BankNews April 2015

Search Results: Security

Does Your Cybersecurity Awareness Program Meet Expectations?

By Mark Scholl


Financial institutions can expect even more regulatory guidance this year in response to the growing threat vector for cybercrime. Thieves have gotten smarter, and technology has gotten more complex. We have evolved from worms, viruses, spyware, and botnets to more targeted cyber espionage involving advanced, persistent threats, dynamic trojans, and stealth botnets. Attacks have become blended, involving combinations of physical, technical, and social engineering techniques. Many industry experts believe that there are even more sophisticated scams to come. To learn more about Cybersecurity, click here.

Wipfli_logo_notagHere are some key items to improve your cybersecurity awareness strategy:

Cyber Risk Management and Oversight

The tone should be a top-down approach for building a security culture. Your financial institution should develop a strategy at the board and executive levels for ongoing awareness and understanding of cybersecurity threats. The Federal Financial Institutions Examination Council (FFIEC) has provided a clear message that it expects senior management and the board of directors to understand that cybersecurity is part of everyday business. Banking executives should be getting more directly involved with security and risk assessments. Consider making cybersecurity a standing topic for every IT committee and board meeting.

There should be timely reports to senior management that include meaningful information addressing your institution’s vulnerability to cyber risks and ability to mitigate those risks. The information should allow senior management to prioritize resource allocations and inform the board of directors.

Threat Intelligence and Collaboration

To understand and stay current on cybersecurity issues for your financial institution and industry sector, you should take advantage of resources for threat intelligence and collaboration. This may include subscribing to bulletins, alerts, and guidance from the FFIEC, the Department of Homeland Security, CERT, industry data breach reports, and other relevant sources.

A resource that many regulatory examiners are expecting financial institutions to use is the Financial Services Information Sharing and Analysis Center (FS-ISAC). FS-ISAC is an industry forum for collaborating on critical security threats facing the financial service industry. It can be found by going to

For combating cyber threats and developing effective risk mitigation tactics, financial institutions are recognizing the need for cooperation among their peers. Information sharing should not be seen as a competitive issue but as an essential strategy. Peer groups and relevant banking association conferences are a great way to network.

Cybersecurity Controls

Your business strategy should be aligned with your cybersecurity strategy. Operational risk issues must be viewed in terms of their impact on the entire enterprise, not just IT. You should account for how risk will be managed now and in the future.

Your financial institution should continue to identify, measure, mitigate, and monitor risks. The risk assessment should adequately address all reasonable internal and external threats. The controls in your policies and procedures should be driven by the risk assessment. Stronger emphasis should be put on monitoring so that attacks can be detected in the early stages to mitigate the impact. Independent testing of these key controls can determine whether they adequately mitigate cybersecurity threats.

External Dependency Management

Even if you outsource your IT operations, your financial institution is still responsible for protecting customer information. With increasing reliance on third parties, you need to do proper due diligence when selecting service providers and performing ongoing monitoring of existing service providers. Both the Federal Reserve Board of Governors and the Office of the Comptroller of the Currency released guidance in late 2013 pertaining to risks of outsourcing and working with third-party relationships.

Incident Management and Resilience

Prepare your incident response program for potential cyber attacks. Then, test it using a common event such as malware or spear phishing.

Very few financial institutions have qualified staff for incident response involving sophisticated cybercrime. In haste, you may inadvertently destroy evidence that could identify the methodology of the attack or help you to identify the cyber criminals. Make sure you have contact information and arrangements with certified and experienced professionals for fraud and forensics services. Companies offering these services often have guaranteed response times to help investigate the attack or compromise, mitigate exposure, and limit reputational damage. Their job is to help you recover to normal operations.

In conclusion, cyber threats are not a fad, but the new normal. Financial institutions will have to decide where they will spend their dollars for stronger detection and monitoring of sophisticated malware. We must realize that this is not an IT problem, but an enterprise problem involving senior management and the board of directors.


Cybersecurity Threats – Principles for Understanding, Managing, and Monitoring
Your Information Systems

On-Site Training offered in three locations for your convenience:
August 20 – Johnston, Iowa
August 25 – Minneapolis, Minnesota
August 27 – Madison, Wisconsin

Recorded webinar:
IT Examination Hot Topics – Recorded Webinar

Scholl   Mark Scholl, CISA, CISSP, MCSE, CEH, is a partner at Wipfli LLP.





70 Percent of Consumers Are Losing Faith in Passwords, Want Additional Account Security

June 5 – Against a backdrop of hundreds of millions of personal records being stolen through account hacks and data breaches, TeleSign has released its new Consumer Account Security Report, revealing that 70 percent of consumers lack a high degree of confidence that their passwords can adequately protect their online accounts. Additionally, about the same amount (72 percent) are in search of additional help to secure accounts.

Continue reading “70 Percent of Consumers Are Losing Faith in Passwords, Want Additional Account Security” »

Information Security

Managing risks requires a proactive approach

By Charles Cheatham

 A bank’s information security risks include not just regulatory risk, but also financial risk (from unauthorized transactions arising from data breaches), reputation risk (loss of customers’ trust and loss of business), and business continuity risk (system failure, destruction or corruption of data, or unavailability of electronic information because of hackers, disaster, or other business interruptions).

Continue reading “Information Security” »

Payment Method Security and the Expanding Role of Chip & Pin

April 21 – With the increased awareness of major data breaches and the ever-expanding prevalence of credit card fraud, payment transaction security has become an important discussion in this country. A significant portion of this discussion has revolved around the role of EMV or “Chip & Pin” technology for credit cards as a more secure payment method.

Continue reading “Payment Method Security and the Expanding Role of Chip & Pin” »

The Evolving Issue of Data Security

By Toni Lapp

With EMV being phased in this year in the United States, 2015 could go down as a pivotal year in data security. Or not. EMV in and of itself is only part of the fraud-fighting solution, and is certainly not a magic bullet against all fraud. Its security features are intended to prevent in-person fraud at point-of-purchase. Unfortunately, there are myriad other ways to penetrate the security of financial institutions.

Continue reading “The Evolving Issue of Data Security” »

Security First Bank Agrees to Merge with SunPac Financial

February 20 – Security First Bank has announced the execution of a definitive agreement for the merger of Security First Bank into Los Angeles based SunPac Financial. Under the terms of the definitive agreement for the merger, shareholders of Security First Bank shareholders will have the right to receive $10.50 in cash for each share of stock. The agreement has been approved by the boards of both companies. The transaction will close following the receipt of regulatory and shareholder approval, which is expected to occur by the end of the second quarter of 2015.


“We are so pleased to join forces with Security First Bank, which will serve as our initial platform providing the necessary infrastructure to expand banking activities in Fresno and into the Los Angeles market,” said V. Charles “Charlie” Jackson, CEO of SunPac Financial. “Our plan is to allocate capital to expand Security First’s presence, lending activities and commitment to the Fresno market. In addition, we plan to establish a commercial and private banking presence in the Los Angeles market.”

The combined expertise will provide a strong platform allowing an affinity of successful partnerships between Fresno and Los Angeles business communities. The headquarters of SunPac Financial will be in downtown Los Angeles, however, the Security First office location will remain and conduct business as usual.

“This merger will bring together exceptional talent, technology and the potential of growth through expanded and new business relationships and additional capital,” commented Security First CEO Robert Hemsath. “The value-added capital and products will truly benefit our business community.”


SunPac Financial is advised by Keefe, Bruyette & Woods as its financial advisor and Manatt, Phelps & Phillips, LLP as its legal counsel. Security First Bank was advised by MJ Capital Partners, LLC as its financial advisor and Grady and Associates as its legal counsel.

About SunPac Financial

In July, 2014, SunPac, LLC, was formed as an investment vehicle to explore developing a commercial and private bank serving the Southern California marketplace. The management team is comprised of seasoned banking executives who have had experience in leading and operating other California based community banks. SunPac Financial, Inc. is a subsidiary that was set up to facilitate the bank merger.

About Security First Bank

Founded in 2007 by local investors, Security First Bank is devoted to providing superior banking products and services at competitive rates while maintaining personal banking relationships. Security First Bank’s primary goal is to help businesses be more successful, productive and efficient by providing personal one on one service, financial expertise and the latest banking technology. Security First Bank is a solid and secure financial institution that puts the customer first and works hard to deliver exceptional results. Additional information can be found at

Forward-Looking Statements

This press release may contain forward-looking statements regarding SunPac Financial, Security First Bank and the proposed merger. These statements involve certain risks and uncertainties that could cause actual results to differ materially from those in the forward-looking statements. Such risks and uncertainties include, but are not limited to, the following factors: regulatory approvals of the merger may not be obtained or adverse regulatory conditions may be imposed in connection with such regulatory approvals and conditions to the closing of the merger may not be satisfied. There is no obligation to revise or publicly release any revision or update to reflect events or circumstances that occur after the date on which such statements were made.

Canadians Prioritize Security Over Convenience, Speed When Making Payments

February 19 – Ahead of Fraud Prevention Month, a new study commissioned by Visa Canada showed Canadian consumers still prioritize payment security above all else. Two thirds (66 per cent) of credit cardholders ranked security as the most important element of a credit card transaction, surpassing convenience (14 per cent) and speed (10 per cent). Additionally, nearly half (48 per cent) of credit cardholders report they worry about fraud when shopping online.

Continue reading “Canadians Prioritize Security Over Convenience, Speed When Making Payments” »

MobileIron Introduces Mobile Security Solution to Protect Cloud-Based Enterprise Content

February 4 — MobileIron, the leader in enterprise mobility management (EMM), has introduced the MobileIron Content Security Service (CSS), delivering Phase Two of the company’s initiative to secure the personal cloud. Continue reading “MobileIron Introduces Mobile Security Solution to Protect Cloud-Based Enterprise Content” »

CSBS Releases Cybersecurity Resource Guide for Bank Executives

December 22 – The Conference of State Bank Supervisors (CSBS) has issued Cybersecurity 101: A Resource Guide for Bank Executives.  The guide is a non-technical, easy-to-read resource on cybersecurity that community bank CEOs, senior executives and board members can use to help mitigate cybersecurity threats at their banks. The guide puts into one place industry-recognized standards and best practices for cybersecurity currently used within the financial services industry.

Continue reading “CSBS Releases Cybersecurity Resource Guide for Bank Executives” »

What Is the Security Behind EMV Chip Payments?

December 11 – Increased security and reduction of in-person counterfeit card fraud are major drivers for the ongoing migration to EMV chip payments in the U.S. However, the advanced security processes going on behind the scenes of a chip transaction may be confusing for stakeholders new to the technology. The EMV Migration Forum simplifies one of the fundamental security features of chip transactions – the cryptogram – in a new video tutorial just released.

Continue reading “What Is the Security Behind EMV Chip Payments?” »

Kryptronic Internet Software Solutions