Credit Union Information Security Podcast

Driven Technologies Chief Operating Officer Vinu Thomas provides an in-depth look at how AI and automation are enhancing cybersecurity. He talks about the shift to distributed environments, the integration of security tools, and the effectiveness of AI in threat detection and response.

Semperis researcher Eric Woodruff discovered Silver SAML - a new technique used to launch attacks from an identity provider against applications configured to use it for authentication. How does it differ from Golden SAML, and how can enterprises respond to the threat? Woodruff shares insight.

Security awareness training is maturing as security teams recognize the need to secure the "human element" of cyber risk. But in the face of more sophisticated attacks using MFA bypass techniques, APTs and AI, it's time for organizations to create more tailored education programs.

Cybersecurity occupies a growing priority status in merger and acquisition discussions. But what about the specific role of identity security? SailPoint's Lori Diesen showcases the value of transitioning to SaaS-based identity security to reduce risk during M&A activity.

The threat landscape has changed for financial services entities - and so has the regulatory landscape. Much of this comes back to identity security. Many programs are immature or weak, says Jeff Purrington of SailPoint, and AI-driven identity security solutions can address these deficiencies.

Matthew Burns of HCL Software discusses securing endpoints and ensuring compliance during exceptional times in an interview following a recent series of virtual roundtables on the subject.

Virtual payment cards being tested in Europe and the United States could help mitigate the risk of merchant fraud, says Rui Carvalho of the nonprofit European Association for Secure Transactions.

When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.

An essential component of protecting payment information is devaluing the data that is transmitted so it's of no use to hackers, says Lance Johnson, executive director of the PCI Standards Security Council.

As more hospitals seek new methods for collecting payments from patients, they face the challenge of securing those transactions, says Dan Berger of AxiaMed, who describes HIPAA and PCI compliance issues in an interview at the HIMSS19 conference.

Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on threat hunting,

A new standard from the PCI Data Security Standards Council could help ease the way for smaller merchants worldwide, especially in developing nations, to move to cashless payments using a variety of devices, says Troy Leach, CTO for the council, who spoke last week at a conference in South Africa.

Developing nations that are moving to digital payments, especially for the unbanked, need to keep in mind security lessons already learned in other markets, including Europe, says Steve Marshall, founder at Risk-X, a U.K.-based audit and risk assessment consulting firm.

Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.

How can issuers and acquirers help smaller merchants improve payment card security? One way is to dramatically ramp up their efforts to educate the retailers about PCI compliance, says Michel Christodoulides of Barclaycard.

In an interview, Greg Temm, the first chief information risk officer at the Financial Services Information Sharing and Analysis Center, says he'll focus on helping members analyze cyberthreats and expand global threat intelligence sharing.

As information security professionals consider new opportunities, they must carefully determine whether the corporate culture is a good fit, says former healthcare CISO Jeff Cobb, who recently made his own career transition to security consulting.

Cyberattacks against U.S. banks will continue to increase in 2016, making cybersecurity oversight and AML enforcement focal points for regulators, says Walter Mix, a former commissioner of the California Department of Financial Institutions.

The information security field has done a poor job of attracting and retaining women, contends Jo Stewart-Rattray, international director of ISACA, who emphasizes the need for mentoring as well as salary equity.

A new alert from the FS-ISAC warns merchants and banks that remote-access attacks against POS systems continue to rise and offers risk mitigation recommendations. The center's Charles Bretz provides an analysis.

PCI-DSS will remain a viable standard even after EMV, as well as encryption and tokenization, become more common, argues Jeremy King of the PCI Council. He acknowledges, however, that the standard will have to evolve in light of changes in the payment system.

Luck, timing and execution. Those words have guided Malcolm Harkins' career, and they played a huge role in the longtime Intel security chief departing to be global CISO at Cylance. What are his new challenges?

Fraud risks associated with Apple Pay have raised new worries about mobile payments, says Steve Kenneally of the American Bankers Association. During the ABA's Risk Management Forum April 15-17, experts compared three mobile solutions.

Upticks in fraud perpetrated through mobile banking and mobile payments are a growing concern for regulators, says David Lott of the Federal Reserve Bank of Atlanta, who explains ongoing security initiatives.

NACHA is already laying the groundwork that will help make the Federal Reserve's faster payment plan a reality while ensuring security and reducing fraud, says Jan Estep, NACHA's president and CEO, in an exclusive interview.

While card issuers and payments acquirers are speeding up their EMV rollouts, Kate Larson of the Consumer Bankers Association says banks also should be implementing other technologies, including tokenization, in their efforts to fight fraud.

While banking associations debate with merchant groups about cybersecurity responsibilities, SWACHA CEO Dennis Simmons says more attention must be paid to the role cardholders play in protecting their accounts.

From PCs to tablets to smartphones, customers enter institutions from all electronic angles. And these new banking habits put new strains on traditional IT infrastructure. How can banks ensure security?

How will the introduction of Apple Pay affect the adoption of EMV? ACT Canada's Catherine Johnston and Randy Vanderhoof of the EMV Migration Forum size up the movement toward EMV and mobile payments.

In the wake of a suspicious "technical" issue that took down part of Bank of England's payments network earlier this week, Cytelligence's John Walker, a presenter at ISMG's APT Summit in New York, explains why weak perimeter defenses are likely to blame.

Emerging reports now suggest other financial institutions may have been targeted by the same hackers who breached Chase. But how can we be sure? Mark Clancy of the Depository Trust & Clearing Corp. explains why the analysis is challenging.

Although malware attacks against POS terminals at retailers have been in the spotlight, banks and credit unions need to be aware of the emerging threat of malware targeting ATMs, say Trustwave's Matthew Jakubowski and Graham Mott of the U.K.'s ATM network.

ATM-related fraud is quickly evolving, says Graham Mott, head of the U.K.'s LINK Scheme and a presenter at the Sept. 23 London Fraud Summit. New malware attacks waged against ATMs prove why information sharing among banking peers is critical.

Today's sophisticated fraud threats are daunting. But security adviser Neira Jones is more concerned about financial institutions' lack of preparedness to face these threats. A London Fraud Summit preview.

During his first media interview as new general manager of the PCI Security Standards Council, Stephen Orfei says retailers and banks today are better equipped than ever to fight cybercrime.

The widespread use of mobile devices and social media has fueled spear phishing by eroding the so-called perimeter that once shielded corporate networks, a panel of financial fraud experts says in part two of their discussion about spear phishing trends.

What's the main lesson community banks are learning from the FFIEC's cybersecurity pilot exams? That regulators want them to prove they understand emerging threats, says Booz Allen's Jeff Lunglhofer.

When is it time to make that big move to a new job? And what's the smartest strategy? Matthew Speare of Regions, a bank holding company, talks about how to read and respond to signs that it's time for a major career change.

FFIEC guidance and case law are helping banks define what constitutes "reasonable security." In a panel discussion, three experts debate the long-term impact of two recent account takeover fraud cases.

Check fraud remains the No. 3 source of losses for financial institutions, Information Security Media Group's soon-to-be-released Faces of Fraud survey shows. But fraud expert Wesley Wilhelm says behavioral analytics can help mitigate the risks.

When the U.S. transitions to chip-secured payment cards, banking institutions will see a significant uptick in card-not-present fraud. What can they be doing now to prepare? Fiserv's Patrick Davie shares tips.

FireEye has just appointed a privacy officer and handed him a big mission: Launch a new global privacy program. What is Shane McGee's strategy for this new role, and what will be his top challenges?

Recognizing the security workforce shortage is one thing. Addressing it is quite another. What will it take to truly grow the workforce? Diana Burley of The George Washington University shares her vision.

Letting women make mistakes, as men are allowed to do, could help grow the female IT security workforce from its current level of less than 30 percent. That's a conclusion of a panel of IT security experts assembled by Information Security Media Group.

Over the next five years, the U.S. payments infrastructure is slated to undergo a major overhaul, with the Federal Reserve leading the charge. Two Fed leaders share insights on the impact on U.S. banking institutions.

P.F. Chang's confirmed card breach has renewed debate about the state of security at U.S. merchants. The PCI Council's Bob Russo says that while there has been progress in recent months, the retail industry still has a long way to go.

Paul Smocer of BITS explains why banking institutions, which face increasing cyberthreats, need to put the NIST Cybersecurity Framework to use, and why third parties should prepare for more regulatory scrutiny of their security practices.

Banking institutions need to develop "day-to-day situational awareness" of the latest threats, says Vikram Bhat, a principal at Deloitte & Touche, which just released a report about cybersecurity issues and awareness.

The Federal Reserve will make recommendations this summer for how the United States could launch a "fast-payments" system with enhanced authentication, says Kirstin Wells of the Federal Reserve Bank of Chicago.

Because most online banking customers are active social media users, banking institutions should leverage social media in their fraud awareness campaigns, says David Pollino of Bank of the West, who's a featured speaker at the May 14 Fraud Summit Chicago.