The Credit Union National Association recently reported that, in the month of October alone, more than 650,000 customers joined credit unions – which is roughly equal to all of the customers that moved in 2010 combined. Is this the return of the thrift bank?

It’s fair to say that last week’s Bloomberg article, claiming that banks in the US are charging their clients for up to $1 billion of losses incurred through online banking fraud, has provoked a frenzied reaction from those in our field. While much of what the article covered was well-known to us already, with many [...]

Did you hear about the unfortunate heist in Eliot, ME in the US, earlier this month? As reported by blogger-turned-detective @briankrebs, computer crooks in Eastern Europe stole $28,000 from the New England town of Eliot in Maine. Brian Krebs alerted the town controller to the possibility that its accounts were being emptied as money was [...]

Last week I blogged about how the new Federal Financial Institutions Examination Council (FFIEC) guidelines were highly welcome and outlined what issues they would help address. Today I am continuing with the series on these guidelines by outlining what else they could (and perhaps should) have included.

A fortnight ago, I speculated on the next set of Federal Financial Institutions Examination Council (FFIEC) guidelines, and what they might mean for security and authentication in the online banking industry. Last week, these guidelines were finally unveiled.

In two consecutive weeks we saw headlines made by customer versus bank lawsuits relating to cybercrime. One judge ruled that questions and answers were good enough to protect the customer. Then, a separate judge rules that the bank should have detected a mere 100 wire transfers from an account after IDs, passwords, and its OTP token password were compromised. Who was right?

Several weeks of harsh headlines explaining the tough battle of customers versus bank lawsuits and cybercrime.
In early June, a court in Maine ruled in favor of Ocean Bank in an ACH fraud lawsuit, stating that, “having verified IDs, passwords and requested challenge response questions, it acted in good faith by processing the ACH payments and Patco (the customer) was to blame for letting its details become compromised.” Recently, however, it appears that the opposite has occurred, when a ruling from a Texan judge favored the business which had been the victim of fraud.

This week’s data breach at Citibank, which appears to have compromised the personal details of up to 200,000 consumers, was followed on Monday by a reported hack at the International Monetary Fund (IMF). Serious incidents at two of the world’s most high-profile financial institutions within a matter of days of one another has once again highlighted the need for new legislation to govern online financial services