Authentication, Financial Services and Privacy - Information Management Today

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Customer authentication For the past 15 years, e-commerce has increased as a percentage of all retail sales.

Authentication

Authentication Communications Financial Services Retail

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Multifactor Authentication. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

implement stronger authentication solutions, such as multi-factor authentication. implement a privileged access management (PAM) system that is reasonable and appropriate to reduce the risk of unauthorized access to privileged accounts pursuant to the HIPAA Privacy Rule. 45 CFR 164.308(a)(5)(i).

Cybersecurity

Cybersecurity Privacy Insurance Risk

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

These recommendations are further detailed below, but two to note in particular: The Advisory recommends that organizations “require multi-factor authentication for all users, without exception.” Require multi-factor authentication (MFA) for all users. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. When it comes to alternative asset trading, protecting investor data is of critical importance.

IT

IT Encryption Risk Financial Services

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Authentication code.

Authentication

Authentication Paper Risk Insurance

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication. Security & Compliance for SAP Data in Financial Services. Stay tuned! Data Security.

Compliance

Compliance Cloud Security Financial Services

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Ensuring end-to-end Protection To achieve total data privacy assurance, a key component is confidential computing and cryptography.

Encryption

Encryption Data Privacy Compliance Cloud

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Other Notable Changes. The proposed changes would amend the Rule to reflect this change.

Privacy

Privacy IT Information Security Insurance

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the AG concluded that EyeMed’s security practices did not meet the requirements of the SHIELD Act with respect to four requirements: authentication, password management, logging and monitoring, and data retention in the email account. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 The NYDFS’s consent order notes that EyeMed’s failure to comply with the Cybersecurity Regulation left EyeMed vulnerable to threat actors.

Cybersecurity

Cybersecurity Financial Services Risk Phishing

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Underscoring this trend, Uber was recently hacked — through its authentication system. The best possible answer is coming from biometrics-based passwordless, continuous authentication.

Authentication

Authentication Passwords Artificial Intelligence Financial Services

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

So, we can call this a Facebook privacy facepalm legacy attack. It’s a sad state of Facebook privacy news fatigue that the urge is so strong to create privacy fail sub-categories—but there you have it. The information is at least a year old, which was when Facebook stopped allowing developers to have user phone numbers.

Mining

Mining Authentication Financial Services Privacy

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. Here’s what you need to know about how they work, and how you can stay safe. .

IT

IT Passwords Authentication Data Privacy

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

SSL and TLS come into play in the form of digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

Security

Security Encryption Authentication Financial Services

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

AIIM

OCTOBER 15, 2018

In North America, e-signatures are based on multiple authentication aspects with a focus on knowledge-based authentication which cannot be applied in EU due to much stricter privacy regulations. Go for a holistic four-dimensional requirements analysis. This is a “must have” to comply with anti-money laundering requirements.

Compliance

Compliance Insurance Digital transformation Authentication

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data sovereignty also encompasses the rights and regulations governing data storage, processing, and transfer and often intersects with privacy, security, and legal considerations. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

The Many Challenges of a Multi-Cloud Business Environment

Thales Cloud Protection & Licensing

OCTOBER 27, 2021

As a result, nearly half (46%) of global respondents agree that ‘it is more complex to manage privacy and data protection regulations in a cloud environment than on-premises’. Financial services, media and transportation highlighted encryption as the most popular option, while MFA was listed first by technology respondents.

Cloud

Cloud Encryption Financial Services Authentication

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

In Case You Missed It: Money 20/20 Conference Highlights

Thales Cloud Protection & Licensing

NOVEMBER 2, 2017

The conference features a variety of topics and sessions regarding all aspects of financial services, from cryptocurrency to banking. Three topics that piqued my interest at the 2017 show included authentication, blockchain and digital payments. Authentication.

Blockchain

Blockchain IT Authentication e-Delivery

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

Its account and transaction processing systems power the Web sites for hundreds of financial institutions — mostly small community banks and credit unions. In August 2018, in response to inquiries by KrebsOnSecurity , Fiserv fixed a pervasive security and privacy hole in its online banking platform.

Security

Security Passwords Financial Services Sales

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

In principle, a statutory “signature” requirement can be met by using a private key intended to authenticate a document, and a statutory “in writing” requirement can be met in the case of a smart contract whose code element is recorded in source code. Available at [link]. 13 BIS – “Statement on crypto-assets,” March 13, 2019.

Blockchain

Blockchain Financial Services Healthcare Marketing

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

In principle, a statutory “signature” requirement can be met by using a private key intended to authenticate a document, and a statutory “in writing” requirement can be met in the case of a smart contract whose code element is recorded in source code. Available at [link]. 13 BIS – “Statement on crypto-assets,” March 13, 2019.

Blockchain

Blockchain Financial Services Healthcare Marketing

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected 2 billion users. If you’ve made reservations at the St.

Financial Services

Financial Services Encryption Passwords Communications

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

The post DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats appeared first on Data Matters Privacy Blog.

Cybersecurity

Cybersecurity Insurance Risk Compliance

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

Hacking collectives are very proficient at “exploiting weak authentication schemes to gain persistence inside of a targeted network,” Sherman says. In one very recent caper, the attackers targeted the CFO of a financial services firm, as he worked from home, Sherman says.

IoT

IoT Passwords Artificial Intelligence Risk

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

eSecurity Planet

FEBRUARY 26, 2024

For example, if a threat actor writes a malicious script on a financial services company’s web server on a page where users input their financial data, the threat actor can steal that data every time someone uses the page. While few attacks will be obvious, watch carefully for those that are.

Risk

Risk Financial Services Security Libraries

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

NOVEMBER 17, 2020

Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Enable two-factor authentication.

Retail

Retail e-Delivery Passwords Phishing

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

What authentication methods does the provider support? Additionally, multi-factor authentication (MFA) can further reduce the risk of malicious actors gaining access to sensitive information, even if they manage to steal usernames and passwords. What are the results of the provider’s most recent penetration tests?

Cloud

Cloud Security Encryption Risk

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and Privacy Rule. Proposed Changes to the Privacy Rule.

Privacy

Privacy Risk Cybersecurity Information Security

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

Turning Aspiration into Action to Protect Financial Institutions

Thales Cloud Protection & Licensing

DECEMBER 4, 2019

Data security professionals also make ambitious plans, but implementation rates are too low – a key finding in the 2019 Thales Data Threat Report-Financial Services Edition. Here’s a look at four common issues highlighted in the 2019 Thales Data Threat Report-Financial Services Edition and tips for overcoming them.

Financial Services

Financial Services Encryption Cloud Digital transformation

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Onfido, a London-based company, offers photo-based IDV services for businesses. Financial service providers, car rentals, and many other suppliers that need to confirm customer identities employ similar third-party services. Only the service provider knows which user or piece of data a specific token represents.

Personal data

Personal data Phishing Data breaches Passwords

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance).

Authentication

Authentication Access Risk Financial Services

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member. To combat this scam Zelle introduced out-of-band authentication with transaction details.

IT

IT Passwords Authentication Phishing

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Biometric information that is used to authenticate or ascertain the individual identity.

Security

Security Financial Services Passwords Risk

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

News Alert: W3C advances technology to streamline payment authentication

Trending Sources

NYDFS Amends Cybersecurity Rules for Financial Services Companies

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Navigating the digital wave: Understanding DORA and the role of confidential computing

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

New York SHIELD Act $600,000 settlement

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

NYDFS Cybersecurity Regulations: A glimpse into the future

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

What is credential stuffing? And how to prevent it?

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

Tackling Data Sovereignty with DDR

The Many Challenges of a Multi-Cloud Business Environment

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

In Case You Missed It: Money 20/20 Conference Highlights

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Marriott Breach: More than 500 Million Guest Affected

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

NYDFS settles with EyeMed for $4.5 million

Transition period under New York Cybersecurity Regulation ends March 1, 2019

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

50 Ways to Avoid Getting Scammed on Black Friday

Top 12 Cloud Security Best Practices for 2021

New York Updates Cybersecurity Regulation for Financial Institutions

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Turning Aspiration into Action to Protect Financial Institutions

Popular apps left biometric data, IDs of millions of users in danger

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

New York’s Breach Law Amendments and New Security Requirements

Stay Connected