Bankingdotcom, profile picture
Uploaded byBankingdotcom
PDF, PPTX288 views

Security and Compliance

The webinar, led by Alan Akahoshi, discusses the challenges and strategies for security and compliance in the context of the Internet of Everything, emphasizing the importance of multi-layered security protocols and compliance with federal guidelines like the FFIEC. Key points include the rise in cyber threats, especially through connected devices, and the need for financial institutions to adopt more robust security measures, including identity verification and customer education. Emphasis is placed on balancing security with user experience while ensuring effective client protection against potential fraud and data breaches.

Embed presentation

Download as PDF, PPTX
2014 Momentum Webinar Series: Security and Compliance In the Interconnected Age Alan Akahoshi June 24, 2014
• Momentum Series • Polls • Q/A Welcome
Introduction Alan Akahoshi is a lead security product manager at Digital Insight. With 22 years of network communication, applications and security experience, Alan has safeguarded systems for the nation’s leading technology companies. His previous roles include program manager for Microsoft's hosted services group, and product manager for Symantec's consumer business unit.
Agenda • The Internet of Everything (IoE) – Ecosystem • FFIEC Guidelines for your customer digital channel – Coverage • A security model for protecting your Customer – Closing the gap
Have you ever received an email from your refrigerator or television set? a. Yes b. No c. Is that possible?! Poll Question 1 : Current Events
>750K malicious emails sent by botnet. It’s enough to give you chills. “In this case, hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.”
The Internet of Everything Today’s Challenge
IoE = User x (Devices x Networks x Services) The connected state or the “Internet of Everything” Networks (Places) Services (Transactions/Interactions) Devices Data Data Data DataData Data
Source: http://www.businessinsider.com/the-internet-of-everything-2014-slide-deck-sai-2014-2?op=1 An explosion of interconnectivity
Cyber Security is the biggest concern Source: http://www.businessinsider.com/the-internet-of-everything-2014-slide-deck-sai-2014-2?op=1
• “Six degrees or less,” you are connected to a vulnerable element in the IoE ecosystem. For Financial Institutions, Security must extend beyond your purview. youyou OLB OLB Gotcha!
• The Heartbleed bug is a vulnerability in the OpenSSL cryptographic software library that existed since 2012 and was not uncovered until early this year. And the effects may be devastating Reputation takes years to build, and only moments to lose. In IoE, controlling borders and layering security isn’t enough. You need to dramatically change your security strategy.
FFIEC Guidelines What does it address in IoE?
• Federal rules and regulations – Federal Reserve Board • Regulation E (Electronic Fund Transfers, 12 CFR 205) – Uniform Commercial Code • Article 4A, Funds Transfer (2012) – Dodd-Frank Wall Street Reform and Consumer Protection Act • The FFIEC prescribes recommendations for federal examinations of financial institutions . – E-Banking – Information Security – Supplement in 2011 In a highly regulated industry, how do you respond to IoE?
• 2001: Electronic Banking • 2005, 2011: Internet Banking • What does it protect? – Customer data (privacy) – Fund movement (anti-fraud) • How does it protect? – Periodic risk assessments – Multi-factor authentication – Layered security controls • Access controls (limits) • Monitoring – Customer awareness FFIEC Internet Banking Guidelines (2011)
Networks (Places) Services (Transactions/Interactions) Devices Data Data Data DataData Data What the FFIEC doesn’t cover
Financial Institution Best Practices How do you provide an effective and secure digital banking experience?
Please select the best statement that applies to your institution: a. The security of my solution is most important. b. The security of my solution is important, but it should minimally impact my customer user experience. c. My customer user experience is most important. Poll Question 2 : Security vs. Ease of Use
• Includes Prevention • Includes Monitoring • Includes Remediation • Is multi-faceted, multi-layered to provide maximum protection – a system of redundancy An effective security program framework Prevention MonitoringRemediation
• In order to secure the online and mobile banking ecosystem, you need to consider the multiple layers and what it is you are protecting. • Adopt solutions using the “lenses” of your security program – Prevention, monitoring and remediation User protection •User credentials •User devices •User applications •User assets ($) •Malware detection/removal Network protection •Network providers (public, private, mobile) •Data exchange (privacy encryption) Service protection •Online banking applications •Mobile banking applications •Data handling and storage (privacy) •Service availability Business protection •Employees •Business assets ($) •Data governance Protection layers in order to manage risk
• Identity Verification (Account Origination) – Required by Section 326 of the USA Patriot Act (FFIEC 2005) – Reduce the risk of • Identity theft • Fraudulent account applications (international money laundering and terrorist financing) • Unenforceable account agreements or transactions • User Verification (Authentication, Authorization and Access Control) – Layered “what you can see” & “what you can do” – Reduce the risk of • Unauthorized account access (privacy; protecting data) • Account takeover • Fraudulent activity Prove you are who you say you are P MR User Network Service Business
• User verification methods – Something the user knows • “Shared secret”, password, PIN – Something the user has • ATM card, smart card, scratch card • Mobile device, FOB token, USB token – Something the user is • Biometric hardware (fingerprint, face, voice, retinal/iris, etc.) – Other factors that complement authentication • User device identification • User location / network • User internet protocol address Authentication, Authorization and Access Control P MR User Network Service Business
• Layered Security Controls – Measure the level of risk and match protection methods • Consumer Banking – Accessing banking account information – Accessing personal account information – Money movement activity • Bill payment • Intrabank funds transfers • Interbank funds/wire transfers • Business Banking – Frequent and higher $$$ amounts money movement activity • ACH file origination • Frequent interbank wire transfers Not all online activity or actions are equal P MR User Network Service Business
Consumer Concerns About Mobile Source: Deloitte, May 2014, The Financial Brand
What is your greatest mobile security concern? (Select one) a. Application security b. Device data leakage c. Device loss or theft d. Malware attack Poll Question 3 : Mobile Risk
• Mobile devices, networks it connects to, services it accesses, and data shared… – 63% of smartphone users access their bank or credit union institution – 61% of smartphone owners who don’t use mobile banking cite “security” issues • Mobile Apps vs Mobile Web • Secure communication channel (data privacy) • Complex device identification, geo-location and reputation – Assurance to tie this to a user – Monitoring Mobile is personal, an extension of You P MR User Network Service Business Source: Deloitte, May 2014, Mobile Financial Services: Raising The Bar on Customer Engagement
• It’s never a question of ‘if’ I get hacked, but ‘when’ I get hacked… – Hackers are continuously finding and exploiting the weakest link • Effective monitoring is key to detecting fraud and preventing attacks • Complex analytics of user, device and system data, and behavioral modeling provide intelligent detection • Mitigation processes Hackers hack and they will continue to hack P MR User Network Service Business
How do you provide customers/members with tools and tips to safeguard their online and/or mobile banking experience? (select all that apply) a. Online Banking Application b. Mobile Banking Application c. Email d. Text/SMS e. In-Branch f. Other g. We do not provide any tools or tips Poll Question 4 : Education Programs
• Customer Awareness & Education – DOs and DON’Ts – Alerts and Notifications • Attacks, risks etc. • Internal Training Secure people, not just the technology P MR 1. Be vigilant. 2. Protect your devices. 3. Protect your passwords. • Create password groups. 4. Do not share your passwords. 5. Use trusted applications from known and trusted sources. 6. Access trusted websites. 7. Be careful of email content, even if it’s from a known person. * Feb 1st – National Change Your Password Day User Network System Business
What you can do . . .  Effective security strategy – elements for prevention, monitoring and remediation  Multi-factor authentication  Layered security controls  Transaction monitoring  Marketing programs for customer awareness and education  Annual risk assessment Security and Compliance Checklist User Service Business Network
Questions?
www.digitalinsight.com Thank you! October 2014: Trends in Delivery: Channel Convergence and Funding Innovation David Potterton, Cornerstone Advisors Visit Us:

More Related Content

PPT
Policies and Law in IT
byAnushka Perera
 
PDF
e-Commerce: Chapter 6
byannwhyjay
 
PPT
Oath appsec sf 2015 dem rev. 2
byDonald Malloy
 
PDF
Leading Practices in Information Security & Privacy
byDonny Shimamoto
 
PPTX
Privacy Implications of Biometric Data - Kevin Nevias
byKevin Nevias
 
PDF
Reinforcement of Information Privacy and Security Nowadays
byGoutama Bachtiar
 
PPTX
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
byAviva Spectrum™
 
PPT
Threats of E-Commerce in Database
byMentalist Akram
 
Policies and Law in IT
byAnushka Perera
 
e-Commerce: Chapter 6
byannwhyjay
 
Oath appsec sf 2015 dem rev. 2
byDonald Malloy
 
Leading Practices in Information Security & Privacy
byDonny Shimamoto
 
Privacy Implications of Biometric Data - Kevin Nevias
byKevin Nevias
 
Reinforcement of Information Privacy and Security Nowadays
byGoutama Bachtiar
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
byAviva Spectrum™
 
Threats of E-Commerce in Database
byMentalist Akram
 

What's hot

PPT
6. Security Threats with E-Commerce
byJitendra Tomar
 
PDF
CULCT Cybersecurity Workshop 2.10.15
byE Andrew Keeney
 
PPT
Smart Cities in India: Privacy & Security Concerns and Strategies
byKavitha Gupta, CIPP-Asia
 
PPTX
Information Security
bysteffiann88
 
PPTX
Banks and cybersecurity v2
bySemir Ibrahimovic
 
PPTX
Security Threats in E-Commerce
byDattatreya Reddy Peram
 
PPTX
protection & security of e-commerce ...
byRishav Gupta
 
PDF
E-Commerce Security: A Primer
byJohn ILIADIS
 
PPTX
Deconstructing Data Breach Cost
byResilient Systems
 
PPT
Mobile banking & payment
byAnil Chaurasiya
 
PDF
Security Awareness
byDinesh O Bareja
 
PDF
Managing IT Risks in Internet Banking
byGoutama Bachtiar
 
PDF
Protecting Your Business From Cyber Risks
byThis account is closed
 
PPS
Chapter7
byKnowlittle Matharu
 
PPTX
Internet of Things TCLG Oct 23 2014
byLisa Abe-Oldenburg, B.Comm., JD.
 
PPT
Privacy and E-Commerce
byAleksandr Yampolskiy
 
PPTX
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
PPT
E business security
bySameer Sharma
 
PDF
Dealing with Fraud in E-Banking Sphere
byGoutama Bachtiar
 
6. Security Threats with E-Commerce
byJitendra Tomar
 
CULCT Cybersecurity Workshop 2.10.15
byE Andrew Keeney
 
Smart Cities in India: Privacy & Security Concerns and Strategies
byKavitha Gupta, CIPP-Asia
 
Information Security
bysteffiann88
 
Banks and cybersecurity v2
bySemir Ibrahimovic
 
Security Threats in E-Commerce
byDattatreya Reddy Peram
 
protection & security of e-commerce ...
byRishav Gupta
 
E-Commerce Security: A Primer
byJohn ILIADIS
 
Deconstructing Data Breach Cost
byResilient Systems
 
Mobile banking & payment
byAnil Chaurasiya
 
Security Awareness
byDinesh O Bareja
 
Managing IT Risks in Internet Banking
byGoutama Bachtiar
 
Protecting Your Business From Cyber Risks
byThis account is closed
 
Chapter7
byKnowlittle Matharu
 
Internet of Things TCLG Oct 23 2014
byLisa Abe-Oldenburg, B.Comm., JD.
 
Privacy and E-Commerce
byAleksandr Yampolskiy
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
byNetIQ
 
E business security
bySameer Sharma
 
Dealing with Fraud in E-Banking Sphere
byGoutama Bachtiar
 

Similar to Security and Compliance

PPTX
CS_UNIT 2(P3).pptx
byGaytriDhingra1
 
PDF
Securing 3-Mode Mobile Banking
byJay McLaughlin
 
PDF
Mobile Banking Security Risks and Consequences iovation2015
byTransUnion
 
PPTX
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
PDF
Overcome Security Threats Affecting Mobile Financial Solutions 2020
byFusion Informatics
 
PDF
Blueprint-for-SecuringMobileBankingApplications-Whitepaper
byBenjamin Wyrick
 
PDF
Review of Considerations for Mobile Device based Secure Access to Financial S...
byEswar Publications
 
PDF
La Seguridad en la Economía de las Aplicaciones
byAsociación de Marketing Bancario Argentino
 
PDF
Securing Internet Payment Systems
byDomenico Catalano
 
PPTX
Mobile Security Strategies to Grow Your Business
byEasy Solutions Inc
 
PDF
Privacy & Security Challenges Faced By Financial Services In The Digital Age
byAgile Financial Technologies
 
PPT
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
PDF
White Paper: Mobile Banking: How to Balance Opportunities and Threats
byEMC
 
PDF
Fall2015SecurityShow
byAdam Heller
 
PDF
Balancing Security and Customer Experience
byTransUnion
 
PDF
Mobile Application Security by Design
byDMI
 
DOCX
ResearchProjectComplete
bydannyboi17
 
PDF
Verizon 2014 data breach investigation report and the target breach
byUlf Mattsson
 
PDF
Emerging Trends in Information Security and Privacy
bylgcdcpas
 
PPTX
IT Security and Wire Fraud Awareness Slide Deck
byDon Gulling
 
CS_UNIT 2(P3).pptx
byGaytriDhingra1
 
Securing 3-Mode Mobile Banking
byJay McLaughlin
 
Mobile Banking Security Risks and Consequences iovation2015
byTransUnion
 
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
byFusion Informatics
 
Blueprint-for-SecuringMobileBankingApplications-Whitepaper
byBenjamin Wyrick
 
Review of Considerations for Mobile Device based Secure Access to Financial S...
byEswar Publications
 
La Seguridad en la Economía de las Aplicaciones
byAsociación de Marketing Bancario Argentino
 
Securing Internet Payment Systems
byDomenico Catalano
 
Mobile Security Strategies to Grow Your Business
byEasy Solutions Inc
 
Privacy & Security Challenges Faced By Financial Services In The Digital Age
byAgile Financial Technologies
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
White Paper: Mobile Banking: How to Balance Opportunities and Threats
byEMC
 
Fall2015SecurityShow
byAdam Heller
 
Balancing Security and Customer Experience
byTransUnion
 
Mobile Application Security by Design
byDMI
 
ResearchProjectComplete
bydannyboi17
 
Verizon 2014 data breach investigation report and the target breach
byUlf Mattsson
 
Emerging Trends in Information Security and Privacy
bylgcdcpas
 
IT Security and Wire Fraud Awareness Slide Deck
byDon Gulling
 

Recently uploaded

PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 

Security and Compliance

  • 1.
    2014 Momentum WebinarSeries: Security and Compliance In the Interconnected Age Alan Akahoshi June 24, 2014
  • 2.
    • Momentum Series •Polls • Q/A Welcome
  • 3.
    Introduction Alan Akahoshi isa lead security product manager at Digital Insight. With 22 years of network communication, applications and security experience, Alan has safeguarded systems for the nation’s leading technology companies. His previous roles include program manager for Microsoft's hosted services group, and product manager for Symantec's consumer business unit.
  • 4.
    Agenda • The Internetof Everything (IoE) – Ecosystem • FFIEC Guidelines for your customer digital channel – Coverage • A security model for protecting your Customer – Closing the gap
  • 5.
    Have you everreceived an email from your refrigerator or television set? a. Yes b. No c. Is that possible?! Poll Question 1 : Current Events
  • 6.
    >750K malicious emailssent by botnet. It’s enough to give you chills. “In this case, hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.”
  • 7.
    The Internet ofEverything Today’s Challenge
  • 8.
    IoE = Userx (Devices x Networks x Services) The connected state or the “Internet of Everything” Networks (Places) Services (Transactions/Interactions) Devices Data Data Data DataData Data
  • 9.
  • 10.
    Cyber Security isthe biggest concern Source: http://www.businessinsider.com/the-internet-of-everything-2014-slide-deck-sai-2014-2?op=1
  • 11.
    • “Six degreesor less,” you are connected to a vulnerable element in the IoE ecosystem. For Financial Institutions, Security must extend beyond your purview. youyou OLB OLB Gotcha!
  • 12.
    • The Heartbleedbug is a vulnerability in the OpenSSL cryptographic software library that existed since 2012 and was not uncovered until early this year. And the effects may be devastating Reputation takes years to build, and only moments to lose. In IoE, controlling borders and layering security isn’t enough. You need to dramatically change your security strategy.
  • 13.
    FFIEC Guidelines What doesit address in IoE?
  • 14.
    • Federal rulesand regulations – Federal Reserve Board • Regulation E (Electronic Fund Transfers, 12 CFR 205) – Uniform Commercial Code • Article 4A, Funds Transfer (2012) – Dodd-Frank Wall Street Reform and Consumer Protection Act • The FFIEC prescribes recommendations for federal examinations of financial institutions . – E-Banking – Information Security – Supplement in 2011 In a highly regulated industry, how do you respond to IoE?
  • 15.
    • 2001: ElectronicBanking • 2005, 2011: Internet Banking • What does it protect? – Customer data (privacy) – Fund movement (anti-fraud) • How does it protect? – Periodic risk assessments – Multi-factor authentication – Layered security controls • Access controls (limits) • Monitoring – Customer awareness FFIEC Internet Banking Guidelines (2011)
  • 16.
  • 17.
    Financial Institution BestPractices How do you provide an effective and secure digital banking experience?
  • 18.
    Please select thebest statement that applies to your institution: a. The security of my solution is most important. b. The security of my solution is important, but it should minimally impact my customer user experience. c. My customer user experience is most important. Poll Question 2 : Security vs. Ease of Use
  • 19.
    • Includes Prevention •Includes Monitoring • Includes Remediation • Is multi-faceted, multi-layered to provide maximum protection – a system of redundancy An effective security program framework Prevention MonitoringRemediation
  • 20.
    • In orderto secure the online and mobile banking ecosystem, you need to consider the multiple layers and what it is you are protecting. • Adopt solutions using the “lenses” of your security program – Prevention, monitoring and remediation User protection •User credentials •User devices •User applications •User assets ($) •Malware detection/removal Network protection •Network providers (public, private, mobile) •Data exchange (privacy encryption) Service protection •Online banking applications •Mobile banking applications •Data handling and storage (privacy) •Service availability Business protection •Employees •Business assets ($) •Data governance Protection layers in order to manage risk
  • 21.
    • Identity Verification(Account Origination) – Required by Section 326 of the USA Patriot Act (FFIEC 2005) – Reduce the risk of • Identity theft • Fraudulent account applications (international money laundering and terrorist financing) • Unenforceable account agreements or transactions • User Verification (Authentication, Authorization and Access Control) – Layered “what you can see” & “what you can do” – Reduce the risk of • Unauthorized account access (privacy; protecting data) • Account takeover • Fraudulent activity Prove you are who you say you are P MR User Network Service Business
  • 22.
    • User verificationmethods – Something the user knows • “Shared secret”, password, PIN – Something the user has • ATM card, smart card, scratch card • Mobile device, FOB token, USB token – Something the user is • Biometric hardware (fingerprint, face, voice, retinal/iris, etc.) – Other factors that complement authentication • User device identification • User location / network • User internet protocol address Authentication, Authorization and Access Control P MR User Network Service Business
  • 23.
    • Layered SecurityControls – Measure the level of risk and match protection methods • Consumer Banking – Accessing banking account information – Accessing personal account information – Money movement activity • Bill payment • Intrabank funds transfers • Interbank funds/wire transfers • Business Banking – Frequent and higher $$$ amounts money movement activity • ACH file origination • Frequent interbank wire transfers Not all online activity or actions are equal P MR User Network Service Business
  • 24.
    Consumer Concerns AboutMobile Source: Deloitte, May 2014, The Financial Brand
  • 25.
    What is yourgreatest mobile security concern? (Select one) a. Application security b. Device data leakage c. Device loss or theft d. Malware attack Poll Question 3 : Mobile Risk
  • 26.
    • Mobile devices,networks it connects to, services it accesses, and data shared… – 63% of smartphone users access their bank or credit union institution – 61% of smartphone owners who don’t use mobile banking cite “security” issues • Mobile Apps vs Mobile Web • Secure communication channel (data privacy) • Complex device identification, geo-location and reputation – Assurance to tie this to a user – Monitoring Mobile is personal, an extension of You P MR User Network Service Business Source: Deloitte, May 2014, Mobile Financial Services: Raising The Bar on Customer Engagement
  • 27.
    • It’s nevera question of ‘if’ I get hacked, but ‘when’ I get hacked… – Hackers are continuously finding and exploiting the weakest link • Effective monitoring is key to detecting fraud and preventing attacks • Complex analytics of user, device and system data, and behavioral modeling provide intelligent detection • Mitigation processes Hackers hack and they will continue to hack P MR User Network Service Business
  • 28.
    How do youprovide customers/members with tools and tips to safeguard their online and/or mobile banking experience? (select all that apply) a. Online Banking Application b. Mobile Banking Application c. Email d. Text/SMS e. In-Branch f. Other g. We do not provide any tools or tips Poll Question 4 : Education Programs
  • 29.
    • Customer Awareness& Education – DOs and DON’Ts – Alerts and Notifications • Attacks, risks etc. • Internal Training Secure people, not just the technology P MR 1. Be vigilant. 2. Protect your devices. 3. Protect your passwords. • Create password groups. 4. Do not share your passwords. 5. Use trusted applications from known and trusted sources. 6. Access trusted websites. 7. Be careful of email content, even if it’s from a known person. * Feb 1st – National Change Your Password Day User Network System Business
  • 30.
    What you cando . . .  Effective security strategy – elements for prevention, monitoring and remediation  Multi-factor authentication  Layered security controls  Transaction monitoring  Marketing programs for customer awareness and education  Annual risk assessment Security and Compliance Checklist User Service Business Network
  • 31.
  • 32.
    www.digitalinsight.com Thank you! October 2014: Trendsin Delivery: Channel Convergence and Funding Innovation David Potterton, Cornerstone Advisors Visit Us: