As banks and credit unions assess online risk, in light of the updated guidance from the FFIEC, financial fraud analyst Tom Wills says they should consider mobile as a viable layer for out-of-band authentication.
"The more that you could focus in on computer science topics, to understand programming, network-based technology and mobile-based technology, the better off you're going to be," says Rob Lee of SANS Institute.
A new twist in the ongoing online security battle between banks and their commercial customers was reported this week after a corporate account in Omaha, Neb., was hit with thousands in fraudulent ACH transactions.
This $38 billion bank has invested a great deal of time and effort into its online security program, continuously conducting risk assessments and making strides to ensure commercial customers stay informed about evolving online-banking risks.
Eduardo Perez says, simply, the "time was right" for Visa's introduction of chip-based payments incentives for U.S. merchants. Visa's new mobile-to-EMV program offers PCI-audit-compliance waivers to qualified merchants who implement dual-interface contact and contactless acceptance.
With the extension of ENISA's mandate into 2013 by the European Parliament & Council, the agency can continue to educate and collaborate with other nations on cybersecurity issues, an area of constant importance.
Though IT business application functions and security-focused practices are expected to be integrated as a single process, secure configuration is the management and control of configurations for information systems to enable security and facilitate the management of information security risk.
As far as Dr. Giles Hogben of ENISA is concerned, now might be the golden opportunity for information security experts to influence the security and privacy measures that may help define Internet safety for the next decade or beyond.
"There are still a lot of inexperienced people out there that are passing themselves off as experts," says Scott Laliberte, managing director of Protiviti, outlining the common challenges of penetration testing.
As fraud continues to evolve and affect financial institutions, careers are plentiful for fraud-fighting professionals, says Jean-Francois Legault, a fraud investigations specialist with Deloitte and Touche.
"I don't think there's any connection [to] the investments banks will make in fraud prevention," says Doug Johnson of the ABA. "It's not about making budget cuts; it's about protecting the customer relationship and ensuring security."