No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
The three most common findings during an IT security examination are vendor management issues, a need for improved wire transfer controls, and necessary updates to risk assessments, says Phillip Hinkle, Chief IT Security Examiner for the Texas Department of Banking.
Breaches will not slow anytime soon, and there's not much financial institutions and the payments chain can do to stop them. At this point, the best course of action for banks and retailers is to focus on damage control.
"I'd like to make sure our recommendations fit with what the FFIEC is recommending, to continue to help us mitigate risk," says Michael J. Wyffels, SVP and CTO of QCR Holdings Inc. "But the hackers seem to continue to find new ways to exploit vulnerabilities."
When a database breach occurs, consumer notification continues to be a public problem. And it's time for the federal government to step in, says Linda Foley, co-founder of the non-profit Identity Theft Resource Center.
David Navetta, an attorney who specializes in IT security and privacy, says the magistrate's recommendation, if accepted by the judge, could set an interesting legal precedent about the security banks are expected to provide for commercial customers.
For nearly two years, banks and businesses across the U.S. have been plagued by a wave of corporate account takeover. And while there's no one answer, Texas bank examiner Phillip Hinkle sees ways that institutions can better detect and prevent these crimes.
Sen. Charles Schumer's amendment to Regulation E, which aims to give local governments and school districts the same level of protection as consumers, could set an adverse precedent for financial institutions, says Doug Johnson, vice president and senior advisor of risk management for the American Bankers Association.