SlideShare a Scribd company logo

Cybersecurity Trends in the Banking Industry1-1

Download as PPTX, PDF
Megan Rapp
Megan Rapp

This document discusses the upcoming implementation of EMV chip-and-pin credit card technology in the United States and the related liability shift scheduled for October 2015. It notes that while EMV cards may reduce card-present fraud, card-not-present fraud may increase, so financial institutions are focusing on identity theft prevention and authentication. The document emphasizes that employee training is crucial, as human error is a major cause of data breaches, and many organizations are developing cybersecurity awareness programs. It concludes that EMV cards will become the new standard in the US and that training is key to protecting against evolving cyber threats.

1 of 13
United States is one of the last countries to implement the chip-and-pin technology October 1, 2015– Fraud Liability Shift Will reduce card-present fraud According to the Toledo Business Journal, a credit union in Ohio incurred over $100,000 in fraud losses due to card compromises (Toledo Business Journal, 2015).
• The implementation of EMV cards is going to change the banking industry who holds the liability. • Policy changes by MasterCard, American Express, and Visa will protect from certain liability. – Example: A bank issues EMV cards to customers, but the merchant fails to adopt the chip-and-pin technology, then merchant will face the liability in the event of a data breach.
• Training is crucial when it comes to training employees and could reduce likelihood of accidental breaches • One study showed that 78% IT personnel indicated they have experienced a data breach in result of employee negligence (Abawajy, 2014). • Training and awareness is the most cost-effective form of security control!
• Many companies are implementing cybersecurity awareness programs • By increasing awareness, the outcome of a security breach may decrease • Employees are frontline defense against these cyber criminals (ABA Banking Journal, 2014) • Employee negligence could cost financial institutions major loss and liabilities, and affecting the reputation of institutions. • Many banks and credit unions are starting to use the FFIEC Cybersecurity Assessment Tool (Released June 30,2015)
• Identity theft – As EMV cards are deployed, it should reduce card-present fraud; BUT card-not-present fraud could increase along with identity theft. – Financial institutions are educating their members with newsletters, pamphlets, and on the company’s websites. – Some companies will likely start implementing methods to authenticate callers to prevent phone “spoofing” (ABA Banking Journal, 2014).
EMV cards – Today, 100% of fraud liability is on the card issuer – Companies are trying to determine if the cost of the technology is going to outweigh the benefits – Less than one quarter of retailers are EMV compliant – Numerous companies need to upgrade their systems, but many say it’s unnecessary. – Companies are reluctant on upgrading their POS systems due to how expensive it is
• Training & Awareness- – Many companies are starting to employ phishing awareness assessments amongst employees – FFIEC and NIST took the steps to increase awareness in the U.S. and assist companies in calculating their inherent risk profile (Stechyshyn, 2015). – For those companies that do not have a cybersecurity strategy in place, this tool will guide them in developing one. – Institutions and other businesses are already using this free resource
Conclusion • These trends are not going away anytime soon • Education is key! • EMV cards are going to become the new standard. By 2016, an estimated 500 million EMV cards will be active in the U.S. • Employees are the frontline defense against these threat actors. Training is imperative!
• Abawajy, J. (2014). User Preference of Cyber Security Awareness Delivery Methods. Behavior & Information Technology, 33(3), 236-247. • Lazette, M. (2014). Credit union puts chips on fraud protection. Crain's Cleveland Business, 35(4), 5. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1 494489918?accountid=14580 • Retailer cyber security harming area financial institutions. (2015). Toledo Business Journal, 31(6), 25. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1 698149300?accountid=14580 • Sauer, C. (2014). Data Security: How Much Will EMV Help?. Credit Union Magazine, 80(7), 26. • Working Together to Protect Against Identity Theft. (2014). ABA Banking Journal, 106(9),29-48 • Stechyshyn, A. (2015). Security vulnerabilities in financial institutions (Order No. 1586590). Available from ProQuest Dissertations & Theses Global: Science & Technology. (1677223944). Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1 677223944?accountid=14580

Recommended

Life In Info Age Lesson11
Life In Info Age Lesson11Life In Info Age Lesson11
Life In Info Age Lesson11
KennyBHS
 
Life In Info Age Lesson10
Life In Info Age Lesson10Life In Info Age Lesson10
Life In Info Age Lesson10
KennyBHS
 
Life In Info Age Lesson9
Life In Info Age Lesson9Life In Info Age Lesson9
Life In Info Age Lesson9
KennyBHS
 
Método anticonceptivos jesus david umaña
Método anticonceptivos jesus david umañaMétodo anticonceptivos jesus david umaña
Método anticonceptivos jesus david umaña
Jesus Umaña
 
Cybersecurity trends in the banking industry
Cybersecurity trends in the banking industryCybersecurity trends in the banking industry
Cybersecurity trends in the banking industry
Megan Rapp
 
Danish Naim
Danish NaimDanish Naim
Danish Naim
Danish Naim
 
Diapositivas de tic
Diapositivas de ticDiapositivas de tic
Diapositivas de tic
patincito13
 
Entspannen, keine sorge
Entspannen, keine sorgeEntspannen, keine sorge
Entspannen, keine sorge
damun
 

Recommended

Life In Info Age Lesson11
Life In Info Age Lesson11Life In Info Age Lesson11
Life In Info Age Lesson11
KennyBHS
 
Life In Info Age Lesson10
Life In Info Age Lesson10Life In Info Age Lesson10
Life In Info Age Lesson10
KennyBHS
 
Life In Info Age Lesson9
Life In Info Age Lesson9Life In Info Age Lesson9
Life In Info Age Lesson9
KennyBHS
 
Método anticonceptivos jesus david umaña
Método anticonceptivos jesus david umañaMétodo anticonceptivos jesus david umaña
Método anticonceptivos jesus david umaña
Jesus Umaña
 
Cybersecurity trends in the banking industry
Cybersecurity trends in the banking industryCybersecurity trends in the banking industry
Cybersecurity trends in the banking industry
Megan Rapp
 
Danish Naim
Danish NaimDanish Naim
Danish Naim
Danish Naim
 
Diapositivas de tic
Diapositivas de ticDiapositivas de tic
Diapositivas de tic
patincito13
 
Entspannen, keine sorge
Entspannen, keine sorgeEntspannen, keine sorge
Entspannen, keine sorge
damun
 
Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
normanibarber20063
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docx
sodhi3
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Bankingdotcom
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
Grant Thornton LLP
 
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
Thomas Lee
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
Tommy Riggins
 
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
KKess
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
 
Next Generation of the Previously Unthinkable
Next Generation of the Previously UnthinkableNext Generation of the Previously Unthinkable
Next Generation of the Previously Unthinkable
qmatheson
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
jaggernaoma
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
Lapman Lee ✔
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
Machine Learning In Insurance
Machine Learning In InsuranceMachine Learning In Insurance
Machine Learning In Insurance
Accenture Insurance
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the Future
First American Payment Systems
 
Machine Leaning Insurance
Machine Leaning InsuranceMachine Leaning Insurance
Machine Leaning Insurance
Federico Katsicas
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
Sreejith Nair
 

More Related Content

Similar to Cybersecurity Trends in the Banking Industry1-1

Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
normanibarber20063
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docx
sodhi3
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Bankingdotcom
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
Grant Thornton LLP
 
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
Thomas Lee
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
Tommy Riggins
 
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
KKess
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
- Mark - Fullbright
 
Next Generation of the Previously Unthinkable
Next Generation of the Previously UnthinkableNext Generation of the Previously Unthinkable
Next Generation of the Previously Unthinkable
qmatheson
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
jaggernaoma
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
Lapman Lee ✔
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
Machine Learning In Insurance
Machine Learning In InsuranceMachine Learning In Insurance
Machine Learning In Insurance
Accenture Insurance
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the Future
First American Payment Systems
 
Machine Leaning Insurance
Machine Leaning InsuranceMachine Leaning Insurance
Machine Leaning Insurance
Federico Katsicas
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
Sreejith Nair
 

Similar to Cybersecurity Trends in the Banking Industry1-1 (20)

Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docx
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
Solutionreach Webinar: Will Your Practice Be Ready for EMV by October 2015?
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
 
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Next Generation of the Previously Unthinkable
Next Generation of the Previously UnthinkableNext Generation of the Previously Unthinkable
Next Generation of the Previously Unthinkable
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Machine Learning In Insurance
Machine Learning In InsuranceMachine Learning In Insurance
Machine Learning In Insurance
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the Future
 
Machine Leaning Insurance
Machine Leaning InsuranceMachine Leaning Insurance
Machine Leaning Insurance
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 

Cybersecurity Trends in the Banking Industry1-1

  • 1.
  • 2.
  • 3.
  • 4.
  • 5. United States is one of the last countries to implement the chip-and-pin technology October 1, 2015– Fraud Liability Shift Will reduce card-present fraud According to the Toledo Business Journal, a credit union in Ohio incurred over $100,000 in fraud losses due to card compromises (Toledo Business Journal, 2015).
  • 6. • The implementation of EMV cards is going to change the banking industry who holds the liability. • Policy changes by MasterCard, American Express, and Visa will protect from certain liability. – Example: A bank issues EMV cards to customers, but the merchant fails to adopt the chip-and-pin technology, then merchant will face the liability in the event of a data breach.
  • 7. • Training is crucial when it comes to training employees and could reduce likelihood of accidental breaches • One study showed that 78% IT personnel indicated they have experienced a data breach in result of employee negligence (Abawajy, 2014). • Training and awareness is the most cost-effective form of security control!
  • 8. • Many companies are implementing cybersecurity awareness programs • By increasing awareness, the outcome of a security breach may decrease • Employees are frontline defense against these cyber criminals (ABA Banking Journal, 2014) • Employee negligence could cost financial institutions major loss and liabilities, and affecting the reputation of institutions. • Many banks and credit unions are starting to use the FFIEC Cybersecurity Assessment Tool (Released June 30,2015)
  • 9. • Identity theft – As EMV cards are deployed, it should reduce card-present fraud; BUT card-not-present fraud could increase along with identity theft. – Financial institutions are educating their members with newsletters, pamphlets, and on the company’s websites. – Some companies will likely start implementing methods to authenticate callers to prevent phone “spoofing” (ABA Banking Journal, 2014).
  • 10. EMV cards – Today, 100% of fraud liability is on the card issuer – Companies are trying to determine if the cost of the technology is going to outweigh the benefits – Less than one quarter of retailers are EMV compliant – Numerous companies need to upgrade their systems, but many say it’s unnecessary. – Companies are reluctant on upgrading their POS systems due to how expensive it is
  • 11. • Training & Awareness- – Many companies are starting to employ phishing awareness assessments amongst employees – FFIEC and NIST took the steps to increase awareness in the U.S. and assist companies in calculating their inherent risk profile (Stechyshyn, 2015). – For those companies that do not have a cybersecurity strategy in place, this tool will guide them in developing one. – Institutions and other businesses are already using this free resource
  • 12. Conclusion • These trends are not going away anytime soon • Education is key! • EMV cards are going to become the new standard. By 2016, an estimated 500 million EMV cards will be active in the U.S. • Employees are the frontline defense against these threat actors. Training is imperative!
  • 13. • Abawajy, J. (2014). User Preference of Cyber Security Awareness Delivery Methods. Behavior & Information Technology, 33(3), 236-247. • Lazette, M. (2014). Credit union puts chips on fraud protection. Crain's Cleveland Business, 35(4), 5. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1 494489918?accountid=14580 • Retailer cyber security harming area financial institutions. (2015). Toledo Business Journal, 31(6), 25. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1 698149300?accountid=14580 • Sauer, C. (2014). Data Security: How Much Will EMV Help?. Credit Union Magazine, 80(7), 26. • Working Together to Protect Against Identity Theft. (2014). ABA Banking Journal, 106(9),29-48 • Stechyshyn, A. (2015). Security vulnerabilities in financial institutions (Order No. 1586590). Available from ProQuest Dissertations & Theses Global: Science & Technology. (1677223944). Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1 677223944?accountid=14580