Customer Awareness

False Sense of Security of the Month

An untested control is not a control, it’s a wish. I’m not the kind of person who trusts technology or controls.  It’s just not in me. But I do trust my wife’s intuition. So when I saw this youtube video, forwarded to me by my friend Joe Cychosz, I w...

The Anatomy of a CAT Attack

In order to understand the power of the three layers of security required by the June 2011 Supplement to the FFIEC’s 2005 Guidance on Authentication in an Internet Banking Environment, it is helpful to understand just how a corporate account takeover (CAT) attack works. Nowa...

What customers need to be told

According to the Federal Financial Institutions Examination Council’s (FFIEC), a financial institution’s customer awareness and educational efforts should address both retail and commercial account holders and, at a minimum, include the following elements: An explanation of...

Corporate Account Takeovers: Where Compliance Pays

As the “compliance burden” continues to rise, we may sometimes wonder whether information security regulations are worth the effort.  This is a story of how the FFIEC got it right. A Short History Lesson For many in banking, this story may appear to have started ...

Sharpening Your Vendor Management Tools

Mark your calendars! Dan Hadaway will be delivering a workshop with the Indiana Bankers Association to outline what makes an effective vendor management program. The workshop will be on September 10th starting at 9:00 AM and ending at 4:00 PM. For information on how to regis...

The FFIEC’s Technology Education Requirements

Mark your calendars! Dan Hadaway will be delivering a workshop with the Indiana Bankers Association to review FFIEC statements involving technology training. The workshop will be on June 6th starting at 9:00 AM and ending at 4:00 PM. For information on how to register, visit...

Authenticating Callers

The art of “out-of-wallet” questions! When somebody calls wanting information that is sensitive (such as social security numbers, account numbers, account balances, the names of applications on our network, names of personnel, etc.), we must “authenticate&#...

Strong Passwords

What is a strong password?   When designing a password, we need to keep three things in mind: First and foremost, if we use paper to write alternative passwords down, BE SURE to shred that paper, no matter how little it is! Second:  let’s remember that our goal i...

Expand Your Customer Education Channels

The Philadelphia Federal Credit Union alerts its customers to potential fraud. Our friend Dennis Teague of MainSource Financial Group found this excellent post by Krebs. It suggests that all banks should consider a sticker on their doorways or on a sign in the teller line t...

Password Security: Not So Secure

Password Security: Not So Secure Crackers Are Catching Up How strong do you think your password is? Unfortunately, it’s probably not as strong as you think it is. Over the last 5 years, there has been a quantum leap in the field of password cracking. Computers are faster, pr...