/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Morgan Stanley fined $60m over data centre decommissioning failures

The Office of the Comptroller of the Currency (OCC) has hit Morgan Stanley with a $60 million penalty for failing to properly decommission two wealth management data centres in 2016.

Continue reading »

Finding new ways to operate & transform with machine learning

More news
Discussion
Why we should avoid fraud shaming breach victims
Brian Foster

Brian Foster

  What I find most disturbing is how companies across Europe and across the world, are being depicted as footloose and fancy free with their customer’s personal data! Article after article seems hell bent on exposing companies who have suffered a data leak where this publicity will in many cases irreversibly damage those companies reputations by implying they shouldn’t be trusted with personal data as it will be stolen! The important point here is the word “stolen” because the “selling” of personal data without a customer’s permission is of course absolutely wrong and it was the introduction of GDPR that made it a very serious offence! However when data is “stolen”, whilst still a very serious issue it is quite different for blatantly obvious reasons and yet we find company after company being treated in the media in such a way that can place in jeopardy their very existence when in reality it is they, along with their customers, who should be treated as victims. I’m sure many reading this will be of a mind that it is only because of weak security protocols, outdated IT systems and lack of staff training that leads companies into a serious data breach and I would agree, however if you asked the worlds leading cyber experts “is there any cyber security system that is impenetrable by even the most sophisticated cyber criminals” you will all know what the answer would be… no system is 100% safe… probably not even 90% I would hazard a guess! So hypothetically if a company had the most advanced cyber security with the most highly trained staff and the most sophisticated IT system in the world and they had a data leak and every single piece of their customers personal data was stolen… what does that say about the regulations!! In my view it has been a classic case of LAZY LEGISLATION and with the exception of fines for selling personal data without permission, most of the rest is just taxation where little thought is given to the consequences to small businesses who suffer a data breach. Many businesses are unable to afford the cyber security systems they should have and are less likely to survive the financial repercussions of any adverse publicity! In many ways it is similar to Speed Camera legislation. They will always be defended as instrumental in bringing down the number of accidents and possibly they have but to many it is generally accepted as being yet another form of taxation. I can clearly recall being caught doing 46mph in a 40mh zone at just past midnight on a very quiet country road with nobody around! After two years of GDPR and the likelihood of continuing growth in cybercrime it is time for a re-think in the legislation. In my view there should be mandatory security specifications set out in the legislation and enforced by the ICO. This would provide every business with a minimum standard of cyber security... a benchmark... they should have in place. At least a business would then know where they stand where failure to have reached that standard when a data breach occurs then they would have to suffer the consequences of failing to take the issue seriously. At the moment even a minor data breach could bring a catastrophic end to your company!  
Why we should avoid fraud shaming breach victims
Ketharaman Swaminathan

Ketharaman Swaminathan

  Good post. Quite often victims get defrauded because they leave a wide "open goal", thus increasing their susceptability to fraud. While it's not wrong to call that out occasionally so that others can avoid getting defrauded, I agree that fraud is a b****y crime and that fraudsters must be punished to the fullest extent of the law.
Why the world needs PIN
Vernon Crabtree

Vernon Crabtree

  The reason the PIN is so well trusted is because it is securely encrypted right from the device through the whole payment chain - enforced by scheme and banking rules and regulations. With internet payments, an untrusted user device is involved, which makes using the PIN on it a bad idea as there is too much potential for the PIN to be exposed. The introduction of cards with built-in fingerprint readers or cards with in-built display/PIN entry capability can alevieate this challenge - but ubiquitous consumer devices are needed to interface to these cards (e.g. laptops/keyboards with built-in contactless reader or external PIN entry devices etc.). Apple's refusal to allow developers access to the NFC chip does not help in this space - forcing them to think of other solutions that works across multiple platforms. There are many solutions thought of, but they are all different - which confuses consumers and makes it hard for them to be safe. This is the main challenge currently
Why the world needs PIN
Ketharaman Swaminathan

Ketharaman Swaminathan

  Talk of reduction in fraud driven by a certain security measure is meaningless unless it's accompanied by talk of how much failed transaction / revenue loss was caused by the security measure. IMO, fraud is a <1% problem whereas revenue loss is a >10% problem. I've long held that 2FA is a conversion killer and echo widespread fears that SCA will cause huge loss of revenues for Merchants. And anyone who has lived in a 2FA regime would know that security measures in payments really protect the interest of banks more than consumers. 
Security Analysis
See all Analysis »
Webinar - Prioritising real-time payments today, not tomorrow
/event information

Webinar - Prioritising real-time payments today, not tomorrow

内蒙快3预测推荐号码There is more to real-time payments than speed.

Webinar - Optimising cloud governance with increased automation
/event information

Webinar - Optimising cloud governance with increased automation

内蒙快3预测推荐号码In the highly regulated financial services industry, cloud governance has taken centre stage as expectations for enhanced controls for security, data privacy and resiliency continue to increase.

Webinar - Open Banking: Is attack the best form of defence?
/event information

Webinar - Open Banking: Is attack the best form of defence?

内蒙快3预测推荐号码Large incumbent banks’ may find themselves caught between the necessity to hang onto their millions of customers and the desire to significantly expand their base through embracing new technology and regulation.

Elsewhere...
Richard Dupree

The Three Lines of Defence: Time to Recall the Kraken?

Richard Dupree - Contributing Editor, Finextra
内蒙快三和值开奖 内蒙快三开奖模拟器 内蒙快三推荐与预测 内蒙快三预测 内蒙快三预测一定牛 内蒙快三综合走势图表 内蒙麻将官网 嫩草影院,钻石娱乐 能微信充值的竞彩软件 泥巴体育