BITS Mobile Technology - Layered Security Model
The BITS Mobile Technology Layered Security Model supplements the previously published BITS Mobile Financial Services Threat Assessment. The model is a tool for financial services leaders to manage risks associated with mobile banking services, including understanding the risks, corresponding controls, and the dynamics of the mobile ecosystem. Read more Press release
June 2013
CTO Corner: The Internet of Things (IOT)
The Internet of Things (IoT) is emerging as one of the hottest trends for 2013. Although normally associated more with SCADA1 systems, IoT could impact the financial services sector. This column provides an overview of IoT and discusses how it may impact the financial services sector. Read more
June 2013
BITS Social Media Risk Management Forum
July 30-31, 2013, Washington, DC
Social media use and the number of networks is growing rapidly and creating new opportunities for businesses. These opportunities also come with risk management challenges for financial institutions. The regulatory landscape is changing, how do institutions keep pace? Are there legislative changes coming down the pike? Privacy concerns? Mounting consumer issues – where does the CFPB fit in? What about the new workforce and generational changes and impacts? Innovation? Payments? The list can seem endless. The BITS Social Media Forum will explore the risk challenges by identifying the major issues and mitigation strategies, determining which issues can be successfully addressed at an industry level, and how to engage multiple stakeholders.
Click here for agenda, registration, and sponsorhip information.
Fraud Advisory on Questionable Tax Refund Scenarios
BITS created a fraud advisory on questionable income tax refunds, oulining suspect scenarios, details and characteristics of the scenarios, red flags, and detection and prevention strategies for financial institutions that process tax refund deposits. It is meant to help institutions recognize scenarios that are potentially fraudulent. The advisory was developed in collaboration with the Internal Revenue Service (IRS) and the BITS Fraud Reduction Program.
April 2013
BITS/Roundtable and Trade Associations Support Cyber Intelligence Sharing and Protection Act (CISPA)
BITS and the Roundtable along with other trade associations support H.R. 624 Cyber Intelligence Sharing and Protection Act (CISPA) to increase cyber intelligence information sharing within the private and public sectors.
April 2013
ITAC/BITS Comment Letter on SSA’s proposed policy on Assigning New Social Security Numbers for Children Age 13 and Under
ITAC, the Identity Theft Assistance Center and BITS filed a letter in support of the Social Security Administration's (SSA) proposed amendment to its policy relating to the assignment of new Social Security Numbers (SSN). Specifically, SSA is proposing changes that will make it easier to address the unique issues associated with the misuse of the SSNs of children age 13 and under. ITAC/BITS support SSA’s proposal as an important step in the right direction and offers suggestions that will improve the proposed policy. The letter also included comments on the all-important topic of preventing SSN misuse, especially with respect to children.
April 2013
Security for Bring Your Own (Mobile) Device
Security for Bring Your Own (Mobile) Device recommends security practices for financial institutions to allow employees to use their personally-owned mobile devices to access corporate resources. The paper focuses on devices with mobile operating systems such as iOS, Android, Windows RT, or Blackberry. Threat categories, mitigation strategies, and policies are reviewed.
March 2013
Social Media Guidance Comments to FFIEC
On March 25, BITS filed comments to the Federal Financial Institutions Examination Council (FFIEC) on the proposed Social Media: Consumer Compliance Risk Management Guidance. The letter requests a more specific definition of social media, identifies implementation challenges as social media sites are defined by Terms of Use and not contracts, and asks for specific clarifications to the summaries on applicable consumer regulations. Read more
March 2013
Top 7 Tips - DDos Cyber Attack Preparation and Response
Since late September 2012, several large financial institutions have been the subject, or under threat, of attacks intended to disrupt the availability of their websites. All financial institutions should review their preparations for dealing with such an attack. Read more
October 2012
Financial Top Level Domains (fTLDs)
fTLD Registry Services, LLC (fTLD), a joint venture between The Financial Services Roundtable and the American Bankers Association, submitted applications to the Internet Corporation for Assigned Names and Numbers (ICANN) to operate two generic Top Level Domains (gTLDs), .bank and .insurance, on behalf of the financial services industry. If awarded, consumers will be assured they are accessing legitimate financial companies and transacting through the most secure cyber environment available today. [Press Release] [BITS gTLD History] [fTLD wewbsite]
May 2012