NEW ARTICLE OFFERS STRATEGIES FOR MANAGING EQUIFAX BREACH
Earlier this fall, the Equifax data breach exposed the personal information of 145.5 million people and raised
questions for banks about their relationships with the credit reporting bureaus. The latest article from the ABA
Banking Journal’s “Third-Party Tactics” series provides regulatory perspective on how banks should approach
the Equifax data breach from a third-party risk management perspective.
ABA’s Krista Shonk and Nessa Feddis recap key takeaways from ABA’s recent meeting with regulatory staff on
the data breach. They encourage bankers to conduct a careful analysis of the effects of the breach, enhance
monitoring activities, anticipate credit report freezes by customers and take the opportunity to update the bank’s
identity theft red flag programs.
While the federal banking agencies do not intend to influence banks’ decisions about whether to end
relationships with the credit bureaus, banks should consider several favors when evaluating their third-party
relationship with Equifax and carefully document their rationale, Shonk and Feddis note. Read more.
VISA WARNS ON NEW PHISHING ATTEMPT VECTOR
Visa has issued a notice alerting card issuers to “multiple cybercriminal threats” exploiting the Dynamic Data
Exchange, or DDE, protocol in phishing attempts. Microsoft has issued its own security advisory that provides
guidance on securing Microsoft applications when processing DDE fields, which enable messages to be sent
between Microsoft applications.
“A malicious cyber actor could leverage the DDE protocol when delivering specially crafted files to users through
phishing and web-based downloads, and [Visa] strongly recommends that users exercise caution when opening
suspicious files,” Visa said. The Visa alert includes information on securing Microsoft applications and avoiding
risk of phishing exposure. Read the alert.
FLAW DISCOVERED IN WI-FI NETWORK ENCRYPTION
A recent blog by the Federal Trade Commission provides an overview of the threat associated with the Key
Reinstallation Attack (Krack) wi-fi vulnerability – a security flaw in the WPA2 encryption standard that could allow
cybercriminals to interfere and intercept network traffic between routers and their connected devices.
The blog states that device manufacturer and software companies are developing patches and updates for the
flaw; however, the agency provides several tips that users can take in the interim to enhance online security and
protect sensitive information. The tips include:
Keep up with and install current updates for software and devices, including smartphones, computers,
and any Io T devices;
Avoid sending sensitive information over public Wi-Fi, whether or not it’s encrypted;
Before entering sensitive information at a website, ensure the address starts with “HTTPS” which
indicates the site is encrypted; and
Consider using a Virtual Private Network app or service.
SURVEY: SHARE OF BUSINESSES REPORTING FRAUD ATTEMPTS
JUMPS 58 PERCENT
The number of companies reporting fraud attempts leaped from 42 percent in 2016 to 67 percent in 2017,
according to an annual fraud study by fraud prevention vendor IDology. Just six percent saw fraud decline