Javelin are coming out with the results of an identity theft survey, and the posted early results, that surprised me.  I would have picked 2 & 3 to be first and second. highest average  … identity thefts committed by friends & neighbors family members distant third for employees at FI’s Source: Javelin   Technorati tags: identity+theft, security Continue reading Friendly fraud is most prevalent

 The criminals are always a step ahead.  Now they are encouraging customers to sign up for fake two factor authentication.    I see two things smart banks can do to deal with this: Categorically tell customers they will never send unsolicited emails with a hyperlink, or any email asking customers to do anything EXCEPT go directly to bank.com and log in get their multi factor authentication implemented asap Courtesy of AllPaynews.com The phishers are scamming their victims by directing them to sign up for their bank or credit union’s new dual authentication solution intended to help protect their online banking activities … Continue reading SecureWorks Warns of Phishing Schemes Using Dual Authentication Signup Process to Scam Bank and Credit Union Customers

Being a security expert must be one of the most depressing jobs on the planet.  You can see all the flaws but getting the business folks to buy in or even semi understand is difficult at best. That’s the challenge Bruce exemplifies with this post.  One of the most disturbing aspects of the attack is that you’re only as secure as the most untrusted bank on the network. Instead of just having to trust your own issuer bank that they have good security against insider fraud, you have to trust every other financial institution on the network as well. An insider … Continue reading Schneier on Security: Attacking Bank-Card PINs

Desjardins in Canada joins the ranks of Banks with a Security Guarantee.  Quebec financial institution Desjardins Monday said it is offering a 100 per cent Guaranteed Secure program to reimburse customers that are fooled by phishing schemes. Source: IT Business   Technorati tags: security+guarantee Continue reading IT Business | Desjardins announces a security Guarantee

The opening sentence in this quote sums up the weakest link approach that criminals follow. Nonetheless, it appears that chip and pin is reducing card fraud in the UK so far. But rather than reducing fraud in total, identity fraudsters have simply shifted their activity to areas that Chip and PIN does not protect. The first signs came in the cheque fraud figures which showed a rise of 50% in the first six months of 2004, compared with the same period in the previous year. But the cost of cheque fraud is dwarfed by continuing card fraud. “It would be nice if … Continue reading The Retail Bulletin – Chip & Pin reduces fraud, but fraud continues elsewhere

Known for scam also know as the 519 419 scam, Nigeria has successfully elevated itself to be known universally for this. Britons now closely associate the African country with the so-called “advance fee” scam whereby people are contacted by e-mail and offered the opportunity to earn millions of dollars. The recipient is told they will earn a commission in exchange for aiding the sender in transferring funds. Source: Nigerian scams cost Britons millions, says study – Yahoo! News I know my UK email address is inundated with these scams, whereas my US based gmail is not.   For the life of me, … Continue reading Nigerian scams cost Britons millions, says study – Yahoo! News

European Banks continue with their “belt and braces” approach to security with smart cards, and software based customer recognition.  This is in contrast with the North American market where the latter is the only security enhancement in place.  Time will tell if Europe is the lead on this, and North America will simply fall in lockstep.  VDK Spaarbank, a Belgian savings bank, will distribute smart card readers made by Vasco Data Security International, Inc. to all its Internet-banking users. Vasco, which has dual headquarters in Belgium and the U.S., says the bank will use Vasco’s Digipass 810 reader both to allow … Continue reading Card Technology, The Smart Card News Source

Corillian come up with a semi automated capability that verifies your online banking site to the user.  It is somewhat reminiscent of the Passmark/ RSA solution. TrueStamp images are created based on the configuration settings specified by the system administrator, and each user’s image is truly unique. To develop a TrueStamp, end users type a memorable phrase into a box and click a button. TrueStamp then immediately generates and displays a series of three images employing the phrase. The end user then selects one of the images, and the data to generate the image is stored in the user’s profile … Continue reading Corillian Launches TrueStamp Site Verification for Next Enhancement of Intelligent Authentication Technology

 Report commissioned by CheckFree in the US, validates that even the holdouts are migrating to online bill payment, with fears of identity theft helping to drive that migration. Online is Safer than Paper: Facts Quell Initial Fears Source: Payments News: More Consumers Trust, Use Internet To Organize, Manage Finances – November 02, 2006 Its not that fear for online security has dropped, but rather the fear of identity theft has overtaken other fears. The number of respondents that indicated they do not trust the Internet with the security of their financial information declined by 60 percent: from 20 percent in … Continue reading Payments News: More Consumers Trust, Use Internet To Organize, Manage Finances