Latest Financial services and banking security News

Outsourcing application coding increases risks of being hacked
posted on 16/04/2008

In a new report released by Quocirca, organisations that admitted to being frequently hacked, all outsource at least some of their coding practice, with 90 percent outsourcing more than 40 percent. With this in mind the hacker’s future looks rosy as outsourcing applications is on the up, with 78 percent of organisations that say software development is business critical for them choosing to outsource their vital applications. But security is being left out in the cold, with companies failing to build security in when they outsource the development of their critical applications, according to a report released today by Quocirca and supported by Fortify Software. The survey has found that over 60% of companies that outsource the coding of their critical applications do not mandate that security must be built into the applications. In fact, the study has uncovered the chilling statistic that 20 percent of UK companies do not even consider security when building their applications, thu... [more]

Underground exchange service promotes the sale of fraudulent credit card data with volume discounts for large-scale fraudsters
posted on 15/04/2008

Researchers at Finjan have revealed the existence of another underground exchange service - SellCVV2 - promoting the sale of fraudulent credit card data with guarantees and volume discounts for large-scale fraudsters. "The site, which appears to use Google's Blogspot service, is typical of a number of portals promoting the exchange of fraudulent card data. But what is apparent from the SellCVV2 site is the level of commercialization of the traders involved," said Yuval Ben-Itzhak, Finjan's chief technology officer. "Prices are segmented depending on whether a card is a Classic Visa or MasterCard, a premium account such as a Gold, Platinum or Business/Corporate card and its country of issue," he said. "Prices typically range from $38.00 per set of card data for premium card accounts in small volumes, going down to $10.00 for Classic card data in volumes of 100 or more. Customers are also being offered trial set of data, as well as a guarantee on account details that do not work," he... [more]

Samsung Electronics IR cameras available through Norbain
posted on 14/04/2008

Samsung Electronics has launched a new range of IR cameras, available through Norbain, providing clear, sharp images, both day and night. The SCC range consists of 350 and 540TVL bullet-type cameras and domes with in-built IR lighting and backlight compensation, making them ideal for applications with no lighting. To ensure the cameras capture the best images, they adopt a high sensitivity monitoring environment at 0 Lux. The IP-66 waterproof and dustproof casings protect the range from water and dust ingress, allowing them to function in harsh environments. The domes are vandal resistant and come with a 3-axis gimble that allows for effective installation on walls or slopes. "It’s great to see a major brand like Samsung Electronics diversifying its range in this way," says Buzz Coates, branded CCTV manager at Norbain. "They have really listened to the needs of the market and catered to an even wider audience."... [more]

SecurAccess tokenless two factor authentication enables secure remote working for Aspen Insurance employees
posted on 14/04/2008

Insurance and reinsurance company Aspen Insurance holdings has selected SecurEnvoy’s tokenless two factor authentication solution, SecurAccess, to enable secure remote working for its employees in London, the US and Bermuda. SecurAccess uses sms messages as an additional authentication factor, eliminating the need for smart cards or tokens. When users wish to log on to the corporate network, they simply enter their Microsoft User ID and password, and then the six digit passcode that has been sent to their mobile phone. Once the passcode has been used, it is superseded with a new one. This pre-loading function eliminates the need to install any software on to the mobile device and provides users with access to their passcode as soon as they needed it rather than having to wait for an SMS message to be delivered. Aspen wanted SecurAccess to provide an additional level of security to its new Citrix network which relies on username and password for active directory authentication. Pre... [more]

Encryption: Don’t forget your keys
posted on 11/04/2008

The protection of sensitive data is one of the most critical concerns for organisations and their customers. Coupled with growing regulatory and governance pressures, this is forcing businesses to protect the integrity, privacy and security of information under their control more than ever before. While this is a complex challenge that requires both policy and technology, cryptography is emerging as the foundation for enterprise data protection and is quickly becoming the cornerstone of security best practice. It is the last line of defence. Even if perimeter security is breached, cryptography means the data remains worthless unless it can be unlocked. Once seen as a specialised, esoteric discipline of information security, cryptography is finally coming of age. Cryptography and encryption are not new technologies. Ever since the Egyptians – encryption has been seen as the most reliable way to secure data. National security agencies and major financial institutions have long protect... [more]

Other Security news and resources