BITS addresses issues at the intersection of financial services, technology and public policy, where industry cooperation serves the public good, such as critical infrastructure protection, fraud prevention, and the safety of financial services. BITS is the technology policy division of The Financial Services Roundtable, which represents 100 of the largest integrated financial services companies providing banking, insurance, and investment products and services to the American consumer.
BITS and FS-ISAC are offering a complimentary email authentication support service to member institutions. Through the Trusted Email Registry, members can select either Agari or Return Path to provide domain-specific email reports that will help a financial institution strengthen the security of its email channel and reduce enterprise and consumer risks. Learn more. [Press Release]
January 2012
Domain-based Message Authentication, Reporting and Conformance (DMARC.org), a multi-industry technical working group, has released draft specifications to protect consumers by improving email authentication to reduce email fraud. The specifications describe a standardized feedback loop and new policy controls between legitimate email senders and receivers thereby making it more difficult for phishers to send fraudulent email. BITS contributed financial services requirements to the DMARC specification, which is compatible with the FS-ISAC/BITS Trusted Email Registry. [DMARC Specifications]
Paul Smocer: "BITS has been committed to defining and improving email authentication standards and practices to meet the financial services industry’s needs. DMARC's evolutionary approach is critical in assuring these needs are met for years to come."
January 2012
BITS published a Software Assurance Framework to provide an overview of the components of a mature, strategic software development program for financial institutions. The paper offers practices and principles to apply at all stages of software development, including education and training, threat modeling, coding practices and security testing, among others. [Press Release]
January 2012
