Download - Hold back the invisible enemy
Security
https://www.deloitte.com/assets/Dcom-Turkey/Local%20Assets/Documents/uk-cb-deloitte-consumer-review-4th-edition.pdf
Threats
Fundamental threats (1)
Disclosure
Tampering
Denial of service
Repudiation
Illegitimate use
Enabling threats (2)
Masquerade
Trojan Horse
Virus
Control bypass
Authorisation violation
ThreatsSpecial notes:
Phishing
website
trust/urgency
CNP transactions
stolen card
stolen card details
operate at distance
http://www.antiphishing.org/
Threats• Spyware• Phishing• Viruses• Hacking
https://www.homefederal.com/news/article/common_threats_to_business_online_banking_security/
Threats
https://www.vasco.com/services/services/consulting/e-banking_security.aspx
Safeguards
Authentication (two/three factors)
Access control
Confidentiality
Integrity
Accountability
Physical
Personnel
Media
Emanations
Administration
Lifecycle
Security
https://www.deloitte.com/assets/Dcom-Turkey/Local%20Assets/Documents/uk-cb-deloitte-consumer-review-4th-edition.pdf
Security policy
New security features
pictures on login page
user tracks suspicious sites
special questions for users
Security policy
https://www.vasco.com/services/services/consulting/e-banking_security.aspx
Security policy
https://www.fsisac.com/sites/default/files/news/Destructive%20Malware%20Paper%20TLP%20White%20VersionFINAL2.pdf
Security policy
https://www.fsisac.com/sites/default/files/news/Destructive%20Malware%20Paper%20TLP%20White%20VersionFINAL2.pdf
DE
TE
CT
15
Anti-money laundering
Management needs to recognize electronic banking as a potentially high-risk area and develop adequate policies, procedures, and processes for customer identification and monitoring for specific areas of banking.
Risk Factors
Risk Mitigation
Transaction Testing
Source: http://www.ffiec.gov