Date post: | 16-Apr-2017 |
Category: |
Travel |
Upload: | megan-rapp |
View: | 502 times |
Download: | 4 times |
Cybersecurity Trends in the Banking Industry
Cybersecurity Trends in the Banking Industry
By: Megan Rapp
Top 3 TrendsIdentity Theft
Training and awareness
EMV CardsEuropay,MasterCard,& Visa
Identity TheftFinancial institutions play a critical role in identity theftEducating customers and employees on current cyber threatsLack of accountability with identity theft
Identity TheftWhere there is consumer data, there is risk for identity theft
After the Target breach, credit unions reissued 4.6 million debit and credit cards (Lazette, 2014).
The number of US data breaches reached record high in 2014; 783.
EMV CardsUnited States is one of the last countries to implement the chip-and-pin technology
October 1, 2015 Fraud Liability Shift
Will reduce card-present fraud
According to the Toledo Business Journal, a credit union in Ohio incurred over $100,000 in fraud losses due to card compromises (Toledo Business Journal, 2015).
EMV CardsThe implementation of EMV cards is going to change the banking industry who holds the liability.
Policy changes by MasterCard, American Express, and Visa will protect from certain liability.
Example: A bank issues EMV cards to customers, but the merchant fails to adopt the chip-and-pin technology, then merchant will face the liability in the event of a data breach.
Training is crucial when it comes to training employees and could reduce likelihood of accidental breaches
One study showed that 78% IT personnel indicated they have experienced a data breach in result of employee negligence (Abawajy, 2014).
Training and awareness is the most cost-effective form of security control!
Training and Awareness
Many companies are implementing cybersecurity awareness programs
By increasing awareness, the outcome of a security breach may decrease
Employees are frontline defense against these cyber criminals (ABA Banking Journal, 2014)
Employee negligence could cost financial institutions major loss and liabilities, and affecting the reputation of institutions.
Many banks and credit unions are starting to use the FFIEC Cybersecurity Assessment Tool (Released June 30,2015)
Training and Awareness
How would a company respond to these trends?Identity theftAs EMV cards are deployed, it should reduce card-present fraud; BUT card-not-present fraud could increase along with identity theft.
Financial institutions are educating their members with newsletters, pamphlets, and on the companys websites.
Some companies will likely start implementing methods to authenticate callers to prevent phone spoofing (ABA Banking Journal, 2014).
EMV cards
Today, 100% of fraud liability is on the card issuer
Companies are trying to determine if the cost of the technology is going to outweigh the benefits
Less than one quarter of retailers are EMV compliant
Numerous companies need to upgrade their systems, but many say its unnecessary.
Companies are reluctant on upgrading their POS systems due to how expensive it is
Training & Awareness-Many companies are starting to employ phishing awareness assessments amongst employees
FFIEC and NIST took the steps to increase awareness in the U.S. and assist companies in calculating their inherent risk profile (Stechyshyn, 2015).
For those companies that do not have a cybersecurity strategy in place, this tool will guide them in developing one.
Institutions and other businesses are already using this free resource
ConclusionThese trends are not going away anytime soonEducation is key!EMV cards are going to become the new standard. By 2016, an estimated 500 million EMV cards will be active in the U.S.Employees are the frontline defense against these threat actors. Training is imperative!
ReferencesAbawajy, J. (2014). User Preference of Cyber Security Awareness Delivery Methods. Behavior & Information Technology, 33(3), 236-247.
Lazette, M. (2014). Credit union puts chips on fraud protection. Crain's Cleveland Business, 35(4), 5. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1494489918?accountid=14580
Retailer cyber security harming area financial institutions. (2015). Toledo Business Journal, 31(6), 25. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1698149300?accountid=14580
Sauer, C. (2014). Data Security: How Much Will EMV Help?. Credit Union Magazine, 80(7), 26.
Working Together to Protect Against Identity Theft. (2014). ABA Banking Journal, 106(9),29-48
Stechyshyn, A. (2015). Security vulnerabilities in financial institutions (Order No. 1586590). Available from ProQuest Dissertations & Theses Global: Science & Technology. (1677223944). Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1677223944?accountid=14580