1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA.

Slides:

Advertisements

Similar presentations

MARKETPLACE FRAUD How the Assistance Network can Prevent, Detect, and Report suspected fraud.

Advertisements

Chapter 12: Regulatory Compliance for Financial Institutions.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

1 Identity Theft and Phishing: What You Need to Know.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

8 Mistakes That Expose You to Online Fraud to Online Fraud.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

Security Controls – What Works

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

The OWASP Foundation OWASP Chennai Phishing.

Computer Fraud – “Phishing” Identity Theft in Financial Services 6/30/04.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

1 April 2005 TOP IT Security Issues An Examiner’s Perspective Matthew Biliouris, Information Systems Officer – E&I.

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

E-Commerce And You Lake Buena Vista, Fl November 3, 2004 Roger Blake Roger Blake Senior Information Systems Officer National Credit Union Administration.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Marketing of Information Security Products. The business case for Information Security Management.

Safe Internet Use Mark Wheatley CSI Onsite

2015 ANNUAL TRAINING By: Denise Goff

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)

Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Manage Your Risk Utilizing Collaborative Partnerships to analyze, simplify, compare & strategize.

Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Phishing: Trends and Countermeasures Blaine Wilson.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

Jeff loses his identity! Lesson 8: Identity Theft.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

FFIEC Cyber Security Assessment Tool

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Protecting Your Assets By Preventing Identity Theft 1.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.

Protecting Yourself Against Identity Theft A Financial Literacy Presentation by.

NCUA Update Alaska Credit Union League 42 nd Annual Meeting Elizabeth A. Whitehead, Region V Director National Credit Union Administration.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Government Protection Consumers protected by both laws and agencies at different levels Look at table on page 30.

Protecting Your Assets By Preventing Identity Theft

Presented by: David Reid, DBA International

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

An Update on FERPA and Student Privacy

MGMT 452 Corporate Social Responsibility

Protection of CONSUMER information

Tax Identity Theft Presenter Date

Protecting Your Identity:

Red Flags Rule An Introduction County College of Morris

Current Privacy Issues That May Affect Your Credit Union

Identity Theft Prevention Program Training

Getting the Green Light on the Red Flags Rule

Anatomy of a Common Cyber Attack

Presentation transcript:

1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA

ID Management in Financial Services – May Credit Union Industry Statistics

ID Management in Financial Services – May Credit Union Industry Statistics

ID Management in Financial Services – May Credit Union Industry Statistics

ID Management in Financial Services – May Credit Union Industry Statistics

ID Management in Financial Services – May Risk Assessment Process 2. Understand Risks 3. Prioritize Risks 4. Develop & Implement Action Plans 5. Monitor 1. Identify Risks

ID Management in Financial Services – May Security Programs Gramm-Leach-Bliley Act – 501(b) – Outlines Specific Objectives – Requires NCUA establish standards for safeguarding member records

ID Management in Financial Services – May Security Programs Credit Unions Must Have Process in Place to: – Ensure Security & Confidentiality of Member Records – Protect Against Anticipated Threats or Hazards – Protect Against Unauthorized Access Specifically Stated in §748.0(b)(2)

ID Management in Financial Services – May

10 Security Programs Appendix A – Guidelines for Safeguarding Member Information – Involvement of Board of Directors – Assess Risk – Manage & Control Risk – Oversee Service Providers – Adjust the Program – Report to the Board

ID Management in Financial Services – May Security Programs Response Program Guidance – Increasing Number of Security Events – Congressional Inquiries – GLBA Interpretation – FFIEC Working Group – Revise Part 748-Add New Appendix B

ID Management in Financial Services – May Security Programs Credit Unions Must Have Process in Place to: – Ensure Security & Confidentiality of Member Records – Protect Against Anticipated Threats or Hazards – Protect Against Unauthorized Access – Respond to Incidents of Unauthorized Access to Member Information

ID Management in Financial Services – May

ID Management in Financial Services – May Security Programs Appendix B – Guidance on Response Programs – Components of a Response Program Assessing Incident Notifying NCUA/SSA Notifying Law Enforcement Agencies Containing/Controlling Incident Notifying Affected Members

ID Management in Financial Services – May Security Programs Appendix B – Guidance on Response Programs – Content of Member Notice Account/Statement Review Fraud Alerts Credit Reports FTC Guidance

ID Management in Financial Services – May PART 748 APPENDIX B Conflict with State Law – e.g., California Notice of Security Breach statute – Requires notice to California residents when unencrypted member information is or may have been acquired by unauthorized person – Gramm Leach Bliley Preemption Standards: no intent to preempt where state law provides greater consumer protections

ID Management in Financial Services – May NCUA Expectations Potential Questionnaire: – Incorporated into Overall Security Program – Escalation Process / Incident Response – Review of Notices – Attorney Review? – Enterprise Wide Approach – Reporting to Senior Management – Member Outreach / Awareness Programs – Employee Training Programs

ID Management in Financial Services – May “Phishing”

ID Management in Financial Services – May “…The use of digital media also can lend fraudulent material an air of credibility. Someone with a home computer and knowledge of computer graphics can create an attractive, professional-looking Web site, rivaling that of a Fortune 500 company…” Arthur Levitt Former Chairman of the SEC Quotes

ID Management in Financial Services – May Phishing 101  Phishing uses to lure recipients to bogus websites designed to fool them into divulging personal data.

ID Management in Financial Services – May Phishing 101   Spoofed address  Convincing  Sense of urgency  Embedded link (but not always)

ID Management in Financial Services – May Phishing Trends Anti-Phishing Working Group Industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and spoofing. APWG Members - Over 400 members - Over 250 companies - 8 of the top 10 US banks - 4 of the top 5 US ISPs - Over 100 technology vendors - Law enforcement from Australia, CA, UK, USA

ID Management in Financial Services – May Phishing Trends Source: APWG Phishing Attach Trends Report - March 2005

ID Management in Financial Services – May Source: APWG Phishing Attach Trends Report – March 2005 Phishing Trends

ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

ID Management in Financial Services – May Examples (March 2004) Source: Anti-Phishing Working Group Phishing Archive

ID Management in Financial Services – May Examples (March 2004) Source: Anti-Phishing Working Group Phishing Archive

ID Management in Financial Services – May Examples (May 2004) Source: Anti-Phishing Working Group Phishing Archive

ID Management in Financial Services – May Training / Policy Development Awareness Handling complaints & reports of suspicious s/sites Protect on-line identity of credit union Response Plan Phishing Action Plans – Employee Education

ID Management in Financial Services – May Communication Methods Internet Banking Agreements Newsletters Statement Stuffers Recordings when on “hold” Website (FAQs / Advisories / Links) Phishing Action Plans – Member Education

ID Management in Financial Services – May Action Plan Ideas - Education

ID Management in Financial Services – May Action Plan Ideas - Education

ID Management in Financial Services – May Action Plan Ideas - Education

ID Management in Financial Services – May Content We will never ask for xxx via We will never alert you of xxx via Always feel free to call us at # on statement Always type in our site URL (see statement / newsletter / previous bookmark) Phishing Action Plan Ideas – Member Education

ID Management in Financial Services – May Content (cont’d) Sites can be convincingly copied Report suspicious s & sites Where to get more advice on phishing Importance of patching How to validate site (via cert or seal) Where to go for ID theft help Phishing Action Plan Ideas – Member Education

ID Management in Financial Services – May Considerations:  Keep certificates up-to-date  Practice good domain name controls Don’t let URLs lapse Purchase similar URLs / Search for similar URLs Phishing Action Plan Ideas – Protection of CU’s Online Identity

ID Management in Financial Services – May NCUA  (8/03) LTR 03-CU-12 Fraudulent Newspaper Advertisements, and Websites by Entities Claiming to be Credit Unions (04/04) LTR 04-CU-05 Fraudulent Schemes (05/04) LTR 04-CU-06 & Internet Related Fraudulent Schemes Guidance FFIEC Agency Brochure Phishing Resources

ID Management in Financial Services – May Action Plan Ideas - Education

ID Management in Financial Services – May Action Plan Ideas - Education

ID Management in Financial Services – May Inside the Examiner’s Playbook Think Globally Vendor Management Security Program (Part 748) Employee Remote Access Risk Assessment Patch Management IDS/Incident Response Virus Definition Updates BCP Formal Policies

ID Management in Financial Services – May

ID Management in Financial Services – May

ID Management in Financial Services – May

ID Management in Financial Services – May FFIEC IT Handbook

ID Management in Financial Services – May FFIEC IT Examination Handbook Development & Acquisition Management Operations Outsourcing Retail Payment Systems Wholesale Payment Systems Issued: BCP Information Security Supervision of TSPs Audit E-Banking Fedline

ID Management in Financial Services – May

ID Management in Financial Services – May

ID Management in Financial Services – May

ID Management in Financial Services – May Contact Information: Matthew Biliouris Questions??