This document discusses the top threats to financial service providers from online banking in 2010. The five top threats are identified as phishing, password database theft, man-in-the-middle attacks, man-in-the-browser attacks, and identity theft. It provides examples of each threat and discusses how authentication methods and hardware tokens can provide stronger security against these threats compared to passwords alone. Multi-factor authentication using physical tokens combined with passwords is recommended as the most effective solution.
A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Banks are facing an urgent need to bring fraud risk management and IT securityâtwo historic silosâmore closely together to combat mounting data security and cyber threats.
Mobile Banking Security Risks and Consequences iovation2015TransUnion
Â
View the recorded presentation: https://www.iovation.com/resources/webinars/mobile-banking-security-risks-consequences
Gain insight into the evolution of mobile banking and the risks that accompany this business channel.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
Balancing Security and Customer ExperienceTransUnion
Â
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customerâs device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, youâll learn from Max Anhoury, our VP of Global partnerships, about:
* Todayâs fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
Riesgo Risk Management\'s Fraud Management solution is a cost effective means of implementing a Fraud management system that detects, prevents and mitigates fraud. It has adaptors that may sit on servers and trigger alerts to the Fraud Management dashboard.
What is Social KYC?
We generate large amounts of data about ourselves online every single day. All of this activity, when analysed as a whole, builds up a very deep and unique digital footprint â something thatâs exceedingly difficult for someone to steal or fake convincingly.
Social KYC harnesses this data and uses it to establish a personâs identity â on a consent driven basis, of course. Using algorithms to analyse and corroborate various data attributes across multiple online accounts it is possible to quickly establish the likelihood of a person being:
- real
- who they claim to be (including various demographic data related thereto)
- a legitimate potential user (rather than a fraudster trying to access your platform with malicious intent)
Weâre all used to Single Sign On â using an existing social media account to sign up to a new service â and Social KYC is an extension of this. As all youâre doing is asking a user to log in to a variety of their online accounts to prove who they are, it makes for a far more fluid sign up experience which in turn will encourage more users onto your platform.
Regulations, compliance and overall risk management place a significant operational burden on financial services.
Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to fraud.
If you want to prevent and reduce loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.
In this post, weâll explain how identity verification and Know Your Customer processes are related, and how you can expand them for better fraud coverage.
Weâve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
Â
Forget the geeky analysis of cloud security; risk is driven by people involved and the approach to adoption. In this RSA Conference 2015 presentation, David Etue, VP of Corporate Strategy, Gemalto, reviews the complex issues around data ownership and control in the cloud. When so many people have access to your data, how do you keep it safe? Unshare it!
An important part of eIDAS is to regulate electronic signature and ensure safe transactions online. By providing qualified electronic signature, Trust Service Providers allow both signatory and recipient a higher level of convenience and security. Use this guide to understand and navigate the regulation goals and benefits.
Banks are facing an urgent need to bring fraud risk management and IT securityâtwo historic silosâmore closely together to combat mounting data security and cyber threats.
Mobile Banking Security Risks and Consequences iovation2015TransUnion
Â
View the recorded presentation: https://www.iovation.com/resources/webinars/mobile-banking-security-risks-consequences
Gain insight into the evolution of mobile banking and the risks that accompany this business channel.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
Balancing Security and Customer ExperienceTransUnion
Â
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customerâs device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, youâll learn from Max Anhoury, our VP of Global partnerships, about:
* Todayâs fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
Riesgo Risk Management\'s Fraud Management solution is a cost effective means of implementing a Fraud management system that detects, prevents and mitigates fraud. It has adaptors that may sit on servers and trigger alerts to the Fraud Management dashboard.
What is Social KYC?
We generate large amounts of data about ourselves online every single day. All of this activity, when analysed as a whole, builds up a very deep and unique digital footprint â something thatâs exceedingly difficult for someone to steal or fake convincingly.
Social KYC harnesses this data and uses it to establish a personâs identity â on a consent driven basis, of course. Using algorithms to analyse and corroborate various data attributes across multiple online accounts it is possible to quickly establish the likelihood of a person being:
- real
- who they claim to be (including various demographic data related thereto)
- a legitimate potential user (rather than a fraudster trying to access your platform with malicious intent)
Weâre all used to Single Sign On â using an existing social media account to sign up to a new service â and Social KYC is an extension of this. As all youâre doing is asking a user to log in to a variety of their online accounts to prove who they are, it makes for a far more fluid sign up experience which in turn will encourage more users onto your platform.
Regulations, compliance and overall risk management place a significant operational burden on financial services.
Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to fraud.
If you want to prevent and reduce loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.
In this post, weâll explain how identity verification and Know Your Customer processes are related, and how you can expand them for better fraud coverage.
Weâve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
Â
Forget the geeky analysis of cloud security; risk is driven by people involved and the approach to adoption. In this RSA Conference 2015 presentation, David Etue, VP of Corporate Strategy, Gemalto, reviews the complex issues around data ownership and control in the cloud. When so many people have access to your data, how do you keep it safe? Unshare it!
An important part of eIDAS is to regulate electronic signature and ensure safe transactions online. By providing qualified electronic signature, Trust Service Providers allow both signatory and recipient a higher level of convenience and security. Use this guide to understand and navigate the regulation goals and benefits.
Intelligence-Driven Fraud Prevention
This RSA white paper discusses the need for new, intelligence-based approaches to manage fraud across digital channels.
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
Â
In digital media trust is everything, without it your business model doesnât work. Cybersecurity can be a key component, ensuring the integrity of your services. Check out this brief guide to securing your data.
Pavankumar bolisetty is the Winner of BFSI Tech Maestro AwardDolly Juhu
Â
Pavankumar Bolisetty, Indiaâs most talented & well known ethical hacker and entrepreneur has been awarded as BFSI Tech Maestro by the BFSI (Banking, Financial services and Insurance) Council on November 12, 2016.
The most prevalent trend in todayâs
financial services industry is the shift to
digital, specifically mobile and online
banking. In the era of unprecedented
convenience and speed, consumers donât
want to trek to a physical bank branch to
handle their transactions. While on the one
hand, banks are releasing new features to
attract more customers and retain the
existing ones, on the other hand, startups
and neo banks with disruptive banking
technologies are breaking into the scene.
The use of Artificial Intelligence (AI) in the
banking industry can revolutionize the way
banks operate and provide services to
their customers, improving eciency,
productivity, and customer experience.
An Overview and Competitive Analysis of the One-Time Password (OTP) MarketEMC
Â
This Frost & Sullivan report examines the proliferation of identity theft and data breaches caused by single-factor authentication or weak passwords, and describes how, to decrease the impact of threats, companies are integrating mobile OTP, OTP tokens, and USB tokens to protect network access and end users.
Why is cyber security a disruption in the digital economyMark Albala
Â
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a companyâs ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they donât trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMERâS DATA AND PREVENTING FINA...ijsc
Â
As the financial sectors in the United States deal with expanding cyberthreats and a rising danger of
financial crime, cybersecurity has become a top priority. This paper examines the crucial cybersecurity
techniques used by financial institutions to protect client information and counter the growing risk of
financial fraud. It proves that understanding common fraud tactics used to defraud financial institutions
and customers, putting fraud detection and prevention techniques like anomaly detection and machine
learning into practice, and using transaction monitoring and anti-money laundering tactics to spot and
stop fraudulent activity are all necessary for preventing financial fraud. The paper begins by reviewing the
common cyber dangers affecting the financial industry and the strategies used by cybercriminals to
circumvent security precautions and take advantage of weaknesses. After looking at potential risks, the
paper highlights the importance of proactive cybersecurity measures and risk mitigation techniques. It
highlights crucial components of cybersecurity frameworks, including strong data encryption, multifactor
authentication, intrusion detection systems, and ongoing security monitoring. This paper also emphasizes
the value of educating and training financial institution staff members to increase cybersecurity resilience.
It underlines the significance of building a strong security culture, educating personnel about potential
dangers, and encouraging responsible management of client data. The study also explores the advantages
of financial organizations working together and exchanging threat knowledge. It examines industry
alliances, information-sharing platforms, and public-private partnerships as crucial methods for group
protection against cyber threats. This paper highlighted the significance of artificial intelligence and
machine learning in cybersecurity domain. It demonstrates how these technologies improve cybersecurity
systems' capabilities by spotting irregularities and potential attacks. It emphasizes the significance of
taking a proactive and dynamic strategy to securing client information and maintaining faith in the United
Statesâ financial sectors. Overall, this paper provides a thorough overview of cybersecurity tactics crucial
for protecting consumer data and avoiding financial fraud in the financial sectors across the United States.
By taking a vigilant, team-based, and technology-driven strategy, financial institutions may strengthen
their cyber defenses, protect the data of their clients, and defend the integrity of the financial system.
Cybersecurity Strategies for Safeguarding Customerâs Data and Preventing Fina...ijsc
Â
As the financial sectors in the United States deal with expanding cyberthreats and a rising danger of financial crime, cybersecurity has become a top priority. This paper examines the crucial cybersecurity techniques used by financial institutions to protect client information and counter the growing risk of financial fraud. It proves that understanding common fraud tactics used to defraud financial institutions and customers, putting fraud detection and prevention techniques like anomaly detection and machine learning into practice, and using transaction monitoring and anti-money laundering tactics to spot and stop fraudulent activity are all necessary for preventing financial fraud. The paper begins by reviewing the common cyber dangers affecting the financial industry and the strategies used by cybercriminals to circumvent security precautions and take advantage of weaknesses. After looking at potential risks, the paper highlights the importance of proactive cybersecurity measures and risk mitigation techniques. It highlights crucial components of cybersecurity frameworks, including strong data encryption, multifactor authentication, intrusion detection systems, and ongoing security monitoring. This paper also emphasizes the value of educating and training financial institution staff members to increase cybersecurity resilience. It underlines the significance of building a strong security culture, educating personnel about potential dangers, and encouraging responsible management of client data. The study also explores the advantages of financial organizations working together and exchanging threat knowledge. It examines industry alliances, information-sharing platforms, and public-private partnerships as crucial methods for group protection against cyber threats. This paper highlighted the significance of artificial intelligence and machine learning in cybersecurity domain. It demonstrates how these technologies improve cybersecurity systems' capabilities by spotting irregularities and potential attacks. It emphasizes the significance of taking a proactive and dynamic strategy to securing client information and maintaining faith in the United Statesâ financial sectors. Overall, this paper provides a thorough overview of cybersecurity tactics crucial for protecting consumer data and avoiding financial fraud in the financial sectors across the United States. By taking a vigilant, team-based, and technology-driven strategy, financial institutions may strengthen their cyber defenses, protect the data of their clients, and defend the integrity of the financial system.
Enterprise Fraud Management: How Banks Need to AdaptCapgemini
Â
Fraud prevention is becoming one of the biggest areas of concern for the financial services industry. But first generation Fraud Management systems are falling short. By moving towards more enterprise approach to fraud management, financial institutions can combat the increasingly treacherous fraud and cyber crime landscape while reaping numerous benefits for the organization.
Review of ADCs in banking sector from ATMS to social media. Consideration of operational, legal and regulatory risks for "grown up" financial services institutions adopting social media channels. Analysis of social media regulation and guidance: FFIEC (USA) and FCA (UK)
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
Â
Do you understand what the major security challenges are, such as vulnerabilities of devices, complex supply chain and fraudsters? Our whitepaper discusses key security approaches helping you to overcome them, thus improving customer confidence.
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
Â
Cybersecurity has been the major area of concern throughout 2022 and now 2023 is all set to witness a new version of cyber-attacks with advanced technologies.
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
Â
Southern African Internet Governance Forum 2015
(SAIGF-15) Thematic Paper No. 7
âA Case for Multi-stakeholder partnerships for critical Internet resources
security in the SADC Regionâ
Produced by: Southern African Development Community (SADC) Secretariat
Prepared by: Mr. Cade Zvavanjanja
Abstract: With much of SADCâs Member Stateâs critical Internet resources being in the hands of both private and public sector, it seems a natural solution for industry,
Government, civic society and private citizens to work together in ensuring it is both secure and resilient. This cooperation in the form of Multi-stakeholder Partnerships (MPs) is needed in and among Member States and at different times, depending on the environment, culture and legal framework. There is no common definition of what constitutes a MP addressing this area. Diversity is strength when making networks and systems resilient, yet there also exist a need for interworking and a common understanding, especially when making a case for SADC view. There is also a need for a global view as there is a growing awareness for a truly global approach to Critical Internet resources security (CIRS). No country can create a CIRS approach in isolation, as there are no national boundaries on the Internet. The paper makes a case for MPs for CIRS in SADC while addressing the Why, Who, How, What and When questions associated with establishing and maintaining MPs for CIRS in SADC. It uses data from both public and private sector stakeholders across 14 SADC countries. This is not a prescriptive guide, but has a focus on clarity of purpose and approach so that stakeholders can easily choose those aspects that will add value to their endeavours in establishing and maintaining MPs.
Advances in technology have given rise to new operational threats to governments,companies and society as a whole,this presentation is an introduction of countermeasures against cyber threat.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Â
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But thereâs more:
In a second workflow supporting the same use case, youâll see:
Your campaign sent to target colleagues for approval
If the âApproveâ button is clicked, a Jira/Zendesk ticket is created for the marketing design team
Butâif the âRejectâ button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Â
Are you looking to streamline your workflows and boost your projectsâ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, youâre in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part âEssentials of Automationâ series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Hereâs what youâll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
Weâll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Donât miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Â
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties â USA
Expansion of bot farms â how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks â Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
Â
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Â
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
Â
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Â
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overviewâ
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
3. Introduction
Trust is the foundation of any good relationship. And this has never been truer, or more vital, than with
the relationship between financial services providers (FSP) and their customers. Without the
confidence that their financial information is protected, consumers will be less likely to use online
services. This will directly impact banks initiatives toward cost reduction and efficiency, a key goal
around online services. While the consumer must exercise good judgment in how they dispense their
personal information, the onus is on the FSP to provide a secure environment in which the customer
can conduct their financial transactions.
The financial community is faced with the worst economic conditions in decades. It is vital now more
than ever to seek ways to cut costs, retain customers, improve business processes, and demonstrate a
positive return on investment to stakeholders. Securing a financial services network environment can
be a daunting challenge. At issue is not only meeting the basic business requirement of ensuring that
a customerâs financial information remains private and secure, but to do so in accordance with the
variety of industry and government regulations. For example, the Federal Financial Institutions
Examination Council (FFIEC) issued guidance specifically for banks regarding authentication in
Internet banking environments: âFor banks offering Internet-based financial services, the guidance
describes enhanced authentication methods that regulators expect banks to use when
authenticating the identity of customers using the online products and services. Examiners will review
this area to determine a financial institutionâs progress in complying with this guidance during
upcoming examinations.â1
Security breaches can have a far-reaching impact to not only a companyâs finances, but to their
reputation as well. Companies are required to prove their compliance with these regulations and will
be held liable for their failure to do so. There is an expectation from customers, employees, and
partnersâanyone that entrusts a company with their sensitive informationâthat this information will
be protected. Financial organizations must consider all of the potential damage that can be done to
their business if sensitive data is lost or stolenâlawsuits, negative publicity, loss of sales and customer
confidence, and permanently tarnished reputations.
Studies have shown that the financial services industry has become a primary target of cyber attacks
on a global scale. This is not surprising considering the highly valuable information that all FSPs collect
and maintain on a daily basis. According to a February 2010 report by Javelin Strategy & Research2,
total financial losses from identity fraud in 2009 were $54 billion, an increase from $48 billion in 2008.
Offering a wider range of online services alone will not be sufficient to reduce customer churn; it must
be accompanied by enhanced security features that provide the customer with confidence and, in
turn, results in winning their long-term trust and loyalty.
1 Federal Financial Institutions Examination Council. âAuthentication in an Internet Banking Environment.â 2006.
<http://www.ffiec.gov/pdf/authentication_guidance.pdf>.
2 Javelin Strategy & Research. â2010 Identity Fraud Survey Report Consumer Version: Prevent â Detect â Resolve.â
February 2010.
3 Top Online Banking Threats to Financial Service Providers in 2010
4. It is, therefore, essential that financial services providers take a proactive approach to identifying
potential cyber attack threats and the areas of vulnerability within their own infrastructure. To aid in
this process, this paper will provide insight into the top five threats to the online banking in the
financial services industry and SafeNetâs recommended solutions for a defense that not only provides
a secure transaction environment for customers but also satisfies stringent government and industry
compliance regulations.
No Silver Bullet
In the past, most organizations, including those in the financial services industry, were able to make
do with a perimeter defense, employing firewalls, intrusion detection, and antivirus software to keep
threats at bay and meet compliance requirements. However, not all methods can be used for all
threats; therefore, it is advisable to mix the range of solutions to match the threats, usability issues, and
the specific requirements of your business in order to achieve a strong authentication and
management solution. By making identity and data security an operational cornerstone of their
business, FSPs can take an important step towards also ensuring customer confidence.
Authentication
All authentication methods are based on providing the legitimate user with one or more mechanisms
for proving their identity. Such âproofâ can involve something that only the user knows, such as a
password, and something that only the user has access to, such as a physical token or smart card,
which is difficult to clone. Unfortunately, most types of authentication proof are rarely infallibleâa
user's password may be guessed, or personal information may be easily discovered or disclosed by
the user, for example, on social networking sites, such as Facebook or MySpace. Likewise, an external
piece of hardware can be temporarily accessed by others, and so on. Thus, multi-factor
authentication uses the combination of two or more methods to ensure that, in case of password or
token disclosure, the access is still protected since both items are needed for access, thus making
impersonation difficult.
In this electronic age, where identity and data theft are becoming commonplace, it is vital that a
personâs digital identity be protected at all times. Multi-factor authentication uses two or more factors
to validate a userâs identity. Authentication schemes based on multiple factors can be more
challenging to compromise and, therefore, serve as an effective solution for high-risk environments,
such as online banking. Of course, the effectiveness of a specific method of authentication relies a
great deal on the quality of the product/solution selected, as well as implementation and
management.
The Trade-Off
It is widely believed that security is a simple trade-offâthe higher the security obtained, the greater
the cost and user inconvenience. Thus, it suffices to put on one side the expected cost of a successful
attack and, on the other side, the cost of greater user inconvenience and the cost of the security
mechanism itself. Once these are understood and balanced, it may be assumed that the correct
system is easy to choose. However, the fact is that different mechanisms fare differently in the face of
4 Top Online Banking Threats to Financial Service Providers in 2010
5. incomparable threats. In addition, not all mechanisms can be used for all purposes; for example, not
all authentication methods are appropriate for online banking.
Top Threats to Financial Services
Financial services providers are faced with complex challenges that directly affect their bottom line
and, potentially, their very survival in a high-churn market. Protecting sensitive and critical data, no
matter where it resides, and ensuring that only the appropriate persons have access to that data,
should be a core requirement of every companyâs security strategy. With the rising incidence of
threats to sensitive data, and increasing requirements to protect that data, organizations must focus
squarely on their security infrastructure.
According to a 2009 report3 by the Identity Theft Resource Center, breaches within the business sector
rose from 21 percent to 41 percent between 2006 and 2009, far outpacing other sectors. The report
also indicated that malicious attacks surpassed human error for the first time in three years. Perhaps
the most surprising and unsettling statistic in the study is that, out of 498 reported breaches, âonly six
reported that they had either encryption or other strong security features protecting the exposed
data.â
3 Identity Theft Resource Center. âITRC Surveys & Studies, Breaches 2009.â January 8, 2010. Web.
5 Top Online Banking Threats to Financial Service Providers in 2010
6. In a study4 conducted by the Verizon Business RISK Team in 2009, 74 percent of data breaches
resulted from external sources, with 91 percent of all compromised records linked to organized
criminal groups. The report also determined that a major focus of cyber crime is the financial services
sector and the theft of personal identification number (PIN) information, and their associated credit
and debit account information.
For financial services organizations, the importance of protecting financial data and assets, and
retaining the trust of its customers, employees, and business partners, cannot be overstated. Consider
a recent incident in which a Texas bank5 sued a business customer in order to simply have the court
declare that its systems are reasonably secure. The lawsuit was in response to the customerâs demand
for repayment of unrecovered funds and their claim that the theft occurred due to the bankâs failure
to implement adequate security measures. While an unusual twist to a data breach incident, it
represents the importance of security and accountability in the financial services industry.
For over 25 years, SafeNet has led the market in protecting the most sensitive financial transactions for
the worldâs most important financial services institutions. To achieve this level of respect and success,
SafeNet maintains diligence in monitoring the data security landscape, including current
technologies, consumer trends, and threat analysis. This section will identify those threats SafeNet
considers to be the most prevalent and the most dangerous to the financial services industry.
Phishing â Although passwords can also be obtained through less sophisticated means such as
eavesdropping, guessing, dumpster diving, and shoulder-surfing, phishing is a common form of
cybercrime typically carried out through e-mail or instant messaging, providing links or instructions
that direct the recipient to a fraudulent Web site masquerading as a legitimate one. The
unsuspecting user enters personal information (such as user names, passwords, Social Security
Numbers, and credit card/account numbers), which is then collected by the hacker. Of particular
attraction to phishing scams are online banking, payment services, and social networking sites.
According to the Gartner survey referenced previously6, phishing attacks continue to exact financial
damage on consumers and financial institutions, with a trend toward higher-volume and lower-value
attacks. The survey found that more than five million U.S. consumers lost money to phishing attacks in
the 12 months between September 2007 and 2008, a 39.8% increase over the number of victims a
year earlier.
4 Verizon Business RISK Team. â2009 Data Breach Investigations Report.â 2009. MC13626 0409. Web.
5 http://www.computerworld.com/s/article/9149218/Bank_sues_victim_of_800_000_cybertheft
6 Gartner, Inc. âBanks Need to Strengthen User Authentication While Appeasing Consumers.â May 2008. ID G00158229.
6 Top Online Banking Threats to Financial Service Providers in 2010
7. The number of crimeware-spreading sites infecting PCs with password-stealing crimeware
reached an all time high of 31,173 in December 2008, an 827% increase from January of 2008.
Source: Anti-Phishing Working Group, March 2009
Password Database Theft â Stolen user credentials are a valuable commodity and, often times,
cybercrime rings operate solely to obtain this information and sell it to the highest bidder or use it
themselves to access user accounts. Hackers steal user data and passwords from one web site
operator to hack other sites. Since many people use the same user ID and password combination for
multiple sites, the attacker can hack additional accounts that the user has.
The Sinowal Trojan is a well-known attack developed by a cybercrime group several years ago that is
responsible for the theft of login credentials of approximately 300,000 online bank accounts and
almost as many credit card accounts. In late 2009, Microsoft Hotmail7, Google Gmail, Yahoo, and
AOL were victims of phishing attacks that exposed thousands of e-mail account user IDs and
passwords.
Man-in-the-Middle (MitM) â In this type of threat, the attacker can actively inject messages of its own
into the traffic between the user's machine and the authenticating server. One approach for MitM
attacks involves pharming, which involves the usage on malicious network infrastructures, such as
malicious wireless access points or compromised DNS servers, to redirect users from the legitimate site
they are trying to access to a malicious fraudulent Web site that accesses the user credentials and
acts on behalf of the user to perform malicious activities.
7 http://news.cnet.com/8301-17939_109-10367348-2.html
7 Top Online Banking Threats to Financial Service Providers in 2010
8. Man-in-the-Browser (MitB) â MitB is a Trojan horse program, a variant of a MitM attack, that infects the
user internet browser and inserts itself between the user and the Web browser, modifying and
intercepting data sent by the user before it reaches the browserâs security mechanism. A MitB attack
has the ability to modify Web pages and transaction content in a method that is undetectable by
the user and host application. It operates in a stealth manner with no detectable signs to the user or
the host application. Silentbanker is a well-known example of a MitB attack targeted at bank
transactions. It uses a Trojan program to intercept and modify the transaction, and then redirect it
into the attackerâs account.
Identity Theft â Identity theft refers to all types of crime in which someone illicitly obtains and uses
another person's personal data through deception or fraud, typically for monetary gain. With enough
personal information about an individual, a criminal can assume that individual's identity to carry out
a wide range of crimes. Identity theft occurs through a wide range of methodsâfrom very low-tech
means, such as check forgery and mail theft to more high-tech schemes, such as computer spyware
and social network data mining. The following table8 illustrates well-known social Web sites that have
been attacked.
Solutions for Identity and Data Protection
So what works and what doesnât? We begin this analysis by describing the properties needed for
thwarting the types of attacks that we consider most threatening to the financial services industry.
Phishing -These attacks use social engineering to trap people into giving up their personal
information. Users are sent bogus emails that lure users to Internet sites that mimic legitimate sites.
8 The Business Model Behind eCrime. Shimon Gruper, CISSP, SafeNet. 2009.
8 Top Online Banking Threats to Financial Service Providers in 2010
9. Many users, unaware that criminal intent is behind the email, open them, fall into the trap and land
up entering personal information into a fraudulent website.
Password Stealing and Identity Theft -These types of attacks rely on the ability of the attacker to fool
users into giving up their personal information and credentials. Since users are typically vulnerable to
these types of attacks, any method that relies on a credential that can be disclosed is vulnerable to
social engineering attacks. Note, however, that this does not include a physical transfer because
users can be rather easily fooled over the phone or via e-mail and the Internet to disclose personal
information, but just like the keys to their house or their ATM card, people are less likely to hand
someone they don't know their physical smart card or token device.
In contrast, hardware-based secure storage and smart cards are non-transferable and, resist cloning
therefore, are less vulnerable to social engineering. The status of software-based secure storage and
software-based smart cards is very dependent on the implementation. Many popular
implementations enable a user to copy and paste the credential, making it transferable and,
therefore, vulnerable. However, it is possible to prevent the user from doing this (without expert
hacking skills), in which case, the solution does provide some degree of protection.
Man-in-the-Middle (MITM) Attacks -This type of attack is only successful when the hacker can
impersonate each endpoint to the satisfaction of the other. The use of SSL authentication using a
mutually trusted certification authority provides strong protection against MitM threats. When the
certificate validation relies on the user, the user may fail to correctly validate server certificates and
will click through the warning messages. Therefore, when using a certificate-based authentication
solution, the onus is usually on the bank itself to ascertain whether the userâs certificate is valid and will
not allow a session to be created when the certificate does not match the one in its system.
Although SSL with server authentication makes man-in-the-middle attacks harder to carry out, they
are still possible by using phishing or other methods. We do remark that one-time passwords have the
advantage that stealing the credential provides the attacker with a single access only (in contrast to
stealing a regular password or a credential in secure storage, which provides the attacker with long-
term, repeated access). Damage is limited but the vulnerability still exists.
The most effective implementation of smart cards/tokens utilize the device along with a user ID and
password for secure two-factor authentication).
Man-in-the-Browser (MITB) Attacks - A MitB attack is carried out by infecting a user browser with a
browser add-on, or plug-in that performs malicious actions. In principle, as soon as a user's machine is
infected with malware, the attacker can do anything the user can, and can act on their behalf. If a
user logs into their bank account while infected, the attacker can make any bank transfer that the
user can. By the virtue of being invoked by the browser during Web surfing, that code can take over
the session and perform malicious actions without the userâs knowledge.
An effective defense against MitB attacks is through transaction verification utilizing either out-of-
band (OOB) technology, in which a userâs identity is verified through a separate channel, such as a
telephone. Using a separate channel reduces the risk that both the internet and the additional
9 Top Online Banking Threats to Financial Service Providers in 2010
10. channel have been compromised. In large financial environments, for example, when a user initiates
a transaction, such as a funds transfer, the details of the transaction can be captured and sent back
to the user via an automated phone call or SMS message for verification before the transaction is
processed. User input is performed either through Interactive Voice Response (IVR) or the keypad.
Both of these approaches assume that the user has mobile phone connectivity during the
transaction.
Another approach involves the use of a secure portable Web browser that is launched from a bank-
issued USB token after the user inserts the device and enters their password. After successful login, the
user is taken directly to the issuing bankâs Web site. Utilizing a clean, non-infected browser helps
ensure that there is no malware in the browser.
Fraud detection also helps limit the damage an MITB attack can wreak.. Although fraud monitoring
works after the fact, once a threat has been detected, it can provide useful information to the
financial organization as to the types of threats being perpetrated against their infrastructure. User
behavior analysis and trend reporting that most fraud detection programs provide can help FSPs
determine the risk associated with certain types of transactions. However, fraud detection alone
provides little comfort without a formidable defense strategy. When working together with strong user
authentication, threats can be captured and contained, while authorized users are allowed secure
access to their accounts.
SafeNetâs Approach to Identity and Data Protection
Due to the prevalence of malware threats focused on the financial services industry, we do advise
incorporating a mix of hardware and software solutions for different user scenarios, depending on the
level of security needed for each user. Choosing a solution that enables such a mix also has the
advantage that it is possible to first deploy the highest-level of security for some users, and to select
other options for other users, based on risk, the usersâ willingness to use hardware or software-based
solutions, and other factors such as TCO.
Because multi-factor authentication requires multiple means of identification at login, it is widely
recognized as the most secure methodology for authenticating access to data and applications.
SafeNetâs multi-factor authentication solutions allow financial services providers to conduct their
Internet-based business operations securely and efficiently, open new market opportunities with
secure data access, and protect identities across the business landscape. It is important to note that
any malware already present on a computer can carry out malicious operations after the user
authenticates because, at this point, it is assumed that any operations originating from the computer
are those of the legitimate user. However, the important point is that the damage is limited to this
session; once the session is closed, the attacker cannot re-authenticate.
Strong authentication significantly reduces the risk of fraud and data theft, and allows financial
organizations to comply with industry and government regulations and standards. SafeNetâs
approach allows financial organizations to protect sensitive customer data and transactions at every
point in the systemâonline consumer banking, internal databases, employee laptops, and corporate
10 Top Online Banking Threats to Financial Service Providers in 2010
11. transactions. Customer care is improved through the higher availability of online services and greater
customer confidence in the security of their online assets.
The threat from trusted insiders within the financial organization poses a particularly serious threat.
Ease of access to account data, disgruntled employees, and pressures from a down economy have
contributed to a rise in this type of crime. Bank employees can also become unwitting participants in
bank fraud when their computers are specifically targeted by cybercriminals as a way into the
financial network. While authentication cannot prevent an insider breach from occurring, it does
create an audit trail of who did what where and when, allowing illegal activity to be more easily
traced to its source.
Typically, most organizations will already have a user name and password system in place for network
authorization and access; however, deploying a token or smart card solution, including one for
consumers or partners that are not part of the internal network, is quickly becoming the method of
choice for achieving increased security, and for addressing government and industry requirements
for compliance and confidentiality.
Achieving Strong Authentication with SafeNet
Strong authentication is highly effective in combating most forms of cybercrime reviewed in this
document. Strong authentication solves the problem of password stealing, phishing, pharming and
man in the middle attacks by obliging users to access the financial institutionâs web sites with
âsomething they haveâ â an authentication token, and âsomething they knowâ â the token password.
Even if criminals know the token password, without the actual token, they are unable to access the
web portal.
Financial organizations, more than ever, need to positively identify employees, contractors, and
customers for both physical and logical access. Storing âdigital identitiesâ on a secured device, such
as a smart card or token, is emerging as a preferred method for assured user identification. These
devices can add security and convenience to widely used enterprise applications, such as Windows
logon, VPN access, network authentication, digital signatures, and file encryption/boot protection.
MiTB attacks are more complex since they are perpetrated from within the computer. One way banks
can protect their customers is through strong authentication combined with transaction verification.
In this case, the bank sends the details of the transaction to the user via a separate channel, such as
SMS. Only after the user enters the details of the transaction and validates them with a passcode, will
the bank authorize the deal.
Another way to prevent malware from infecting a browser is to provide customers with a trusted
browser stored on a USB smart card token with portable memory. When users log on to the banking
portal, they load a clean untainted browser from the USB token and use it to access their account.
The typical financial institution supports a variety of access scenariosâlocal and remote employees,
vendors, contractors, and customersâlocated at points around the world, through wired and wireless
connections. With SafeNet, FSPâs can customize authentication solutions to specific risk levels and use
11 Top Online Banking Threats to Financial Service Providers in 2010
12. cases. From an all-in-one, out-of-the-box one-time password (OTP) authentication solution to
readerless smart card certificate-based authenticators, including encrypted flash memory storage to
software-based authenticators that support SMS and OTP delivery to mobile devices, SafeNet has a
solution for even the most demanding financial services environment.
SafeNetâs authentication solutions help financial organizations significantly reduce the risk of fraud
and data theft, and allow them to comply with strong authentication requirements for online banking
as mandated by the FDIC and other industry regulations. SafeNetâs solutions also reduce IT overhead
by streamlining all authentication operations, including deployment, provisioning, and ongoing
maintenance.
To stay ahead of the relentless barrage of cyber threats, FSPs must take a proactive approach to
identity and data security. Itâs more important than ever to design and implement a comprehensive
plan of protection to provide not only the financial organization, but employees, associates, and
customers with the assurance that their identity and information are secure.
SafeNet authentication solutions remove the complexities associated with deploying smart
cards/tokens and digital identities, enabling FSPs to quickly leverage the benefits offered by these
technologies - reduced operational costs, increased profits, and an enhanced customer experience
that provides convenient and, most importantly, secure access to their financial information.
Keeping an Eye on the Bottom Line
The change from paper to digital transactions has allowed financial organizations to reduce their
operational costs, increase profits, and enhance the overall customer experience by providing
convenient and instant access to their financial information. With a concentrated effort towards
identity and data protection, financial service providers can apply renewed enthusiasm and vision to
their strategies for moving customers to electronic-based business practices. With a properly secured
environment, one in which authentication, trust, and accountability are established, financial
organizations and customers alike can feel confident in conducting business online.
A design imperative for every SafeNet product is customer return-on-investment. Implementing a
security solution must not only solve critical protection and compliance issues, but must also be cost-
effective to integrate and maintain. Should a security breach take place that puts the sensitive data
of a company and its customers at risk, the officers of the organization may well be directly
accountable to not only the companyâs Board of Directors, but also to its customers, and
shareholders.
By implementing a strong authentication system, banks and other financial organizations can secure
their digital communication and transaction systems, and increase profitability by lowering
operational costs. As consumers perform more electronic transactions, such as credit and debit cards
purchases, and online banking and investments, it is increasingly important for financial services
providers to institute strict control over how customer information is protected on their networks, both
12 Top Online Banking Threats to Financial Service Providers in 2010
13. during and after transactions. Having a strong authentication platform is imperative to ensuring trust
and preserving the financial service brand.
Conclusion
Why should financial services organizations care about strong authentication? The answer brings us
full circleâtrust. With a strong authentication process in place, the consumer can trust that their
financial transactions are private and protected. With greater customer confidence comes lower
customer churn and higher transaction volumes, resulting in increased revenue for the FSP.
With a security solution rooted in strong authentication, the financial institution can trust that they are
in compliance with industry and government regulations, such as FFIEC, Basel II, PCI DSS, GLBA, and
the Identity Theft Act, as well as FDIC and DigSig directives. As threats intensify and regulations
increase, a security plan based around robust two-factor authentication places financial
organizations in a state of readiness that customers, employees, and shareholders alike can rely
upon.
Online financial transactions, payment settlements, and business-to-business exchanges all depend
on establishing participant identity and data integrity. Other time-sensitive operations, such as
documentation submission, bill calculation, and stock trading, require an auditable trail. Employing
multiple, disparate products creates security gaps and heterogeneous environments, which are
costly to manage, create compatibility issues, introduce vulnerabilities, and inhibit future growth.
Strong authentication is the most direct and cost-effective way to ensure that any user attempting to
access sensitive applications and data is an authorized party with the appropriate permissions to
view, copy, and modify that data.
SafeNet is the dominant market leader in USB authentication, providing quality, stability, and
credibility in an area that requires nothing less. Our solution to identity and data security enables
financial organizations to protect sensitive customer data and transactions at every point in the
systemâinternal databases, employee laptops, corporate transactions, and online consumer
banking. SafeNetâs authentication solutions have the ability to support the variety of use cases across
the financial services landscape, including internal security, compliance, and varying levels of
banking customers. The flexibility and scalability of SafeNetâs product offerings provide management
and customization options to suite every need and risk level, with the ability to evolve from basic
secure access to advanced applications.
It appears inevitable that people are changing the ways they identify themselves to their banks and
SafeNet believes we will have an important role to play in the provisioning of these solutions.
Customers demand complete assurance that their account information is safeguarded from all
possible threats, and where they put their trust, and their money, will be largely based on an FSPâs
reputation for providing a safe and secure place to do business. With strong authentication, financial
services providers will have one of the core elements in place to ensure that digital transactions and
communications are secure, compliance with regulations is achieved, and that customer privacy
and company reputation remain intact.
13 Top Online Banking Threats to Financial Service Providers in 2010
14. To find out more about SafeNet authentication solutions go to:
http://www.safenet-inc.com/authentication
14 Top Online Banking Threats to Financial Service Providers in 2010