Long gone are the days when the primary threat to a community bank was a local outlaw with a gun and bandana.  The external perimeter of community banks is no longer limited to the brick and mortar building in which their money and information resides.  The security landscape of today’s Internet connected bank has expanded to include global threats, such as Foreign Terrorist Organizations.  Therefore, banks must take a strong stance on security to ensure their information and assets are protected from a wide variety of threats.

Entrepreneurial hackers have created ways to expand their phishing attacks.  The targets, financial institutions AND aspiring internet scammers.  

A Moroccan group referring to itself as “Mr. Brain” is now offering free Phishing kits for download.  The software packages are extremely easy and quick to set up.  In minutes a web site pretending to be your bank is online and trying to trick people into divulging personal and financial information.  The phishing kit comes complete with templates for particular brands and craftily designed custom emails targeting the likes of Bank of America, PayPal and HSBC.

The FFIEC requirement for Multifactor Authentication was designed to make online banking more secure, one analyst says it's making things worse.

At DefCon (an annual gathering of security professionals and hackers) security researcher Brendan O'Connor presented several scenarios in which online banking security has gotten worse.  As of last year banks were required to comply with the FFIEC guidelines to provide multi-factor authentication.

Designed to help combat phishing attacks, O'Connor shraed some insight as to why, with all these new safeguards in place, phishing sites are still operational today.

Every day banks are assaulted with attempts at gaining customer information.  Phishing schemes require little if any programming experience, a stolen credit card number and a quick hop onto a website - the results can be devastating.  The good news is that most banks have a proactive approach to securing themselves against phishing attacks and are well prepared for such threats.

Unfortunately, phishing is only one of many potential attacks that can be launched against your bank.  Disgruntled employees, upset customers and even competing banks can damage your online persona and cause massive disruptions to your web presence. 

In today’s web enabled world, corporate sabotage is taking a new web 2.0 turn.  Competitors are spamming message boards and social bookmarking sites.  Competitors are attacking one another by posting online links that will damage a websites ranking in search engines; this is affectionately termed as “Google bowling”.

Let’s conduct a hypothetical attack on Bank X, and see how it goes....

Bank Security Breaches 2006

Bank Security Breaches 2005