By Kelly Crancer p. 328

decisioncrunchNetworking and Communications

Nov 20, 2013 (3 years and 4 months ago)

68 views

By Kelly Crancer

p. 328


670,000 account numbers and balances were
seized by New Jersey mastermind.


Bank of America, Commerce Bancorp, PNC
Financial Services Group, and Wachovia were
the victims


In the past, banks found the cost too high to
invest in the security technology.


Now, the market value of personal
information becomes important, causing
banks to invest in the technologies.


Worm reroutes the bank’s URL to thief's
browser


SiteKey
-
two factor authentication


Image


Phrase


Then, enter password


Unusual computer
-
answer a personal
question


“Out
-
of
-
Wallet” questions
-
not found on
driver’s license


Key fobs
-
change password every 60 seconds


Two
-
factor authentication pilot
-
small
businesses making electronic transfers will
need the key fob


Customers with more than $50K
-
free Digital
Security ID for network authentication


Displays new 6
-
digit codes every 60 seconds to
log on with


Online
-
transfer delays to detect suspicious
activity


Due to phishing incidents
-
large transfers from
victims’ accounts to “mules” accounts


Created based on e
-
mail solicitations


Monitoring actions


Notifies customers when logging in at different
city than normal or numerous transfers


1.
What reason would a bank have for not
wanting to adopt an online
-
transfer delay
policy?


Customers can’t access their funds
immediately.

2.
Why is network security critical to
financial institutions?


All the bank’s money is accessible via the
computer and could be stolen with little record
of where it went.

3.
Explain the differences between the types of
network security offered by the banks in the
case. Which bank would you open an account
with and why?


Bank of America has the best form to fit my needs
with the two
-
factor authentication.


I don’t see the need for key fobs with different
passwords so frequently with Wells Fargo.


E
-
Trade would be better for their customers with
large sums of money using the device with a new
code ever 60 seconds.


Barclays’ delays would not be as important to me,
with smaller sums of money because I need
immediate access at certain times.

4.
What additional types of network security,
not mentioned in the case above, would
you recommend a bank implement?


I think a device with fingerprint hardware
would be very valuable to online bank users.

5.
Identify three policies a bank should
implement to help it improve network
information security.


Be willing to change with technology.


Make users change their passwords frequently.


Have monitory verification managers to watch
suspicious activity.


Vishing
-
(high
-
tech scheme, low
-
tech tool)
using the telephone to ask for account
information


Makes the caller ID look legitimate


“phishing”
-
V stands for voice


If you get a call requesting this information,
hang up and call your bank


If it was a real bank request, they will let you
give it when you call back


Otherwise, report the caller



Vishing

Scams
-
Dialing For Your Dollars


By
Justin Pritchard
, About.com


http://banking.about.com/od/securityandsafety/a/vishingscam.htm