Author: seth

I know bankers are, tired of paying tens of thousands of dollars a month on debit card fraud. Well this multi-factor authentication tool from MasterCard claims purchases over the internet will be as secure as POS purchases….well let’s just say less risky.
It works like this: The cardholder dips the card into a handheld reader and enters a PIN. If the PIN and card match-up the handheld reader gives the cardholder a one-time pass code. This pass code is sent to the card issuer over the merchant’s website for authentication.
Of course, this will all take some time to implement, but “Card not Present� transactions are roughly half the disputes from debit cards according to this post from Financial Times. How does saving half of all your disputed transaction losses from fraud sound?
I have a feeling there will be a lot more of these types of card authentications coming out soon. They may already be out there and I just don’t know about them. Start researching an authentication mechanism that works for your institution and user base. It may even be a regulatory requirement in the future (multi-factor for purchases on the internet).
Finally, the bottom of MasterCard’s page also claims that it can be connected to any device. Maybe this would be a great way to introduce mobile banking on cell phones, multi-factor for phone banking or a true multi-factor authentication with your online banking. No more verifying a picture you chose about 9 months ago, but actually using something you have (the bankcard) and something you know (a password). But, that is a whole other rant.
That is my little glimpse into the future of payment cards, but I’m not a banker so I can’t implement anything like this. I do wish my bank had a smart card. I would be all over it.

When the word ‘audit’ or ‘auditor’ is used in a sentence there is often an immediate cringing effect that happens in our minds. People have learned to fear the audit and as such, auditors. We have found this to be true in our line of business; we are constantly being categorized as auditors. People immediately get nervous when we starting asking questions for fear that the next answer will have them fired. THIS IS NOT THE CASE!

It has always been an on-going fight to help people understand that we are more consultants than auditors. Our goal is NOT to judge or get people in trouble, but to improve policies and procedures for the security of the employees, banks, and ultimately, their customers. So like we tell all of our clients, “We’re the good guys here. We’re here to help.“

The most popular antivirus applications on the market are rendered useless by around 80 percent of new malware, according to AusCERT.

Ran across this article today on BankInfoSecurity.com and reminded me that we have seen this simple scam recently too. At banks where we have seen this it looks like the phishers are just finding phone numbers in the phone book or local directories, picking a financial institution and calling all the people in the phone book, even if they aren’t the bank’s customers. The call is automated and sounds something like this…

“Hello, we are calling on behalf of (Insert FI Name Here) and want to confirm some recent purchases posted to your account. Will you please type in your PIN and Debit Card number with the 10 Digit keypad…..”

This doesn’t work for many accounts, but all they need to do is have two successful hits and it pays for itself. The calls come from a hosted data center, and can be shut down fairly easily by the FBI, but are rarely tracked back to the fraudsters. The calls are usually shut down within a few hours at no cost to the financial institution, unless some customers fell for it.

This article from InformationWeek is about Manufactoring. But, the principles apply to any organization attempting to increase their effectiveness with customers, vendors, partners, and other internal business units According to this article by Mary Hayes Weier, Manufactoring is ahead of the game.

Have you ever heard of a DiSC assessment? It’s a test that gives you insight into your communication style. Through our HR company we recently all took the test and sat down for a training/analysis session to talk about the different styles and what it means to us. Here’s a crash course on the different communication styles:

From: TechWeb Business Technology Site

From BankInfo Security.com…

So here’s the deal. I really like Twitter but I also think it is a huge time waste. I’m gonna breakdown the pros and cons of it and see what I come up with.

This is a series of posts from The Garland Group consultants from the road. Due to our wide range of clients, trends emerge and we want to share those insights with you.

This bit below is a from a blog i ran across a few days ago while doing a little project management research online.