Banks Banking on Network Security
By Kelly Crancerp. 328
670,000 account numbers and balances were seized by New Jersey mastermind.Bank of America, Commerce Bancorp, PNC Financial Services Group, and Wachovia were the victimsIn the past, banks found the cost too high to invest in the security technology.Now, the market value of personal information becomes important, causing banks to invest in the technologies.
Worm reroutes the bank’s URL to thief's browserSiteKey-two factor authenticationImagePhraseThen, enter passwordUnusual computer-answer a personal question
“Out-of-Wallet” questions-not found on driver’s licenseKey fobs-change password every 60 secondsTwo-factor authentication pilot-small businesses making electronic transfers will need the key fob
E-trade financial corporation
Customers with more than $50K-free Digital Security ID for network authenticationDisplays new 6-digit codes every 60 seconds to log on with
Online-transfer delays to detect suspicious activityDue to phishing incidents-large transfers from victims’ accounts to “mules” accountsCreated based on e-mail solicitationsMonitoringactionsNotifies customers when logging in at different city than normal or numerous transfers
What reason would a bank have for not wanting to adopt an online-transfer delay policy?Customers can’t access their funds immediately.Why is network security critical to financial institutions?All the bank’s money is accessible via the computer and could be stolen with little record of where it went.
Explain the differences between the types of network security offered by the banks in the case. Which bank would you open an account with and why?Bank of America has the best form to fit my needs with the two-factor authentication.I don’t see the need for key fobs with different passwords so frequently with Wells Fargo.E-Trade would be better for their customers with large sums of money using the device with a new code ever 60 seconds.Barclays’ delays would not be as important to me, with smaller sums of money because I need immediate access at certain times.
What additional types of network security, not mentioned in the case above, would you recommend a bank implement?I think a device with fingerprint hardware would be very valuable to online bank users.Identify three policies a bank should implement to help it improve network information security.Be willing to change with technology.Make users change their passwords frequently.Have monitory verification managers to watch suspicious activity.
Vishing-(high-tech scheme, low-tech tool) using the telephone to ask for account informationMakes the caller ID look legitimate“phishing”-V stands forvoiceIf you get a call requesting this information, hang up and call your bankIf it was a real bank request, they will let you give it when you call backOtherwise, report the callerVishingScams-DialingFor Your DollarsByJustin Pritchard,About.comhttp://banking.about.com/od/securityandsafety/a/vishingscam.htm