Presentation on theme: "By Kelly Crancer p. 328. 670,000 account numbers and balances were seized by New Jersey mastermind. Bank of America, Commerce Bancorp, PNC Financial Services."— Presentation transcript:
670,000 account numbers and balances were seized by New Jersey mastermind. Bank of America, Commerce Bancorp, PNC Financial Services Group, and Wachovia were the victims In the past, banks found the cost too high to invest in the security technology. Now, the market value of personal information becomes important, causing banks to invest in the technologies.
Worm reroutes the banks URL to thief's browser SiteKey-two factor authentication Image Phrase Then, enter password Unusual computer-answer a personal question
Out-of-Wallet questions-not found on drivers license Key fobs-change password every 60 seconds Two-factor authentication pilot-small businesses making electronic transfers will need the key fob
Customers with more than $50K-free Digital Security ID for network authentication Displays new 6-digit codes every 60 seconds to log on with
Online-transfer delays to detect suspicious activity Due to phishing incidents-large transfers from victims accounts to mules accounts Created based on e-mail solicitations Monitoring actions Notifies customers when logging in at different city than normal or numerous transfers
1. What reason would a bank have for not wanting to adopt an online-transfer delay policy? Customers cant access their funds immediately. 2. Why is network security critical to financial institutions? All the banks money is accessible via the computer and could be stolen with little record of where it went.
3. Explain the differences between the types of network security offered by the banks in the case. Which bank would you open an account with and why? Bank of America has the best form to fit my needs with the two-factor authentication. I dont see the need for key fobs with different passwords so frequently with Wells Fargo. E-Trade would be better for their customers with large sums of money using the device with a new code ever 60 seconds. Barclays delays would not be as important to me, with smaller sums of money because I need immediate access at certain times.
4. What additional types of network security, not mentioned in the case above, would you recommend a bank implement? I think a device with fingerprint hardware would be very valuable to online bank users. 5. Identify three policies a bank should implement to help it improve network information security. Be willing to change with technology. Make users change their passwords frequently. Have monitory verification managers to watch suspicious activity.
Vishing-(high-tech scheme, low-tech tool) using the telephone to ask for account information Makes the caller ID look legitimate phishing-V stands for voice If you get a call requesting this information, hang up and call your bank If it was a real bank request, they will let you give it when you call back Otherwise, report the caller Vishing Scams-Dialing For Your Dollars By Justin Pritchard, About.comJustin Pritchard http://banking.about.com/od/securityandsafety/a/vishingscam.htm