The Federal Financial Institutions Examination Council (FFIEC) issued an updated Retail Payment Systems Booklet.  The booklet is part of the IT Examination Handbook series and provides guidance to examiners, financial institutions, and technology service providers (TSPs) on identifying and controlling risks associated with retail payment systems and related banking activities.  To download the booklet and associated workprogram, visit http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html

CoNetrix is pleased to announce the release of tandem, new security and compliance software.  tandem was developed to help financial institutions complete and maintain an Information Security Program (per GLBA and the Interagency Guidelines Establishing Information Security Standards).  While tandem was designed as a complete solution from the ground up, it was fashioned into modules which allow for versatility.  The modules include risk assessment, policies, vendor management, and business continuity planning.  Each module was released as it was completed.

To read the full press release, visit http://news.yahoo.com/s/prweb/20100216/bs_prweb/prweb3598024_2

After installing ARTA Deposit on a virtual Windows XP system running user could connect and access all the data. The problem was the bank employees could not preview or print any forms. After a little investigation I called ARTA support. I went through all the normal steps of checking folder permissions and basic troubleshooting before being handed to a 2nd tier support tech. The tech asked me to check the permissions of the Component Services. I navigated to [Control Panel\Administrative Tools\Component Services]. I then went to “My Computer”, in the Microsoft Management Console, right clicked and selected “Properties”.  Read More...

The American Bankers Association (ABA) has published a news release warning its members of a fraudulent email attack, an attack commonly referred to as phishing.  According to the ABA, the emails inform recipients that an “unauthorized transaction” has been charged to their account using their “bank card.”  The amount of the transactions is typically between $3,000 and $7,000.

In the news release, the ABA states they would never contact a consumer and ask for financial information.

To read the news release from the ABA, visit http://www.aba.com/Pressrss/012610FraudulentEmails.htm

The Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Independent Community Bankers Association (ICBA), along with a variety of payment systems industry partners, are planning a Cyber Attack against Payment Processes (CAPP) exercise.  the three-day exercise is scheduled for February 9-11 and will simulate a different attack scenario each day.  There is no charge to participate in this exercise.  The deadline to register is January 29th.  To read more or register, visit http://www.fsisac.com/capp/.

The National Credit Union Administration (NCUA) issued an advisory warning that CDs with malware are being mailed to Credit Unions claiming to be training materials.

See http://www.ncua.gov/news/press_releases/2009/MR09-0825a.htm for the alert.

CoNetrix is pleased to announce the CoNetrix Information Security Risk Assessment software and Business Continuity Planning (BCP) software are candidates for the BankNews 2009 Innovative Solutions Award.

The Innovative Solutions Award, sponsored by BankNews, recognizes companies that have introduced or enhanced a product or service designed to help banks better serve their customers.  Entries are divided into four categories:

1. Architectural/Equipment Solutions
2. Consulting/Outsourcing/Training Solutions
3. Management Software Solutions
4. Online/Remote/Mobile Solutions

The CoNetrix Risk Assessment tool is listed under the category 2 "Consulting/Outsourcing/Training Solution", and the BCP tool is listed under the category 3 "Management Solutions".

To vote now, go to http://www.banknews.com/2009-Entries.704.0.html

To learn more about the Innovative Solutions Award, visit http://www.banknews.com/

The FDIC Board of Directors just concluded their special meeting to discuss the Special Assessment Final Rule.  The FDIC Board elected to change the following:Read More...

We continue to hear positive things from many of our customers (community banks) - many have plenty of money to lend (but only to qualifying customers) - we have even visited with a few banks that are trying to send back the "bailout" money - here is a good article depicting the US community bank - http://www.nytimes.com/2009/05/17/magazine/17wwln-rendon-t.html?_r=2&ref=magazine

The FTC has delayed the enforcement of the new "Red Flags Rule" again.  The new enforecement date is now extended to August 1, 2009.  This does NOT affect other federal agencies' enforcement of the original November 1, 2008 dealine (i.e. FDIC, OCC, Federal Reserve, OTS, NCUA).

To read the Press Release visit http://www.ftc.gov/opa/2009/04/redflagsrule.shtm

During IT audits, we routinely see banks granting all or some of their users local administrator rights on their PCs.  They are usually forced into allowing this level of access due to some software that will not work correctly without local administrator rights.  However, they can mitigate some of the risk by using a utility called DropMyRights.

In a recent Security Now! podcast, Steve Gibson talked about the DropMyRights utility.  It was written by a Microsoft engineer.  It allows you to run specific programs with less rights than your user account normally has.  For example, if you are given local administrator rights because the core banking software requires it, you can use DropMyRights to help protect yourself when running web browsers or your email client.  Simply create a shortcut for each program using DropMyRights in the command line.  For example, you could use the following command line to run Internet Explorer under a non-admin user context: Read More...

ICBA and Visa are providing a free Data Breach Toolkit available to all ICBA member banks.  The toolkit was developed due to the recent data breach at Heartland Systems, and is designed to help community banks answer customers' questions following a breach of credit and debit card account information.  The toolkit provides member banks with customizable materials, including cardholder letters, statement inserts, FAQs and media statements.  You can login to receive your toolkit at http://www.icba.org/publications/visa.cfm?ItemNumber=37529