Thursday, 05 January 2006

On January 12th at 9:00 am Pacific time my boss, Jim Maloney, will be presenting along with George Tubin, a senior analyst at Tower Group, on the topic of preventing fraud in the online banking world. They'll discuss the threats, ways to protect customers, and some tools and processes that can help get the job done. It's a hot topic in the marketplace, and I think many people will find this web cast interesting from a security perspective, regardless of whether or not you work at a financial institution.

There's been a lot of talk and movement in this space in the past few months, after the FFIEC (the federal government organization that's made up on several individual federal agencies responsible for setting banking standards) issued new guidance to banks and other financial institutions that says something needs to be done to further protect online banking accounts, and that it needs to be done sooner rather that later. The emphasis of the guidance is on a defense in depth and layered security approach. Jim and George will be specifically addressing that guidance in the web cast.

You can sign up for the web cast here (uses LiveMeeting). A press release that announces the event is available here.

Add/Read: Comments [2]
IT Security | Tech
Thursday, 05 January 2006 07:40:35 (Pacific Standard Time, UTC-08:00)
#  Trackback

Referred by: [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral]
123reg alternative ( [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral] [Referral]

Thursday, 12 January 2006 12:11:25 (Pacific Standard Time, UTC-08:00)
Until the banks get basic security under control no-one will have any confidence in online banking so if I were your boss I wouldn't waste my time. I recently wrote checks and signed them with a variety of names (Mickey Mouse was my favorite, I also signed one "non-negotiable") and they cleared the bank with no problem. One was even cashed by a teller in a branch.

Then again, bank employees seem to love taking our information on the road with them and loosing it.

Until this kind of thing stops happening no-one will trust on-line banking and they have no reason too.
Mark Rosenberg
Thursday, 12 January 2006 13:01:09 (Pacific Standard Time, UTC-08:00)
Hmmm, Mark's reponse is fairly typical of people who want to argue. To say that there are significant security issues not related to online banking, and so one should not spend time securing online banking authentication (which is a known weak spot in the system) is, quite frankly, short-sighted and ridiculous. That's like saying "Hey the back door on your business has a broken lock on it, but no point in fixing it since your front door has problems, too." I don't buy it. Not even close. This is a clasic apples-and-oranges argument, and it hold very little water.

Building trust is not a single-threaded or single-event activity. It requires maintaining security at all levels and layers, and while it certainly *is* important to get a handle on the internal security issues at any given bank, that does not make it any less important to improve the security environment today for those people who are already using online banking.

- gh
Comments are closed.