KYD Mean Know Your Data
Data Migration from Data Migration Resources

Knowing your data is very important and I find that many bankers think they know data. I’m not exactly sure what they are envisioning, but if they are envisioning pivot tables and vlookups, then they know about as much as a freshman MIS student after week of classes. (MIS means management information systems.) All systems can be configured to generate data.

This subject is just too big to even do an overview, which would take a semester worth of  classroom work. The best thing for any organization is to make sure to hire a team of technical experts in both computer sciences and statistics to manage and analyze data to get a good understanding about what the data is saying. For now, I will just briefly mention the two sides of KYD – data management and data analysis. Knowing one does not make one remotely close to knowing the other.

Data Management is the work of software and hardware professionals who keep data like inventory. They are often under-appreciated. For the data layman, data management looks like a bunch of overpaid people who move around bits of information from one server to the next. Data Analysts, however, know how crucial these people are. In order to do data analysis, understanding of all of the issues to maintain data analyzable is incredible difficult, especially as the organization gets larger. Size of data sets present technical problems that most people do not encounter, but data analysts do. Software often cannot handle computing data set size beyond a certain point. Data managers are the people who solve these issues, making it technically possible for data analysts to do their work. Also, data managers can keep data safe from corruption or breaches in security or controls.

Data analysts have received lots of attention over the past decade. Almost all consuming facing internet now is feeding data centers so that analysis about potential customers can be mined. But newspaper reporters are often poor interpreters of data. So, reading their work might lead one to have false sense of confidence about this topic. The only place I can think of right now that a data layman can go for news and data analysis is Nate Silver‘s Five Thirty Eight, the blog that first used to do data analysis of baseball stats and then turned to using the same type of analysis to predict presidential campaign results for every county in the United States. In 2012, he correctly predicted the presidential election results for each state and 31 of the 33 senate elections as well. This type of work cannot be done through mere argument. One cannot convince someone else of the correctness of a prediction. One must simply wait for the results. And then one must analyze whether the predictions were correct due to luck or predicted causes.


In order for banks to be able to better protect their businesses from cybercrime and enhance business opportunities, they will need to hire data managers and data scientists in every area of the bank. Currently, most of these people are in operations. But this simply isn’t going to be enough. A large portion of the world, even a large portion of Americans, are not in the traditional banking system and now they are being provided options without having to join the banking system. This is good for an economy up to a certain point. And then it will hinder economic growth. Why? Because banking is the industry that finds excess money and invest into areas of the economy that needs money. Providing transaction services might facilitate transactions that could not be done before but as long as those funds never enter the banking system, governments will be required to borrow more money to fund their private sector growth, rather than private sector figuring it out for itself.

Cyber Attacks Compromising Credentials

731px-US-FFIEC-Logo.svgOn Monday, the Federal Financial Institutions Examination Council (FFIEC) released a statement warning and advising financial institutions about hacking and phishing that is leading to stealing credentials to bank accounts, credit card accounts and other financial accounts. This is an issue that has been around a while but the advice has generally been going to consumers. This message was to institutions. There was a special note for community banks. Rightfully so since community banks tend to have less resources available to protect themselves from these attempts. The attempts are not being made to the institutions, but it is still in their interest to protect their customers as best as they can. Detecting fraudulent transactions early will mitigate risks, reduce liabilities and keep insurance premiums down.

The highlights can be found HERE and the full statement can be found HERE.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Obama to Create New Central Cybersecurity Agency

The private sector plays a more central role in spotting and responding to cyber incidents than they do in the counterterrorism realm, where the government largely takes the lead. – Lisa O. Monaco, President’s Homeland Security and Counterterrorism Advisor
Seal of the Office of the Director of National Intelligence

Lisa Monaco announced the launch of Cyber Threat Intelligence Integration Center (CTIIC), which will provide analysis to policymakers and intelligence operatives using private sector data.

CTIIC will report to the Director of National Intelligence.

This was also written about in a previous post.




About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Carbanak Robs Banks And Bank Clients of $1 Billions

The greatest heist of the century: hackers stole $1 bln.

Carbanak is a an APT-style campaign targeting (but not limited to) financial institutions that was claimed to have been discovered in 2015 by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks. The malware was said to have been introduced to its targets via phishing emails. The hacker group was said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers. – Kaspersky Labs

To date, the main targets have been in the United States and Russia followed by Germany, Ukraine and China. Not only is the amount stolen large and the number of institution breached many, but the amount of time this has been going on has been long, years, in fact. The official Kaspersky Labs report claims to have evidence of this beginning in 2013. The way the hackers extracted money were varied. Sometimes it was relatively simple: the virus would attack an ATM and would just spit out loads of cash at a scheduled time, allowing a member of the hacking team to go and pickup the cash. Other times it used sophisticated methods: attacking the accounting system, incorrectly placing the decimal point of an account so the account balance was ten times more than it should be and then it would correct it by transferring the extra amount into accounts it had setup in other banks, laundering the funds and making it legit. Essentially, it was creating money. And the correction would go unnoticed because all of this would take place before the banks would have run a account balance check, which banks do with every account, though it’s been found out that many banks only do this about once every ten hours.

While I am able to explain it to you, my reader, in just one long sentence about one of its sophisticated methods, you must understand that there are multiple systems checking for correct coding of every transaction and every account. In order to go undetected, the virus must be able to do two things very well: it must understand the various languages used by various systems and the algorithms being used by these systems for both routine and special operations as well as mimic human interaction with these systems. The first part might sound like a defined problem that can be solved but it isn’t. The algorithms are built to change as it learns more. Carbanak was designed to learn and wait long before executing its financial transactions, if one can call it that.

Kaspersky Labs is the name of a cyber security firm based out of Russia named after its founder, Eugene Kaspersky. Kaspersky was trained in mathematical engineering at Moscow Institute of Physics and Technology, which was established and run by the Russian Defense Ministry and the KGB, Russian intelligence. Because of this background, the Lab hasn’t received as much business as it could have. However, over the years, with Kaspersky writing and opining about cyber crime and cyber security in reputable media outlets and with the Lab’s success in forensic research, like this one, Kaspersky Lab has been garnering more and more corporate clients. Kaspersky Lab also has retail security products.

Below, I have provided the report and various inforgraphics that Kaspersky Labs has created to educate the world on Carbanak. Also, I have provided a list of links that will help you quickly understand the issues surrounding the initiation, operation and discovery of the virus.

Carbanak APT Rpt Img
Carbanak APT: The Great Bank Robbery v2.0 by Kaspersky Lab



Carbanak_2_en map_Carbanak inf_Carbanak_x12802Carbanak_2_en


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

How super cookies threaten bank security

Super cookies threaten bank security by exposing both customer data in ways that are more discreet than ever before.


What are super cookies?

Super cookie are sometimes called zombie cookies. The most typical type of super cookie is called flash cookie because it is a cookie from Adobe Flash plug-in. Cookies are little bits of code websites leave on your browsers cookie folder so that it can remember your preferences and, should you choose to do so, account information and password. Basically, when you turn on your browser and you can get to your email or Facebook without having you login, the website has a cookie in your browser cookie folder. It is pretty convenient.

The usual threat

If this bit of code contains personal information, then of course your identity is threatened by anything that is going to try to retrieve it when it is not supposed to. The codes need to be deciphered, usually. There are lots of websites and phone applications known to have very security on their cookies, making it very simple to decipher. On a consumer level, this is dangerous because most consumers are not all that creative with their passwords, using the same one for all of their accounts.

The banking relevance

For banks, the threat is more real than ever. Transactions are usually legitimized in multiple ways: correctly identifying the transaction parties, correctly using the transaction accounts, correctly using passwords, matching payment sender and receiver, matching banking institutions and on and on. Most of these matches have been nearly eliminated because the banking system has taken care of most of them, having the consumer contact points reduced to the point of sale.

The primary banking threat

Now that the whole purchasing process can take place online, a digital path can be created for transactions. Here’s how it works: Jaco wants to purchase a bass guitar. He goes to and looks around. Jaco looks are strings and pick-ups and amplifiers along with bass guitars. He purchases a rare Flea Bass and nothing else. SBGGM keeps a cookie on his computer so that when he returns the website can present him with suggestions based on his purchase and his surfing history. If Jaco deletes the SBGGM cookie, then his return visit will not have any suggestions based on his surfing history. If SBGGM uses Adobe Flash on its website and creates a cookie in Adobe Flash, it keeps the cookie in an Adobe folder rather than a browser folder. Jaco’s return visit, will show him suggestions based on his previous visits even if he deleted SBGGM’s browser cookie. A cyber criminal can hack into Jaco’s computer, get onto SBGGM’s website, get on Jaco’s account, make purchases from the website suggestions, have them shipped to another address. From there, bought items could be sold for money. To add an additional layer of stealth, the cyber criminal can make purchases that are small every month to go undetected, especially if Jaco tends to just pay for all of the credit card balance at the end of each month. As long as the consumer does not pay attention to every transaction, consumer is paying for these transactions. Banks have been flooded with small fraudulent transactions. These transactions make banking more expensive for everyone.

Because super cookies circumvent a consumer’s deliberate attempt to erase information trails, it poses a super threat.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Cyrus Vance, Jr. Kenote

On Monday, January 26, Associations of Certified Anti-Money Laundering Specialists (hereon ACAMS) held its Third Annual AML Risk Management Conference at The Conrad Hotel in downtown New York. Over the course of this week, summaries and takeaways from the key notes and panel discussions will be shared in this blog.

HeaderCyrus Vance, Jr. is the Manhattan District Attorney in the New York county DA’s Office. He is known for a keen focus on financial crimes and crimes where financial services can aid Law Enforcement.

His keynote enumerated five:

  1. Increase in prosecutions of Auditors and Accountants and their firms.
  2. Payday lenders pose a risk to banks and the DA’s office intends to help banks stay out of trouble made by payday lenders.
  3. Non-financial transactions, like credit card verification for hotel reservations, have helped the DA to verify sex traffickers’ activities.
  4. Homegrown terrorism financing is still a risk and financial services play a crucial role is helping the DA’s office collect evidence.
  5. Cyber crime’s boundaries are not national, therefore, the DA’s office has began information sharing partnerships, beginning with London. Paris is interested.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.
He tweets @MoneyCompliance