need to be perfect. For the malicious party to win, they need only to exploit one mistake.

  35. Resources • Identify Theft information – ESB • http://www.bankesb-idtheft.com/home.htm • Fraud Advisory for Businesses: Corporate Account Take Over (FBI, USSS, IC3, FS-SIAC) • http://www.ic3.gov/media/2010/corporateaccounttakeover.pdf • Fighting back against Identify Theft (FTC) • http://www.ftc.gov/bcp/edu/microsites/idtheft/ • FBI Scams and Safety • http://www.fbi.gov/scams-safety/ • Better Business Bureau –Data Security made simpler • http://www.bbb.org/data-security/Data-Security-Made-Simpler.pdf • Onguard Online – Consumer protection (FTC) • http://onguardonline.gov/ • Bureau of Consumer Protection – Business • http://business.ftc.gov/

More Related