Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA.

Similar presentations


Presentation on theme: "1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA."— Presentation transcript:

1 1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA

2 ID Management in Financial Services – May Credit Union Industry Statistics

3 ID Management in Financial Services – May Credit Union Industry Statistics

4 ID Management in Financial Services – May Credit Union Industry Statistics

5 ID Management in Financial Services – May Credit Union Industry Statistics

6 ID Management in Financial Services – May Risk Assessment Process 2. Understand Risks 3. Prioritize Risks 4. Develop & Implement Action Plans 5. Monitor 1. Identify Risks

7 ID Management in Financial Services – May Security Programs Gramm-Leach-Bliley Act – 501(b) – Outlines Specific Objectives – Requires NCUA establish standards for safeguarding member records

8 ID Management in Financial Services – May Security Programs Credit Unions Must Have Process in Place to: – Ensure Security & Confidentiality of Member Records – Protect Against Anticipated Threats or Hazards – Protect Against Unauthorized Access Specifically Stated in §748.0(b)(2)

9 ID Management in Financial Services – May

10 10 Security Programs Appendix A – Guidelines for Safeguarding Member Information – Involvement of Board of Directors – Assess Risk – Manage & Control Risk – Oversee Service Providers – Adjust the Program – Report to the Board

11 ID Management in Financial Services – May Security Programs Response Program Guidance – Increasing Number of Security Events – Congressional Inquiries – GLBA Interpretation – FFIEC Working Group – Revise Part 748-Add New Appendix B

12 ID Management in Financial Services – May Security Programs Credit Unions Must Have Process in Place to: – Ensure Security & Confidentiality of Member Records – Protect Against Anticipated Threats or Hazards – Protect Against Unauthorized Access – Respond to Incidents of Unauthorized Access to Member Information

13 ID Management in Financial Services – May

14 ID Management in Financial Services – May Security Programs Appendix B – Guidance on Response Programs – Components of a Response Program Assessing Incident Notifying NCUA/SSA Notifying Law Enforcement Agencies Containing/Controlling Incident Notifying Affected Members

15 ID Management in Financial Services – May Security Programs Appendix B – Guidance on Response Programs – Content of Member Notice Account/Statement Review Fraud Alerts Credit Reports FTC Guidance

16 ID Management in Financial Services – May PART 748 APPENDIX B Conflict with State Law – e.g., California Notice of Security Breach statute – Requires notice to California residents when unencrypted member information is or may have been acquired by unauthorized person – Gramm Leach Bliley Preemption Standards: no intent to preempt where state law provides greater consumer protections

17 ID Management in Financial Services – May NCUA Expectations Potential Questionnaire: – Incorporated into Overall Security Program – Escalation Process / Incident Response – Review of Notices – Attorney Review? – Enterprise Wide Approach – Reporting to Senior Management – Member Outreach / Awareness Programs – Employee Training Programs

18 ID Management in Financial Services – May “Phishing”

19 ID Management in Financial Services – May “…The use of digital media also can lend fraudulent material an air of credibility. Someone with a home computer and knowledge of computer graphics can create an attractive, professional-looking Web site, rivaling that of a Fortune 500 company…” Arthur Levitt Former Chairman of the SEC Quotes

20 ID Management in Financial Services – May Phishing 101  Phishing uses to lure recipients to bogus websites designed to fool them into divulging personal data.

21 ID Management in Financial Services – May Phishing 101   Spoofed address  Convincing  Sense of urgency  Embedded link (but not always)

22 ID Management in Financial Services – May Phishing Trends Anti-Phishing Working Group Industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and spoofing. APWG Members - Over 400 members - Over 250 companies - 8 of the top 10 US banks - 4 of the top 5 US ISPs - Over 100 technology vendors - Law enforcement from Australia, CA, UK, USA

23 ID Management in Financial Services – May Phishing Trends Source: APWG Phishing Attach Trends Report - March 2005

24 ID Management in Financial Services – May Source: APWG Phishing Attach Trends Report – March 2005 Phishing Trends

25 ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

26 ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

27 ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

28 ID Management in Financial Services – May Source: Anti-Phishing Working Group Phishing Archive Examples (June 2004)

29 ID Management in Financial Services – May Examples (March 2004) Source: Anti-Phishing Working Group Phishing Archive

30 ID Management in Financial Services – May Examples (March 2004) Source: Anti-Phishing Working Group Phishing Archive

31 ID Management in Financial Services – May Examples (May 2004) Source: Anti-Phishing Working Group Phishing Archive

32 ID Management in Financial Services – May Training / Policy Development Awareness Handling complaints & reports of suspicious s/sites Protect on-line identity of credit union Response Plan Phishing Action Plans – Employee Education

33 ID Management in Financial Services – May Communication Methods Internet Banking Agreements Newsletters Statement Stuffers Recordings when on “hold” Website (FAQs / Advisories / Links) Phishing Action Plans – Member Education

34 ID Management in Financial Services – May Action Plan Ideas - Education

35 ID Management in Financial Services – May Action Plan Ideas - Education

36 ID Management in Financial Services – May Action Plan Ideas - Education

37 ID Management in Financial Services – May Content We will never ask for xxx via We will never alert you of xxx via Always feel free to call us at # on statement Always type in our site URL (see statement / newsletter / previous bookmark) Phishing Action Plan Ideas – Member Education

38 ID Management in Financial Services – May Content (cont’d) Sites can be convincingly copied Report suspicious s & sites Where to get more advice on phishing Importance of patching How to validate site (via cert or seal) Where to go for ID theft help Phishing Action Plan Ideas – Member Education

39 ID Management in Financial Services – May Considerations:  Keep certificates up-to-date  Practice good domain name controls Don’t let URLs lapse Purchase similar URLs / Search for similar URLs Phishing Action Plan Ideas – Protection of CU’s Online Identity

40 ID Management in Financial Services – May NCUA  (8/03) LTR 03-CU-12 Fraudulent Newspaper Advertisements, and Websites by Entities Claiming to be Credit Unions (04/04) LTR 04-CU-05 Fraudulent Schemes (05/04) LTR 04-CU-06 & Internet Related Fraudulent Schemes Guidance FFIEC Agency Brochure Phishing Resources

41 ID Management in Financial Services – May Action Plan Ideas - Education

42 ID Management in Financial Services – May Action Plan Ideas - Education

43 ID Management in Financial Services – May Inside the Examiner’s Playbook Think Globally Vendor Management Security Program (Part 748) Employee Remote Access Risk Assessment Patch Management IDS/Incident Response Virus Definition Updates BCP Formal Policies

44 ID Management in Financial Services – May

45 ID Management in Financial Services – May

46 ID Management in Financial Services – May

47 ID Management in Financial Services – May FFIEC IT Handbook

48 ID Management in Financial Services – May FFIEC IT Examination Handbook Development & Acquisition Management Operations Outsourcing Retail Payment Systems Wholesale Payment Systems Issued: BCP Information Security Supervision of TSPs Audit E-Banking Fedline

49 ID Management in Financial Services – May

50 ID Management in Financial Services – May

51 ID Management in Financial Services – May

52 ID Management in Financial Services – May Contact Information: Matthew Biliouris Questions??


Download ppt "1 ID Management in Financial Services – May 2005 Online Fraud Trends – Staying Ahead of the Threats Matthew Biliouris, Information Systems Officer – NCUA."

Similar presentations


Ads by Google