HNS MAIN FEED
Saturday, 03:48 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Q&A: Security threats to financial organizations
Ori Eisen is the founder and Chief Innovation Officer of 41st Parameter. In this interview he discusses the security threats to financial organizations and their customers, the problem of fraud as well as an evolution of such problems.
What are the biggest security threats to financial organizations today? What can be done to mitigate them?
The two biggest security threats are fraud rings and botnets.
1) Fraud Rings - and their underground market for stolen identities is the largest outside threat to financial organizations today, due to their ability to react quickly to new anti-fraud measures adopted by financial institutions. The tactics used by these fraud rings include fraudulent new account opening, check image fraud/counterfeiting, credit bust-out, account takeover and wire fraud.
2) Botnets – employed by fraud rings, they expose financial organizations to millions of drone devices. Access to such a vast network enables the fraudsters to exploit subtle vulnerabilities within the online channel.
Technology such as tagless device ID, like PCPrint, assists in fighting fraud rings and botnets by allowing the connection of online account activity and devices through link analysis (which is included in our risk engine solutions FraudNet for Account Opening and PhishingNet). If one unfamiliar device is seen accessing an account when using the device fingerprint, all accounts that have been accessed by this same device can quickly be identified and monitored for uncharacteristic behavior. Because fraud rings utilize specialists (phishing scam artists, account hackers, new account originators, account stagers, etc) and each uses different devices, there is a great importance associated with linking device profiles, including language settings, time zone, and other key characteristics. This is also extremely beneficial in identifying additional suspect devices belonging to various stages of the fraud ring activity.
How exactly do these threats have a further impact, on the customer?
Smarter and more technologically empowered fraud rings continue to emerge, and their ability to fool banking customers by using realistic phishing sites, in-session phishing, man-in-the-middle and even offline tools (such as automated voice messaging services) to capture account information from unsuspecting victims further impacts customers. This impact is felt through the losses customers incur and the time spent to resolve fraud when they become a victim. Additionally, offline fraud resulting from online surveillance (such as check image viewing online to glean information for offline counterfeit check production) causes customers additional pain.
1 | 2 | 3 | Next page >>
- Q&A: Wireshark
- Best practices for DNS security
- Spam evolution: September 2009
- Looking back at 2009 through SQL injection goggles
- Q&A: Web application security
