Nearly every day someone's account is compromised through the use of legitimate, but compromised, log-on credentials for online banking and cash management platforms. Businesses are not the only victims -- consumer accounts are compromised, too, leaving financial institutions with both financial and reputational losses. Some institutions suffer significant losses from business account takeovers as well; there can be lawsuits, findings that the institution used insufficient security or poorly executed agreements, institutions that find themselves highlighted in news articles (not in a favorable light) and more.
Join Rayleen Pirnie, Director of Compliance and Fraud Education with EPCOR, for an eye-opening review of how criminals routinely bypass common online banking security techniques. More importantly, Rayleen will detail emerging technologies that show promise to better secure this banking environment, including biometrics, sandboxing sessions, unique out-of-band authentication techniques, and more. This session will also provide attendees with considerations for phone authentication --- let's face it, if a crook has access to your computer, then he likely knows everything he needs to answer phone challenge questions currently used to authenticate phone-based transfer requests.
This course is intended for a general audience. All technical concepts are explained as the program progresses. Operations, IT/IS, Managers, Audit/Compliance, Call Center Managers and any other customer-facing department will find this information useful.
Highlights of the presentation:
- Important Contract / Agreement provisions frequently missing that open a financial institution to exposure
- Let's play - Bypass that Security!
- We will highlight several common methods of OLB security employed today, then detail how easily they are defeated
- Call Centers - explain how criminals compromise consumer computers, statistics on how many consumer computers are already infected (about 47%) and how access to their computers provides information such as amount or date of last deposit, etc., used to authenticate via the phone
- Challenge questions and Passwords must GO! Extremely insecure
- Happy take questions from the group on what security they use and provide the easiest methods to bypass it - nice interactive piece if you think this will work. I don't mind being put on the spot.
- Customer Education - it's not just an FFIEC requirement, it's just good business
- Emerging Technologies, layered security techniques, etc
- What do we do when we can't afford the "latest and greatest" security? - simple back-end authentication methods smaller institutions can employ such as spot-audits