Consumer Banking Security Products & Services

/0 Comments/in /by

Today’s banks aren’t your “Dads’” bank. Having been around for hundreds of years, banks are a significant part of our everyday lives. Traditionally, banks haven’t been known for their “thought leadership” in technology, but today’s banks have to be cutting edge to compete, and stay secure.

All the conveniences of digital banking have its set of risks which requires upgrades in card technologies and authentication. In response banks have provided numerous methods for protecting your personal information and also making your banking experience more secure domestically and internationally.

Multifactor authentication: This is generally something the user knows like a password plus something the user has like a smart card and/or something the user is like a fingerprint. In its simplest form, it is when a website asks for a four digit credit card security code from a credit card, or if our bank requires us to add a second password for our account.

Key chain fobs: Some institutions offer or require a key fob that provides a changing second password (one-time password) in order to access accounts, or reply to a text message to approve a transaction.

Travel credit cards: Americans who travel abroad are finding that many smaller merchants and most unattended kiosks overseas won’t take their American based credit card leaving them high and dry and making cash a necessity and credit cards useless in these situations. Travelers can use their old magnetic stripe cards, but will often find resistance or outright refusal of acceptance.

In response big banks are issuing new EMV cards also known as “Chip and Pin” or smartcards.

SMS Banking: Banks know you are going mobile and have built secure infrastructure to accommodate banking on the go. One option might include receiving notifications of various banking transactions for security purposes. SMS banking is also handy when the consumer wants to check an account balance before heading to an ATM.

Ask your bank what they offer to keep you safe and secure. You’d probably be surprised at how much they have evolved with technology.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How Does Your Bank Protect Your Data?

/0 Comments/in /by

Consumers tend to be oblivious to the various layers of security financial institutions utilize to protect their bank accounts. But having a better understanding of what occurs behind the scenes can help consumers adapt to influential new technologies.

The Federal Financial Institutions Examination Council responds to innovations and increases in cybercrime with updated security guidelines for banks and financial institutions. In January of 2012, new rules went into effect requiring banks to protect their consumers with increased security. One of the FFIEC’s key recommendations for eliminating fraud is consumer awareness and education.

Financial institutions have established a layered security approach that includes multi-authentication, which may involve requiring users to punch in a second security code or carry a key fob, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen. This defense-in-depth approach is all about assessing risk throughout multiple points on an organization’s website.

These layers of security include:

Device identification: Complex device identification identifies the user’s PC, mobile, or tablet. The next evolution of security is device reputation management, incorporating geolocation, velocity, anomalies, proxy busting, browser language, associations, fraud histories, and time zone differences.

Out-of-wallet questions: “What’s your mother’s maiden name?” “What’s your Social Security Number?” “What are your kids’ names?” or “When were you born?” are examples of typical challenge questions, as opposed to out-of-wallet questions, which are generally opinion-based, such as, “What is your favorite vacation spot?” “What is your favorite flavor of ice cream?” or “What is your favorite book?”

Malware prevention & detection: Many banks offer antivirus, anti-spyware, and anti-phishing tools from well-known security vendors as full suites of total protection products.

You can take comfort in knowing that your bank has systems in place to protect your investments. But you should also bear in mind that your own PC or mobile that might be the weakest link in the process, so be sure to keep your device secure.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Online Banking Vs. Mobile Banking

/0 Comments/in /by

While PC-based online banking is not much older than a high school student, mobile banking is still in elementary school. With the proliferation of smartphones, however, online banking’s younger sibling is quickly catching up to the slightly more established option.

Banking through your PC’s web browser offers a full menu of services. You can easily and conveniently schedule payments, transfer funds, add new payees, open new accounts, apply for loans, view current and past statements, and access information about specific checks that have been deposited. A PC or Mac allows you to view an extensive array of details and options, giving you full control of your accounts.

Mobile banking is very popular internationally. In some parts of the world, traditional banking infrastructure is not consistently available, and so mobile banking is the primary banking option. With a few exceptions, mobile banking, typically conducted via mobile application, offers the same basic features as browser-based online banking. In particular, mobile banking emphasizes “transactional” features, such as bill payments, check deposits (where available, this feature allows a customer to take a picture of a check to be deposited), mobile person-to-person payments, and balancing checks.

Mobile banking can also offer additional security by enabling text-backs, which employ a customer’s phone as a second form of authentication when using either browser-based or mobile banking.

If you use your smartphone to access your bank’s website directly, the website may recognize that you are using a mobile browser and automatically offer you a dedicated application. If not, search your preferred mobile market or app store to see what your bank offers. Either way, it’s a good idea to give mobile banking a try. It’s a time-saver that can often be more secure than traditional online banking.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Use Cases for NFC in non-payment scenarios. Where else will we see this technology flourish?

/0 Comments/in /by

Near Field Communications (NFC), is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

NFC handsets are set to increase to about 80 million next year. Gartner estimates that that 50% of smartphones will have NFC capability by 2015.

But not all NFC revolves around mCommerce. The usage of NFC  for identity documents and keycards are widely deployed.

And then theres FeliCa, is a contactless technology that is widely deployed in Asia for public transportation, access management, event ticketing, customer loyalty programs and micropayments. As of March 2011, there were over 516 million units of FeliCa IC Chips worldwide, incorporated in 346 million cards and 170 million mobile phones.  Gemalto and Sony Corporation have established an agreement to provide FeliCa / Near Field Communication (NFC) solutions globally.

“With FeliCa’s proven commercial adoption particularly in the Asian markets, we strongly believe that our agreement with Sony will enable Gemalto to build the foundation for significant expansion for both companies at a global scale,” added Tan Teck-Lee, Chief Innovation & Technology Officer and Asia President of Gemalto. “Gemalto’s UpTeq NFC SIM is set to trigger the mass deployment of mobile NFC services now, while providing operators the flexibility to expand their offer in the longer term.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Banking – How to Balance Security and Convenience With Online and Mobile Banking

/0 Comments/in /by

Users of online and mobile banking know that financial institutions have a layered security approach in place. Those layers include multifactor-authentication, which may mean requiring users to punch in a second security code or carry a key fob, as well as due diligence in identifying customers as real people whose identities haven’t been stolen, and consumer education.

These multilayers may not always be convenient, but they certainly are geared towards making your online banking experience more secure.

Both mobile and online banking reduces time and expenses by allowing customers to review transactions, transfer funds, pay bills, and check balances online or over your mobile carriers network from anywhere.

Enhanced security with SMS transaction notifications and the ability to turn card accounts on or off, and new technologies like mobile check deposit, in which you simply take a cell phone picture of the check, are contributing to the increasing popularity of mobile banking. Eventually, mobile phones may even replace ATMs and credit cards.

As convenient as this is, you still need to consider security.

Set a passlock to access your mobile that times out in one minute.

Set your computer’s operating system to automatically update critical security patches.

Keep your mobile operating system updated.

Make sure your firewall is turned on and protecting two way traffic.

Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.

Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network.

Never click links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.

Beware of SMiShing which is like phishing but it’s in the form of malicious text messages.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How safe is my identity? What are the latest threats? How do I protect myself?

/0 Comments/in /by

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Identity theft occurs when someone takes your personally identifiable information (PII), and misuses it, abuses it, and adapts it to his or her own life, often for financial gain.

From the report:

  • Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010.
  • One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.
  • Javelin examined social media and mobile phone behaviors and identified certain social and mobile behaviors that had higher incidence rates of fraud than all consumers. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud.
  • Consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity
  • 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—all are prime examples of personal information
  • Those with public profiles (those visible to everyone) were more likely to expose this personal information
  • Seven percent of smartphone owners were victims of identity fraud. 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost
  • 67 percent increase in the number of Americans impacted by data breaches compared to 2010

Protect yourself:

Lock down your PC with antivirus, antispyware and antiphishing. Update your computers operating systems critical security patches.

Keep social media professional. Once you start sharing every aspect of your life online, you begin to give away some answers to knowledge based questions to reset account passwords.

Watch your accounts closely. Look at your statements online weekly for unauthorized activity. Report fraud immediately.

Get identity theft protection and/or a credit freeze.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

A look into the cyber security legislation: What does it mean for citizens?

/0 Comments/in /by

The White House issued a statement in regards to our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cyber security an Administration priority.

From The Desk of President Obama: “We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control… But just as we failed in the past to invest in our physical infrastructure – our roads, our bridges and rails – we’ve failed to invest in the security of our digital infrastructure… This status quo is no longer acceptable – not when there’s so much at stake. We can and we must do better.”

Members of both parties in Congress have also recognized this need and introduced approximately 50 cyber-related bills in the last session of Congress. The proposed legislation is focused on improving cyber security for the American people, our Nation’s critical infrastructure, and the Federal Government’s own networks and computers.

#1 National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cyber security, thus helping to stem the tide of identity theft.

#2 Penalties for Computer Criminals. The laws regarding penalties for computer crime are not fully synchronized with those for other types of crime.

#3 Protecting our Nation’s Critical Infrastructure. Our safety and way of life depend upon our critical infrastructure as well as the strength of our economy. The Administration is already working to protect critical infrastructure from cyber threats.

#4 Protecting Federal Government Computers and Networks.  Over the past five years, the Federal Government has greatly increased the effort and resources we devote to securing our computer systems.

#5 New Framework to Protect Individuals’ Privacy and Civil Liberties. The Administration’s proposal ensures the protection of individuals’ privacy and civil liberties through a framework designed expressly to address the challenges of cyber security.

Our Nation is at risk. The cyber security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.

Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful tool that must be used intelligently and cautiously. Do your part to protect your little network and we will all be that much safer.

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

SXSWi Sneak-Peek: First Look At Gemalto’s Mobile Idea/Next Lounge

/0 Comments/in /by

South by Southwest Interactive (SXSWi), March 9-13, 2012 in Austin, Texas is an incubator of cutting-edge technologies. The event features five days of compelling presentations from the brightest minds in emerging technology, scores of exciting networking events hosted by industry leaders, and an unbeatable line up of special programs showcasing the best new websites, video games, and startup ideas the community has to offer. From hands-on training to big-picture analysis of the future, SXSW Interactive has become the place to experience a preview of what is unfolding in the world of technology.

Gemalto, a digital security leader, will be hosting the Mobile IDEA/NEXT Lounge on the 6th floor of the Hilton throughout SXSW Interactive. The lounge will serve as a hub for those attendees interested in learning, engaging, and sharing in discussions around all aspects of mobility—from the mobile phone to the cloud—and the digital security solutions they necessitate.

There will be a ton of talks and events happening each day in the IDEA/NEXT Lounge. From daily talks and influencer podcasts to daily happy hour panel discussions, the Lounge will be a hub of activity. Even with all that planned, Gemalto wants to hear from SXSW Interactive attendees. Feedback can be sent via Twitter to @JustAskGemalto or @Gemalto_NA.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How Safe Is Paying With Your Phone?

/0 Comments/in /by

mCommerce, or mobile commerce, refers to financial transactions conducted via smartphones or other mobile devices. But are mobiles really meant for financial transactions?

While about a third of mobile phone users remain unwilling to dabble in mCommerce due to identity theft concerns, the majority of users are apparently comfortable making purchases with their phones, just as they would with a PC.

mCommerce’s strength is the variation between mobile operating systems and handset technologies from different manufacturers, which makes it difficult for criminals to create and distribute mobile malware. Additionally, mobile carriers’ networks have higher levels of encryption, making it more difficult for a hacker to access a 3G connection, for example.

Handset manufacturers, application developers, and mobile security vendors continue working to improve mobile security. Banks are offering a consistent sign-on experience for both their online and mobile channels, including multifactor authentication programs for mobile.

Consumer Reports estimates that almost 30% of Americans that use their phones for banking, accessing medical records, and storing other sensitive data do not take precautions to secure their phones.

Download a mobile security product such as McAfee Mobile Security. This is particularly crucial for Android users, as Androids tend to be more vulnerable to attacks.

Use your carrier’s 3G connection to send sensitive information, rather than Wi-Fi.

Use your bank’s dedicated mobile application, rather than accessing their main website via mobile device.

Set your device to lock automatically after a set period of time.

Invest in software that can remotely lock, locate, and wipe a missing mobile.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How will NFC change the mobile wallet?

/0 Comments/in /by

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

USA Today reports that the number of NFC handsets is set to increase from about 34 million this year to about 80 million next year. Gartner estimates that growth in handsets will exceed 100 million in 2012, and that that 50% of smartphones will have NFC capability by 2015.

The short list of big players, which includes Google, Citibank, MasterCard, Gemalto, First Data, VeriFone, Samsung, Sprint, AT&T, T-Mobile, Verizon and  Isis, are all deploying some version of a mobile wallet. Isis’s website promises, “Mobile wallet will eliminate the need to carry cash, credit and debit cards, reward cards, coupons, tickets, and transit passes, fundamentally changing how you shop, pay, and save. All with your phone.” And all powered by NFC.

NFC can also be used to connect online gamers. Within social networking websites, NFC can facilitate the distribution of coupons that can be scanned at in-store terminals.

Soon, we will see online retailers embrace the potential benefits of NFC in order to create effective loyalty programs, supported by online advertising and social media campaigns

With full deployment, near field communication will make every day transactions incredibly convenient. If you think your cell phone is your everything today, wait until you see what’s coming next!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures