financial institutions

Citi hires Lippert away from Royal Bank of Canada

Judi Hasson — Tue, 08 Jul 2008 17:21:06 -0400

In a game of musical chairs among financial institutions, Citi has hired Marty Lippert away from Royal Bank of Canada as its new CIO and corporate operations and technology COO. He replaces Marvin Adams, who moved to Fidelity in December. The change is more than filling an empty seat, with Lippert being asked to "drive transformational change" across Citi's newly centralized global technology and operations divisions. "In today's global environment, our competitiveness is dependent on having leading technology and operational capabilities," said Vikram Pandit, Citi's Chief Executive Officer. "Marty's appointment emphasizes the importance we place on technology in driving enterprise transformation, and we'll look to him to be a key also spent 16 years at Mellon Bank, where he was executive vice president for information management and research, and chief financial officer of technology.

For more on the latest CIO change:
- check out this Wall Street &Technology article

Phishers get nabbed

Thu, 22 May 2008 06:59:59 -0400

Thirty-eight people in the U.S. and Romania have been charged in two federal indictments, alleging they used a complicated Internet phishing scheme to steal thousands of credit and debit card numbers, and then tap into bank ATMs to obtain cash.

The targets were both individuals and hundreds of financial institutions, a reminder to CIOs and their IT departments to remain vigilant and to make sure employees know the risks and do not respond to bogus emails seeking personal or company information.

In the indictments coming out of California and Connecticut, federal authorities said schemes were run by individuals with ties to organized crime, and targeted banks and other companies including Citibank, Capital One and PayPal.

For more on these indictments:
- see this pcworld.com article

Congress backtracking on Internet gambling

Thu, 24 Apr 2008 06:59:59 -0400

Some members of Congress, backed by financial institutions, are trying to enact legislation that would stop the Treasury Department from adopting regulations to enforce a federal ban on Internet gambling. The 2006 Unlawful Internet Gambling Enforcement Act calls for criminal and civil penalties for banks, credit card companies and others that process payments to gambling web sites. But the Treasury Department is having a hard time writing the regulations and the banks are balking at having to enforce the law.

The financial institutions claim it would be a nightmare to be forced to use their computerized payment systems to determine which customer activities are legal and which are not and argue they don't want to police the Internet. Legislation backed by Rep. Barney Frank, chairman of the House Committee on Financial Services, would stop the Treasury from writing or implementing regulations to carry out the 2006 law.

For more on this dispute:
- Check out this InformationWeek article

ATM machines cry out for security

Mon, 25 Feb 2008 06:59:59 -0500

ATM machines may be a new target for hackers. A report by the managed security firm, Network Box, outlined several threats to these commonplace banking tools. They include IP worms, disruption of the IP network, denial of service and the harvesting of transaction data for malicious purposes. The report said that banks and financial institutions are not securely protecting customers' data. The reason may be because the technology is too old.

An estimated 70 percent of current ATMs are based on PC/Intel hardware and commodity operating systems using standard IP networking. Many financial institutions have opted for cheaper systems rather than the best security. And that means that credit/ATM card numbers, transaction amounts and account balances could be easily captured by hackers.

"Most people simply assume that because an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure," said Mark Webb-Johnson, chief technology officer at Network Box. But that might be assuming way too much. Network Box recommends that all traffic to and from ATM machines should be encrypted, not just the PIN number. ATM networks should also be separated from the rest of the bank's network, thereby allowing them to be closely monitored and controlled. If your ATM machine isn't secure, what is?

For more on ATM vulnerabilities:
- See this VNunet article

PCI Data Security Standard gets more oversight

Mon, 28 May 2007 20:01:39 -0400

Fourteen merchant organizations, including retailers like Wal-Mart and U.K.-based Tesco and large financial institutions such as Bank of America and JPMorgan Chase, were elected last week to the board of advisors of the newly-created PCI Security Standards Council (PCI SSC). The Payment Card Industry (PCI) data security standard was originally formed by the five major credit card agencies. This new group will solicit feedback from the industry and will influence changes to the standard, which until now, has been the sole jurisdiction of five credit card companies: Visa International, MasterCard Worldwide, American Express, Discover and the Japan Credit Bureau.

For more on PCI and the newly formed group:
- see this article at ComputerWorld

Financial services going mobile in a big way

Sun, 17 Dec 2006 19:01:35 -0500

Today's mobile computing devices can do just about everything and that includes financial transactions, as users want to be able to talk, email, surf the Web, listen to music and watch video on the go. That's why a growing number of leading financial institutions are readying security strategies to open the doors to online banking through the mobile device. Citibank's working on an encryption system, Wachovia already lets customers check online balances and others are rolling out e-payment applications.

For more on bringing the cell phone into the financial segment:
- read the article at CIO Today

Terrorist cyber attack aimed at financial community

Thu, 30 Nov 2006 19:01:39 -0500

The dawn of December brings with it a dire security warning to financial institutions that terrorists are aiming to crash stock trading and banking sites using cyber attacks. According to the Department of Homeland Security, an Islamic militant group is targeting databases within financial organizations and the threat of a denial of service attack is expected to continue through the end of the month. Financial executives don't seem too worried however, saying that their organizations are in a high level of security readiness.

For more on the impending cyber assault:
- read the article at eCanadaNow

PLUS: Financial sector is huge hacker target. Article

Online transactions demand range of security tools

Tue, 31 Oct 2006 19:01:35 -0500

Financial institutions that depend on good customer satisfaction with online transactions have their work cut out for them. Scammer and hackers are always trying to stay one step ahead of new security technologies firms are deploying. The quest to authenticate user information while protecting all that data from malcontents requires a slew of new solutions, such as using using predictive analysis to rules engines. And, if industry experts are right, that's just the start of what's going to be a long list of security and data collection initiatives.

For more on securing online financial transactions:
- check out the feature at Intelligent Enterprise

Banks shore up security

Mon, 15 May 2006 20:01:36 -0400

As consumer concerns increase thanks to online banking security breaches and incidents, financial institutions are stepping up security measures in a quest to rebuild customer loyalty and, of course, protect valuable data. Some are bringing in better encryption tools, while others are moving to stronger authentication strategies. But as experts relate, determining whether the efforts will prove successful won't be known until the new security walls are tested by phishing and pharming attacks.

For more on shoring up online banking security:
- read this CIO Today article

Phishers take new VoIP route

Tue, 25 Apr 2006 20:01:39 -0400

The Voice over Internet Protocol infrastructure used by financial institutions is now officially the target of malcontents. Wrongdoers are now using a phishing scheme based on Internet telephony technology to duplicate a bank's automated voice system, allowing them to grab account numbers, customer passwords and other confidential data. According to Cloudmark, a messaging security vendor, the hackers sent spam claiming to be from an East Coast city bank and asked customers to call a number and speak to a customer service rep about an issue. Once customers did that, the user was prompted for their PIN, which was subsequently stolen. Experts say that while it's one of the first incidents in which hackers have used VoIP technology to steal information, it could just be the start of a whole new set of security headaches for enterprises.

For more on the VoIP phishing scheme:
- read this TechWeb article