Comptroller of the Currency Administrator of National Banks Wireless Banking April 1, 2003 Clifford A. Wilke Director of Bank Technology Office of the.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Creating a Winning E-Business Second Edition
Electronic Commerce Semester 1 Term 1 Lecture 22.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Comptroller of the Currency Administrator of National Banks Electronic Banking: Industry Developments, Risks and OCC Regulatory Activities Prepared for.
02/12/00 E-Business Architecture
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Risk Management. Risk Categories Strategic Credit Market Liquidity Operational Compliance/legal/regulatory Reputation.
Stephen S. Yau CSE , Fall Security Strategies.
Biometrics: Voice Recognition
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.
The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Lessons Learned in Smart Grid Cyber Security
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
Controlling Fraud Risk Exposure and Loss Sherri Goodman Director of Fraud Operations September 22, 2005.
© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.
Chapter 4 Copyright © 2011 by Nelson Education Ltd. 1 Prepared by Norm Althouse University of Calgary Prepared by Norm Althouse University of Calgary.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Eliza de Guzman HTM 520 Health Information Exchange.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Lecture 24 Wireless Network Security
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Banking and E-Commerce Group ‘A’ April 23 rd 2003.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
IS3220 Information Technology Infrastructure Security
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Wire Fraud Prevention Training: Setting Your Organizational Structure to Mitigate Fraud Risk and Comply with Regulatory Expectations Presented by: Terri.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
MOBILE PAYMENTS (“M-PAYMENTS”) August 2007 Potential impact on South African banking industry Team Galahad Lionel Diakanyo Joshua Makgate Sean Rule.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
New York Bankers Association Trust & Investment Conference
BUSINESS CONTINUITY BY HUI ZHENG.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.
Red Flags Rule An Introduction County College of Morris
INFORMATION SYSTEMS SECURITY and CONTROL
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Comptroller of the Currency Administrator of National Banks Wireless Banking April 1, 2003 Clifford A. Wilke Director of Bank Technology Office of the Comptroller of the Currency Washington, DC

Comptroller of the Currency Administrator of National Banks The views and opinions expressed in this presentation do not necessarily represent the views and directives of the Office of the Comptroller of the Currency or the Office of the Director of the Bank Technology Division.

Comptroller of the Currency Administrator of National Banks Wireless Banking Motivations  Banks and financial service companies are offering wireless account access  Extension of internet applications  Delivery to highly portable cell phones & personal digital assistants  More people getting devices  Features improving as technologies advance  Improve customer retention rates, especially technology oriented customer

Comptroller of the Currency Administrator of National Banks  Retail Delivery  PCs relying on non-bank owned wireless LANs or cell phone dial-in to access internet banking products  Mobile devices (e.g., cell phones, PDAs) accessing banking products customized to smaller form factors  Application support outsourced  Services range from full internet banking services to limited balance inquiry, funds transfer, bill pay & brokerage Wireless Banking Methods

Comptroller of the Currency Administrator of National Banks  Retail Delivery  Wireless LANs rely on unlicensed radio frequencies and IEEE standards  Cell phone delivery rely on licensed radio frequencies and evolving voice to data focused delivery standards Wireless Link

Comptroller of the Currency Administrator of National Banks  Security  Systems Development and Life Cycle Management  Performance  Return on investment Challenges

Comptroller of the Currency Administrator of National Banks Reported Data Security Incidents Source: CERT/CC -- statistics are not limited to the banking industory and include all reported incidents

Comptroller of the Currency Administrator of National Banks Identity Theft  86,200 identity theft incidents last year, up from 31,000 the prior year  The cost to consumers averaged $1,200 per crime  Some incidences required victims to spend up to three years communicating with lenders and credit bureaus to straighten out records. Source - Issue 771, Sept. 2002, of The Nilson Report, p.9 – FTC Data

Comptroller of the Currency Administrator of National Banks Banking Risks  Same inherent risk and issues as Internet Banking, primary risks affected  Strategic  Transaction  Reputation  Compliance

Comptroller of the Currency Administrator of National Banks Strategic Risk  Determining wireless banking role in delivering products and services  Defining risk versus reward goals and objectives  Is the reward added revenue, saving lost revenues, and/or increased efficiency?  Are capital expenditures (at purchase and retirement), maintenance and operating costs less than the reward (i.e., income)?

Comptroller of the Currency Administrator of National Banks Strategic Risk  Implementing emerging e-banking strategies  First Mover (“bleeding edge”) vs. wait and see (permanently lose market share)  Ease of implementing outsourced solution to keep up with the competition  Financial stability of vendors  Uncertain customer acceptance  Using standards not designed for secure banking environment needs  Rapidly changing technology standards  Expertise

Comptroller of the Currency Administrator of National Banks Transaction Risk Security Issues  Wireless transmission encryption  Standards retro-fitted once security became an issue  Designed to protect transmitted data from unauthorized access/use  Early standards and Wireless Access Protocols (i.e., WAP) have known vulnerabilities  Potential need to upgrade equipment as standards change

Comptroller of the Currency Administrator of National Banks Transaction Risk Security Issues  Access codes stored on device may allow account access if device lost or accessed  User names and passwords may be entered in clear view on the screen  Customer acceptance of alphanumeric PINs  Mobile phones require pressing a number key multiple times for certain letters, which may be challenging even if display is not asterisked out (i,.e., ****)

Comptroller of the Currency Administrator of National Banks Transaction Risk Security – Lessons Reinforced  Unproven standards can have security weaknesses  Risk of external attacks increases as services expand to allow greater access to systems  Companies need to maintain knowledge of attack techniques, known and newly identified  End-to-end security is key  Do not rely on wireless transport layer security for banking application security  Need effective change management processes  Encourage customers to use good PIN/Password management practices

Comptroller of the Currency Administrator of National Banks Transaction and Reputation Risk Outsourcing  Access to expertise  Knowledge of wireless communication standards and encryption methods  Developing and converting existing products and services for wireless transmission and use  Effect of device characteristics  Smaller screens  Button or stylus commands

Comptroller of the Currency Administrator of National Banks Reputation Risk  Reliability of delivery network  Customer acceptance of no-service due to telecommunications issues when they are in areas they expect service - Consumer Expectations  Processing and handling of interrupted transactions  Integration of wireless applications with existing products and services

Comptroller of the Currency Administrator of National Banks Compliance Issues  Disclosures  Wireless banking devices are easier to lose and may increase potential of unauthorized usage  Types of services offered affects level of risk (e.g., P2P payments increase risk)  Privacy concerns from location based services

Comptroller of the Currency Administrator of National Banks GLBA Compliance  Primary Elements of Information Security Program  Involve Board of Directors  Assess Risk  Manage and Control Risk (including testing)  Oversee Service Providers  Adjust Program

Comptroller of the Currency Administrator of National Banks Characteristics of Good Risk Management  Sound definitions of acceptable risk  Ownership of the risk assessment  Explicitly accept risks  Identify key controls  Create a test plan and follow up of results  Ongoing Board involvement  Active Vendor Management  Sufficient Technical Expertise  Appropriate Business Continuity Planning

Comptroller of the Currency Administrator of National Banks Industry Initiatives  Many companies have strong policies in place to maintain their position of trust  The reputational risk of the company and loss of market share is at stake  Financial exposure is real

Comptroller of the Currency Administrator of National Banks Best Practices  Secure architecture  Vulnerability management  Intrusion detection  Information sharing  Training and awareness  Regular testing, reporting, improving

Comptroller of the Currency Administrator of National Banks What’s Next - We Need to Focus On  Security  Authentication and Verification  Proper Due Diligence and Complete Understanding of the Issues  Prepare now for what is ahead  New Entrants into the Marketplace  International Perspective in the New World

Comptroller of the Currency Administrator of National Banks  FFIEC Information Security Booklet (February 2003)  Electronic Banking Final Rule (May 2002)  Bank Use of Foreign-Based Service Providers (May 2002)  ACH Transactions Involving the Internet (January 2002)  Authentication in an E-Banking Environment (July 2001)  Weblinking - (July 2001)  Alert - Network Security (April 2001)  GLBA Guidelines to Safeguard Customer Information (Feb 2001)  Risk Management of Outsourced Technology Services (Nov 2000)  Infrastructure Threats--Intrusion Detection (May 2000)  Alert - Distributed Denial of Service (February 2000)  Alert - Internet Domain Names (July 2000)  Infrastructure Threats from Cyber-Terrorists (99-9)  Technology Risk Management: PC Banking (98-38)  Technology Risk Management (98-3) OCC Technology Issuances

Comptroller of the Currency Administrator of National Banks

Comptroller of the Currency Administrator of National Banks Summary Safety, Soundness and Responsibility will remain the primary driver

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.