SlideShare uma empresa Scribd logo

Touchpoints and security

Mohan Datar
Mohan Datar

This presentation discusses the security risks and possible mitigation for customer touch points of banks

TecnologiaNegócios
1 de 55
Baixar para ler offline
Customer Touch Points & Security Concerns By Mohan Datar 9th May 2013 BSE Institute Mumbai By Mohan Datar 9th May 2013
Agenda • About Customer Touch Points • What are Basic Security Concerns or Risks • Security Concerns at Different Touch Points • What are Basic Risk Mitigation Measures • Risk Mitigation at Different Touch Points • Some Regulatory Measures • Q & A • About Customer Touch Points • What are Basic Security Concerns or Risks • Security Concerns at Different Touch Points • What are Basic Risk Mitigation Measures • Risk Mitigation at Different Touch Points • Some Regulatory Measures • Q & A
What are customer Touch Points? • A Point Where – customer Touches a Bank Or Bank Touches a Customer For – Service Access or Service Delivery • Examples of Services – Exchange of Information – Transactional – Relationship Development / management • A Point Where – customer Touches a Bank Or Bank Touches a Customer For – Service Access or Service Delivery • Examples of Services – Exchange of Information – Transactional – Relationship Development / management 3
What are customer Touch Points? • Examples of Physical Touchpoints 4
What are customer Touch Points? • Examples of Other Touchpoints – Relationship Manager – Call Center – Cheques, Receipts, Account Statements – Events – Offerings – E-mails – Other correspondence • Examples of Other Touchpoints – Relationship Manager – Call Center – Cheques, Receipts, Account Statements – Events – Offerings – E-mails – Other correspondence 5
Why So Many customer Touch Points? • Technology Driven Causes – Rapid Innovation – Rapid Penetration in to all segments of Society – Rapid Adoption by Variety of Businesses and Government • Business Driven Causes – Drastic Reduction in Cost of Services – Competitive Pressures – Real Danger of Elimination • Technology Driven Causes – Rapid Innovation – Rapid Penetration in to all segments of Society – Rapid Adoption by Variety of Businesses and Government • Business Driven Causes – Drastic Reduction in Cost of Services – Competitive Pressures – Real Danger of Elimination 6
What are Basic Security concerns of Banks and Customers? • THEFT AND • DESTRUCTION • THEFT AND • DESTRUCTION 7
What are Basic Security concerns of Banks and Customers? • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION 8
Some Recent Examples 9
Some Recent Examples Date Sr no. Security Breach Example 28-02-2013 1 14 GB of Bank of America Data hacked. It contained sensitive information about hundreds of thousands of its employees, globally. 2 Botnets are being legally sold on Internet for as low as $25 for 1000 hosts 10 2 Botnets are being legally sold on Internet for as low as $25 for 1000 hosts 06-03-2013 3 Websites of Czech Central Bank and Stock Exchange crippled by brute force DDOS attack 4 NY police announce that cyber crime is the fastest growing crime in NY (more than 50%) Largest no. of crimes consist of - Rigging of ATMs - Card Skimming
Some Recent Examples Date Sr no. Security Breach Example 06-03-2013 5 According to HP, mobile phones vulnerabilities rose significantly (68%) from 2011 to 2012 6 Following are highly vulnerable: - Mobile phone payments - Tap and Pay ‘Near Field communication’ (NFC) - Digital Wallets ( Source: Samsung, Blackberry, Mcafee) 11 Following are highly vulnerable: - Mobile phone payments - Tap and Pay ‘Near Field communication’ (NFC) - Digital Wallets ( Source: Samsung, Blackberry, Mcafee) 08-03-2013 7 Mr Rajesh Aggarwal, IT secretary, Government of Maharashtra ordered PNB to pay Rs45 Lakhs to Mr Manmohansingh Matharu, MD, Poona Auto Ancillaries as he lost Rs80L by responding to a phishing email
Some Recent Examples Date Sr no. Security Breach Example 11-03-2013 8 Reserve Bank of Australia’s networks were hacked repeatedly. It was found to be infiltrated by Chinese malware. 9 Two tech savvy brothers from Mumbai, Mr Fazrur Rehman(26) and shahrukh(23); both college dropouts; arrested for Rs 1 cr e-fraud by Mulund Police. They managed to transfer Rs 1cr from the current a/c of a cosmetics co. to 12 different bank a/cs within 45 minutes, using just a smartphone.. 12 Two tech savvy brothers from Mumbai, Mr Fazrur Rehman(26) and shahrukh(23); both college dropouts; arrested for Rs 1 cr e-fraud by Mulund Police. They managed to transfer Rs 1cr from the current a/c of a cosmetics co. to 12 different bank a/cs within 45 minutes, using just a smartphone..
Some Recent Examples Date Sr no. Security Breach Example 27-03-2013 10 A new Malware called ‘Dump Grabber’ scans the memory of POS and ATMs, captures track1 and track 2 data and sends to a remote server. The Malware can be installed remotely It has affected all major US banks such as Chase, Capitol one, Citibank, Union Bank of California etc. 13 A new Malware called ‘Dump Grabber’ scans the memory of POS and ATMs, captures track1 and track 2 data and sends to a remote server. The Malware can be installed remotely It has affected all major US banks such as Chase, Capitol one, Citibank, Union Bank of California etc. 28-03-2013 11 Cyber attacks meant for ‘Destruction’ rather than ‘Disruption’ American Express customers could not access their accounts today for 2 hrs. Last week it happened to J P Morgan Chase. 32,000 computers of South Korea banks were incapacitated last week.
Some Recent Examples Date Sr no. Security Breach Example 25-04-2013 12 A new virus has been found to be spreading widely in Indian cyberspace. It cleverly steals, bank account details, and passwords. This advisory was issued by CERT-IN today. (Computer Emergency Response Team – India) 14
My PC Report on 8th May, 2013
What are Basic Security concerns of Banks and Customers? • THEFT – DATA • Credentials • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases • THEFT – DATA • Credentials • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases 16
What are Basic Security concerns of Banks and Customers? • THEFT – RESOURCES / ASSETS • Customer Cash • Bank Cash • Instruments • Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets • THEFT – RESOURCES / ASSETS • Customer Cash • Bank Cash • Instruments • Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets 17
What are Basic Security concerns of Banks and Customers? • DESTRUCTION – DATA • Web sites and Portals • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases • DESTRUCTION – DATA • Web sites and Portals • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases 18
What are Basic Security concerns of Banks and Customers? • DESTRUCTION – RESOURCES / ASSETS • Customer Cash • Bank Cash • Blank Instruments • Blank Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets • DESTRUCTION – RESOURCES / ASSETS • Customer Cash • Bank Cash • Blank Instruments • Blank Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets 19
What are Basic Security concerns of Banks and Customers? • DESTRUCTION – REPUTATION • Reliability • Availability • Credibility • Goodwill • Defamation ( defaced portals, redirected to porn sites etc) & • Privacy • DESTRUCTION – REPUTATION • Reliability • Availability • Credibility • Goodwill • Defamation ( defaced portals, redirected to porn sites etc) & • Privacy 20
Recap of Basic Security concerns of Banks and Customers • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION 21
Security concerns at Touch points - ATM 22
Security concerns at Touch points - ATM THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Card Data Account Balances - - Money - Equity - Units - etc Debit Card Credit Card Cash - - Customer - Bank ATM Other Fixures ATM ATM Center Cash - Bank Other Fixtures Credentials Card Data Account Balances - - Money - Equity - Units - etc Debit Card Credit Card Cash - - Customer - Bank ATM Other Fixures ATM ATM Center Cash - Bank Other Fixtures 23
Security concerns at Touch points - POS THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Card Data POS Terminal POS Terminal Retailer credibility with Banks 24
Security concerns at Touch points – Net Banking THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Account Details Account Balances Other data from customer PC customer - Money - Equity - Units - etc Account Mis-use Individual Related Data Entire Databases Customer PC Data Bank's Portals Network Components Networks Ransomnets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill Credentials Account Details Account Balances Other data from customer PC customer - Money - Equity - Units - etc Account Mis-use Individual Related Data Entire Databases Customer PC Data Bank's Portals Network Components Networks Ransomnets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill 25
Security concerns at Touch points – MOBILES THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Account Details Account Balances Other data from customer mobile Cash from digital or mobile wallets customer - Money - Equity - Units - etc Account Mis-use Mobile unit SIM Cards Memory cards Individual Related Data Entire Databases Customer Mobile Data Bank's Portals Digital / mobile Wallets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill Credentials Account Details Account Balances Other data from customer mobile Cash from digital or mobile wallets customer - Money - Equity - Units - etc Account Mis-use Mobile unit SIM Cards Memory cards Individual Related Data Entire Databases Customer Mobile Data Bank's Portals Digital / mobile Wallets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill 26
Security concerns at Touch points – PAYMENT GATEWAY THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Account Details Account Balances Other data from customer PC Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill Credentials Account Details Account Balances Other data from customer PC Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill 27
Security concerns at Touch points – Bank Branch THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials (Signatures) Account Details Account Balances Cheques Cash - customer - Bank Safe Deposit Vaults Physical documents - FD Receipts - Shares / Debentures - etc Branch Data IT Infrastructure Other Branch infrastructure Safe deposit vaults Staff Customers Premises Reliability (SD Vaults) Availability (When reopen?) Credibility (Safe to visit?) Credentials (Signatures) Account Details Account Balances Cheques Cash - customer - Bank Safe Deposit Vaults Physical documents - FD Receipts - Shares / Debentures - etc IT Infrastructure Other Branch infrastructure Safe deposit vaults Staff Customers Premises Reliability (SD Vaults) Availability (When reopen?) Credibility (Safe to visit?) 28
Part 2 Basic Risk Mitigation Measures of Banks and Customers 29
What are Basic Risk Mitigation Measures of Banks and Customers? • PREVENTION AND • RECOVERY • PREVENTION AND • RECOVERY 30
What are Basic Risk Mitigation Measures of Banks and Customers? • PREVENTION – DETECTION – PREVENTION – UPDATION • RECOVERY – DATA – ASSETS – BUSINESS CONTINUITY – REPUTATION • PREVENTION – DETECTION – PREVENTION – UPDATION • RECOVERY – DATA – ASSETS – BUSINESS CONTINUITY – REPUTATION 31
Risk Mitigation Measures - Prevention • DETECTION – Physical Surveillance – Electronic Surveillance – Processes and Policies – Audits – Reviews – Logs & – Virus / Malware scans • DETECTION – Physical Surveillance – Electronic Surveillance – Processes and Policies – Audits – Reviews – Logs & – Virus / Malware scans 32
Risk Mitigation Measures - Prevention • PREVENTION – Anti Virus – Firewalls – Data Center Security – Application Architecture – Data Architecture – SSL Deployment – WAP / WPA2 Deployment – Anti card skimming devices / designs – Virtual Keyboards & – Technology Standards Compliances • PREVENTION – Anti Virus – Firewalls – Data Center Security – Application Architecture – Data Architecture – SSL Deployment – WAP / WPA2 Deployment – Anti card skimming devices / designs – Virtual Keyboards & – Technology Standards Compliances 33
Risk Mitigation Measures - Prevention • PREVENTION – SMS Alerts – OTPs – Multipart authentications – Multipart logins – KYC – Cash and Valuables Strong-room security – Cash in Transit Security & – Cash in ATMs Security • PREVENTION – SMS Alerts – OTPs – Multipart authentications – Multipart logins – KYC – Cash and Valuables Strong-room security – Cash in Transit Security & – Cash in ATMs Security 34
Risk Mitigation Measures - Prevention • PREVENTION – Processes and Policies • Dormant account management – Physical – Online • Card and PIN dispatches • Card and PIN storage • Password change policy • Password strength policy & • Regulatory standards compliances • PREVENTION – Processes and Policies • Dormant account management – Physical – Online • Card and PIN dispatches • Card and PIN storage • Password change policy • Password strength policy & • Regulatory standards compliances 35
Risk Mitigation Measures - Prevention • RECOVERY – DATA • Backups • Reconstruction • Recapture – ASSETS • Police • Replace • RECOVERY – DATA • Backups • Reconstruction • Recapture – ASSETS • Police • Replace 36
Risk Mitigation Measures - Prevention • RECOVERY – BUSINESS CONTINUITY • DR Site • Redundancy • Hot swappable Devices • DR and BC Policies • Trainings • simulations – REPUTATION • Publicity • Transparency • Speed of Action • Hard Decisions • RECOVERY – BUSINESS CONTINUITY • DR Site • Redundancy • Hot swappable Devices • DR and BC Policies • Trainings • simulations – REPUTATION • Publicity • Transparency • Speed of Action • Hard Decisions 37
Security and Role of Regulators • Who are the Regulators? • Why Are they concerned about Security? • Who are the Regulators? • Why Are they concerned about Security? 38
What are Basic Security concerns of Regulators? • Legal and regulatory issues • Security and technology issues • Supervisory and operational issues. • Impact on Monetary Policy • Legal and regulatory issues • Security and technology issues • Supervisory and operational issues. • Impact on Monetary Policy 39
What are Basic Security concerns of Regulators? • Legal and regulatory issues – The jurisdiction of law – Validity of electronic contract including the question of repudiation – Gaps in the legal / regulatory environment for electronic commerce. • Legal and regulatory issues – The jurisdiction of law – Validity of electronic contract including the question of repudiation – Gaps in the legal / regulatory environment for electronic commerce. 40
What are Basic Security concerns of Regulators? • Security and Technology Issues – Questions of adopting internationally accepted state of the art minimum technology standards for • access control, • encryption / decryption ( minimum key length etc), • firewalls, • verification of digital signature, • Public Key Infrastructure (PKI) etc. – The security policy for the banking industry, – Security awareness and education. • Security and Technology Issues – Questions of adopting internationally accepted state of the art minimum technology standards for • access control, • encryption / decryption ( minimum key length etc), • firewalls, • verification of digital signature, • Public Key Infrastructure (PKI) etc. – The security policy for the banking industry, – Security awareness and education. 41
What are Basic Security concerns of Regulators? • Supervisory and Operational Issues. – Risk control measures, – Advance warning system, – Information Technology audit – Re-engineering of operational procedures. – Whether the nature of products and services offered are within the regulatory framework and – Whether the transactions do not camouflage money-laundering operations. • Supervisory and Operational Issues. – Risk control measures, – Advance warning system, – Information Technology audit – Re-engineering of operational procedures. – Whether the nature of products and services offered are within the regulatory framework and – Whether the transactions do not camouflage money-laundering operations. 42
What are Basic Security concerns of Regulators? • Impact on Monetary Policy. – when and where private sector initiative produces electronic substitution of money like • e-cheque, • account based cards , • digital coins, • M-Wallets • Cash Cards • Non account based cards • e-money transfers with physical cash payments etc • Impact on Monetary Policy. – when and where private sector initiative produces electronic substitution of money like • e-cheque, • account based cards , • digital coins, • M-Wallets • Cash Cards • Non account based cards • e-money transfers with physical cash payments etc 43
Some Recent Policy Recommendations BY RBI Target Date Sr no. Security Breach Example 30-06-2013 1 All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer. Such cards enabling international usage will have to be essentially EMV Chip and Pin enabled. 44 30-06-2013 2 Issuing banks should convert all existing MagStripe cards to EMV Chip card for all customers who have used their cards internationally at least once (for/through e- commerce/ATM/POS)
Some Recent Policy Recommendations BY RBI Target Date Sr no. Security Breach Example 30-06-2013 3 Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry- Data Security Standards) and PA-DSS (Payment Applications -Data Security Standards) 45 Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry- Data Security Standards) and PA-DSS (Payment Applications -Data Security Standards) 30-06-2013 4 Banks should ensure that all acquiring infrastructure that is currently operational on IP (Internet Protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors / aggregators and large merchants
Some Recent Policy Recommendations BY RBI Target Date Sr no. Security Breach Example ASAP 5 Banks should move towards real time fraud monitoring system at the earliest. ASAP 6 Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card. 46 ASAP 7 Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card.
Some Recent Debit Card Recommendations BY RBI Target Date Sr no. Security Breach Example Immediately 1 Banks may issue only online debit cards including co-branded debit cards where there is an immediate debit to the customers’ account, and where straight through processing is involved. Immediately 2 No bank shall dispatch a card to a customer unsolicited, except in the case where the card is a replacement for a card already held by the customer. 47 No bank shall dispatch a card to a customer unsolicited, except in the case where the card is a replacement for a card already held by the customer. Immediately 3 The terms shall put the cardholder under an obligation not to record the PIN or code, in any form that would be intelligible or otherwise accessible to any third party if access is gained to such a record, either honestly or dishonestly.
Some Recent Debit Card Recommendations BY RBI Target Date Sr no. Security Breach Example Immediately 4 No cash transactions through the debit cards should be offered at the Point of Sale under any facility without prior authorization of Reserve Bank of India under Section 23 of the Banking Regulation Act, 1949. Immediately 5 The bank shall ensure full security of the debit card. The security of the debit card shall be the responsibility of the bank and the losses incurred by any party on account of breach of security or failure of the security mechanism shall be borne by the bank. 48 Immediately 5 The bank shall ensure full security of the debit card. The security of the debit card shall be the responsibility of the bank and the losses incurred by any party on account of breach of security or failure of the security mechanism shall be borne by the bank. Immediately 6 The banks should undertake review of their operations/issue of debit cards on half-yearly basis. The review may include, inter-alia, card usage analysis including cards not used for long durations due to their inherent risks.
Some Recent Debit Card Recommendations BY RBI Target Date Sr no. Security Breach Example Immediately 7 The role of the non-bank entity under the tie-up arrangement should be limited to marketing/ distribution of the cards or providing access to the cardholder for the goods/services that are offered. Immediately 8 The card issuing bank should not reveal any information relating to customers obtained at the time of opening the account or issuing the card and the co-branding non-banking entity should not be permitted to access any details of customer’s accounts that may violate bank’s secrecy obligations. 49 The card issuing bank should not reveal any information relating to customers obtained at the time of opening the account or issuing the card and the co-branding non-banking entity should not be permitted to access any details of customer’s accounts that may violate bank’s secrecy obligations.
RBI POLICIES • Ref documents – RBI Security Feb 28, 2013.pdf – RBI Guidelines Debit cards Dec 24, 2012 50
ATM Security standards Standard Security Breach Example PCI PTS POI Standard: PCI PIN Transaction Security Point of Interaction Security Requirements (PCI PTS POI) Version: 1.0 Date: January 2013 Author: PCI Security Standards Council PCI DSS PCI SSC Data Security Standard The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data 51 PCI DSS PCI SSC Data Security Standard The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data
ATM Security standards Standard Security Breach Example PCI PA-DSS PCI SSC Payment Application Data Security Standard This document is to be used by Payment Application-Qualified Security Assessors (PA- QSAs) conducting payment application reviews; so that software vendors can validate that a payment application complies with the PCI DSS Payment Application Data Security Standard (PA-DSS). This document is also to be used by PA-QSAs as a template to create the Report on Validation. 52 PCI SSC Payment Application Data Security Standard This document is to be used by Payment Application-Qualified Security Assessors (PA- QSAs) conducting payment application reviews; so that software vendors can validate that a payment application complies with the PCI DSS Payment Application Data Security Standard (PA-DSS). This document is also to be used by PA-QSAs as a template to create the Report on Validation.
ATM Security standards Standard Security Breach Example PCI PTS PCI PIN Transaction Security Standard This standard includes security requirements for vendors (PTS POI Requirements), device- validation requirements for laboratories (Derived Test Requirements), and a device approval framework that produces a list of approved PTS POI devices (against the PCI PTS POI Security Requirements) that can be referred to by brands’ mandates. The PCI PTS list is broken down into the following Approval Classes of devices: PIN Entry Devices (PEDs—standalone terminals), EPPs (generally to be integrated into ATMs and self-service POS devices), Unattended Payment Terminals (UPT), Secure Card Readers (SCRs), and Non-PIN- enabled (Non-PED) POS Terminals. 53 PCI PIN Transaction Security Standard This standard includes security requirements for vendors (PTS POI Requirements), device- validation requirements for laboratories (Derived Test Requirements), and a device approval framework that produces a list of approved PTS POI devices (against the PCI PTS POI Security Requirements) that can be referred to by brands’ mandates. The PCI PTS list is broken down into the following Approval Classes of devices: PIN Entry Devices (PEDs—standalone terminals), EPPs (generally to be integrated into ATMs and self-service POS devices), Unattended Payment Terminals (UPT), Secure Card Readers (SCRs), and Non-PIN- enabled (Non-PED) POS Terminals.
Q and A ???
THANK YOU

Recomendados

Consumer Learning (Consumer behavior)
Consumer Learning (Consumer behavior)Consumer Learning (Consumer behavior)
Consumer Learning (Consumer behavior)Mateen Altaf
 
Waking Up Dormant Customers
Waking Up Dormant CustomersWaking Up Dormant Customers
Waking Up Dormant CustomersDatranMike
 
2014년 안전행정부 업무보고
2014년 안전행정부 업무보고2014년 안전행정부 업무보고
2014년 안전행정부 업무보고SijunPark4
 
Retail Strategy 3
Retail Strategy 3Retail Strategy 3
Retail Strategy 3scoobylou
 
Service delivery and pricing
Service delivery and pricingService delivery and pricing
Service delivery and pricingAshish Awasthi
 
Sales Management Process
Sales Management ProcessSales Management Process
Sales Management ProcessDennis Antolin
 
Order Management
Order ManagementOrder Management
Order ManagementShalini Nandwani
 
Retail buying behaviour
Retail buying behaviourRetail buying behaviour
Retail buying behaviourSumit Malhotra
 

Recomendados

Consumer Learning (Consumer behavior)
Consumer Learning (Consumer behavior)Consumer Learning (Consumer behavior)
Consumer Learning (Consumer behavior)Mateen Altaf
 
Waking Up Dormant Customers
Waking Up Dormant CustomersWaking Up Dormant Customers
Waking Up Dormant CustomersDatranMike
 
2014년 안전행정부 업무보고
2014년 안전행정부 업무보고2014년 안전행정부 업무보고
2014년 안전행정부 업무보고SijunPark4
 
Retail Strategy 3
Retail Strategy 3Retail Strategy 3
Retail Strategy 3scoobylou
 
Service delivery and pricing
Service delivery and pricingService delivery and pricing
Service delivery and pricingAshish Awasthi
 
Sales Management Process
Sales Management ProcessSales Management Process
Sales Management ProcessDennis Antolin
 
Order Management
Order ManagementOrder Management
Order ManagementShalini Nandwani
 
Retail buying behaviour
Retail buying behaviourRetail buying behaviour
Retail buying behaviourSumit Malhotra
 
Omni channel presentation
Omni channel presentationOmni channel presentation
Omni channel presentationSubhajit Bera
 
Test Plan.pptx
Test Plan.pptxTest Plan.pptx
Test Plan.pptxChetanJadhav81
 
Analyzing Consumer Markets
Analyzing Consumer MarketsAnalyzing Consumer Markets
Analyzing Consumer MarketsNishant Agrawal
 
Analyzing Business Markets and Business Buying Behavior
Analyzing Business Markets and Business Buying BehaviorAnalyzing Business Markets and Business Buying Behavior
Analyzing Business Markets and Business Buying BehaviorVi-Ann Javil
 
Steps To Retain Existing Customers!
Steps To Retain Existing Customers!Steps To Retain Existing Customers!
Steps To Retain Existing Customers!CommLab India – Rapid eLearning Solutions
 
Consumer decision-making-process
Consumer decision-making-processConsumer decision-making-process
Consumer decision-making-processRishab Gupta
 
How Technology Influences Marketing
How Technology Influences MarketingHow Technology Influences Marketing
How Technology Influences MarketingAnnusha Sarah
 
consumer Behaviour
consumer Behaviourconsumer Behaviour
consumer BehaviourSUNITHA NANJUNDAPPA
 
Solution Marketing Best Practices (Case Studies)
Solution Marketing Best Practices (Case Studies)Solution Marketing Best Practices (Case Studies)
Solution Marketing Best Practices (Case Studies)Steve Robins
 
Consumer Behaviour & Retail Operations
Consumer Behaviour & Retail OperationsConsumer Behaviour & Retail Operations
Consumer Behaviour & Retail OperationsNavin Raj Saroj
 
Technology in Retail
Technology in RetailTechnology in Retail
Technology in Retaillornacaputo
 
Multi attribute attitude model
Multi attribute attitude modelMulti attribute attitude model
Multi attribute attitude modelvipin ojha
 
Chapter 7 Consumer Learning
Chapter 7 Consumer LearningChapter 7 Consumer Learning
Chapter 7 Consumer LearningAvinash Kumar
 
Consumer buying behaviour
Consumer buying behaviourConsumer buying behaviour
Consumer buying behaviourprashant kumar
 
CRM Architecture
CRM ArchitectureCRM Architecture
CRM ArchitecturePravin Kumar Singh, PMP, PSM
 
Retail Strategy 1
Retail Strategy 1Retail Strategy 1
Retail Strategy 1Anantha Bellary
 
Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaonAP EDUSOFT
 
Off price retailing
Off price retailingOff price retailing
Off price retailingNaresh Yeligeti
 
Social class(Consumer Behavior)
Social class(Consumer Behavior)Social class(Consumer Behavior)
Social class(Consumer Behavior)Ashutosh Agrawal
 
Customer Segmentation
Customer SegmentationCustomer Segmentation
Customer SegmentationCarlos Soares
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with SparrowJason Sohn
 

Mais conteúdo relacionado

Mais procurados

Omni channel presentation
Omni channel presentationOmni channel presentation
Omni channel presentationSubhajit Bera
 
Analyzing Consumer Markets
Analyzing Consumer MarketsAnalyzing Consumer Markets
Analyzing Consumer MarketsNishant Agrawal
 
Analyzing Business Markets and Business Buying Behavior
Analyzing Business Markets and Business Buying BehaviorAnalyzing Business Markets and Business Buying Behavior
Analyzing Business Markets and Business Buying BehaviorVi-Ann Javil
 
Consumer decision-making-process
Consumer decision-making-processConsumer decision-making-process
Consumer decision-making-processRishab Gupta
 
How Technology Influences Marketing
How Technology Influences MarketingHow Technology Influences Marketing
How Technology Influences MarketingAnnusha Sarah
 
Solution Marketing Best Practices (Case Studies)
Solution Marketing Best Practices (Case Studies)Solution Marketing Best Practices (Case Studies)
Solution Marketing Best Practices (Case Studies)Steve Robins
 
Consumer Behaviour & Retail Operations
Consumer Behaviour & Retail OperationsConsumer Behaviour & Retail Operations
Consumer Behaviour & Retail OperationsNavin Raj Saroj
 
Technology in Retail
Technology in RetailTechnology in Retail
Technology in Retaillornacaputo
 
Multi attribute attitude model
Multi attribute attitude modelMulti attribute attitude model
Multi attribute attitude modelvipin ojha
 
Chapter 7 Consumer Learning
Chapter 7 Consumer LearningChapter 7 Consumer Learning
Chapter 7 Consumer LearningAvinash Kumar
 
Consumer buying behaviour
Consumer buying behaviourConsumer buying behaviour
Consumer buying behaviourprashant kumar
 
Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaonAP EDUSOFT
 
Social class(Consumer Behavior)
Social class(Consumer Behavior)Social class(Consumer Behavior)
Social class(Consumer Behavior)Ashutosh Agrawal
 
Customer Segmentation
Customer SegmentationCustomer Segmentation
Customer SegmentationCarlos Soares
 

Mais procurados (20)

Omni channel presentation
Omni channel presentationOmni channel presentation
Omni channel presentation
 
Test Plan.pptx
Test Plan.pptxTest Plan.pptx
Test Plan.pptx
 
Analyzing Consumer Markets
Analyzing Consumer MarketsAnalyzing Consumer Markets
Analyzing Consumer Markets
 
Analyzing Business Markets and Business Buying Behavior
Analyzing Business Markets and Business Buying BehaviorAnalyzing Business Markets and Business Buying Behavior
Analyzing Business Markets and Business Buying Behavior
 
Steps To Retain Existing Customers!
Steps To Retain Existing Customers!Steps To Retain Existing Customers!
Steps To Retain Existing Customers!
 
Consumer decision-making-process
Consumer decision-making-processConsumer decision-making-process
Consumer decision-making-process
 
How Technology Influences Marketing
How Technology Influences MarketingHow Technology Influences Marketing
How Technology Influences Marketing
 
consumer Behaviour
consumer Behaviourconsumer Behaviour
consumer Behaviour
 
Solution Marketing Best Practices (Case Studies)
Solution Marketing Best Practices (Case Studies)Solution Marketing Best Practices (Case Studies)
Solution Marketing Best Practices (Case Studies)
 
Consumer Behaviour & Retail Operations
Consumer Behaviour & Retail OperationsConsumer Behaviour & Retail Operations
Consumer Behaviour & Retail Operations
 
Technology in Retail
Technology in RetailTechnology in Retail
Technology in Retail
 
Multi attribute attitude model
Multi attribute attitude modelMulti attribute attitude model
Multi attribute attitude model
 
Chapter 7 Consumer Learning
Chapter 7 Consumer LearningChapter 7 Consumer Learning
Chapter 7 Consumer Learning
 
Consumer buying behaviour
Consumer buying behaviourConsumer buying behaviour
Consumer buying behaviour
 
CRM Architecture
CRM ArchitectureCRM Architecture
CRM Architecture
 
Retail Strategy 1
Retail Strategy 1Retail Strategy 1
Retail Strategy 1
 
Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaon
 
Off price retailing
Off price retailingOff price retailing
Off price retailing
 
Social class(Consumer Behavior)
Social class(Consumer Behavior)Social class(Consumer Behavior)
Social class(Consumer Behavior)
 
Customer Segmentation
Customer SegmentationCustomer Segmentation
Customer Segmentation
 

Destaque

Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with SparrowJason Sohn
 
Touch points
Touch pointsTouch points
Touch pointsbenpalz
 
Enterprise Spice Scope
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scopeespice
 
Building Great Customer Experiences Across Multiple Touch Points
Building Great Customer Experiences Across Multiple Touch PointsBuilding Great Customer Experiences Across Multiple Touch Points
Building Great Customer Experiences Across Multiple Touch PointsiQmetrixCorp
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security FrameworksMarco Morana
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsDenim Group
 
Software Quality Assurance: A mind game between you and devil
Software Quality Assurance: A mind game between you and devilSoftware Quality Assurance: A mind game between you and devil
Software Quality Assurance: A mind game between you and devilNascenia IT
 
Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Kymberlee Price
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedBoaz Shunami
 
Beyond the touch points
Beyond the touch pointsBeyond the touch points
Beyond the touch pointsUXconference
 
Counting coins touch_point_intro
Counting coins touch_point_introCounting coins touch_point_intro
Counting coins touch_point_introSusan Powers
 
Seven Crucial Tips to Delight Customers across All Touch points
Seven Crucial Tips to Delight Customers across All Touch pointsSeven Crucial Tips to Delight Customers across All Touch points
Seven Crucial Tips to Delight Customers across All Touch pointsGo4customer
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Service level management
Service level managementService level management
Service level managementYasir Karam
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Service Level Agreement
Service Level AgreementService Level Agreement
Service Level Agreementdlfrench
 
Service level agreement presentation
Service level agreement presentationService level agreement presentation
Service level agreement presentationAshimolowo Tomi
 

Destaque (20)

Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with Sparrow
 
Touch points
Touch pointsTouch points
Touch points
 
Enterprise Spice Scope
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scope
 
Building Great Customer Experiences Across Multiple Touch Points
Building Great Customer Experiences Across Multiple Touch PointsBuilding Great Customer Experiences Across Multiple Touch Points
Building Great Customer Experiences Across Multiple Touch Points
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security Frameworks
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source Tools
 
Software Quality Assurance: A mind game between you and devil
Software Quality Assurance: A mind game between you and devilSoftware Quality Assurance: A mind game between you and devil
Software Quality Assurance: A mind game between you and devil
 
Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things!
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learned
 
Beyond the touch points
Beyond the touch pointsBeyond the touch points
Beyond the touch points
 
SSE
SSESSE
SSE
 
Counting coins touch_point_intro
Counting coins touch_point_introCounting coins touch_point_intro
Counting coins touch_point_intro
 
Seven Crucial Tips to Delight Customers across All Touch points
Seven Crucial Tips to Delight Customers across All Touch pointsSeven Crucial Tips to Delight Customers across All Touch points
Seven Crucial Tips to Delight Customers across All Touch points
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
 
Service level management
Service level managementService level management
Service level management
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
Service Level Agreement
Service Level AgreementService Level Agreement
Service Level Agreement
 
Service level agreement presentation
Service level agreement presentationService level agreement presentation
Service level agreement presentation
 

Semelhante a Touchpoints and security

The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUResilient Systems
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Vivastream
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15E Andrew Keeney
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Wing Yuen Loon
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionBlackbaud
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
ISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email CompromiseISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email CompromiseLaurent Pacalin
 
My v cairo blockchain meetup
My v cairo blockchain meetupMy v cairo blockchain meetup
My v cairo blockchain meetupMaged M. Eljazzar
 

Semelhante a Touchpoints and security (20)

The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
 
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
Workshop E: Fighting Fraud and Cyber Crime: WTF…"Where's the Fraud"
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 Overview
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
What is data privacy?
What is data privacy?What is data privacy?
What is data privacy?
 
ISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email CompromiseISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email Compromise
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
My v cairo blockchain meetup
My v cairo blockchain meetupMy v cairo blockchain meetup
My v cairo blockchain meetup
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Touchpoints and security

  • 1. Customer Touch Points & Security Concerns By Mohan Datar 9th May 2013 BSE Institute Mumbai By Mohan Datar 9th May 2013
  • 2. Agenda • About Customer Touch Points • What are Basic Security Concerns or Risks • Security Concerns at Different Touch Points • What are Basic Risk Mitigation Measures • Risk Mitigation at Different Touch Points • Some Regulatory Measures • Q & A • About Customer Touch Points • What are Basic Security Concerns or Risks • Security Concerns at Different Touch Points • What are Basic Risk Mitigation Measures • Risk Mitigation at Different Touch Points • Some Regulatory Measures • Q & A
  • 3. What are customer Touch Points? • A Point Where – customer Touches a Bank Or Bank Touches a Customer For – Service Access or Service Delivery • Examples of Services – Exchange of Information – Transactional – Relationship Development / management • A Point Where – customer Touches a Bank Or Bank Touches a Customer For – Service Access or Service Delivery • Examples of Services – Exchange of Information – Transactional – Relationship Development / management 3
  • 4. What are customer Touch Points? • Examples of Physical Touchpoints 4
  • 5. What are customer Touch Points? • Examples of Other Touchpoints – Relationship Manager – Call Center – Cheques, Receipts, Account Statements – Events – Offerings – E-mails – Other correspondence • Examples of Other Touchpoints – Relationship Manager – Call Center – Cheques, Receipts, Account Statements – Events – Offerings – E-mails – Other correspondence 5
  • 6. Why So Many customer Touch Points? • Technology Driven Causes – Rapid Innovation – Rapid Penetration in to all segments of Society – Rapid Adoption by Variety of Businesses and Government • Business Driven Causes – Drastic Reduction in Cost of Services – Competitive Pressures – Real Danger of Elimination • Technology Driven Causes – Rapid Innovation – Rapid Penetration in to all segments of Society – Rapid Adoption by Variety of Businesses and Government • Business Driven Causes – Drastic Reduction in Cost of Services – Competitive Pressures – Real Danger of Elimination 6
  • 7. What are Basic Security concerns of Banks and Customers? • THEFT AND • DESTRUCTION • THEFT AND • DESTRUCTION 7
  • 8. What are Basic Security concerns of Banks and Customers? • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION 8
  • 10. Some Recent Examples Date Sr no. Security Breach Example 28-02-2013 1 14 GB of Bank of America Data hacked. It contained sensitive information about hundreds of thousands of its employees, globally. 2 Botnets are being legally sold on Internet for as low as $25 for 1000 hosts 10 2 Botnets are being legally sold on Internet for as low as $25 for 1000 hosts 06-03-2013 3 Websites of Czech Central Bank and Stock Exchange crippled by brute force DDOS attack 4 NY police announce that cyber crime is the fastest growing crime in NY (more than 50%) Largest no. of crimes consist of - Rigging of ATMs - Card Skimming
  • 11. Some Recent Examples Date Sr no. Security Breach Example 06-03-2013 5 According to HP, mobile phones vulnerabilities rose significantly (68%) from 2011 to 2012 6 Following are highly vulnerable: - Mobile phone payments - Tap and Pay ‘Near Field communication’ (NFC) - Digital Wallets ( Source: Samsung, Blackberry, Mcafee) 11 Following are highly vulnerable: - Mobile phone payments - Tap and Pay ‘Near Field communication’ (NFC) - Digital Wallets ( Source: Samsung, Blackberry, Mcafee) 08-03-2013 7 Mr Rajesh Aggarwal, IT secretary, Government of Maharashtra ordered PNB to pay Rs45 Lakhs to Mr Manmohansingh Matharu, MD, Poona Auto Ancillaries as he lost Rs80L by responding to a phishing email
  • 12. Some Recent Examples Date Sr no. Security Breach Example 11-03-2013 8 Reserve Bank of Australia’s networks were hacked repeatedly. It was found to be infiltrated by Chinese malware. 9 Two tech savvy brothers from Mumbai, Mr Fazrur Rehman(26) and shahrukh(23); both college dropouts; arrested for Rs 1 cr e-fraud by Mulund Police. They managed to transfer Rs 1cr from the current a/c of a cosmetics co. to 12 different bank a/cs within 45 minutes, using just a smartphone.. 12 Two tech savvy brothers from Mumbai, Mr Fazrur Rehman(26) and shahrukh(23); both college dropouts; arrested for Rs 1 cr e-fraud by Mulund Police. They managed to transfer Rs 1cr from the current a/c of a cosmetics co. to 12 different bank a/cs within 45 minutes, using just a smartphone..
  • 13. Some Recent Examples Date Sr no. Security Breach Example 27-03-2013 10 A new Malware called ‘Dump Grabber’ scans the memory of POS and ATMs, captures track1 and track 2 data and sends to a remote server. The Malware can be installed remotely It has affected all major US banks such as Chase, Capitol one, Citibank, Union Bank of California etc. 13 A new Malware called ‘Dump Grabber’ scans the memory of POS and ATMs, captures track1 and track 2 data and sends to a remote server. The Malware can be installed remotely It has affected all major US banks such as Chase, Capitol one, Citibank, Union Bank of California etc. 28-03-2013 11 Cyber attacks meant for ‘Destruction’ rather than ‘Disruption’ American Express customers could not access their accounts today for 2 hrs. Last week it happened to J P Morgan Chase. 32,000 computers of South Korea banks were incapacitated last week.
  • 14. Some Recent Examples Date Sr no. Security Breach Example 25-04-2013 12 A new virus has been found to be spreading widely in Indian cyberspace. It cleverly steals, bank account details, and passwords. This advisory was issued by CERT-IN today. (Computer Emergency Response Team – India) 14
  • 15. My PC Report on 8th May, 2013
  • 16. What are Basic Security concerns of Banks and Customers? • THEFT – DATA • Credentials • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases • THEFT – DATA • Credentials • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases 16
  • 17. What are Basic Security concerns of Banks and Customers? • THEFT – RESOURCES / ASSETS • Customer Cash • Bank Cash • Instruments • Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets • THEFT – RESOURCES / ASSETS • Customer Cash • Bank Cash • Instruments • Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets 17
  • 18. What are Basic Security concerns of Banks and Customers? • DESTRUCTION – DATA • Web sites and Portals • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases • DESTRUCTION – DATA • Web sites and Portals • Account Details • Account Balances • Non Account Balances • Other Data from Customer PCs / Mobiles & • Entire Databases 18
  • 19. What are Basic Security concerns of Banks and Customers? • DESTRUCTION – RESOURCES / ASSETS • Customer Cash • Bank Cash • Blank Instruments • Blank Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets • DESTRUCTION – RESOURCES / ASSETS • Customer Cash • Bank Cash • Blank Instruments • Blank Cards • POS Terminals • ATMs • Documents • Contents of SD Lockers • Network Components • IT Infrastructure & • Other Assets 19
  • 20. What are Basic Security concerns of Banks and Customers? • DESTRUCTION – REPUTATION • Reliability • Availability • Credibility • Goodwill • Defamation ( defaced portals, redirected to porn sites etc) & • Privacy • DESTRUCTION – REPUTATION • Reliability • Availability • Credibility • Goodwill • Defamation ( defaced portals, redirected to porn sites etc) & • Privacy 20
  • 21. Recap of Basic Security concerns of Banks and Customers • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION • THEFT – DATA – RESOURCES / ASSETS • DESTRUCTION – DATA – RESOURCES / ASSETS – REPUTATION 21
  • 22. Security concerns at Touch points - ATM 22
  • 23. Security concerns at Touch points - ATM THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Card Data Account Balances - - Money - Equity - Units - etc Debit Card Credit Card Cash - - Customer - Bank ATM Other Fixures ATM ATM Center Cash - Bank Other Fixtures Credentials Card Data Account Balances - - Money - Equity - Units - etc Debit Card Credit Card Cash - - Customer - Bank ATM Other Fixures ATM ATM Center Cash - Bank Other Fixtures 23
  • 24. Security concerns at Touch points - POS THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Card Data POS Terminal POS Terminal Retailer credibility with Banks 24
  • 25. Security concerns at Touch points – Net Banking THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Account Details Account Balances Other data from customer PC customer - Money - Equity - Units - etc Account Mis-use Individual Related Data Entire Databases Customer PC Data Bank's Portals Network Components Networks Ransomnets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill Credentials Account Details Account Balances Other data from customer PC customer - Money - Equity - Units - etc Account Mis-use Individual Related Data Entire Databases Customer PC Data Bank's Portals Network Components Networks Ransomnets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill 25
  • 26. Security concerns at Touch points – MOBILES THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Account Details Account Balances Other data from customer mobile Cash from digital or mobile wallets customer - Money - Equity - Units - etc Account Mis-use Mobile unit SIM Cards Memory cards Individual Related Data Entire Databases Customer Mobile Data Bank's Portals Digital / mobile Wallets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill Credentials Account Details Account Balances Other data from customer mobile Cash from digital or mobile wallets customer - Money - Equity - Units - etc Account Mis-use Mobile unit SIM Cards Memory cards Individual Related Data Entire Databases Customer Mobile Data Bank's Portals Digital / mobile Wallets Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill 26
  • 27. Security concerns at Touch points – PAYMENT GATEWAY THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials Account Details Account Balances Other data from customer PC Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill Credentials Account Details Account Balances Other data from customer PC Defamation (Disfigured Portals) Availability Credibility Reliability Goodwill 27
  • 28. Security concerns at Touch points – Bank Branch THEFT DESTRUCTION DATA ASSETS DATA ASSETS REPUTATION Credentials (Signatures) Account Details Account Balances Cheques Cash - customer - Bank Safe Deposit Vaults Physical documents - FD Receipts - Shares / Debentures - etc Branch Data IT Infrastructure Other Branch infrastructure Safe deposit vaults Staff Customers Premises Reliability (SD Vaults) Availability (When reopen?) Credibility (Safe to visit?) Credentials (Signatures) Account Details Account Balances Cheques Cash - customer - Bank Safe Deposit Vaults Physical documents - FD Receipts - Shares / Debentures - etc IT Infrastructure Other Branch infrastructure Safe deposit vaults Staff Customers Premises Reliability (SD Vaults) Availability (When reopen?) Credibility (Safe to visit?) 28
  • 29. Part 2 Basic Risk Mitigation Measures of Banks and Customers 29
  • 30. What are Basic Risk Mitigation Measures of Banks and Customers? • PREVENTION AND • RECOVERY • PREVENTION AND • RECOVERY 30
  • 31. What are Basic Risk Mitigation Measures of Banks and Customers? • PREVENTION – DETECTION – PREVENTION – UPDATION • RECOVERY – DATA – ASSETS – BUSINESS CONTINUITY – REPUTATION • PREVENTION – DETECTION – PREVENTION – UPDATION • RECOVERY – DATA – ASSETS – BUSINESS CONTINUITY – REPUTATION 31
  • 32. Risk Mitigation Measures - Prevention • DETECTION – Physical Surveillance – Electronic Surveillance – Processes and Policies – Audits – Reviews – Logs & – Virus / Malware scans • DETECTION – Physical Surveillance – Electronic Surveillance – Processes and Policies – Audits – Reviews – Logs & – Virus / Malware scans 32
  • 33. Risk Mitigation Measures - Prevention • PREVENTION – Anti Virus – Firewalls – Data Center Security – Application Architecture – Data Architecture – SSL Deployment – WAP / WPA2 Deployment – Anti card skimming devices / designs – Virtual Keyboards & – Technology Standards Compliances • PREVENTION – Anti Virus – Firewalls – Data Center Security – Application Architecture – Data Architecture – SSL Deployment – WAP / WPA2 Deployment – Anti card skimming devices / designs – Virtual Keyboards & – Technology Standards Compliances 33
  • 34. Risk Mitigation Measures - Prevention • PREVENTION – SMS Alerts – OTPs – Multipart authentications – Multipart logins – KYC – Cash and Valuables Strong-room security – Cash in Transit Security & – Cash in ATMs Security • PREVENTION – SMS Alerts – OTPs – Multipart authentications – Multipart logins – KYC – Cash and Valuables Strong-room security – Cash in Transit Security & – Cash in ATMs Security 34
  • 35. Risk Mitigation Measures - Prevention • PREVENTION – Processes and Policies • Dormant account management – Physical – Online • Card and PIN dispatches • Card and PIN storage • Password change policy • Password strength policy & • Regulatory standards compliances • PREVENTION – Processes and Policies • Dormant account management – Physical – Online • Card and PIN dispatches • Card and PIN storage • Password change policy • Password strength policy & • Regulatory standards compliances 35
  • 36. Risk Mitigation Measures - Prevention • RECOVERY – DATA • Backups • Reconstruction • Recapture – ASSETS • Police • Replace • RECOVERY – DATA • Backups • Reconstruction • Recapture – ASSETS • Police • Replace 36
  • 37. Risk Mitigation Measures - Prevention • RECOVERY – BUSINESS CONTINUITY • DR Site • Redundancy • Hot swappable Devices • DR and BC Policies • Trainings • simulations – REPUTATION • Publicity • Transparency • Speed of Action • Hard Decisions • RECOVERY – BUSINESS CONTINUITY • DR Site • Redundancy • Hot swappable Devices • DR and BC Policies • Trainings • simulations – REPUTATION • Publicity • Transparency • Speed of Action • Hard Decisions 37
  • 38. Security and Role of Regulators • Who are the Regulators? • Why Are they concerned about Security? • Who are the Regulators? • Why Are they concerned about Security? 38
  • 39. What are Basic Security concerns of Regulators? • Legal and regulatory issues • Security and technology issues • Supervisory and operational issues. • Impact on Monetary Policy • Legal and regulatory issues • Security and technology issues • Supervisory and operational issues. • Impact on Monetary Policy 39
  • 40. What are Basic Security concerns of Regulators? • Legal and regulatory issues – The jurisdiction of law – Validity of electronic contract including the question of repudiation – Gaps in the legal / regulatory environment for electronic commerce. • Legal and regulatory issues – The jurisdiction of law – Validity of electronic contract including the question of repudiation – Gaps in the legal / regulatory environment for electronic commerce. 40
  • 41. What are Basic Security concerns of Regulators? • Security and Technology Issues – Questions of adopting internationally accepted state of the art minimum technology standards for • access control, • encryption / decryption ( minimum key length etc), • firewalls, • verification of digital signature, • Public Key Infrastructure (PKI) etc. – The security policy for the banking industry, – Security awareness and education. • Security and Technology Issues – Questions of adopting internationally accepted state of the art minimum technology standards for • access control, • encryption / decryption ( minimum key length etc), • firewalls, • verification of digital signature, • Public Key Infrastructure (PKI) etc. – The security policy for the banking industry, – Security awareness and education. 41
  • 42. What are Basic Security concerns of Regulators? • Supervisory and Operational Issues. – Risk control measures, – Advance warning system, – Information Technology audit – Re-engineering of operational procedures. – Whether the nature of products and services offered are within the regulatory framework and – Whether the transactions do not camouflage money-laundering operations. • Supervisory and Operational Issues. – Risk control measures, – Advance warning system, – Information Technology audit – Re-engineering of operational procedures. – Whether the nature of products and services offered are within the regulatory framework and – Whether the transactions do not camouflage money-laundering operations. 42
  • 43. What are Basic Security concerns of Regulators? • Impact on Monetary Policy. – when and where private sector initiative produces electronic substitution of money like • e-cheque, • account based cards , • digital coins, • M-Wallets • Cash Cards • Non account based cards • e-money transfers with physical cash payments etc • Impact on Monetary Policy. – when and where private sector initiative produces electronic substitution of money like • e-cheque, • account based cards , • digital coins, • M-Wallets • Cash Cards • Non account based cards • e-money transfers with physical cash payments etc 43
  • 44. Some Recent Policy Recommendations BY RBI Target Date Sr no. Security Breach Example 30-06-2013 1 All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer. Such cards enabling international usage will have to be essentially EMV Chip and Pin enabled. 44 30-06-2013 2 Issuing banks should convert all existing MagStripe cards to EMV Chip card for all customers who have used their cards internationally at least once (for/through e- commerce/ATM/POS)
  • 45. Some Recent Policy Recommendations BY RBI Target Date Sr no. Security Breach Example 30-06-2013 3 Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry- Data Security Standards) and PA-DSS (Payment Applications -Data Security Standards) 45 Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry- Data Security Standards) and PA-DSS (Payment Applications -Data Security Standards) 30-06-2013 4 Banks should ensure that all acquiring infrastructure that is currently operational on IP (Internet Protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors / aggregators and large merchants
  • 46. Some Recent Policy Recommendations BY RBI Target Date Sr no. Security Breach Example ASAP 5 Banks should move towards real time fraud monitoring system at the earliest. ASAP 6 Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card. 46 ASAP 7 Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card.
  • 47. Some Recent Debit Card Recommendations BY RBI Target Date Sr no. Security Breach Example Immediately 1 Banks may issue only online debit cards including co-branded debit cards where there is an immediate debit to the customers’ account, and where straight through processing is involved. Immediately 2 No bank shall dispatch a card to a customer unsolicited, except in the case where the card is a replacement for a card already held by the customer. 47 No bank shall dispatch a card to a customer unsolicited, except in the case where the card is a replacement for a card already held by the customer. Immediately 3 The terms shall put the cardholder under an obligation not to record the PIN or code, in any form that would be intelligible or otherwise accessible to any third party if access is gained to such a record, either honestly or dishonestly.
  • 48. Some Recent Debit Card Recommendations BY RBI Target Date Sr no. Security Breach Example Immediately 4 No cash transactions through the debit cards should be offered at the Point of Sale under any facility without prior authorization of Reserve Bank of India under Section 23 of the Banking Regulation Act, 1949. Immediately 5 The bank shall ensure full security of the debit card. The security of the debit card shall be the responsibility of the bank and the losses incurred by any party on account of breach of security or failure of the security mechanism shall be borne by the bank. 48 Immediately 5 The bank shall ensure full security of the debit card. The security of the debit card shall be the responsibility of the bank and the losses incurred by any party on account of breach of security or failure of the security mechanism shall be borne by the bank. Immediately 6 The banks should undertake review of their operations/issue of debit cards on half-yearly basis. The review may include, inter-alia, card usage analysis including cards not used for long durations due to their inherent risks.
  • 49. Some Recent Debit Card Recommendations BY RBI Target Date Sr no. Security Breach Example Immediately 7 The role of the non-bank entity under the tie-up arrangement should be limited to marketing/ distribution of the cards or providing access to the cardholder for the goods/services that are offered. Immediately 8 The card issuing bank should not reveal any information relating to customers obtained at the time of opening the account or issuing the card and the co-branding non-banking entity should not be permitted to access any details of customer’s accounts that may violate bank’s secrecy obligations. 49 The card issuing bank should not reveal any information relating to customers obtained at the time of opening the account or issuing the card and the co-branding non-banking entity should not be permitted to access any details of customer’s accounts that may violate bank’s secrecy obligations.
  • 50. RBI POLICIES • Ref documents – RBI Security Feb 28, 2013.pdf – RBI Guidelines Debit cards Dec 24, 2012 50
  • 51. ATM Security standards Standard Security Breach Example PCI PTS POI Standard: PCI PIN Transaction Security Point of Interaction Security Requirements (PCI PTS POI) Version: 1.0 Date: January 2013 Author: PCI Security Standards Council PCI DSS PCI SSC Data Security Standard The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data 51 PCI DSS PCI SSC Data Security Standard The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data
  • 52. ATM Security standards Standard Security Breach Example PCI PA-DSS PCI SSC Payment Application Data Security Standard This document is to be used by Payment Application-Qualified Security Assessors (PA- QSAs) conducting payment application reviews; so that software vendors can validate that a payment application complies with the PCI DSS Payment Application Data Security Standard (PA-DSS). This document is also to be used by PA-QSAs as a template to create the Report on Validation. 52 PCI SSC Payment Application Data Security Standard This document is to be used by Payment Application-Qualified Security Assessors (PA- QSAs) conducting payment application reviews; so that software vendors can validate that a payment application complies with the PCI DSS Payment Application Data Security Standard (PA-DSS). This document is also to be used by PA-QSAs as a template to create the Report on Validation.
  • 53. ATM Security standards Standard Security Breach Example PCI PTS PCI PIN Transaction Security Standard This standard includes security requirements for vendors (PTS POI Requirements), device- validation requirements for laboratories (Derived Test Requirements), and a device approval framework that produces a list of approved PTS POI devices (against the PCI PTS POI Security Requirements) that can be referred to by brands’ mandates. The PCI PTS list is broken down into the following Approval Classes of devices: PIN Entry Devices (PEDs—standalone terminals), EPPs (generally to be integrated into ATMs and self-service POS devices), Unattended Payment Terminals (UPT), Secure Card Readers (SCRs), and Non-PIN- enabled (Non-PED) POS Terminals. 53 PCI PIN Transaction Security Standard This standard includes security requirements for vendors (PTS POI Requirements), device- validation requirements for laboratories (Derived Test Requirements), and a device approval framework that produces a list of approved PTS POI devices (against the PCI PTS POI Security Requirements) that can be referred to by brands’ mandates. The PCI PTS list is broken down into the following Approval Classes of devices: PIN Entry Devices (PEDs—standalone terminals), EPPs (generally to be integrated into ATMs and self-service POS devices), Unattended Payment Terminals (UPT), Secure Card Readers (SCRs), and Non-PIN- enabled (Non-PED) POS Terminals.