2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
Despite the FFIEC authentication guidance and the growth of online fraud, financial institutions still rely on outdated practices that expose customers to risk. How can institutions update their security measures?
In their efforts to conform with the FFIEC authentication guidance, many financial institutions are caught off-guard by the overall cost of enhanced detection and authentication for online banking. Why?
The FFIEC Authentication Guidance has resulted in a cottage industry of anomaly detection solutions. But look carefully before you buy - separate myth from reality - says Terry Austin, CEO of Guardian Analytics.
Another myth is that it's easy to do the math and spot the anomalies. But, in fact, this process...
Two years after his business was a victim of ACH fraud, PATCO's Mark Patterson doubts whether most small business owners are yet aware of the risks they face. And he doesn't think the FFIEC guidance will help.
ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.
Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.
Mobile banking is a 'must-have' today, but the foray into this new financial-services arena comes with risk. Consistent review and implementation of security layers and controls is the only strategic way to tackle emerging mobile offers.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.