Presentation is loading. Please wait.

Presentation is loading. Please wait.

© BITS 2009. BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices.

Published byGeorge Neal Modified over 8 years ago

Similar presentations

Presentation on theme: "© BITS 2009. BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices."— Presentation transcript:

1 © BITS 2009. BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices for the Public and Private Sector Response Emerging Retail Payments Risks Conference Federal Reserve Bank of Atlanta November 5, 2009

2 2 © BITS 2009. Agenda BITS Efforts –Fraud –Security –Vendor Management & Shared Assessments –Regulation FSSCC R&D Committee Efforts

3 3 © BITS 2009. Fraud ACH Fraud Risk Information Sharing Calls (e.g., ACH fraud trends, implementation of IAT codes) Credit Bust Out Project –Bust Out and Credit Abuse Activities (July 2009) –Development of USSS information sharing portal Mortgage Fraud Reduction –White Paper: Residential Mortgage Fraud Prevention Strategies for Financial Institutions –Fraud Advisory: Servicing Frauds (June 2009) –Preparing and Presenting Your Mortgage Fraud Case to Law Enforcement (May 2009) Payment Card Fraud Information Sharing Calls (e.g., pre-paid fraud trends, card data security)

4 4 © BITS 2009. Fraud Remote Channel Fraud –Information Sharing Calls (e.g., attacks on commercial account customers, SMS attacks) –Recommendations for Detecting and Communicating with Customers whose Computers are Infected with Malware (October 2009) Financial Exploitation of Elderly and Vulnerable –Updating 2005 paper on BITS Fraud Protection Guide: Protecting the Elderly and Vulnerable from Financial Fraud and Exploitation Fraud Working Group Information Sharing Calls –Examples: employment scams, outsourcing fraud processes

5 5 © BITS 2009. Fraud Third Party Payment System Access –Focusing on: −Information security and PCI −Registration, underwriting, and high risk Developing recommendations for: –PCI Council –NACHA –Card networks –“Regional” EFT networks –Others

6 6 © BITS 2009. Security Web-Business –ICANN and gTLD –Secure Web Browser Project Email Security –Implementation of email authentication protocols –Collaboration with FS-ISAC on repository of key information –ISP outreach to build support for authenticated email Authentication –Surveys on current practices of customer, employee and business partner authentication

7 7 © BITS 2009. Security Software Assurance –Developing best practices for software development contract terms and vendor management –Working with FSTC’s Software Assurance Project to focus on secure development and metrics Security Awareness & Education –Developing quarterly Security Awareness Newsletter –Planning 4 th Annual Meeting Future focus: –Cloud computing –Social networking

8 8 © BITS 2009. Vendor Management/Shared Assessments Vendor Management –Updating “Ongoing Monitoring” section of BITS Framework –Surveys on oversight of line of business vendor managers –Other focus areas −Financial condition of service providers −Oversight of vendors for ID theft red flags rule and BCP Shared Assessments –Promote adoption by US FIs and service providers –Explore synergies with industry organizations (e.g., IAPP, SIFMA) –Expand awareness/adoption by other sectors (e.g., healthcare) –Expand foreign outreach through NASSCOM –Enhancing privacy

9 9 © BITS 2009. Regulation Two-way dialog with regulatory agencies and other government agencies Comment letters –Example: ICANN governance Monitoring legislative proposals –Example: Senate & House Homeland Security hearings on Heartland breach and Cybersecurity Act proposal Studies –Example: Reducing the Delta Between New Regulations and Cost-Effective Practices Within the Financial Services Industry (with Deloitte)

10 10 © BITS 2009. FSSCC R&D FSSCC R&D Committee Objectives: –Identify top priorities (and gaps) for research 1.Application security 2.More secure and resilient financial transaction systems 3.ID management 4.Understanding the human insider threat 5.Data centric protection strategies 6.Better measures of the value of security investments 7.Best practices and standards –Engage stakeholders (including academic institutions, government agencies, Internet Corporation for Assigned Names and Numbers) –Promote development initiatives to improve the resiliency of the FS Sector –Manage Subject Matter Advisory Response Team (SMART) Program

11 11 © BITS 2009. FSSCC R&D Outreach to academic, technology and government communities: –National Cyber Leap Year –Workshop on National Cyber Defense Initiative on Oct 28-29 SMART Program –Goal: assist R&D organizations by providing subject matter experts from financial institutions –Endorsed DECIDE Project: −Simulation model −Enables FIs and others to test the impact of disruptive events on the banking and finance sector (e.g., cyber attacks, natural disasters, policy decisions) −Funded by DHS via consortium of universities

12 12 © BITS 2009. FSSCC R&D Identity Management Discussions –June: FSSCC meeting with new White House CTO −CTO asks FSSCC for top, “actionable” R&D priority that the Federal government should promote −FSSCC R&D Committee recommends identity management –July-Oct: Additional discussions with White House CTO and other government agencies: −Identity management aligns with Administration’s goals −CTO requests FSSCC issue RFP on identity management for government to leverage −FSSCC & FBIIC establishes ID management committee chaired by VISA exec and FDIC official

13 13 © BITS 2009. FSSCC R&D Financial Communications and Authentication Pilot –August: Proposed to OSTP the idea to create a financial sub-net within a government-controlled domain to pilot: −Strong B2B and B2G authentication options −Recommendations to ICANN for financial domains −Harvest data and lessons-learned for industry government, and academic use

14 14 © BITS 2009. Contact Info John Carlson Senior Vice President BITS/Financial Services Roundtable 202.589.2442 John@fsround.org

Download ppt "© BITS 2009. BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices."

Similar presentations

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
World Bank Financial Management Sector September 2010.

World Bank Financial Management Sector September 2010.
Case Study: United States John Hurley, Director, U.S. Treasury Session 1: Financial Education and Consumer Protection Strategies: Complementary Foundations.

Case Study: United States John Hurley, Director, U.S. Treasury Session 1: Financial Education and Consumer Protection Strategies: Complementary Foundations.
1 Corporate Governance in Eurasia: A Comparative Overview Elena Miteva Administrator Corporate Affairs, Directorate for Financial and Enterprise Affairs.

1 Corporate Governance in Eurasia: A Comparative Overview Elena Miteva Administrator Corporate Affairs, Directorate for Financial and Enterprise Affairs.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Driver License Data Verification (DLDV) Program Update American Association of Motor Vehicle Administrators 2013 Annual International Conference August.

Driver License Data Verification (DLDV) Program Update American Association of Motor Vehicle Administrators 2013 Annual International Conference August.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
10/29/20091 Innovation Partnerhsip Models with the Finance Sector Dept. of Homeland Security Science & Technology Directorate Douglas Maughan, Ph.D. Branch.

10/29/20091 Innovation Partnerhsip Models with the Finance Sector Dept. of Homeland Security Science & Technology Directorate Douglas Maughan, Ph.D. Branch.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
Security Controls – What Works

Security Controls – What Works
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.

Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
2012 Outlook for Federal Contractors Kevin Plexico Vice President, Federal Information Services Deltek, Inc. September 15, 2011.

2012 Outlook for Federal Contractors Kevin Plexico Vice President, Federal Information Services Deltek, Inc. September 15, 2011.
Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.

Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY 2010 1.

BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
1IBTC – Technology for Banking. Indian Banks’ Technology Consortium RBI Working Group on Information Security, Electronic Banking, Technology Risk Management.

1IBTC – Technology for Banking. Indian Banks’ Technology Consortium RBI Working Group on Information Security, Electronic Banking, Technology Risk Management.

Similar presentations

Ads by Google