As many of you know RiskKey has value beyond Risk Assessments and Controls Reviews… it can also be used for managing certain projects… especially those related to compliance.  Mortgagebot is an industry leader in facilitating online mortgage applications.  They use RiskKey to manage responses to various exams and controls reviews.  All issues that Mortgagebot feels need a response will receive a corresponding recommendation.  This allows them to assign individuals responsible, detail strategic plans and mitigating strategies for identified risks, and manage deadlines.  RiskKey helps them stay on top of this by generating alerts as deadlines come due, and providing a centralized dashboard and snapshot of each project’s progress.

Could you use RiskKey?  Details here!

USB flash drives are a very important part of our day-to-day activities. When a network is down, it provides an alternate method to copy/exchange files between computers.  But in the strange world we live in, there is something dark underneath in any great invention, and there is no difference here. The great USB memory stick can be used by bad guys & gals for abusive practices. Not only is your network security at risk here, but your private or sensitive data can simply vanish out of your well protected private network to the wild world out there; who knows how it is going be used. Look at it this way, even if I am an employee of the institution, I can simply bring a contaminated USB memory stick and plug it into my network connected PC, and soon enough, the potential that the whole network could be infected with virus, worms or other unwanted malware skyrockets.  The funny thing here is that the user may not be aware of what has happened here. Also, if the user is a bad person then on the way home he/she can take a copy of your highly guarded financial data! 

The risks are enormous here, but we need to have a great balancing act between business needs and security, as both go hand-in-hand.  In my opinion, the strategy should be based on one of the basic security principles; users should be given authorizations to services such as USB drives, CD/DVD, registry access etc. based on business needs as well as on the least privilege principle. This way you can minimize the potential security risks and continue to keep your business safe from intrusion!

Here is an article that explains how you could disable devices through Microsoft Active Directory Group Policy. Enjoy!

Just recently a news headline screamed “Customers flock to iPhone banking!” I immediately thought the only way a bank could do this is through collaboration and partnering with third parties. Institutions that fail to understand this are leaving money on the table. After a recent chat with a financial institution I fear that many are still missing the new markets, new offerings and new bottom-line that collaboration delivers.

Our customers dictate the way we sell, the way we market, the way we do business. Our Gen Y customers insist on immediate: instant messaging, instant communication, instant customer service and instant banking. So banking as usual is far from the answer. I understand that financial institutions are conservative, not early adopters, and are hesitant in their approach to new product development; however, in today’s economy we cannot say “that’s just the banking industry.” FIs must push past the norm and push the envelope to take their institution to the next level. Collaboration opens this door and provides the vehicle you need to operate more efficiently, make better business decisions, gain business agility, and impact your bottom line.

New Markets
Collaboration gives FIs a wider market reach and access to a customer base that thrives on instant. Embracing social networks, putting banking centers in supermarkets, and mobile applications all help banks and credit unions attract and keep today’s customer. According to ABI Research around 407 million people worldwide will carry out financial transactions with their banks using their mobile phones in 2015.

New Offerings
Financial institutions can gain a competitive edge by bringing new innovative ideas to their product offerings, delivery methods, and customer service. Though research and development and innovation may not be their forte, FIs can partner with innovative third party companies to differentiate their offerings, and faster. In addition, social media and transparent borders allow for a global pool of shared ideas. We can learn a lot from the Asia-Pacific region with their 52.2 million mobile banking subscribers in 2009.

New Bottom-Line
New markets, new offerings and the reduced cost that collaboration brings directly impacts your bottom-line. Research done by Business Week showed that collaboration directly impacts a FI’s bottom line. 49% of FIs surveyed declared that their profitability increased with collaboration while 47% said their revenue growth increased.

So, FIs I urge you to step outside the box. Make collaboration a part of your culture and rub shoulders with cutting edge companies outside your region and even outside your industry. And if you have already taken the bull by the horn, do share with us all your successes and struggles.

To learn more about collaboration and how to incorporate into your culture click here!

It seems like we say it at least every other week, “The only fraud we’ve seen for online banking has been compromises at commercial customer sites.” And is evidenced by two breaches of high profile banks out of Dallas over the past month.

Plains Capital Bank had a breach at one of their customer’s sites, resulting in over $800,000 being transferred out of the bank and they turned around and sued their customer. PCB may get all their money back, but who wants to pay those court fees, lose a customer and fight that PR battle?  In the other breach, the customer is suing Comerica and claiming that Comerica exposed them to phishing schemes. I’m anxious to see what happens in these cases and if banks and customers will turn lawsuits against each other over online banking breaches into a habit.

I mention these cases because they are the only ways that we have seen online banking accounts compromised over the past year or so, and it is becoming more prominent. Several of our clients have been breached by having their cash management customers credentials breached by either a keylogger, trojan, or rogue employee. I’d like to say that they can all be solved with a solid multi-factor authentication implementation, but the Bugat Trojan has found a way to circumvent Random Number Generating tokens.

There are still great risk mitigating ways to prevent your customer’s sites from being compromised including…

I believe this all goes to show banks that picking who you choose to do business with and properly training appropriate customer’s staff and cash management administrators can save bankers a lot of heartache.  And from having to sue their customer.