Internetbanking security-info-sharing
0 likes436 views
The document discusses information sharing related to internet banking security within the financial sector in Belgium. It describes how banks work with the National Bank of Belgium and cybersecurity organizations through working groups and annual/ad hoc meetings to share security information under non-disclosure agreements. The information sharing aims to better understand vulnerabilities and threats in order to assess risks and mitigate them through coordinated measures. The financial sector website safeinternetbanking.be provides the public with tips to help secure their online transactions and banking activities.
Internetbanking security-info-sharing
- 1. The financial sector experience with information sharing Patrick Wynant Manager Banking Operations Febelfin B-CCENTRE | 28 March 2012
- 2. AGENDA 1. Context 2. Interbank 3. External B-CCENTRE | 28 March 2012 | 2
- 3. Internetbanking in Belgium • Simple, quick, comfort, cheap... > popular and growing • Attractive target for cybercrime • Risks: financial, reputation, continuity… • Maintain trust in this distribution channel 3
- 4. Why should we (not) share information? - Sharing of vulnerabilities is ‘not done’ - Can I trust the information receiver? - What happens with my information? … + understand better the potential vulnerabilities, threats & attacks + assess the impact of incidents + mitigate these threats and risks with (sector wide) measures + …save money >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> • Delicate balancing act • Reciprocity - Win-win B-CCENTRE | 28 March 2012 4
- 5. Internetbanking security information sharing in Belgium • Working Group: • banks + Isabel + NBB (supervisor) + FCCU • Recurrent + adhoc meetings + Task forces • Forum of all banks: yearly + adhoc infosessions • NDA - Disclosure classification: green/amber/red • Alert communication channel: • Anonymous (filter) email to list of subscribers • Template with structured data on new/evolving threat • No personal data (compliance with privacy regulations) • CERT.be • Belgian Cybercrime Centre of Excellence for Training, Research & Education (B-CCENTRE) B-CCENTRE | 28 March 2012 5
- 6. Financial cybercrime information sharing in Europe • WG IT Fraud in European Banking Federation • ISSG Fraud Information Sharing Expert Group (CISEG) in European Payments Council (EPC) • Financial Institutions - Information Sharing and Analysis Centre (FI-ISAC) - Europe B-CCENTRE | 28 March 2012 6
- 7. External information sharing > New website (1/12/2011) www.safeinternetbanking.be www.internetbankierendoeikveilig.be www.labanqueparinternetentoutesecurite.be B-CCENTRE | 28 March 2012 |7
- 8. Internetbanking fraud statistics • Internetbanking is very secure: # frauds / # sessions = 0,00002 % • Re-imbursement (except if proven that payer has acted fraudulently) B-CCENTRE | 28 March 2012 8
- 9. The fraudster at work 5 fraud vectors B-CCENTRE | 28 March 2012 |9
- 10. Security, an issue for my bank? Veiligheid, een zaak van mijn bank ? Wat de bank zoal doet om zowel internetbankieren als betalen via het internet zo veilig mogelijk te laten verlopen is terug te vinden onder de rubriek “veiligheid, een zaak van mijn bank”. B-CCENTRE | 28 March 2012 | 10
- 11. Security, also my business/concern? Veiligheid, ook mijn zaak ? De site zet bovendien alle tips op een rijtje waarmee de consument zelf kan bijdragen aan de veiligheid van zijn online transacties. Deze tips & tricks zijn terug te vinden onder de rubriek “veiligheid, ook mijn zaak”. B-CCENTRE | 28 March 2012 | 11
- 12. External information sharing > Press • Febelfin press releases (‘malware’) : • 18 August 2011 • 26 September 2011 Le Soir, • Press in January 2012 19 augustus 2011 • Phishing 9 March 2012 Mon argent, 4 november 2011 La Libre Belgique, 4 januari 2012 Het Nieuwsblad,10 maart 2012 B-CCENTRE | 28 March 2012 | 12 De Tijd, 3 januari 2012