What Causes Profitability?

August 12, 2014
/   Spotlight

Digital Insight proves that digital bankers actually drive increase engagement and profitability with their financial institution.

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Cause and Effect: If you build it, will they come?

/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

Platform Shift in the Making

February 13, 2013
/   Insights

What does the banking industry as a whole have to do with Amazon, Microsoft and Apple? Just about nothing—and down the road, it may turn into a major problem (if it isn’t already). Consider...

Infographic: How to Spot a Fake Check

March 8, 2013
/   Insights

The team over at TROY pulled together an infographic on how to spot a fraudulent check. With more consumers using remote deposit capture to upload and deposit checks through their smartphones, it’s important to...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Reserve Banking: The New Radical Idea

June 5, 2014
/   Insights

Banking is by nature a very conservative industry. That’s why the current buzz over ‘reserve banking’ is so interesting. Even the term seems innocuous, but the scenario it proposes is nothing short of revolutionary....

Financial Literacy Month: How are you celebrating?

March 22, 2013
/   Insights

With April approaching, it’s almost time to kick off Financial Literacy Month! Strongly supported by the United States Congress and the Financial Literacy and Education Commission, Financial Literacy Month aims to promote the importance...

Briefcase with lock

Information security is a constant game of catch-up. We get new technology capabilities, the bad guys find new vulnerabilities. They devise new forms of malicious assault, we come up with new defensive strategies. And so it goes. We know it, they know it, everyone knows it.

Why, then, is the bug known as Heartbleed getting so much attention?

Sure, no disputes that it’s at least potentially a very big deal. But one week into the discovery, Google turns up more than 530 million hits on the subject. The Electronic Frontier Foundation, among others, has labeled it “catastrophic,” and some have gone so far is to describe it as the worst vulnerability to be identified since commercial traffic began on the Internet. Is it really that bad?

Hype aside, here’s what we do know. Over the years, the open source community—basically, thousands of

Heartbleed, the big bad bug in the room, takes advantage of a feature within OpenSSL known as heartbeat, and essentially steals the security certificates that verify a site’s and/or user’s authenticity. The bug has been present but quiet for the past two years, during which time it has potentially undermined security measures for password encryption in a range of environments, from search engine and social networking services to Android devices.developers not beholden to any corporation in particular—have worked together to create much of the software many of us use today. One such program that most people with a life actually know nothing about is OpenSSL, which is very important, since it provides a means for security on web servers all over the world. With this technology, sites can offer encrypted information to visitors, ensuring that the data can’t be seen anyone else when it travels between the user’s device and a particular site.

After that the details get more technical and, sadly, far more murky. On the one hand, we’re being told that despite considerable scrambling on the part of security specialists at companies everywhere, the potential for major damage is very real. It potentially affects hundreds of thousands of Web sites, from Google and Yahoo to Twitter and Dropbox, along with hundreds of millions of users. By that measure, the level of effort needed to truly fix the problem is nothing short of monumental. On the other hand, it’s far from clear just how many sites or users have actually been affected. Challenges issued by security companies to steal information using the vulnerability—basically crowdsourcing digital theft—have so far come up mercifully short, indicating that the concerns, while valid, could be overblown. On the third hand, of course, we just don’t know.

One thing is certain: The old adage about regularly changing passwords, and not using the same one for multiple functions and services, applies now more than ever. The buzz over this recent episode has apparently prompted many users to rapidly change their passwords for all the online services and devices they use, and that’s good. But it would be even better if that became a habit rather than a reaction to much-publicized fears.

There’s a larger question here as well. The ubiquity of technology in every aspect of daily life, from social media to mobile banking apps, has perhaps seduced consumer sensitivity to the issue of information security. And that’s definitely not good.

Making technology capabilities ever more user-friendly carries with it a potentially steep price tag; the easier a service is for everyone to use, the easier it might be for the bad guys for to hack. On a related note, many of the more common services, from email to mobile apps, are free. That carries with it fewer guarantees of rock-solid security.

Many financial technology vendors are already stepping into to the breach to implement fixes for the Heartbleed bug. For their part, numerous commercial banks and other financial services institutions are raising awareness of the threat and running tests to ensure that their communities are not left unprotected.

But somewhere in this environment, consumers have a critical role to play too. Regularly changing passwords is a good start. As digital currency in all forms becomes more embedded in the mainstream, it would be wise to be more aware of security threats and more proactive in taking security precautions.

(362)

Insights

Banking.com’s perspective on industry news and trends

(201)

Spotlight

Must-read news and insights from financial industry leaders

(86)

Voices

Compelling voices and contributed content from around the web

Brad Strothkamp

http://www.forrester.com/rb/analyst/brad_strothkamp

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.