An employee at Tokyo Mitsubishi UFJ (Tokyo, Japan) has been arrested, charged with stealing 1.5 million customer records, of which about 49,000 have been sold to criminal elements.  The remainder have been safely recovered. Mitsubishi UFJ says 49,159 customer records leaked | Reuters TOKYO, April 8 (Reuters) – Mitsubishi UFJ Financial Group’s (8306.T: Quote, Profile, Research) brokerage unit said on Wednesday records on 49,159 customers, including salary details, were leaked and sold to data list agents. Data stolen included customers’ names, addresses, dates of birth, occupation and rough salary figures, the brokerage said. (Reporting by Junko Fujita) Continue reading Tokyo Mitsubishi UFJ employee charged with stealing 1.5 million customer records

IBM come out with an innovative security measure that actually makes sense.  It makes far more sense than the two factor authentication tokens many banks have been wasting their time with.  It also sounds like it requires no work on the FI end – so its a no brainer to trial this one! IBM unveils USB stick to fight online banking fraud | Finextra IBM has unveiled a prototype USB stick designed to secure online banking transactions against malware and man-in-the-middle attacks. The Zone Trusted Information Channel (ZTIC) plugs into the USB port of any computer to add an extra … Continue reading IBM makes pilot security devices available for financial institutions to trial

I learned a whole new appreciation for passwords tonight. A family member and 15 others included in an old (10 year old) yahoo account received an email ostensibly from me with a bunch of spam crap in it. The only way I can see that the combination of that account and those addresses can co-exist is if someone entered that account, possibly with a script banging away with potential hits. It was a low level password. Needless to say I have deleted all addresses from that account, and altered the password to an unguessable one. Also changed the passwords on … Continue reading Whole new appreciation for passwords

While the data collected by governments was intended to capture Anti Money Laundering and terrorists, it is providing many other results, including the recent debacle with Elliott Spitzer. globeandmail.com: Anti-laundering software casts wide net to catch big fish The software looks for subtle patterns that indicate odd activity, and when a transaction is  flagged, a human evaluates the findings. More often than not, the anomaly is explained and  dismissed. For example, someone whose banking consists of bi-weekly deposits may suddenly  show an influx of $15,000 that turns out to be profit from the sale of a car. But when investigators … Continue reading The laws of unintended consequences | AML data mining

Finally someone stated the blindingly obvious point that people do NOT want to carry separate devices. Banks need to provide the required security in other ways. I blogged about these devices last year, and have been amazed by the extent of deployment by European Banks, that could turn out to be wasted investment. See here for my thoughts last year, and how two factor authentication is not well understood. Finextra: Customers don’t want authentication devices, says Abbey Despite continuing security concerns, two thirds of customers do not want their bank to provide chip and PIN-style authentication devices, according to UK … Continue reading Customers don’t want authentication devices | Abbey

Good article on security here at Bankwide.  It appears to be a new site, with coverage on compliance, security, and the impact on trust in Banks. A Letter From Hackers: Thanks for Multifactor Authentication | Security | Articles “Attackers aren’t getting in by guessing, they’re getting in by stealing the credentials or tricking the end-user into giving away the credentials.” So adding more credentials won’t make sites more secure. Continue reading Thanks for multi-factor authentication | Bankwide