EDS' Eight Financial Services Security Concerns: Banking on Minimal Breaches



    PLANO, Texas, March 12 /CNW/ -- EDS (NYSE:   EDS) has identified eight key
security risks that should be of utmost concern to financial institutions. The
importance of security and operational risk management has grown tremendously
due to a variety of factors, including growing regulatory requirements,
increasing security risk from insiders and the growing number of data security
breaches.
    Financial institutions are currently responsible for customer and
corporate security at three separate levels: the financial institution
(including network and infrastructure all the way to employees and agents with
access to data), service providers (outsourced functions must still include
management responsibility by the financial institution) and consumers
(consumer end-point vulnerabilities can jeopardize a financial institution's
security).  Financial institutions only have direct control over one or two of
these levels, and the rapidly evolving environment is changing the way they
approach security and operational risk management.  EDS recommends eight risk
priorities that financial institutions must consider to minimize the
possibility of security breaches.

    
    1.     Securing Data Outside the Organization - Since regulators demand
           that non-public personal information be backed up and stored off-
           site, risks arise because large banks do not have the
           infrastructure to support the bandwidth required to move all their
           data electronically. When tapes or other removable media are the
           storage medium of financial institutions, dangers can arise,
           through the loss or theft of this media during shipping. The
           encryption of all data that is moved offsite is crucial, but
           should be mandatory for portable end- user devices such as laptops
           and PDAs, as well as all removable media.

     2.    Security and Privacy Controls of Service Partners - Privacy and
           security regulations dictate that financial institutions are
           ultimately responsible for the actions of their service partners.
           Therefore, a key risk management priority becomes the assurance
           that both domestic and offshore service providers have adequate
           security and privacy controls to detect and prevent breaches in
           the confidentiality and integrity of customer information.

    3.     Insider Threat - While financial institutions have put appropriate
           measures in place to protect against external threats, it is
           generally accepted that the majority of data losses today are the
           result of the "Insider Threat." Employees or contractors, whose
           roles allow them access to significant personal and confidential
           information have often been the causes of information loss.
           However, systemic problems and accidental employee actions are the
           most frequent forms of potential data loss. Financial institutions
           need to consider the deployment of data loss prevention tools.
           These tools cannot only monitor and optionally block outbound
           sensitive communications of all types, but they can also verify
           that no personal or confidential information has been stored on
           widely accessible shared drives or Web servers. Many tools also
           now provide very granular control of end-user devices and can
           selectively prevent copying and pasting or writing to removable
           media of personal or confidential information.

    4.     Wireless Woes - Wireless devices and connectivity are still
           relatively new to the financial services industry, but they
           represent additional security complications. Wireless devices
           improve productivity, increase business agility and reduce costs,
           but mobile nonpublic information must be secure. Mobile devices
           are particularly vulnerable, as they are easy to lose or steal,
           and capable of holding a large amount of nonpublic customer and
           corporate data. One of the growing risks comes with employees or
           customers using an unprotected airport, hotel or other public
           wireless connection. Financial institutions must provide secure
           communications mechanisms for all of their mobile employees and
           contractors so that all wireless communications are encrypted and
           cannot be compromised when no secured wireless facilities are
           used.

     5.    Evolution of Criminal Schemes - To stay ahead of the criminals,
           financial institutions must take a proactive, rather than a
           reactive, approach to security. This means constant reassessment
           and evolution of security efforts. Strengths and weaknesses of
           corporate policies and procedures, as well as consumer-facing
           security measures must be evaluated regularly in order to make
           appropriate adjustments and encompass the latest technology,
           criminal and security trends. Today, one of the biggest threats
           facing financial institutions results from "phishing" attacks.
           While early phishing attacks were very basic, recent "man-in-the-
           middle" attacks have become far more sophisticated. Through
           participation in groups such as the Anti Phishing Working Group
           (APWG), financial institutions can collaborate with other
           organizations to help early identification and takedown of
           phishing Web sites.

    6.     Identity and Access Management - One of the key challenges facing
           all organizations today is that of Identity and Access Management.
           Ensuring that system and application access is limited to those in
           roles with a "need to know" is one of the challenges. This is
           being addressed through the integration of human resources systems
           with underlying access control systems. Other areas of rapid
           development include single sign-on and multifactor authentication.
           All of these can contribute to making the financial institution's
           infrastructure more secure from external and internal threats.
           Federated Identity Management systems will also help alleviate the
           challenges that financial institutions face with respect to
           providing system and application access to their business
           partners.

    7.     Consumers - They can be careless by using simple passwords, losing
           their ATM card or writing down their PINs, any of which can lead
           to unauthorized account access and ultimately fraud. Consumers
           often do not have adequate or updated security on their personal
           devices, which can result in security breaches during sessions on
           their financial institution's Web site. Because consumers
           recognize that financial institutions absorb the cost of
           fraudulent transactions, they tend to be less security conscious
           than they might otherwise be. As consumers continue to be
           susceptible to scamming or phishing, financial institutions need
           to constantly educate consumers on the security measures they
           should be taking, not only to protect themselves, but also to
           reduce the risk to financial institutions.

    8.     Regulations - Due to regional variations, financial institutions
           have varying security challenges based on their geographic
           location. In North America, highly publicized security breaches
           and regulatory change are placing an increased emphasis on banks'
           data security. These recent regulatory changes in the United
           States have prompted European institutions to step up consumer
           information protection under the assumption that European
           legislation will soon be more involved with this widespread
           concern. Basel II compliance will eventually require all financial
           institutions globally to tighten operational risk management and
           mitigation policies and procedures. Most importantly, identity
           theft notification laws that have been enacted in 36 states have
           had the greatest impact on financial institutions, with
           compromised records costing an average of $182 each. In addition,
           data disposal rules can also lead to breaches, but can be
           minimized with new technology, including new data collection that
           allows customers opening an account to never have their
           documentation leave their sight.
    

    Some 25,000 EDS employees work on finance-related projects for about 200
customers in 30 countries for clients such as ABN Amro, Aon, Bank of Canada,
Bank of Queensland, la Caixa, CIBC, Commonwealth Bank Group, KBC, Korea First
Bank, Lloyds TSB, Royal Bank of Scotland, Societe Generale, Visa and Westpac.

    
    About EDS
    
    EDS is a leading global technology services company delivering business
solutions to its clients.  EDS founded the information technology outsourcing
industry more than 40 years ago.  Today, EDS delivers a broad portfolio of
information technology and business process outsourcing services to clients in
the manufacturing, financial services, healthcare, communications, energy,
transportation, and consumer and retail industries and to governments around
the world.  Learn more at http://www.eds.com .

    
     CONTACT:
     Annabelle Baxter - EDS Media Relations
     972 605 0978
     annabelle.baxter@eds.com

    




For further information:

For further information: Annabelle Baxter, Media Relations of Electronic
 Data Systems Corporation, +1-972-605-0978, or annabelle.baxter@eds.com Web
Site: http://www.eds.com

Organization Profile

EDS

More on this organization


Custom Packages

Browse our custom packages or build your own to meet your unique communications needs.

Start today.

CNW Membership

Fill out a CNW membership form or contact us at 1 (877) 269-7890

Learn about CNW services

Request more information about CNW products and services or call us at 1 (877) 269-7890