4. Wireless Woes - Wireless devices and connectivity are still relatively new to the financial services industry, but they represent additional security complications. Wireless devices improve productivity, increase business agility and reduce costs, but mobile nonpublic information must be secure. Mobile devices are particularly vulnerable, as they are easy to lose or steal, and capable of holding a large amount of nonpublic customer and corporate data. One of the growing risks comes with employees or customers using an unprotected airport, hotel or other public wireless connection. Financial institutions must provide secure communications mechanisms for all of their mobile employees and contractors so that all wireless communications are encrypted and cannot be compromised when no secured wireless facilities are used.
5. Evolution of Criminal Schemes - To stay ahead of the criminals, financial institutions must take a proactive, rather than a reactive, approach to security. This means constant reassessment and evolution of security efforts. Strengths and weaknesses of corporate policies and procedures, as well as consumer-facing security measures must be evaluated regularly in order to make appropriate adjustments and encompass the latest technology, criminal and security trends. Today, one of the biggest threats facing financial institutions results from "phishing" attacks. While early phishing attacks were very basic, recent "man-in-the-middle" attacks have become far more sophisticated. Through participation in groups such as the Anti Phishing Working Group (APWG), financial institutions can collaborate with other organizations to help early identification and takedown of phishing Web sites.
6. Identity and Access Management - One of the key challenges facing all organizations today is that of Identity and Access Management. Ensuring that system and application access is limited to those in roles with a "need to know" is one of the challenges. This is being addressed through the integration of human resources systems with underlying access control systems. Other areas of rapid development include single sign-on and multifactor authentication. All of these can contribute to making the financial institution's infrastructure more secure from external and internal threats. Federated Identity Management systems will also help alleviate the challenges that financial institutions face with respect to providing system and application access to their business partners.
7. Consumers - They can be careless by using simple passwords, losing their ATM card or writing down their PINs, any of which can lead to unauthorized account access and ultimately fraud. Consumers often do not have adequate or updated security on their personal devices, which can result in security breaches during sessions on their financial institution's Web site. Because consumers recognize that financial institutions absorb the cost of fraudulent transactions, they tend to be less security conscious than they might otherwise be. As consumers continue to be susceptible to scamming or phishing, financial institutions need to constantly educate consumers on the security measures they should be taking, not only to protect themselves, but also to reduce the risk to financial institutions.
8. Regulations - Due to regional variations, financial institutions have varying security challenges based on their geographic location. In North America, highly publicized security breaches and regulatory change are placing an increased emphasis on banks' data security. These recent regulatory changes in the United States have prompted European institutions to step up consumer information protection under the assumption that European legislation will soon be more involved with this widespread concern. Basel II compliance will eventually require all financial institutions globally to tighten operational risk management and mitigation policies and procedures. Most importantly, identity theft notification laws that have been enacted in 36 states have had the greatest impact on financial institutions, with compromised records costing an average of $182 each. In addition, data disposal rules can also lead to breaches, but can be minimized with new technology, including new data collection that allows customers opening an account to never have their documentation leave their sight.