The Finnish security provider F-Secure concludes the attack e-mail doesn't look too complicated. In fact, it's very simple. But the exploit inside Excel was a zero-day attack at the time and RSA couldn't have protected against it by patching its systems.
The bright spot is that 36 percent of the takeover incidents reported in 2010 were stopped before fraudulent funds transfers were approved. That's an improvement from 2009, when only 20 percent were thwarted.
Fraud is a global concern, and an area regulators and financial institutions the world-over are watching closely, says Bill Isaac. Whether a cyberthreat or mortgage fraud, investments in fraud prevention will continue, despite the state of the international economy.
"We face a broad threat ... and each consumer has to understand that their part in protecting both their own finances and the financial infrastructure, together, is a very large part," says Ian Harper, Pentagon Federal Credit Union.
Small businesses have room to improve when it comes to fraud prevention. And according to a recent study commissioned by TD Bank, a lack of understanding and apathy are challenges that need to be overcome.
A new, free guide on Facebook security, though geared for users, details the practices chief information security officers and other organizational security practitioners should share with their staffs to assure not only safe Internet hygiene when workers access Facebook from work, but for use with other social media...
Ocean Bank failed to implement an effective BSA/AML Compliance Program, with internal controls "reasonably designed to detect and report money laundering and other suspicious activity in a timely manner," regulators say.
As social media continues to evolve and new threats continue to emerge, organizations must constantly re-evaluate their policies and conduct risk assessments, says Andrew Kennedy, who heads up social media policy for BITS.
The PCI Security Standards Council's new guidance for tokenization offers clarification and recommendations for merchants struggling to determine which tokenization solution is best, especially where compliance with the Payment Card Industry Data Security Standard is concerned.
The team at the European Network and Information Security Agency identified 50 security threats that exist within the new web standards and sent recommendations for how they should be addressed to W3C.
As banks and credit unions assess online risk, in light of the updated guidance from the FFIEC, financial fraud analyst Tom Wills says they should consider mobile as a viable layer for out-of-band authentication.