As banking transactions occur in an evermore electronic realm, regulations, monitoring, and detection solutions are required to protect consumers from privacy breaches, cyber fraud and even faceless maliciousness executed by 21st century criminals such as botnets.
What is a botnet? Microsoft provided a breakdown of where the terminology came from: “The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it”.
Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet. Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals.
This threatening new world requires vigilance not only by banking institutions by consumers themselves.
The Federal Financial Institutions Examination Council (FFIEC) was formed in 1979 to create standards for the federal examination of banks, credit unions and other financial institutions. A number of agencies in the financial industry are involved with the FFIEC including the Federal Reserve System, the Federal Deposit Insurance Corporation and representatives of several state regulatory associations.
Every U.S. financial institution is regulated by a relevant federal agency which has the power to oversee entities and take action against violations of laws, rules or regulations, unsafe practices and breaches of fiduciary duty. The FFIEC’s Consumer Help Center ( http://www.ffiec.gov/consumercenter/default.aspx ) helps consumers with complaints about their financial institution find the appropriate regulatory agency.
Among its compliance reporting initiatives, the FFIEC offers interpretation, technical reporting requirement and FAQs for financial institutions explaining a veritable alphabet soup of acronyms including the HMDA (Home Mortgage Disclosure Act), the CRA (Community Reinvestment Act) and the S.A.F.E. Act (Secure and Fair Enforcement for Mortgage Licensing Act). The FFEIC website also provides financial institutions with access to a rate spread calculator, census reports and a mapping system for geocoding loans to ensure institutions are meeting legal reporting requirements.
When it comes to fighting fraud, Users have power they may not be enabling to protect themselves including basic protocols like using strong passwords, protecting personal information and vigilance of personal accounts. Banking institutions that educate their consumers and correct user behavior do better at reducing and catching fraud schemes. Users, including consumers, have a responsibility to ensure the security of the overall system.
RISC Management & Consulting can help financial institutions navigate the maze of privacy rules, security regulations and reporting requirements and create consumer education programs that ensure compliance and security. RISC can assist your organization in developing priorities, creating policies and procedures, identifying timelines, and we can even carry them out for you. RISC can assist you in preparing or assessing your systems, infrastructure and practices against the FFIEC IT Handbook.
Sources:
http://ffiec.bankinfosecurity.com/
http://www.microsoft.com/security/resources/botnet-whatis.aspx
Filed under: Business Continuity, Data Breach, Education, Tip of the Week, Vulnerability Testing & Management