Banking Information Security Podcast

For all the latest news and views, please visit the FFIEC Authentication Guidance Resource Center. Gartner's Avivah Litan says regulators have done a nice job of emphasizing why and how banks and credit unions need to implement layered security that adequately addresses online risks. But the guidance falls short when it comes to customer education.

For all the latest news and views, please visit the FFIEC Authentication Guidance Resource Center. Aite's Julie McNelley says the final FFIEC online authentication guidance offers greater detail in areas such as layered security, but that institutions have much to do to prepare for regulatory assessments in 2012.

Organizations' biggest obstacles to privacy protection are the organizations themselves - specifically, their silos - says Dr. Ann Cavoukian, proponent of the new concept, Privacy by Redesign.

Fraud expert Ori Eisen says banks spend too much time reacting to ACH fraud, rather than trying to stop it. Now that the FFIEC's new online authentication guidance is official, banks must focus on eliminating outdated solutions and moving toward automated solutions for device identification and log analysis.

SafeNet CEO Chris Fedde says top executives, not chief information or chief information security officers, should have final say on what data to encrypt.

Leigh Williams says preventing online data breaches requires cooperation within the online ecosystem from domestic and international organizations. Spearheading and maintaining that cooperation requires federal oversight, he contends.

Sen. Robert Menendez says regulators should have the power to compel banks to toughen IT security and offer timely customer notification of a breach. But if they don't, the Banking Committee member says in an interview, they should come to Congress to get that authority.

Online and mobile banking are taking the world by storm - especially in the Asia-Pacific region. But many institutions are simply not prepared to manage security and privacy appropriately in these venues, says Gartner's Matthew Cheung.

Northrop Grumman Cybersecurity Research Consortium's Robert Brammer says IT security researchers should think like Wayne Gretzky, the National Hockey League hall of famer: Skate to where the puck will be.

Greg Rattray, VP of Security at BITS, says we can't necessarily stop the spread of dangerous malware like Zeus, but banking institutions can do a better job of mitigating the risk and damage that follow such an attack.

AppSec's VanHorn says more segregation of employee duties is needed.

FDIC examiner Donald Saxinger says cloud computing can pose challenges when it comes to business continuity during disasters. Proactive vendor management, he says, is the best way to address potential hiccups before they become big problems.

The PCI Security Standards Council's new guidance on virtualization in the payments space aims to provide best practices for securing the payments chain's virtual platforms and appliances.

IT security expert Marcus Ranum says RSA's offer to replace its SecurID tokens is a deal worth taking.

Authentication expert Steve Dispensa says banking institutions need to realign their authentication infrastructures to include a mix of in-band and out-of-band measures.

For nearly two years, banks and businesses across the U.S. have been plagued by a wave of corporate account takeover. And while there's no one answer, Texas bank examiner Phillip Hinkle sees ways that institutions can better detect and prevent these crimes.

What's the top threat on the minds of global IT leaders? Employee-owned mobile devices - or BYOD (bring your own device), as the trend is known. The struggle: Do mobile device benefits outweigh the organizational risks?

Quantifying the safety or danger of cyberspace is tough. But a highly respected IT security practitioner and an experienced risk management consultant have teamed to develop an index they contend reflects the relative security of cyberspace by aggregating the views of information security industry professionals.

Payment card fraud. ACH and wire transfers. ATM skimming. And especially insider crimes. These are among today's top information security threats to institutions, says banking regulator Gigi Hyland in an exclusive interview.

New authentication guidance, when it is passed down, needs more attention on mobile, says Fraud Red Team's David Shroyer,a former Bank of America security executive.