That last post which emanated from the Boing Boing piece on ATM fraud cries out for some perspective. Of course everyone gets excited about ATM Fraud, and its terrible when you are personally involved. But then so are airplane crashes. Bad metaphor I know, but stuff happens, and there is stuff you can do as a consumer to prevent it. One of the challenges of the technology banking world, is that everyone assumes technology is perfect, and that any error/ crime/ event is the fault of the technology and the Banks that implemented it. If only that were true.

So with that rant out of the way, on with the ATM fraud story; some fact, case studies, and hopefully some perspective.

Continue reading “ATM Fraud & security – some perspective”

This post on the surface, suggests that Citibank is indicating to their customer that compomises on all Canadian ATM's requires them to cut off access to their customers. Aside from how well Citi handled this, I think this it is more plausible that this customer used a machine at a specific ATM location that had some fraud perpetrated. I am not aware of any situation where an entire country is under suspicion as the article seems to suggest. I know the customer is frustrated, but the issue here is actually broader in many respects – its a worldwide issue and … Continue reading Citibank under fraud attack, customers locked out of accounts in Canada, UK, and Russia

The following entry in Wikipedia is an interesting place to learn about proprietary technology, but thats ok. I infer from this technical description, that Microsoft InfoCard will/ could:

1. provide single sign on to bank customers, i.e. let a customer use one signature to log into several sites that require log in, such as online banking, online brokerage, credit card.
2. InfoCard would also log the customer into services such as Gmail, Yahoo Mail
3. InfoCard could let customers simply log into merchants for ecommerce, such as Amazon, eBay, Paypal, etc.

InfoCard – Wikipedia, the free encyclopedia

When an InfoCard-enabled application or website wishes to obtain personal information about the user, the InfoCard software takes over the display of the computer and represents the stored identities as virtual information cards. The user selects the card to use and the InfoCard software contacts the issuer of the identity to obtain a digitally signed XML document that contains the requested information. The InfoCard software allows the users to create self-signed identities for themselves, which can, for example, replace the need to remember usernames and passwords to log in to websites. Other transactions may require a certified identity issued by a trusted identity provider, such as a bank or a governamental agency.

This link came from Trevin chow’s blog – Self-proclaimed ADHD. Trevin is a Microsoft employee, working on Microsoft Passport team, and I got that from Dare Obasanjo, so thanks for the thread there.

Microsoft Passport originally had enormous hype, and Microsoft tried unsuccessfully to sell it to Banks and I was involved in those discussions. There just turned out to be no clear link between what we needed (secure Single sign on between multiple applications) and what Passport could deliver. So we will await InfoCard with interest. (more on Single sign on below)

Bank relevance:
This begs the question – is InfoCard a threat or an opportunity. In the old world wallets were sold by leather manufacturers. In the new world the wallet will be sold by technology companies. In the old world banks try to have their cards front and centre in the leather wallet. It may be the same model in the new electronic wallet. More on this in the future, as we learn more about InfoCard.

Continue reading “Will Infocard make it more secure and convenient for Bank customers?”

Its time to capture what I have learned about this space so far, how its evolved, and where it might go in the future that should guide banks’ investment in this space.

First of all, it’s highly relevant for bank customers, and therefore banks to get this straight. Authentication is the fancy word for how customers log in to their FI to perform financial transactions, and access services from their FI. Customers expect to be safe and secure when they do that, and they expect that only they will be able to log in to see their information, not some criminal. Continue reading “Security models – second level authentication”

Overall security strategy – Bank of America. Finextra: Bank of America extends SiteKey security to Northeast states SiteKey and the Bank of America Toolbar are part of an umbrella of security measures that includes a zero liability guarantee that protects customers from fraud losses, two-tiered authentication for funds transfers, and the capability for customers to stop receiving paper statements to reduce risks associated with sending sensitive information through the mail.  Continue reading B of A security umbrella

Computer Worm Poses as E-Mail From FBI, CIA

'Sober X' Web Threat Spreads Quickly

By Arshad Mohammed and Brian Krebs
Washington Post Staff Writers
Thursday, November 24, 2005; Page D01

It's being called the worst computer worm of the year — a fast-spreading Internet threat that looks like an official e-mail from the CIA or FBI but can leave your computer wide open to intruders.

The bogus e-mail claims the government has discovered you visiting "illegal" Web sites and asks you to open an attachment to answer some official questions. If you do, your computer gets infected with malware that can disable security and firewall programs and blast out similar e-mails to contacts in your address book. It can also keep you from getting to computer security Web sites that might help fix the problem, and it may open your Windows computer to intruders who can steal your personal data.
Continue reading “Computer Worm Poses as E-Mail From FBI, CIA”

Yahoo! News – EU Launches Anti-Spam Campaign, Seeks Tough Action

Thu Jan 22, 1:47 PM ET

By Lisa Jucca
BRUSSELS (Reuters) – European Union (news – web sites) governments should toughen sanctions against junk e-mails that now account for half of global Internet mail traffic, the EU Commission said in a policy document on Thursday.
Continue reading “EU Launches Anti-Spam Campaign, Seeks Tough Action”

Why Online Banking Is Safe

In Internet banking, as with traditional banking methods, security is a primary concern. We have taken precautions to ensure your information is transmitted safely and securely. This Level of Security is achieved in part by:
Protecting the privacy and the confidentiality of the
communications between your browser and our servers.

Verifying that only authorized persons are allowed to access online banking.

Maintaining isolation of our computers from the Internet.
Continue reading “Why Online Banking is safe”