data breaches in payments systems- roles and best practices for the public and private sector...
TRANSCRIPT
Data Breaches in Payments Systems- Roles and Best Practices for
the Public and Private Sector Response
Don RhodesDirector
Risk Management PolicyAmerican Bankers Association
Risk Management
Risk Management
Agenda
▪ Corporate Account Takeover ▪ Zeus Trojan ▪ Best Practices ▪ ABA Efforts
Risk Management
Risk Management
What Happened in Kentucky?County treasurer had Zeus malware on his PCCriminals stole credentials and logged in to bank accounts from treasurer’s PC
Reconnaissance used to plan theft Mule recruitment pretending to be CareerBuilder Created mules as fictitious employees Mules receive $9700 and sent $9200 to Ukraine via Western Union
More than 25 <$10,000 wire transfers /Total of $415k stolen
Silver Tail Systems
Risk Management
Best Practices
1. Understand what data is most sensitive to your business
2. Know where this sensitive data resides 3. Understand your risk model 4. Select the appropriate controls based on policy, risk,
and where sensitive data resides 5. Manage security centrally 6. Audit security to constantly improve
http://www.rsa.com/
©2009 RSA Security Inc.
Risk Management
ABA Efforts
▪ National Card Fraud Task Force
▪ Information Security Working Group
▪ Risk Management ForumApril 28-30, Renaissance Vinoy, St. Petersburg, FL
Data Breaches in Payments Systems- Roles and Best Practices for
the Public and Private Sector Response
Don RhodesDirector
Risk Management PolicyAmerican Bankers Association
Risk Management