3. Information Security
Corporate Account Take Over (CATO)
• Objective:
1) Breach Customer
– ZeuS – Polymorphic/Custom Trojan
2) Coerce Bank Personnel
– Our Phones are down?
– I really need this now?
3) Take the Money and Run!
– Wire
– ACH domestic or IAT (w History)
4. Information Security
Corporate Account Take Over (CATO)
• Protections
– ACH Schedule & Check Account
Numbers
– Voice Authorization for Wire/ACH over
pre-set limit
– No foreign RDC
– No “Drawn Against Uncollected
Funds”
– Education
– Reference TDB Guidance
– http://www.ectf.dob.texas.gov/index.htm
5. Information Security
• http://www.bluekaizen.org/securitykai
zen_mag/issue4/Security_Kaizen_41.
pdf
– Hacking Banks for Fun & Profit
– Facebook Awareness
– Best Practices for InfoSec Training
• Less Thought of Breaches (part 364)
– Mobile Phones
– Client List
• Still Using IE7? Is Your Customer?
– BEAST – Break SSL/TLS
6. Use Data & Tools to Your Benefit
• National Credit Tool File
– Perform you own analysis
– We can provide Header / Format
– Put your examiner hat on!
7. Use Data & Tools to Your Benefit
• HMDA / CIP / PIF Data
– Find “Fair Lending” violations before the
examiners do
– Prevent UDAAP – Small Business is Next
– Dive Deeper:
• Check Loan Amounts for Areas
– Only Low Amounts in Low Income Areas?
» Makes Sense Right? No?
• Run for Several Years Prior
– “Regression Testing”
• Prevent “Racist Output Without Racist Input”
• In Case of Question – Ask for Examiner Data
Dump!
8. Use Data & Tools to Your Benefit
• PIF / CIP Data for Deposit Accounts
– Class Actions for Account Structures
• Check Deposit Account Types by Area
• Check Deposit Account Types by
Ethnic Groups
9. Use Data & Tools to Your Benefit
• CRA Data
– Map IT! / Don’t Branch IT!
• Export Data to Excel
• Import into MapPoint
• Look for holes / concentrations
• Compare to Demographics or Income Maps
• iPad for Board
– Secure Device/Data and you’re all set
• Presentation Available @ CoNetrix Conference
10. Use Data & Tools to Your Benefit
• Vendors – What’s Available?
– P2P – Advertise IT!
– Text Alerts – Payment Reminders
– Mobile Banking
– Marketing Support
– Cash Management
• Let the service outweigh the risk
“As bankers we have a tendency to market the
products we buy to support the customer rather
than the features of the products that mean the
most to the customer.”
11. Tools to Complete
• OFM/PFM – Personal Financial Management
– Spending Analysis
– Account Aggregation
• P2P – Person to Person Payments
– Available in Bill Pay
• Mobile Merchant Processing
– Through Referral
• Mobile/ATM Check Deposit (soon)
• Social Media
– On Your Own or BuzzBanking
12. Regulatory
• June 30th 2012 – FinCEN files must be
filed electronically
• Reg Z Interpretation
– Watch out for bonuses
• Fair Lending / UDAAP
– Small Business
• Vendor Management (FIL-44-2008)
• Payday/Predatory Lending
– Look at Georgia
• Reg E – Transfers (Consumer & Foreign)
• OCC – No blanket preemption (CFPB)
– Might as well got the way of Frost!
13. Relax!
Consumer Financial Protection Bureau
(CFPB)
• Good Web Site Template (Dummy Proof)
– “Know Before You Owe”
• Non-Bank Focus / Rules
– 9 months – 1 yr Rule Implementation
(after issuance)
• 120 Hour Estimate for Compliance
– Systems (Majority)
– Disclosures (8)
– Policies (8)
14. Relax!
Dodd-Frank
• Main Issues Already Implemented
• Political Influence
– Wait for November or Go to D.C.?
• Too Big – Wait for Guidance
• Too Confusing – Wait for Guidance
Durbin Amendment
• Competition Limitations
– Delayed by Implementation of
Interchange Caps