Plugging Your Bank’s Weaknesses In Cybercrime

Cybercrime is rampant. It isn’t just something the news is trumping up for sensationalism. There are two big estimates, neither are reliable but as reliable as possible currently. In 2009, President Barrack Obama is quoted as referring to MacAfee’s estimate of a $1 Trillion cost to the world due to cybercrime. Fox Business reported MacAfee’s new estimate in 2013 as being $500 Billion globally. Either way, this is a very large cost for something that legitimate consumers and businesses do not get a benefit from. Retailers have been hit with cybercrime that cost them millions. Retailer Target was probably the most notable event that got people’s attention back during the 2013 holiday season, which kicked off a number of other reported retailer victims of cybercrime. And then there was this past winter when Kaspersky discovered how a group called Carbanak stole $350 Million from European banks through a patient and meticulously executed breaches.

Bank employees are particularly vulnerable to being victims and to being the gate for their banks to being victims. Many banks are using SecurID and other token-based login systems with VPN connections with the help of services by the likes of Citrix. These tools allow the bank to take control over the user, not just to prevent entry. It also allows the banks to provide offsite connections to their employees.

I have yet to hear any major bank in the world also implementing a password manager. A password manager is a piece of software that provides a unique password to every password-requiring entry-point and a password to the user with a password that is very difficult to crack, usually very long. But the user would only have to remember this one very long password. The theory is that it is far more difficult to crack a single super-password than to crack many easy ones. The data seems to bear this out. People with password managers have far less identity thefts, data thefts and other types of cybercrime.

There are always exceptions that provide some perspective about the limitations of a better solution. LastPass, one of the most popular password managers, was breached just six weeks ago. But since banks are already relying on vendor services for secured communications, shouldn’t banks improve their communication channel entry-points? The answer, of course, is “Yes.”

ComplyTech: Charles River Compliance IMS

A coxswain in the bow at Cambridge Regatta

Charles River is a technology firm that focuses on investment management business. It focuses primarily on the front- and middle-office operations. It has launched a Compliance service. The service offers monitoring, reporting, lookbacks and risk calculations. This application is provided on the SaaS model (software as a service).

Because compliance is a cost center with little to no monetization available, anyway to lower the cost of it is welcomed by the COO. By the way, if you didn’t know already, compliance departments must sit within the Chief Operating Officer’s span of control. For many banks, compliance sits within the risk department.

Implementing a SaaS model for a financial institution means it has no desire to find a way for compliance to enhance revenue centers. This is sad because that means management of those institutions are not looking for opportunities. In the current economic environment, opportunities for financial institutions are difficult to come by. I won’t go into how a compliance department can help with revenue in this post.

Still, the sign that Charles River has entered the compliance market with the SaaS model is a good sign. Charles River focuses on the investment management business but it is a technology company. Their current compliance service is mostly a workflow solution tailored for the compliance department, but I think they will probably find other ways to implement actual regulatory solutions, which is a solution unlikely to come out of information services like Thomson Reuters or Bloomberg.

The Republican Presidential fields is large; who do you think will win the Republican nomination?

About the Author: M. C. Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.