Two stories stand out when I look back on the month of May: the POS PIN pad swap scheme that hit Michaels crafts stores in more than 20 states and the insider job at Bank of America that led to $10 million being stolen from some 300 customer accounts.
Technology to fight ATM skimming continues to advance, but so do the threats. Fraudsters have devised new ways to work around - if not defeat - new anti-skimming solutions, say industry experts who point to global ATM fraud trends.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Banking/security leaders aren't crazy about banking regulators telling them they could have done a better job detecting ACH fraud, and they're eager for more specific guidance on what to do going forward.
Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
"It's interesting to see regulators putting the onus on the financial companies for fraud that occurs after the theft has already happened," says David Navetta, co-chairman of the American Bar Association's Information Security Committee.
A preliminary draft of new authentication guidance puts greater responsibility on financial institutions, and the ACH/wire fraud case between Experi-Metal Inc. and Comerica Bank marks the first major corporate account takeover incident to hit a courtroom.
Cyberthreats stem from the malware, but monetary losses stem from money mules. I've decided to coin a new term: eFraud. I cannot think of a better way to describe the wave of fraud incidents the financial industry is facing. It's electronic.
NACHA's CEO says ACH-related fraud is often over-hyped, and occurs far less often than check- and payment card-related fraud. But when corporate accounts are breached, fraudulent ACH transactions lead to big financial losses.
The Federal Financial Institutions Examination Council is expected to issue new security guidance revisiting online banking and strong authentication, and a new report from Aite finds internal fraud at most institutions is underreported.