• Home

  • Documents

  • Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector...
12
Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American Bankers Association Risk Management

Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Tags:

Embed Size (px)

Citation preview

Page 1: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Data Breaches in Payments Systems- Roles and Best Practices for

the Public and Private Sector Response

Don RhodesDirector

Risk Management PolicyAmerican Bankers Association

Risk Management

Page 2: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Agenda

▪ Corporate Account Takeover ▪ Zeus Trojan ▪ Best Practices ▪ ABA Efforts

Risk Management

Page 3: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Spear Phishing

Page 4: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Spear Phishing

Page 5: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Spear Phishing

Page 6: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Banking Trojans in the News

Silver Tail Systems

Page 7: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

What Happened in Kentucky?County treasurer had Zeus malware on his PCCriminals stole credentials and logged in to bank accounts from treasurer’s PC

Reconnaissance used to plan theft Mule recruitment pretending to be CareerBuilder Created mules as fictitious employees Mules receive $9700 and sent $9200 to Ukraine via Western Union

More than 25 <$10,000 wire transfers /Total of $415k stolen

Silver Tail Systems

Page 8: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Business Exploit

Page 9: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Best Practices

1. Understand what data is most sensitive to your business

2. Know where this sensitive data resides 3. Understand your risk model 4. Select the appropriate controls based on policy, risk,

and where sensitive data resides 5. Manage security centrally 6. Audit security to constantly improve

http://www.rsa.com/

©2009 RSA Security Inc.

Page 10: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

Best Practices

http://www.ftc.gov/infosecurity/

Page 11: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Risk Management

ABA Efforts

▪ National Card Fraud Task Force

▪ Information Security Working Group

▪ Risk Management ForumApril 28-30, Renaissance Vinoy, St. Petersburg, FL

Page 12: Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American

Data Breaches in Payments Systems- Roles and Best Practices for

the Public and Private Sector Response

Don RhodesDirector

Risk Management PolicyAmerican Bankers Association

[email protected]

Risk Management

mailto:[email protected]

Fender Rhodes

Fender Rhodes

Documents
Rhodes Greece Lindos & Port of Rhodes - Manneli

Rhodes Greece Lindos & Port of Rhodes - Manneli

Art & Photos
HOA Breaches, Contract Breaches, and HOA Fine as a result ...… · HOA Breaches, Contract Breaches, and HOA Fine as a result of Real Property Management of Las Vegas, LLc. This document

HOA Breaches, Contract Breaches, and HOA Fine as a result ...… · HOA Breaches, Contract Breaches, and HOA Fine as a result of Real Property Management of Las Vegas, LLc. This document

Documents
Rhodes Island

Rhodes Island

Documents
Safer online payments - Worldpay | Secure Payment … breaches are ALWAYS worse than you imagine; they interrupt normal business, and divert resources – taking a lot of time and

Safer online payments - Worldpay | Secure Payment … breaches are ALWAYS worse than you imagine; they interrupt normal business, and divert resources – taking a lot of time and

Documents
1 Nephrology Department, General Hospital of Rhodes, Rhodes, Greece, 2 1 st Department of Internal Medicine, General Hospital of Rhodes, Rhodes, Greece

1 Nephrology Department, General Hospital of Rhodes, Rhodes, Greece, 2 1 st Department of Internal Medicine, General Hospital of Rhodes, Rhodes, Greece

Documents
Zandra Rhodes

Zandra Rhodes

Documents
Secure Real-Time Payments Solutions Enabling a Unified ... · Payments Processing Problems (cont.) ©2016 SoPayMe, Inc. 8 Security - U.S. Data Breaches⁸ (selected) • Heartland

Secure Real-Time Payments Solutions Enabling a Unified ... · Payments Processing Problems (cont.) ©2016 SoPayMe, Inc. 8 Security - U.S. Data Breaches⁸ (selected) • Heartland

Documents
Data Breaches in Healthcare: Responding to the Growing ...media.straffordpub.com/products/data-breaches-in-healthcare... · Data Breaches in Healthcare: Responding to the Growing

Data Breaches in Healthcare: Responding to the Growing ...media.straffordpub.com/products/data-breaches-in-healthcare... · Data Breaches in Healthcare: Responding to the Growing

Documents
LTE Rhodes

LTE Rhodes

Documents
Protecting Company Confidential or Proprietary Information in the ... · Data Breaches • The number of breaches continues to rise • Federal enforcement of breaches escalatesFederal

Protecting Company Confidential or Proprietary Information in the ... · Data Breaches • The number of breaches continues to rise • Federal enforcement of breaches escalatesFederal

Documents
Rhodes Framework

Rhodes Framework

Technology
Rhodes Overview

Rhodes Overview

Technology
James Rhodes

James Rhodes

Documents
Notifiable Data Breaches Quarterly Statistics Report · 31.12.2018 · Notifiable Data Breaches Quarterly Statistics Report . February 2019 12 . oaic.gov.au . System fault breaches

Notifiable Data Breaches Quarterly Statistics Report · 31.12.2018 · Notifiable Data Breaches Quarterly Statistics Report . February 2019 12 . oaic.gov.au . System fault breaches

Documents
Payments Data Security Breaches and Oil Spills: What

Payments Data Security Breaches and Oil Spills: What

Documents
Mythical Rhodes

Mythical Rhodes

Documents
Rhodes College Strategic Plan APPROVED College Strategic Plan APPROVED.pdfA Strategic Plan for Rhodes College 2020-2030 The Rhodes Vision Rhodes College aspires to graduate students

Rhodes College Strategic Plan APPROVED College Strategic Plan APPROVED.pdfA Strategic Plan for Rhodes College 2020-2030 The Rhodes Vision Rhodes College aspires to graduate students

Documents
Pub47 Rhodes

Pub47 Rhodes

Documents
Data Breaches Article

Data Breaches Article

Documents
Kaseya Kaspersky Breaches

Kaseya Kaspersky Breaches

Documents
Greeka guide to Rhodes - Icicte · 2010. 10. 19. · Rhodes p 2/14. Map of Rhodes Organize your trip to Rhodes. Greeka.com can also help you organize your entire holiday in Rhodes

Greeka guide to Rhodes - Icicte · 2010. 10. 19. · Rhodes p 2/14. Map of Rhodes Organize your trip to Rhodes. Greeka.com can also help you organize your entire holiday in Rhodes

Documents
Protecting Consumer Information: Can Data Breaches Be ... › meetings › IF › IF17 › 20140205 › ... · Data Breaches in the United States Unfortunately, data breaches are

Protecting Consumer Information: Can Data Breaches Be ... › meetings › IF › IF17 › 20140205 › ... · Data Breaches in the United States Unfortunately, data breaches are

Documents
RHODES TP FEB 2014 Digital - Rhodes Food Group | Food

RHODES TP FEB 2014 Digital - Rhodes Food Group | Food

Documents
Rhodes Hilton

Rhodes Hilton

Documents
1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector

1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector

Documents
Preventing Data Breaches

Preventing Data Breaches

Technology
Rhodes Greece

Rhodes Greece

Documents
Rhodes 1964

Rhodes 1964

Documents
Travers Rhodes

Travers Rhodes

Documents