Security Policy & Implementation

There have been many cases of information technology (IT) exploits in the absence of an effective security policy.

In online banking and payments, customers’ PCs have become the Achilles’ heel of the financial industry as cybercrooks remotely take control of the computers to make unauthorized funds transfers, often to faraway places. That is what happened in Pooghkeepsie in New York earlier this year when $ 378,000. was carried out in four unauthorized funds transfers from the town’s account at TD Bank.

Bank officials are worried that the customer desktop, especially in business banking where dollar amounts are high, is increasingly the weaklink in the chain of trust.

According to Gartner’s Litan, she faults security software providers, including McAfee, Symantec and Trend Micro, for doing so little.  Her advice to banks is they can NOT count on it, it’s too ubiquitous, and the banks need to make clear it is NOT total protection. Their higher priorities should be on things they can control, such as fraud detection and out-of-band protections.

Brian Krebs, an investigative journalist says his mantra on this continues to be that nay commercial banking technology that does NOT begin with the premise that the customer’s machine may be and probably is already compromised with Malicious software, does NOT stand a chance of defeating today’s cybercrooks.

According to an FBI report from last November about cyberheists and the role of the money mule, cybercrooks’ fraudulent ACH transfers are often directed to the bank accounts of willing or unwitting individuals within the United States. These people are often recruited through “work from home” advertisements or contacted by recruiters after placing resumes on popular employment sites.

Joe Stewart, Director of Malware Analysis at SecureWorks, stated that since the known banking Trojan malware is Windows-based–there are NO Mac banking Trojans yet, he views the situation today as largely one centering on Windows-based machines, and he would NOT recommend banking online with Windows.   source: Ellen Messmer, NetworkWorld



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s