Slashdot Mirror
Major Financial Groups Share Data To Fight Online Theft
smitty777 writes "The Wall Street Journal is reporting on some unprecedented steps being taken by major financial institutions to combat online theft. The initiatives include a new type of data center that would be used to analyze bank data for potential security threats. Additionally, a quarterly round-table between the rivals to attack security issues was proposed. The article notes that 'security threats are pushing the big banks to do something that doesn't come naturally for these secrecy-steeped institutions: share information with one another.' A video at MarketWatch digs into it a little bit more, and points out that the banks will spend an estimated $1 billion on protection this year, which represents a 12% increase. Technologically, there has been much discussion of two-factor authentication to improve security. In fact, security officials in Singapore are even hinting at biometric solutions."
The banks have decided to consolidate their weak IT policies into a convenient one-stop shop for attacks!
No longer will you have to break into a half-dozen banks to get the personal information of millions!
Women are like electronics: you don't know how damaged they are until you try to turn them on.
Having used both name/password, electronic tokens etc. to access my financial data, I would like to see an objective analysis of their security. I personally prefer the electronic tokens used by several Dutch banks (ING, Rabobank, ABN AMRO), above the name/password features used by American banks (BofA, Wells Fargo, Chase, JP Morgan, Credit unions, etc.). But the main question is: how do they perform in real-life? Which schemes lose more money to scamming or phishing?
Evaluating the performance of my parents (70+) with modern authentication schemes, does not bode well. My parents are generally unable to distinguish phishing mail from real mail - how should banks balance the convenience of email against the requirements for safety?
Can anyone point to objective evaluations of bank security and authentication schemes?
Biometrics; great; Like in Mexico, they will take your hand if you are lucky. If you aren't lucky, the bank will have some kind of life detector which will check if the hand is alive. In that case the gang just takes you along with your hand and then disposes of both together after the crime. With the exception of the situation where there's a guard actually checking that the ID system is being used right by a single person, what could be stupider than using a security token you can't change.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Biometrics must be the 'security' concept that combines the worst features with the best wiz-bang sci-fi aesthetic appeal... I can only assume that it was invented during a sort of 'product blackjack', where a group of players competed to see who could come up with the most awful ideal that could still be successfully sold...
"Hey guys, I'm trying to build a truly awful security system. Can anybody think of something like a password, only absurdly hard to change voluntarily, occasionally changed traumatically by forces beyond the user's control, and preferably left in traces all over the place during the course of daily life? Drinks are on me if successfully compromising it for one institution renders it strongly likely that it will be compromised across a large number of unrelated ones simultaneously!"
Banks have already been sharing info with the National Cyber-Forensics & Training Alliance (NCFTA) which is a non-profit non-government entity. The NCFTA acts as a middle man between banks/other high value targets and law enforcement. They also do aggregate analysis on the attacks seen by multiple institution to determine if there are larger trends.
Of course it sounds good that the banks want to coordinate their security efforts. Probably one part of their analysis has to create profiles of common usage to be able to discern uncommon and possibly dangerous usage. These profiles will be much more detailed than their internal ones. Might they not use those profiles for other things like customer scoring, targeted advertising, etc., too? Or should I assume that they already share some data about their customers?
Trust me, if a big company does something, it's either legal already for them, or is about to be as soon as they send their lobbyists to DC.
Large corporations effectively have sovereign immunity.
How about the consumer and unions come together and take unprecedented steps to combat theft by banks and the Wall Street? First they commited fraud in multi-billion dollars, then get the money from the tax payers to not get bankrupt and now forcing the Europe and the USA into a degaced long recession by austerity and anti-labor politics.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
> Like in Mexico, they will take your hand if you are lucky. If you aren't
> lucky, the bank will have some kind of life detector which will check
> if the hand is alive.
> In that case the gang just takes you along with your hand and then
> disposes of both together after the crime.
Wow...'Talk to the hand!' will get a whole new meaning now...
Unless you are a loan officer or manage loan officers there is no money in banking, especially not in I.T. Never has been, never will be. Over 10 years working I.T. for many banks proved that to me, until I finally wised up and got out of the industry. They don't spend a single penny more than they have to on salary, hardware, software, or security. Maybe this will change when a new generation of presidents, board members, etc comes to power, but as long as it's still the same old white men you can give up any hope of them doing anything more than they absolutely have to.
Just one quick example - back in 2001 or so I was getting ready to install an internet connection to the brand new ethernet lan at a smaller-sized community bank (avg annual profit of about $1.5 million). I quoted something like $2-3k for a Cisco firewall and was told there was no way in hell I could spend that much. Either I find something for under $200 or we go without a firewall altogether.
The banks are considering two-factor authentication? That's great! Now my bank account will finally be as secure as my World of Warcraft account!
http://us.battle.net/support/en/article/battle-net-mobile-authenticator-faq
(Seriously, my favorite online game has been offering two-factor authentication for years. Why is this a new revelation to banks?)