What's NOT In Your Customer's Wallet?
Going Beyond Shared Secrets to Protect Your Institution and Your Customers
By Lori Moore, CRCM, Director of Compliance

The Federal Financial Institutions Examination Council’s (FFIEC) June 2011 Supplement to Authentication in an Internet Banking Environment prescribes remedies for such rising financial cybercrimes as online banking fraud, identity theft, account takeovers and the like. Once this guidance takes effect in 2012, regulators will expect financial institutions to have strengthened their authentication techniques to more successfully combat these crimes. Looking beyond what your customer has in their wallet for identity verification was identified as a crucial tool in helping your institution meet that expectation. Out of Wallet questioning goes deeper and beyond the typical challenge security questions, such as your city of birth or your mother’s maiden name, items otherwise known as shared secrets. We all know cyber criminals get more sophisticated every day. Consider the use of Out of Wallet questions as your institution’s own sophisticated answer to the fraudster’s underhanded methods. 




Hackers Are Looking for Security Weaknesses, Are You Doing the Same?

Today’s cyber-culture relies on the use of electronic information. Financial institutions, healthcare organizations, and other businesses are no different, and the electronic information of these businesses is a gold mine for hackers. These malicious individuals are constantly searching for security vulnerabilities and weaknesses to gain access to electronic information. Are you taking the proper steps to protect your information? In this session, we’ll take a look at the risks associated with social engineering, network perimeter attacks, and internal vulnerabilities. Additionally, we’ll briefly discuss steps your organization can take to prepare for, identify, and defend against these risks.

Speaker: 

Tyler Leet
RISC Manager
ATTUS Technologies

10/26/2011 3:00PM to 4:00PM ET

Question: Regarding BSA/AML, what types of individuals or entities are considered high-risk?

Answer:  An overview of the various types of customers and entities that are considered to be high-risk is included within the FFIEC BSA/AML Exam Manual. However, you should remember that the types of individuals and entities included in the manual may not be all inclusive. Regardless of the category or type of customer, determining the risk level is largely dependent upon factors specific to the customer. For example, all customers who are Politically Exposed Persons or PEPs are not necessarily all high-risk. Factors such as the geographic location or region to which the customer is related are significant considerations when determining risk.

Got a question on a tricky regulation? We want to hear from you. Submit your question and an expert will answer it in a future issue.



Smishing: How Banks Can Fight Back
Police Warn of Text-Based Scams Targeting Banking Customers
Tracy Kitten, BankInfoSecurity.com

Police in Pima County, Ariz., have issued a warning about smishing, or text-based phishing attacks, targeting mobile users.

The warning comes after a Tucson-area resident filed a complaint about a phishy text message that appeared to be from the recipient's financial institution. The text, which asked the account holder to call a specified number to resolve a possible compromise of his bank account, included the last four digits of the user's debit card, making the text appear legitimate.

"Smishing attacks are low-tech schemes, but they nevertheless prove frustrating for financial institutions. Jason Rouse, a mobile security expert and consultant with Cigital Inc., says smishing, like most socially engineered schemes, preys on victims' trust. "So, the bank should issue very clear guidelines about the way it will communicate with customers," he says. "The must tell customers they will never ask for a password or information over a cell."

FDIC.gov

The FDIC will conduct free telephone seminars on deposit insurance coverage for bank representatives through December 7, 2011. The FDIC believes that these seminars provide a unique opportunity for bank employees to receive training about federal deposit insurance coverage from FDIC subject matter experts.The three final dates are: October 14, 1:00PM, November 14, 2:00PM and December 7, 1:00PM. 

Questions about all aspects of the FDIC deposit insurance seminars, including registration procedures and problems accessing “Deposit Insurance Coverage, Free Nationwide Seminars for Bank Officers and Employees” from the FDIC Web site, should be directed to the FDIC Call Center at 1-877-275-3342. 



Feedback: What, Why and How
What Gets in the Way?
Steve Roesler, AllThingsWorksplace.com

Feedback started as a term used to describe the signals sent from a rocket back to earth in order to determine the accuracy of the rocket's course. By tracking the speed and trajectory, ground crews could determine when and where to make corrections.

Here's the really important point: The chances of impacting performance increase with frequency and timeliness of feedback. That implies the need for ongoing "How are we doing?" conversations. It's our best chance at knowing whether we're on track or not. 

So what gets in the way of this happening? Read more