Download presentation
Presentation is loading. Please wait.
Published byGeorge Neal Modified over 9 years ago
1
© BITS 2009. BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices for the Public and Private Sector Response Emerging Retail Payments Risks Conference Federal Reserve Bank of Atlanta November 5, 2009
2
2 © BITS 2009. Agenda BITS Efforts –Fraud –Security –Vendor Management & Shared Assessments –Regulation FSSCC R&D Committee Efforts
3
3 © BITS 2009. Fraud ACH Fraud Risk Information Sharing Calls (e.g., ACH fraud trends, implementation of IAT codes) Credit Bust Out Project –Bust Out and Credit Abuse Activities (July 2009) –Development of USSS information sharing portal Mortgage Fraud Reduction –White Paper: Residential Mortgage Fraud Prevention Strategies for Financial Institutions –Fraud Advisory: Servicing Frauds (June 2009) –Preparing and Presenting Your Mortgage Fraud Case to Law Enforcement (May 2009) Payment Card Fraud Information Sharing Calls (e.g., pre-paid fraud trends, card data security)
4
4 © BITS 2009. Fraud Remote Channel Fraud –Information Sharing Calls (e.g., attacks on commercial account customers, SMS attacks) –Recommendations for Detecting and Communicating with Customers whose Computers are Infected with Malware (October 2009) Financial Exploitation of Elderly and Vulnerable –Updating 2005 paper on BITS Fraud Protection Guide: Protecting the Elderly and Vulnerable from Financial Fraud and Exploitation Fraud Working Group Information Sharing Calls –Examples: employment scams, outsourcing fraud processes
5
5 © BITS 2009. Fraud Third Party Payment System Access –Focusing on: −Information security and PCI −Registration, underwriting, and high risk Developing recommendations for: –PCI Council –NACHA –Card networks –“Regional” EFT networks –Others
6
6 © BITS 2009. Security Web-Business –ICANN and gTLD –Secure Web Browser Project Email Security –Implementation of email authentication protocols –Collaboration with FS-ISAC on repository of key information –ISP outreach to build support for authenticated email Authentication –Surveys on current practices of customer, employee and business partner authentication
7
7 © BITS 2009. Security Software Assurance –Developing best practices for software development contract terms and vendor management –Working with FSTC’s Software Assurance Project to focus on secure development and metrics Security Awareness & Education –Developing quarterly Security Awareness Newsletter –Planning 4 th Annual Meeting Future focus: –Cloud computing –Social networking
8
8 © BITS 2009. Vendor Management/Shared Assessments Vendor Management –Updating “Ongoing Monitoring” section of BITS Framework –Surveys on oversight of line of business vendor managers –Other focus areas −Financial condition of service providers −Oversight of vendors for ID theft red flags rule and BCP Shared Assessments –Promote adoption by US FIs and service providers –Explore synergies with industry organizations (e.g., IAPP, SIFMA) –Expand awareness/adoption by other sectors (e.g., healthcare) –Expand foreign outreach through NASSCOM –Enhancing privacy
9
9 © BITS 2009. Regulation Two-way dialog with regulatory agencies and other government agencies Comment letters –Example: ICANN governance Monitoring legislative proposals –Example: Senate & House Homeland Security hearings on Heartland breach and Cybersecurity Act proposal Studies –Example: Reducing the Delta Between New Regulations and Cost-Effective Practices Within the Financial Services Industry (with Deloitte)
10
10 © BITS 2009. FSSCC R&D FSSCC R&D Committee Objectives: –Identify top priorities (and gaps) for research 1.Application security 2.More secure and resilient financial transaction systems 3.ID management 4.Understanding the human insider threat 5.Data centric protection strategies 6.Better measures of the value of security investments 7.Best practices and standards –Engage stakeholders (including academic institutions, government agencies, Internet Corporation for Assigned Names and Numbers) –Promote development initiatives to improve the resiliency of the FS Sector –Manage Subject Matter Advisory Response Team (SMART) Program
11
11 © BITS 2009. FSSCC R&D Outreach to academic, technology and government communities: –National Cyber Leap Year –Workshop on National Cyber Defense Initiative on Oct 28-29 SMART Program –Goal: assist R&D organizations by providing subject matter experts from financial institutions –Endorsed DECIDE Project: −Simulation model −Enables FIs and others to test the impact of disruptive events on the banking and finance sector (e.g., cyber attacks, natural disasters, policy decisions) −Funded by DHS via consortium of universities
12
12 © BITS 2009. FSSCC R&D Identity Management Discussions –June: FSSCC meeting with new White House CTO −CTO asks FSSCC for top, “actionable” R&D priority that the Federal government should promote −FSSCC R&D Committee recommends identity management –July-Oct: Additional discussions with White House CTO and other government agencies: −Identity management aligns with Administration’s goals −CTO requests FSSCC issue RFP on identity management for government to leverage −FSSCC & FBIIC establishes ID management committee chaired by VISA exec and FDIC official
13
13 © BITS 2009. FSSCC R&D Financial Communications and Authentication Pilot –August: Proposed to OSTP the idea to create a financial sub-net within a government-controlled domain to pilot: −Strong B2B and B2G authentication options −Recommendations to ICANN for financial domains −Harvest data and lessons-learned for industry government, and academic use
14
14 © BITS 2009. Contact Info John Carlson Senior Vice President BITS/Financial Services Roundtable 202.589.2442 John@fsround.org
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.