Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA.

Published byBrenda Harcum Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA."— Presentation transcript:

1 1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA

2 ID Management in Financial Services – May 2005 2 Credit Union Industry Statistics

3 ID Management in Financial Services – May 2005 3 Credit Union Industry Statistics

4 ID Management in Financial Services – May 2005 4 Credit Union Industry Statistics

5 ID Management in Financial Services – May 2005 5 Credit Union Industry Statistics

6 ID Management in Financial Services – May 2005 6 Risk Assessment Process 2. Understand Risks 3. Prioritize Risks 4. Develop & Implement Action Plans 5. Monitor 1. Identify Risks

7 ID Management in Financial Services – May 2005 7 Security Programs Gramm-Leach-Bliley Act – 501(b) – Outlines Specific Objectives – Requires NCUA establish standards for safeguarding member records

8 ID Management in Financial Services – May 2005 8 Security Programs Credit Unions Must Have Process in Place to: – Ensure Security & Confidentiality of Member Records – Protect Against Anticipated Threats or Hazards – Protect Against Unauthorized Access Specifically Stated in §748.0(b)(2)

9 ID Management in Financial Services – May 2005 9

10 10 Security Programs Appendix A – Guidelines for Safeguarding Member Information – Involvement of Board of Directors – Assess Risk – Manage & Control Risk – Oversee Service Providers – Adjust the Program – Report to the Board

11 ID Management in Financial Services – May 2005 11 Security Programs Response Program Guidance – Increasing Number of Security Events – Congressional Inquiries – GLBA Interpretation – FFIEC Working Group – Revise Part 748-Add New Appendix B

12 ID Management in Financial Services – May 2005 12 Security Programs Credit Unions Must Have Process in Place to: – Ensure Security & Confidentiality of Member Records – Protect Against Anticipated Threats or Hazards – Protect Against Unauthorized Access – Respond to Incidents of Unauthorized Access to Member Information

13 ID Management in Financial Services – May 2005 13

14 ID Management in Financial Services – May 2005 14 Security Programs Appendix B – Guidance on Response Programs – Components of a Response Program Assessing Incident Notifying NCUA/SSA Notifying Law Enforcement Agencies Containing/Controlling Incident Notifying Affected Members

15 ID Management in Financial Services – May 2005 15 Security Programs Appendix B – Guidance on Response Programs – Content of Member Notice Account/Statement Review Fraud Alerts Credit Reports FTC Guidance

16 ID Management in Financial Services – May 2005 16 PART 748 APPENDIX B Conflict with State Law – e.g., California Notice of Security Breach statute – Requires notice to California residents when unencrypted member information is or may have been acquired by unauthorized person – Gramm Leach Bliley Preemption Standards: no intent to preempt where state law provides greater consumer protections

17 ID Management in Financial Services – May 2005 17 NCUA Expectations Potential Questionnaire: – Incorporated into Overall Security Program – Escalation Process / Incident Response – Review of Notices – Attorney Review? – Enterprise Wide Approach – Reporting to Senior Management – Member Outreach / Awareness Programs – Employee Training Programs

18 ID Management in Financial Services – May 2005 18 “Phishing”

19 ID Management in Financial Services – May 2005 19 “…The use of digital media also can lend fraudulent material an air of credibility. Someone with a home computer and knowledge of computer graphics can create an attractive, professional-looking Web site, rivaling that of a Fortune 500 company…” Arthur Levitt Former Chairman of the SEC Quotes

20 ID Management in Financial Services – May 2005 20 Phishing 101  Phishing uses e-mail to lure recipients to bogus websites designed to fool them into divulging personal data.

21 ID Management in Financial Services – May 2005 21 Phishing 101  E-mail  Spoofed address  Convincing  Sense of urgency  Embedded link (but not always)

22 ID Management in Financial Services – May 2005 22 Phishing Trends Anti-Phishing Working Group Industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. APWG Members - Over 400 members - Over 250 companies - 8 of the top 10 US banks - 4 of the top 5 US ISPs - Over 100 technology vendors - Law enforcement from Australia, CA, UK, USA

23 ID Management in Financial Services – May 2005 23 Phishing Trends Source: APWG Phishing Attach Trends Report - March 2005

24 ID Management in Financial Services – May 2005 24 Source: APWG Phishing Attach Trends Report – March 2005 Phishing Trends

25 ID Management in Financial Services – May 2005 25 Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

26 ID Management in Financial Services – May 2005 26 Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

27 ID Management in Financial Services – May 2005 27 Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

28 ID Management in Financial Services – May 2005 28 Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

29 ID Management in Financial Services – May 2005 29 Examples (March 2004) Source: Anti-Phishing Working Group Phishing Archive

30 ID Management in Financial Services – May 2005 30 Examples (March 2004) Source: Anti-Phishing Working Group Phishing Archive

31 ID Management in Financial Services – May 2005 31 Examples (May 2004) Source: Anti-Phishing Working Group Phishing Archive

32 ID Management in Financial Services – May 2005 32 Training / Policy Development Awareness Handling complaints & reports of suspicious e-mails/sites Protect on-line identity of credit union Response Plan Phishing Action Plans – Employee Education

33 ID Management in Financial Services – May 2005 33 Communication Methods Internet Banking Agreements Newsletters Statement Stuffers Recordings when on “hold” Website (FAQs / Advisories / Links) Phishing Action Plans – Member Education

34 ID Management in Financial Services – May 2005 34 Action Plan Ideas - Education

35 ID Management in Financial Services – May 2005 35 Action Plan Ideas - Education

36 ID Management in Financial Services – May 2005 36 Action Plan Ideas - Education

37 ID Management in Financial Services – May 2005 37 Content We will never ask for xxx via e-mail We will never alert you of xxx via e-mail Always feel free to call us at # on statement Always type in our site URL (see statement / newsletter / previous bookmark) Phishing Action Plan Ideas – Member Education

38 ID Management in Financial Services – May 2005 38 Content (cont’d) Sites can be convincingly copied Report suspicious e-mails & sites Where to get more advice on phishing Importance of patching How to validate site (via cert or seal) Where to go for ID theft help Phishing Action Plan Ideas – Member Education

39 ID Management in Financial Services – May 2005 39 Considerations:  Keep certificates up-to-date  Practice good domain name controls Don’t let URLs lapse Purchase similar URLs / Search for similar URLs Phishing Action Plan Ideas – Protection of CU’s Online Identity

40 ID Management in Financial Services – May 2005 40 NCUA  (8/03) LTR 03-CU-12 Fraudulent Newspaper Advertisements, and Websites by Entities Claiming to be Credit Unions (04/04) LTR 04-CU-05 Fraudulent E-Mail Schemes (05/04) LTR 04-CU-06 E-Mail & Internet Related Fraudulent Schemes Guidance FFIEC Agency Brochure Phishing Resources

41 ID Management in Financial Services – May 2005 41 Action Plan Ideas - Education

42 ID Management in Financial Services – May 2005 42 Action Plan Ideas - Education

43 ID Management in Financial Services – May 2005 43 Inside the Examiner’s Playbook Think Globally Vendor Management Security Program (Part 748) Employee Remote Access Risk Assessment Patch Management IDS/Incident Response Virus Definition Updates BCP Formal Policies

44 ID Management in Financial Services – May 2005 44

45 ID Management in Financial Services – May 2005 45

46 ID Management in Financial Services – May 2005 46

47 ID Management in Financial Services – May 2005 47 FFIEC IT Handbook

48 ID Management in Financial Services – May 2005 48 FFIEC IT Examination Handbook Development & Acquisition Management Operations Outsourcing Retail Payment Systems Wholesale Payment Systems Issued: BCP Information Security Supervision of TSPs Audit E-Banking Fedline

49 ID Management in Financial Services – May 2005 49

50 ID Management in Financial Services – May 2005 50

51 ID Management in Financial Services – May 2005 51

52 ID Management in Financial Services – May 2005 52 Contact Information: Matthew Biliouris 703-518-6394 matthewb@ncua.gov Questions??

Download ppt "1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA."

Similar presentations

MARKETPLACE FRAUD How the Assistance Network can Prevent, Detect, and Report suspected fraud.

MARKETPLACE FRAUD How the Assistance Network can Prevent, Detect, and Report suspected fraud.
Chapter 12: Regulatory Compliance for Financial Institutions.

Chapter 12: Regulatory Compliance for Financial Institutions.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
8 Mistakes That Expose You to Online Fraud to Online Fraud.

8 Mistakes That Expose You to Online Fraud to Online Fraud.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, 2010 10:45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.
Security Controls – What Works

Security Controls – What Works
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Similar presentations

Ads by Google