10/29/2007 - Research firm Gartner has estimated that ATM and debit-card fraud resulted in $2.75 billion in losses in the 12 months ending in May 2005. Most, it says, resulted from phishing and keystroke-logging attacks that capture account information and PINs. However, research from TowerGroup, a global financial-services advisor, estimates these losses to be much lower, with less than one percent of fraud losses coming from phishing. Most losses, it says, are from stolen cards and card skimming.@ Criminals Exploit Consumer Bank Account and ATM System Weaknesses is $95 through the Gartner Web site. Turning Phishing into Cash: Criminal Convenience at the ATM? is available from TowerGroup for $1,750; a summary is at SM Online.
10/11/2007 - A bill (H.R. 2761) introduced by Rep. Michael Capuano (D-MA) that would reauthorize the government-based terrorism insurance program for ten more years has been approved by the House Financial Services Committee. The measure must now be considered by the full House of Representatives.
09/25/2007 - Only one in five of the top 200 merchants is in compliance with the Payment Card Industry (PCI) data security standard more than a year after the standard went into effect to improve security among merchants and credit card processors.
09/25/2007 - Pressure to comply with regulatory efforts such as Sarbanes-Oxley and Gramm-Leach-Bliley is the key driver of enterprisewide encryption efforts, according to security professionals at 112 financial services companies surveyed by InfoTech, yet just over half of those surveyed said that encryption of data at rest is “a high priority for their organizations.”
09/24/2007 - A bill (H.R. 4127) that would require that companies protect the personal information of customers has been approved by the House Energy and Commerce Committee, the House Judiciary Committee, and the House Financial Services Committee. The bill has now been taken up by the full House. H.R. 4127 would require that any company that holds or transmits individuals’ personal information establish security to protect that information. The bill would also require that information brokers set up reasonable procedures to verify the accuracy of information they collect, assemble, or maintain. H.R. 4127 prohibits information brokers from obtaining or attempting to obtain personal information through false pretenses. The bill defines false pretenses as making false statements or representations or providing counterfeit, lost, stolen, or fraudulently obtained documents.
09/24/2007 - John Bumgarner, research director for security technology with the US-CCU, says that the idea for the checklist evolved because, despite the number of industry-specific guidances (such as Sarbanes-Oxley and ISO standards), there was nothing aimed at nontechnical managers.