I recently shared my thoughts with Dark Reading on why email is worth saving. In the piece, we ask 'What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available?' It is, it's called the DMARC specification, and we should be using it. Read more
DMS now supports the use of the DMARC draft specification for its customer base. DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance” (http://www.dmarc.org/), is an e-mail authentication and reporting standard that provides organizations with an unmatched view of the health of their outbound e-mail channel. DMS support for this standard means that our customers can block even more fraudulent messages and stop additional attacks.
At Easy Solutions, we spend a lot of time anticipating fraud trends so that we can develop solutions quickly and ensure that our customers are always ahead of the game when it comes to fraud protection. This week, we added and enhanced several features to our anomaly detection solution, DetectTA, which now has the ability to monitor a wider range of transactions and provides increased flexibility in crafting rules and alerts. DetectTA’s extended capabilities result in an anomaly detection solution that’s even easier to use and much more powerful.
InfoRiskToday (http://www.inforisktoday.co.uk/) has a great article out today, that highlights some of the key developments in the P.F. Chang's breach.
While there are no indicators of card fraud yet, we'll be monitoring closely for any activity. Easy Solutions' Bryan Jardine also shares his insights within the piece, noting that "Often the valuation of a card decreases over time. It is more cost-effective for the fraudsters to get them on the market as quickly as possible. This is easy money for them." For the full article, visit http://www.inforisktoday.co.uk/pf-changs-breach-6-key-developments-a-6961/op-1
Over the last decade, I have spent the majority of my time focused on strategic planning for fraud prevention and fraud program enhancements. During this time, I have met and spoken with countless financial and law enforcement professionals who are facing the challenges of ever-changing fraud environments. Due to the nature of fraud, my programs had to be ever-changing as well. I have taken the time to identify the most reoccurring themes I have seen throughout my travels and wanted to share them with you.
A year after the Twitter-AP event, new security vulnerabilities and breaches (Heartbleed, Target, to name a few) continue to be in the weekly headlines. Organizations affected by those events have taken some measures to prevent them from happening again, and the largest financial services companies are investing heavily in cyber security. JPMorgan Chase, the nation’s largest financial institution, recently announced they are investing in additional layers of security, to the tune of $250 million annually and 1,000 people dedicated to the effort. Other organizations with high-value data and assets should follow that trend, and make a real assessment of their current solutions to see if they really help them combat cyber attacks and fraud in an effective way.
Every April, procrastinators hurry to get all of their paperwork together to file their taxes, while accountants also strive to make every minute count. As it turns out, everyone is busy in April, even cybercriminals.
The end of tax season is prime time for fake phishing e-mails asking taxpayers to log in and check the status of an income tax return, messages claiming that updated tax documents have been issued, and even e-mails asserting that there is an error with your tax return.
In the wake of the most recent FFIEC guidance published in 2011, many financial institutions and service providers have undertaken very expensive and time-consuming projects to replace the traditional challenge questions and answers that they previously used as a security measure. One of the more popular solutions suggested as an alternative was to provide out-of-band authentication via a second independent device. Mobile phones were the natural fit as that independent device, since the typical consumer’s high usage of SMS texting would make it easy to incorporate into their banking routine.
One of the biggest challenges when it comes to transaction anomaly detection is managing the large amount of alerts and cases that these solutions tend to generate. Since every alert is a possible case of fraud, efficient management is crucial for following up on cases in a timely manner before any attacks can be perpetrated.
FFIEC Guidance published on December 11, 2013 and effective immediately, addresses mounting risk factors facing financial institutions related to social media. The FFIEC states that all financial institutions should effectively assess and manage risks associated with all activities conducted via social media platforms. These risks include compliance risk, legal risk, reputation risk, and operational risk