Tuesday, May 27, 2008

Daily Report

• According to CBS News, a major supplier of material used in military and commercial cargo-carrying aircraft may be endangering passengers with products that do not meet specifications and can leave behind contaminants that weaken finished parts. (See item 20)

• Reuters reports that U.S. federal agencies must do a better job of sharing information with each other as well as state, local, and private organizations to combat deadly bacteria such as E. coli that threaten thousands of people each year, according to a study by the Centers for Disease Control and Prevention released on Thursday. (See item 28)

Banking and Finance Sector

13. May 23, Republican-American – (National) Security breach could involve more banks. A security breach at the Bank of New York Mellon Corp. may have compromised the information of customers at several other banks, Connecticut’s attorney general said Thursday. A preliminary investigation indicated that computer tapes that disappeared in February included data from the Bank of New York Mellon and People’s United Bank of Bridgeport. It also may have included the data of customers of Webster Bank, and Wachovia, the attorney general said. People’s has acknowledged sharing its customers’ information with the New York bank. It was unclear why the Bank of New York Mellon had information on other two banks’ customers. The tapes contained millions of Social Security numbers, names and addresses and possibly bank account numbers and balances, he said. Source: http://www.rep-am.com/news/doc4836b62357510423039668.txt

14. May 23, Tech World – (National) Banker: Payment collaboration to curb Internet fraud. With the business of Internet banking changing and online threats growing, the industry needs to adapt and integrate security technology across more channels and be more collaborative to reduce fraud, according to a Standard Chartered Bank consumer banking risk advisor. He said there is a problem with payment security in general and even the recent trend of two-factor authentication is not a remedy. During his keynote address on implementing multi-factor authentication for Internet banking at this year’s AusCERT security conference, the specialist spoke of how his personal experience with electronic payments spurred his professional interest. As far as the fraudsters are concerned, the theft of funds needs to be automated, which means they need to have some form of straight-through processes of their own. As they do this the banks are moving to faster payments due to demand from customers. The specialist used the term “Payment Security 1.0” to describe the next evolution in electronic financial transactions which involves more contextual information from the user and the bank. “Two-factor authentication does improve security, but it could be better. You should know what’s going on in the transaction and authorization can be a multi-party dilemma,” he said, adding there could be times when the bank is involved. Standard Chartered has now implemented two-factor authentication in five countries with plans to extend it to twenty. Of the two-factor authentication methods - including tokens, display and “bingo” cards, SMS, and IVR call back - Standard Chartered is deploying them in various ways in different countries. Source: http://www.networkworld.com/news/2008/052108-banker-payment-collaboration-to-curb.html

15. May 23, Insurance Journal – (National) FBI says fighting financial crimes a priority; insurance cases top 200. The Federal Bureau of Investigation pursued 529 financial crime cases in its most recent fiscal year, including 209 insurance fraud cases. The FBI said it expects the number of cases and subsequent arrest and conviction statistics to rise in the near future as more fraud is uncovered in the wake of Hurricane Katrina. The insurance fraud cases are included in the FBI’s Financial Crimes Report to the Public, Fiscal Year 2007, which discusses corporate fraud, securities and commodities fraud, health care fraud, mortgage fraud, insurance fraud, mass marketing fraud, and asset forfeiture/money laundering. “Financial crimes affect the economic security of millions of Americans, and the FBI is dedicated to working with our partners in industry and law enforcement to combat these offenses,” said Assistant Director, FBI Criminal Investigative Division. Some key findings presented in the report include: As of the end of FY 2007, 529 corporate fraud cases were being pursued by the FBI, several of which involve losses to public investors that individually exceed $1 billion; 2,493 health care fraud cases; 1,204 pending mortgage fraud cases; and 548 money laundering. The report said the FBI considers insurance fraud an investigative priority, due in large part to the insurance industry’s significant status in the U.S. economy. The Coalition Against Insurance Fraud (CAIF) estimates that the cost of fraud in the industry is as high as $80 billion each year. This cost is passed on to consumers in the form of higher premiums. Source: http://www.insurancejournal.com/news/national/2008/05/23/90276.htm

16. May 22, Computerworld – (National) ING looks to help customers secure online transactions. Despite numerous security measures by online banks and e-commerce sites to secure consumer data, few have been able or even willing to directly protect customers using their sites from phishing scams and data-stealing malware. Among those looking to make a change is online bank ING Direct USA, which this week made available a small software tool from Trusteer Inc. that is designed to protect consumers against online fraud and ID theft. Trusteer’s Rapport software, available as a free download, helps protect customers by essentially building a secure connection between a users’ desktop and the Web site he is accessing, said the Trusteer CEO. All communications and transactions between the user and the site are carried out within this secure tunnel, he said. The goal is to prevent the data that is exchanged during an online transaction from being stolen by keystroke loggers and other types of threats such as man-in-the-middle attacks and session hijacking, he said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9088259&intsrc=hm_list

17. May 22, News-Gazette – (Illinois) ‘Phishing’ scam involves e-mails, phone requests. Credit union and telecommunications officials are warning Champaign-Urbana, Illinois, area residents about recent waves of “phishing” scams trying to get private credit information. The president of Land of Lincoln Credit Union based in Decatur, said members and nonmembers have received e-mails, text messages and direct phone calls since late May 13, all asking for information on credit union accounts, credit cards or debit cards. “We want our members and the general public to know we don’t ask for account information. We already have that information. They need to be careful.” Consolidated Communications, which offers phone, Internet and cable television services, including offices in Charleston and Mattoon, also put out warnings Tuesday to its customers about the scam. The phony calls asked people to call a phone number in the 303 area code, a spokeswoman for Consolidated Communications said. The scam included asking people to complete a survey and receive cash, notices that accounts or cards had been suspended or claims that the credit union on-line banking services were down. In all cases, the messages or calls asked people for their account information or credit or debit card account numbers and personal identification numbers. Source: http://www.redorbit.com/news/technology/1399110/phishing_scam_involves_emails_phone_requests/

Banking and Finance Sector

13. May 23, Republican-American – (National) Security breach could involve more banks. A security breach at the Bank of New York Mellon Corp. may have compromised the information of customers at several other banks, Connecticut’s attorney general said Thursday. A preliminary investigation indicated that computer tapes that disappeared in February included data from the Bank of New York Mellon and People’s United Bank of Bridgeport. It also may have included the data of customers of Webster Bank, and Wachovia, the attorney general said. People’s has acknowledged sharing its customers’ information with the New York bank. It was unclear why the Bank of New York Mellon had information on other two banks’ customers. The tapes contained millions of Social Security numbers, names and addresses and possibly bank account numbers and balances, he said. Source: http://www.rep-am.com/news/doc4836b62357510423039668.txt

14. May 23, Tech World – (National) Banker: Payment collaboration to curb Internet fraud. With the business of Internet banking changing and online threats growing, the industry needs to adapt and integrate security technology across more channels and be more collaborative to reduce fraud, according to a Standard Chartered Bank consumer banking risk advisor. He said there is a problem with payment security in general and even the recent trend of two-factor authentication is not a remedy. During his keynote address on implementing multi-factor authentication for Internet banking at this year’s AusCERT security conference, the specialist spoke of how his personal experience with electronic payments spurred his professional interest. As far as the fraudsters are concerned, the theft of funds needs to be automated, which means they need to have some form of straight-through processes of their own. As they do this the banks are moving to faster payments due to demand from customers. The specialist used the term “Payment Security 1.0” to describe the next evolution in electronic financial transactions which involves more contextual information from the user and the bank. “Two-factor authentication does improve security, but it could be better. You should know what’s going on in the transaction and authorization can be a multi-party dilemma,” he said, adding there could be times when the bank is involved. Standard Chartered has now implemented two-factor authentication in five countries with plans to extend it to twenty. Of the two-factor authentication methods - including tokens, display and “bingo” cards, SMS, and IVR call back - Standard Chartered is deploying them in various ways in different countries. Source: http://www.networkworld.com/news/2008/052108-banker-payment-collaboration-to-curb.html

15. May 23, Insurance Journal – (National) FBI says fighting financial crimes a priority; insurance cases top 200. The Federal Bureau of Investigation pursued 529 financial crime cases in its most recent fiscal year, including 209 insurance fraud cases. The FBI said it expects the number of cases and subsequent arrest and conviction statistics to rise in the near future as more fraud is uncovered in the wake of Hurricane Katrina. The insurance fraud cases are included in the FBI’s Financial Crimes Report to the Public, Fiscal Year 2007, which discusses corporate fraud, securities and commodities fraud, health care fraud, mortgage fraud, insurance fraud, mass marketing fraud, and asset forfeiture/money laundering. “Financial crimes affect the economic security of millions of Americans, and the FBI is dedicated to working with our partners in industry and law enforcement to combat these offenses,” said Assistant Director, FBI Criminal Investigative Division. Some key findings presented in the report include: As of the end of FY 2007, 529 corporate fraud cases were being pursued by the FBI, several of which involve losses to public investors that individually exceed $1 billion; 2,493 health care fraud cases; 1,204 pending mortgage fraud cases; and 548 money laundering. The report said the FBI considers insurance fraud an investigative priority, due in large part to the insurance industry’s significant status in the U.S. economy. The Coalition Against Insurance Fraud (CAIF) estimates that the cost of fraud in the industry is as high as $80 billion each year. This cost is passed on to consumers in the form of higher premiums. Source: http://www.insurancejournal.com/news/national/2008/05/23/90276.htm

16. May 22, Computerworld – (National) ING looks to help customers secure online transactions. Despite numerous security measures by online banks and e-commerce sites to secure consumer data, few have been able or even willing to directly protect customers using their sites from phishing scams and data-stealing malware. Among those looking to make a change is online bank ING Direct USA, which this week made available a small software tool from Trusteer Inc. that is designed to protect consumers against online fraud and ID theft. Trusteer’s Rapport software, available as a free download, helps protect customers by essentially building a secure connection between a users’ desktop and the Web site he is accessing, said the Trusteer CEO. All communications and transactions between the user and the site are carried out within this secure tunnel, he said. The goal is to prevent the data that is exchanged during an online transaction from being stolen by keystroke loggers and other types of threats such as man-in-the-middle attacks and session hijacking, he said. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9088259&intsrc=hm_list

17. May 22, News-Gazette – (Illinois) ‘Phishing’ scam involves e-mails, phone requests. Credit union and telecommunications officials are warning Champaign-Urbana, Illinois, area residents about recent waves of “phishing” scams trying to get private credit information. The president of Land of Lincoln Credit Union based in Decatur, said members and nonmembers have received e-mails, text messages and direct phone calls since late May 13, all asking for information on credit union accounts, credit cards or debit cards. “We want our members and the general public to know we don’t ask for account information. We already have that information. They need to be careful.” Consolidated Communications, which offers phone, Internet and cable television services, including offices in Charleston and Mattoon, also put out warnings Tuesday to its customers about the scam. The phony calls asked people to call a phone number in the 303 area code, a spokeswoman for Consolidated Communications said. The scam included asking people to complete a survey and receive cash, notices that accounts or cards had been suspended or claims that the credit union on-line banking services were down. In all cases, the messages or calls asked people for their account information or credit or debit card account numbers and personal identification numbers. Source: http://www.redorbit.com/news/technology/1399110/phishing_scam_involves_emails_phone_requests/