security — Banking.com

What We’re Reading: Malware, Fees and Tablets

April 18, 2013 By Banking.com Staff 3 Comments

Below are interesting stories the Banking.com staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom.

Prepaid Cards Still Have Lots of Fees: Survey

American Banker

A survey by Bankrate.com compares 24 prepaid cards based on the fees they charge consumers. For example, the 2012 survey found that 14 of 18 prepaid cards charged customers a balance inquiry fee on at least some automatic teller machines. This year, 18 of 24 cards charged such a fee on at least some ATMs. In last year’s survey six out of 18 prepaid cards charged fees for at least some declined transactions. This year, nine out of 24 cards did.

FDIC on Social Media Risks

Bank Info Security

As the use of social media grows among banking institutions, federal banking regulators warn those institutions need to be mindful of phishing and spoofing schemes. Drafted guidance issued by the Federal Financial Institutions Examination Council now details how banks and credit unions can prepare to mitigate the new and emerging risks social media poses. The drafted guidance, issued in January, references applicable laws and regulations banking institutions should consider when planning and conducting their activities related to social media, says Elizabeth Khalil, of the Federal Deposit Insurance Corp., which is part of the FFIEC.

Creating A Customized Banking Experience With Big Data

Bank Systems & Technology

Big data opens the door for banks to group their customers according to their banking preferences, which can make customers more satisfied and more profitable. Banks have been increasingly focused on customer experience in recent years, but they’ve been taking an approach that is too broad, says Dean Nicolackis, a partner at PwC’s banking and capital markets practice. While many banks are trying to configure a customer experience that is consistent for every customer across every channel, the key to a really great customer experience is providing a different personalized experience that fits different customer segments, Nicolackis contends. Different customers just want different things – and are willing to pay for different things – from their bank.

Are Tablets Their Own Channel And Does It Matter?

Business 2 Community

The latest research from Javelin Strategy and Research indicates that the tablet users are older; between the ages of 35 to 54, have an average household income of $75,000, and half of them consider themselves to be early adopters. When compared with mobile banking, statistics show that users spend more time on tablets. The question though is not whether it should be considered a separate channel. However, whether separate or not, the bottom line, from a customer experience point of view, the service has to be consistent, and that is the key – it has to be fully integrated into all the other channels and the interchange between the channels has to be seamless.

SaveUp Program, Other Tools Target Millenials

Credit Union Journal

Frankenmuth Credit Union CEO Vickie Schmitzer is continually focused on implementing industry innovations to attract members of all ages, but especially Millenials. That focus stems from the credit union’s work in the field. “We work as much as we possibly can with our local public and parochial schools at every grade level,” said Schmitzer. “We know they are our credit union’s future and that new technology is what attracts them to a financial institution or business of any kind, for that matter,” said Schmitzer.

First Tech Also First CU to Launch Windows App

Credit Union Journal

First Tech FCU, the credit union for Microsoft Corp., said it has introduced a new Windows Phone mobile banking application, the first credit union in the U.S. to introduce a native Windows Phone mobile banking app complete with integrated mobile deposit and bill pay functionality. First Tech launched its new Windows phone app on-site at the main Microsoft campus in Redmond, Wash., giving employees of Microsoft an in-depth look at this new platform. Microsoft employees and First Tech members will be able to view the app on a giant Microtile phone display, chat with First Tech App experts and personalize their Windows Phone at a laser engraving station.

Malware Attacks Growing, Getting Smarter, Targeting Android: Report

eWEEK

In 2012, 95 percent of malware threats targeted Android, says a new report. Malware attacks are increasing, getting smarter and targeting Google’s Android mobile operating system, according to a new report from NQ Mobile, a mobile security solutions provider that based the report on the findings of its Security Lab. Mobile malware threats increased by 163 percent in 2012, and 95 percent of all threats were targeted at Android, said the report. The firm estimates that 32.8 million Android devices were infected in 2012, an increase of 200 percent from the 10.8 million infected in 2011.

Banks Are Designing Branches to Look Like Apple Stores In a Struggle to Remain Relevant

Go Banking Rates

There are a few regional banks, like Umpaqua, that fully embraced “smart banking” years ago. For major, national banks, it was Citi that sparked the trend. In 2008, beginning with its Singapore location, the bank began constructing futuristic branch prototypes that swapped tellers for touchscreens, size with efficiency, and gave locations the overall look and feel of Apple stores.. Rather than reinventing the wheel when it came to modern design, Citi actually hired the services of Eight, Inc., the architectural and strategic design firm behind Apple, according to The Financial Brand.

Filed Under Industry News Tagged With app, data, malware, mobile, security, social media, tablet, what we're reading

Fast Facts: Cybersecurity

April 17, 2013 By Banking.com Staff Leave a Comment

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.

The financial services sector and private industry are increasingly targeted by complex cyber-attacks. Attacks can have potentially disastrous effects including theft of confidential data, damage to critical infrastructure, and denial of access to customers, shareholders, or investors.

FACT: The White House has recognized the importance and need for increased cyber defense and information sharing through both a policy directive and executive order signed February 12, 2013.

The Department of Homeland Security (DHS) was given primary responsibility in maintaining awareness and coordinating federal responses to cyber and physical threats.
DHS will coordinate with sector specific agencies to identify and prioritize risks to infrastructure.
The National Institute of Standards and Technology will develop a Cybersecurity Framework within the next two years to establish standards, methodologies, and procedures to respond to threats.

FACT: The financial industry has successfully withstood three waves of distributed denial of service (DDoS) attacks beginning in September 2012.

DDoS attacks involve a flood of electronic traffic from locations around the world to a website intended to slow down or disable an institutions site.
While DDoS attacks are not designed to steal confidential data or expose sensitive personal information, they inconvenience consumers and businesses attempting to access online services and could be leveraged as a distraction for more harmful attacks.

FACT: Information sharing remains one of the best defenses against cyber-attacks.

As threats evolve and coordinated attacks take place, the industry must be able to respond in a collective, synchronized approach.
Membership and collaboration with the Financial Services Information Sharing and Analysis Center and Financial Services Sector Coordinating Council is encouraged by financial regulators, DHS, and the Department of the Treasury.

FACT: Establishing a system where the private and public sectors share and use timely threat intelligence will help America create a more capable and expansive cyber-defense network.

Protecting the privacy and security of customers is an industry priority. Information shared is limited to data needed to protect from and respond to cybersecurity attacks.

You can view all previous Fast Facts at www.RoundtableResearch.org.

Filed Under Data & Research Tagged With attacks, cybersecurity, data, Financial Services Roundtable, hacks, security, statistics

What We’re Reading: Facebook, Google Glass and iPads

March 14, 2013 By Banking.com Staff Leave a Comment

Below are interesting stories the Banking.com staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom.

Facebook Design Changes Could Benefit Banks, If They Adapt Quickly

American Banker

Facebook’s latest update to the way it presents shared information to users could help bank marketers. A battery of changes will include larger photos and four new feeds (to keep tabs on all friends, the photos friends are sharing, music the user has indicated he likes, and the latest news from pages and people the user follows). The new feeds could help bank customers keep up with what their financial services companies are sharing, assuming they “friend” their banks.

Google Glass Will Change Your Branches

American Banker

Google has teased us once more with an augmented reality future. The company has released images and video heralding what appears to be the imminent launch of their Glass augmented reality devices. Not surprisingly, commentators are predicting a seismic shift that will match the launch of the iPhone. That has created a wave of excitement, as banks and technology providers speculate how these innovations will turbo-charge mobile banking.

Who is Your Borrower in a Virtual World?

Bank Systems & Technology

The traditional, documentary method of verifying the identity of a customer is for an employee of a financial institution to look at a government-issued photo ID and manually check it against customer-provided information. The non-documentary procedures start with obtaining information from the applicant that can be compared to information in the public record from third party sources. The developing best practice is to cross check nonpublic personally identifiable information that is input by the applicant against the information on credit reports. Through API exchanges with the major credit reporting agencies the personal information input by the applicant can be verified against the information independently provided in the credit report.

iPads, Other Tablets to Drive Mobile Banking

Billing World

One in four tablet PC users will use their devices to pay bills by 2017, says a new report. Juniper Research found that a growing user acceptance of “push” mobile banking and a sharp rise in tablet adoption will drive users of transactional tablet banking services to almost 200 million in 2017. This will represent approximately one-fifth (19 percent) of total mobile banking customers in 2017, compared to just 9 percent this year. The report finds that, adoption of mobile bill presentment and payment (MBPP) transactional banking by tablet users will be higher than mobile handset users, especially in developed areas where there is a higher adoption of tablets. The report says as consumer tablet adoption continues to rise, there will be significant migration of purchasing and transaction activity from laptops and desktops to tablet devices.

Clay Christensen: Jeff Bezos, Scott Cook, and Steve Jobs Got Disruption Right

Business Insider

In an interview appearing at strategy+business, Clay Christensen argues that many executives are pushed to make decisions that are quick and profitable, and they frequently rely heavily on incomplete data. When asked which executives thought about disruption the right way, Christensen cited ex-Intel CEO and co-founder Andy Grove and his response to inexpensive laptops. As for more recent examples, Christensen said: “Of the managers I’ve known, I think Scott Cook, who is the founder of Intuit, is most prone to think this way…”

Going cashless

Celent Banking Blog

The Dutch looking to get rid of cash. They got rid of checks in 2001 as a payments instrument, and now they’re making moves to go that next step. Yes, it was a publicity stunt (there was also a big sell on contactless for example), but equally they were making payments fun, not something that you can often say! Few countries have managed to get cash to a point where it’s less than 50% of all transactions.

US Bank intros BillPay feature for iOS and Android, lets you set up bill payments with a pic

Engadget

Judging by recently announced projects like Go Mobile, it’s quite clear that US Bank is working hard at keeping up with the mobile banking curve. With today’s introduction of its new Mobile Photo BillPay feature, the company’s giving customers using an iOS or Android device yet another nifty tool to take advantage of while on the go — one that’s set to make it easy to set up bill payments by simply taking a shot of any invoice and uploading it to an account from within the app.

Dear Mobile Industry: Time To Step It Up On Security

Forbes.com

In less than 10 years, smartphones and tablets have taken over. This year, the mobile industry will ship 1 billion smartphones globally, doubling the number of installed smartphones to about 2 billion. While we may agree that the mobile revolution has greatly benefitted all of us, our mobile devices are far from infallible when it comes to fraud and cybercrime. Many security firms predict 2013 will bring a rise in cyber attacks on mobile devices in general, and smartphones in particular.

Area credit unions continue to gain popularity as the economy recovers

Washington Post

Membership, deposits and loan originations at area credit unions — particularly the largest ones — rose last year as the broader economy continued its climb, according to data released last week by the National Credit Union Administration. The figures mirror a national trend in which membership rose 2.2 percent in 2012, as 2 million new members signed up.
Read more

Filed Under Industry News Tagged With cyber attacks, Facebook, Google Glass, iPad, mobile, security, what we're reading

Fast Facts: Recent Cyber Attacks

October 31, 2012 By Financial Services Roundtable Leave a Comment

The Financial Services Roundtable released its 2012 Fast Facts Book in September, which contains Fast Facts from January 2012 through July 2012. We shared information on preventing financial exploitation of of the elderly in a recent post. Below are some updated Fast Facts on recent cyber attacks.

FACT: Since late September 2012, large financial institutions have been the subject of (or threatened to be the subject of) attacks intended to disrupt the availability of their Web sites. A group that calls itself the Cyber Fighters of Izz ad-din Al Qassam has claimed credit for these attacks.

FACT: The attacks have flooded certain bank Web sites with an extremely high volume of electronic traffic from thousands of locations around the world. This flood of traffic, called “a distributed denial of service (DDoS) attack,” is intended to slow down or disable the bank’s Web site.

FACT: The attacks are not designed to be – and have not resulted in – a data breach, hacking, or unauthorized access to consumer information.

Consumers can access their accounts through alternative means, including bank branch offices and call centers.

FACT: The financial services industry has robust cyber protections in place.

Banks collaborate with other banks, federal regulators such as Treasury, law enforcement officials, other government agencies such as the FBI and DHS, Internet Service Providers, and Internet security experts to fully analyze and deflect online attacks and deliver safe and consistent online service.
Financial services institutions use sophisticated online security strategies to protect customer accounts and continue to invest in technology to increase capacity and defend against potential attacks.
Financial services institutions are regularly examined by their primary federal regulator to ensure their compliance with cybersecurity regulations and information standards, including standards set in the Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, and FFIEC Information Technology Examination Handbooks.
Financial services institutions collaborate with the Financial Services Information Sharing and Analysis Center (FS-ISAC) which is an industry forum for collaboration on critical security threats facing the financial services sector.

FACT: While there is nothing in particular that customers can do in response to the DDoS attacks, consumers can improve the general security of their private information by using the following tips:

Install on your computer—and keep updated—anti-virus software, firewall and anti-spyware software.
Set your computer’s operating system and browser to “automatic download” to ensure your operating system and browser include the latest security updates.
Don’t get hooked by phishing. Do not respond to unsolicited emails requesting personal information and do not download attachments on unsolicited emails.
Use strong passwords and change them regularly. The best passwords are long—a minimum of 8 characters—and complex. Not your birthday or the name of a child or pet. Use a combination of numbers, symbols and letter; something meaningful to you like an acronym or batting averages, but not easily guessed.

For additional resources and examples of member programs, visithttp://www.fsround.org/fsr/financial_literacy/financial_literacy_corner.asp.

Filed Under Industry News Tagged With banking news, BITS, cyber attacks, security, The Financial Services Roundtable

Going Luddite on Mobile

October 22, 2012 By Banking.com Staff Leave a Comment

Tracking the adoption of mobile banking is like putting human behavior under a microscope…again. In a sense, it’s very much like the adoption of online banking (or online anything else), only on a much faster scale. To some, it’s still odd working with professionals who can’t remember what business was like before the Internet. Imagine how we’ll feel when the colleague in the next cubicle has no memory of life before “there’s an app for that.”

The issue seems to have taken on extra relevance because there’s been a flurry of articles recently about how mobile banking is not being adopted as widely as it should because of security concerns. Even the Better Business Bureau (BBB) is offering tips on safe mobile banking practices.

There’s nothing wrong with good, sensible advice, but maybe we need some perspective here.

First, let’s be clear about the adoption of mobile banking: It’s growing at an astonishing rate. As far back as 2011, an eternity in tech years, research firm Yankee Group projected in its Mobile Money Forecast that global mobile transactions would grow from $241 billion last year to $1 trillion-plus by 2015. That’s a staggering CAGR (compound annual growth rate) of 56%–how many other trends can we say that about?

More to the point, the practice continues to grow without huge amounts of education or even promotion. Just a few years ago, the term ‘mobile app’ didn’t even exist; now there are literally millions of them, and most of us are blasé about what we choose to download and use on a regular basis. The mobile device has effectively blurred the distinction between personal and business use and forced our employers to keep up rather than push us to try new software.

Sure, putting money into the mix changes things. It’s one thing to download a video game for playing while on the road and entirely another to use a new button to make an impulse investment or just transfer funds. But what’s remarkable is not how few people do exactly this and more, it’s how many do it every day.

Again, good advice is always welcome, but it’s likely that most of have already heard (perhaps many times over) what the BBB is telling us we should do to protect out investments. Don’t follow links; don’t download authorized applications; keep devices secure. That said, we probably need to keep hearing it.

It used to be said that while Windows PCs got hacked relentlessly, Macintoshes were pretty safe. That’s statistically accurate, and therefore true, but one reason is that the customer base for Apple products was comparatively small. Hackers went after Windows users for the same reason that Willie Sutton allegedly gave for robbing banks: that’s where the money is. Well, guess where the money is now.

There will always be some, from the hyper-cautious to the Luddites, who resist mobile banking. The alternate reality is that there’s already a vast customer base for mobile banking, and they deserve the greatest attention (which is exactly what cyber-criminals are giving them).

The mobile experience for every human action will continue to evolve and gain in popularity, and banking is no exception. There will be viruses and data breaches, and a few will gain enough of a profile to scare off some potential users. But the technology itself offers too much flexibility, productivity and convenience to completely outweigh the risks.

There’s a downside, and we need to keep it in mind. But as industry professionals, it’s our job not to be overwhelmed by the threats but instead focus on keeping the practice as secure as possible. Our customers—and there are many of them—need that.

This article originally appeared as a guest post on MyBankTracker.com.

Filed Under Industry News Tagged With banking news, banking services, mobile apps, mobile banking, mobile payments, mobile wallet, online banking, PFM tools, security

We Need To Talk (About Security)

October 10, 2012 By Banking.com Staff 1 Comment

It’s easy to forget, but the most basic social media channel of all is. . .talking. And when it comes to banking, that’s come to represent a glaring security flaw.

Most financial services institutions are hyper-vigilant about building information security defenses into their online and mobile channels. It’s not just required by law, thanks to dozens of compliance mandates, it’s also good for business. More to the point, as documented on this site, many banks have launched education and marketing campaigns to spread the word about the security measures that they take, and what their customers should do to prevent theft, fraud and other forms of abuse.

However, that still leaves one key variable—call centers. It’s a curious dichotomy: many of us take those anonymous voices on the other end of the phone for granted (unless they can’t provide the answer we need), yet we freely give them all kinds of sensitive data, everything from addresses and social security numbers to account-specific information. Let’s face it, we have to give it to them to get the answers we need.

It’s almost reassuring to know that the calls are being recorded, since this helps improve customer service, and gives us a backup. It also means those calls are being stored and archived somewhere—and that presents a problem.

For the record, there are certainly regulations governing these practices. The PCI-DSS (for Payment Card Security Industry Data Security Standards) Council says such recordings fall under the scope of PCI compliance, but it’s clearly an area that has received less attention with regard to security.

There are several issues here that deserve scrutiny.

First, any kind of information exposed through voice communications offers a goldmine for social engineering scams. The range of tactics used varies widely, but they mostly involve manipulation for the purpose of gaining confidential information. In the past, these attacks were of a random and mass-market nature. Now, thanks to the wealth of personalized information available through social media channels, they’ve become far more targeted and sophisticated. Every nugget gleaned through hacked voice communications offers a major step forward for the bad guys.

More broadly, so much of call center work is outsourced that it’s sometimes difficult to ascertain where the voice on the other end of the call is physically located, and where the calls are being stored. (In some cases, the company that wins the contract in turn outsources the work to a call center located in a different country.)

While the practice gained popularity as a means of greater business efficiency, outsourcing has in the past few years become a volatile political issue. Legislation introduced in Congress would, among other mandates, require business to disclose to callers when their calls are transferred abroad, and potentially give them the option to be transferred to a U.S.-based representative. While U.S. employment is clearly the primary driving factor, security is frequently cited as a key issue.

More regulation may be inevitable, but as always, the industry itself is best qualified to implement the best security, not because it’s forced to but because it’s good for business.

Just as technology enables optimal communications, it also enables optimal security. For example, there is software that automatically halts recording when key words with sensitive information are used.

In some ways, call centers represent old-world banking, while the threats they face are quite new. What really matters, however, is that whatever the means of communication, it’s up to us to protect our customers, and that means protecting every kind of data we receive.

Filed Under For Financial Institutions Tagged With banks, call center, PCI compliance, security, social media

National (Banking) Security

October 5, 2012 By Banking.com Staff 1 Comment

Here’s a perfect snapshot of the world today: When Iranian President Mahmoud Ahmadinejad addresses the United Nations, banking IT executives should be paying close attention. While concerns over Iran’s nuclear ambitions pay out on the global stage, even becoming a major issue in the U.S. presidential election, it’s not only the Departments of State and Defense that are involved. There’s ongoing speculation over the details, but it’s become increasingly clear that in the past few months, several U.S. financial conglomerates—Bank of America, JP Morgan Chase and Citigroup, among others—have been under cyber-attack. There’s no official confirmation of the source, but it’s increasingly believed that the hackers were based in Iran.

The specific motives are still unclear, although it’s not hard to accept that economic sanctions that have been imposed are a major factor. For the record, the Iranian government has claimed in the recent past to be building a ‘cyber army,’ and has even called for loyal citizens to hack into Western institutions.

It’s not just banks getting caught in the crossfire. Just this week, Google warned Gmail customers that “state-sponsored attackers” may be trying to compromise their computers. Google didn’t name the state doing the sponsoring, and in this case Iran claims to be among the victims.

We still don’t know much about the recent attacks—just how broad they were, and the extent of the damage caused. For the most part they seem to have been Distributed Denial of Service (DDoS) attacks, which are typically made up of waves of phony traffic that effectively shut down otherwise functional servers and badly disrupt operations. There may not have been outright data theft, but many customers were unable to conduct online transactions, leaving banks with considerable remediation and repair costs.

Industry experts believe the attacks were heavily coordinated and targeted, pursuing weak spots that were likely uncovered through extensive research and surveillance. It’s being reported that thousands of servers were hijacked for the purpose.

The attacks seem to have subsided in the past week, but looking ahead, there’s continuing cause for worry.

First, by all accounts, these were not isolated incidents or the work of malicious kids out to prove their skills. Most DDoS attacks take considerable organization, skill and resources, and the new wave was no exception. These showed sophisticated tactics backed by patience and expertise. The diversity of their origins—the ‘botnets’ could be anywhere—makes the defense even more problematic.

It’s definitely uncomfortable to be considered alongside defense contractors as part of the ‘military-industrial complex’ and become the focus of geo-political tensions. However, the undeniable reality is that the information technology infrastructure underpinning the entire economy makes a choice target. Criminal gangs out for profit are no longer the only digital threats we need to keep in mind. Cyber terrorism is now a potent weapon in international conflicts, and few actions make a more potent political statement than bringing down the financial services industry.

There’s no reason for us to stop doing what we do—that would be handing the bad guys a true victory. However, it would serve us well to be vigilant. There are no guarantees here, but no one should be surprised if there are more attacks, whether through DDoS or new virus strains. Security must be a top priority: We need to help our security specialists build the best defenses possible, and ensure that even with waves of sophisticated assaults, operations are not disrupted.

Filed Under For Financial Institutions Tagged With banks, Gmail, Google, security

Bank Robbing 2.0

May 15, 2012 By David Sutton Leave a Comment

Financial institutions have plenty to worry about these days: robbers, hackers, fraudsters, scammers, viruses, malware, trojans —and the list goes on. One little talked about threat to FIs and their customers is ATM fraud in the form of skimming.

Skimming is the act of hijacking account information through the use of a card reader, usually installed on an ATM and fabricated to look like a part of the machine. Thieves have even utilized the readers used to unlock after-hours ATM kiosks. Often, a camera accompanies the card reader attached directly on ATMs and records customers entering their PIN.

Fraudsters can then withdraw money directly from the compromised account or sell the information to other criminals. Guns, drugs and other illicit materials can then be purchased with the stolen funds and card information, or criminals can perpetrate identity theft.

A recent post on the Krebs on Security blog, a banking and finance security blog, shows the latest in skimmer technology recovered from a compromised ATM. The unit is an all-in-one card reader with a built-in pinhole camera, seamlessly attached to an ATM — pretty sophisticated stuff.

One expert estimates more than $350,000 stolen from ATMs worldwide every day via skimming. With ATMs seemingly everywhere one could go – grocery stores, movie theaters, malls, gas stations – there is no shortage for opportunity. This reveals another part of the problem: unless you are a bank security expert, chances are remote that anyone from your FI has mentioned skimming or how to minimize the risk.

Here are some simple steps both FIs and their customers can use to lower the chance they will be victimized:

Before inserting your card, always scrutinize the ATM for parts that look out of place, been added on or just plain don’t belong. Check for mismatched and uneven seams or other irregularities.
Use your hand as a shield while you enter your PIN. This is perhaps the easiest preventative measure one can take. It will also prevent shoulder snoopers from spying on you.
Educate yourself about skimming (and other forms of fraud). FIs can do a better job teaching their customers about skimming to help customers and members minimize the risk of being victimized. Hang a poster next to the ATMs or print warnings right on the machines, so it is fresh on the ATM user’s mind.
Remind customers to check their account activity often, and report any unfamiliar transactions to the FI.

As FIs continue to utilize ATMs for both convenience and cost-savings, the frequency of skimming attacks will only increase in both volume and sophistication. Should these attacks be thwarted, FIs, customers and law enforcement must stay vigilant and ahead of the criminals and their ever-advancing technology.

Does your FI already have preventative measures in place against skimmers? Let us know in the comments section below or Tweet @bankingdotcom.

Editor’s Note: David Sutton has a BA in economics and a MS in business journalism, and his articles have appeared on Forbes.com and in the Boston Business Journal. David has had a bank account since he was three.

Filed Under For Financial Institutions Tagged With ATM, financial institutions, fraud, security

Financial Institutions & Security in the Cloud

July 11, 2011 By Banking.com Staff 1 Comment

Financial institutions are not strangers to cloud computing adoption. One of the earlier cloud uses in banks and financial institutions were for SaaS deployments, which allowed for more social media components to banking.

However, now FI’s face the issue of security due to the increased number of data leaks. As a result, cloud within IT strategies and architecture for FIs will increase the risk of a security breach among servers and networks unless there is an adoption of a multiyear cloud strategy to keep data protected – as was outlined by John Gubala of CapCo and Milo B. Sprague of Silicon Valley Bank in Wall Street and Technology.

A recent article in Bank Systems & Technology by Rodney Nelsestuen, a senior research director covering financial services and research for the TowerGroup, outlines what he believes are the “3 Steps to Securing the Cloud’s Future,” which discuss the long term steps banks need to take to have a secure cloud architecture for a successful future in the cloud:

1) Network issues need to be resolved by having “an open and transparent industry dialogue about tomorrow’s physical network business model…and foster marketplace competition.” Marketplace competition and an open dialogue will aim to create a secure network that will reinforce all of the data that resides within the cloud.

2) Financial institutions must have a standardized cloud by working with groups such as the Cloud Security Alliance and the IEEE.

3) Mandated best practices in cloud risk management will reduce the risk of financial crime. As security breaches do become more prevalent and more money is being spent online than ever (Gartner predicts that cloud services revenue is forecasted to reach $148.8 billion in 2014– up from $68.3 in 2010), systematic structure will help to create a plan of action in case of any data leakage.

The plan of action aims to reduce the risk of cloud architecture, and financial institutions will reap the benefits of the cloud than has been experienced in the past. By following the steps as defined by Nelsestuen, financial institution IT infrastructures can take steps to ensure security in the cloud and continue to find more uses of this relatively new technology.

Is your financial institution taking steps towards the cloud? Do you think regulation is the next logical choice for all banks to adopt the cloud for their IT architectures? Let us know in the comments section below, or Tweet @bankingdotcom.

Filed Under Industry News Tagged With banking services, cloud computing, financial institutions, security, social media

Fast Facts: Cybersecurity

What We’re Reading: Facebook, Google Glass and iPads

Fast Facts: Recent Cyber Attacks

Going Luddite on Mobile

National (Banking) Security

Bank Robbing 2.0

Subscribe

News Feed

Blogroll