Cybersecurity Trends in the Banking Industry

Cybersecurity Trends in the Banking Industry

By: Megan Rapp

Top 3 TrendsIdentity Theft

Training and awareness

EMV CardsEuropay,MasterCard,& Visa

Identity TheftFinancial institutions play a critical role in identity theftEducating customers and employees on current cyber threatsLack of accountability with identity theft

Identity TheftWhere there is consumer data, there is risk for identity theft

After the Target breach, credit unions reissued 4.6 million debit and credit cards (Lazette, 2014).

The number of US data breaches reached record high in 2014; 783.

EMV CardsUnited States is one of the last countries to implement the chip-and-pin technology

October 1, 2015 Fraud Liability Shift

Will reduce card-present fraud

According to the Toledo Business Journal, a credit union in Ohio incurred over $100,000 in fraud losses due to card compromises (Toledo Business Journal, 2015).

EMV CardsThe implementation of EMV cards is going to change the banking industry who holds the liability.

Policy changes by MasterCard, American Express, and Visa will protect from certain liability.

Example: A bank issues EMV cards to customers, but the merchant fails to adopt the chip-and-pin technology, then merchant will face the liability in the event of a data breach.

Training is crucial when it comes to training employees and could reduce likelihood of accidental breaches

One study showed that 78% IT personnel indicated they have experienced a data breach in result of employee negligence (Abawajy, 2014).

Training and awareness is the most cost-effective form of security control!

Training and Awareness

Many companies are implementing cybersecurity awareness programs

By increasing awareness, the outcome of a security breach may decrease

Employees are frontline defense against these cyber criminals (ABA Banking Journal, 2014)

Employee negligence could cost financial institutions major loss and liabilities, and affecting the reputation of institutions.

Many banks and credit unions are starting to use the FFIEC Cybersecurity Assessment Tool (Released June 30,2015)

Training and Awareness

How would a company respond to these trends?Identity theftAs EMV cards are deployed, it should reduce card-present fraud; BUT card-not-present fraud could increase along with identity theft.

Financial institutions are educating their members with newsletters, pamphlets, and on the companys websites.

Some companies will likely start implementing methods to authenticate callers to prevent phone spoofing (ABA Banking Journal, 2014).

EMV cards

Today, 100% of fraud liability is on the card issuer

Companies are trying to determine if the cost of the technology is going to outweigh the benefits

Less than one quarter of retailers are EMV compliant

Numerous companies need to upgrade their systems, but many say its unnecessary.

Companies are reluctant on upgrading their POS systems due to how expensive it is

Training & Awareness-Many companies are starting to employ phishing awareness assessments amongst employees

FFIEC and NIST took the steps to increase awareness in the U.S. and assist companies in calculating their inherent risk profile (Stechyshyn, 2015).

For those companies that do not have a cybersecurity strategy in place, this tool will guide them in developing one.

Institutions and other businesses are already using this free resource

ConclusionThese trends are not going away anytime soonEducation is key!EMV cards are going to become the new standard. By 2016, an estimated 500 million EMV cards will be active in the U.S.Employees are the frontline defense against these threat actors. Training is imperative!

ReferencesAbawajy, J. (2014). User Preference of Cyber Security Awareness Delivery Methods. Behavior & Information Technology, 33(3), 236-247.

Lazette, M. (2014). Credit union puts chips on fraud protection. Crain's Cleveland Business, 35(4), 5. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1494489918?accountid=14580

Retailer cyber security harming area financial institutions. (2015). Toledo Business Journal, 31(6), 25. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1698149300?accountid=14580

Sauer, C. (2014). Data Security: How Much Will EMV Help?. Credit Union Magazine, 80(7), 26.

Working Together to Protect Against Identity Theft. (2014). ABA Banking Journal, 106(9),29-48

Stechyshyn, A. (2015). Security vulnerabilities in financial institutions (Order No. 1586590). Available from ProQuest Dissertations & Theses Global: Science & Technology. (1677223944). Retrieved from http://ezproxy.umuc.edu/login?url=http://search.proquest.com.ezproxy.umuc.edu/docview/1677223944?accountid=14580