Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
Card-issuing banks struggle to find the balance between consumer satisfaction and protection. And in the wake of the Michaels breach, the financial industry knows it has to make a change. One industry expert says stronger card authentication is the answer, and he favors chip-based or EMV-like solutions.
Two stories stand out when I look back on the month of May: the POS PIN pad swap scheme that hit Michaels crafts stores in more than 20 states and the insider job at Bank of America that led to $10 million being stolen from some 300 customer accounts.
Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies, has been in privacy management for more than a decade, and he has two main concerns about today's enterprise: Mobile technology and cloud computing.
It's been nearly two years now since the corporate account takeover spree began. So, what exactly are the courts, institutions and the financial services industry doing today to prevent further incidents of fraud?
SWIFT's Gottfried Leibbrandt says conflicting regulatory mandates could further fragment the international payments market, if banks and governments don't align their strategies. Communication among governments, regulators and global financial institutions is critical.
ThreatMetrix's Taussig says strong authentication should be part of every financial institution's layered security approach. And according to expected changes to the Federal Financial Institutions Examination Council's 2005 online authentication guidance, that means proven measures to enhance device identification.
"No one up here wants to stop Apple or Google from doing the incredible things that you do," Sen. Al Franken says. "What today is about is trying to find a balance between all of those wonderful benefits and the public's right to privacy."
Bankers aren't waiting for the FFIEC to act on the release of its updated online authentication. Instead, they've already begun to comply with the major points recommended in the draft. And the death of Osama bin Laden has heightened concerns terrorists' efforts to launder money through legitimate banking channels.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.