Banks: sink or swim with FinTech players

November 30, 2015
/   Voices

Banking institutions must engage with emerging financial technology (FinTech) companies or risk being left behind by an industry that is currently undergoing one of the largest transformations ever seen.

Winning the Customer

November 27, 2015
/   Spotlight

It’s exhausting just trying to keep pace, let alone stay ahead. Every provider in every business feels the pinch.

Five ways payments will be different in 2024

November 24, 2015
/   Voices

Predicting the future of cash and card payment volumes is arguably a fool’s errand – but Payments UK, Britain’s new trade organisation for the industry, is in a good place to have a go...

Contactless cards: Opt-in or opt-out?

/   Voices

Australia is toying with the idea of creating an opt-in function for contactless cards, in a move that highlights the problems around coping with new payment technology and how fraud risks are handled.

Five EMV lessons for the US

/   Voices

The EMV liability shift has occurred in the US, so what can we expect to see happen in the coming months and years as a result of this change?

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

The Top 10 Trends in the Digital Banking Industry

December 18, 2013
/   Spotlight

2014 is rapidly approaching and as the year wraps, the Digital Insight team has pulled together the top 10 trends in the digital banking industry based on data and trends from studying financial institutions....

Making Banking Fun: Gamification in Financial Services

August 5, 2013
/   Insights

Recently, the team sat in on American Banker’s webinar, “Gamification in Financial Services: Five Proven Ways to Get an Edge,” which shared how leading brands in financial services have applied gamification to reach...

Technology M&As: The Beats Go On

May 29, 2014
/   Insights

The ongoing fascination with Apple’s $3 billion purchase of Beats Electronics is entirely understandable, because it’s a cool story. However, it also says a lot about what’s going on between finance and tech.

Small Business: Perception vs. Reality

November 21, 2012
/   Insights

In the most recent election cycle, like most others before it, the one sector of the economy that got the most attention was small business.  This is the future, we were told by every...

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below. Virtual Banking Worlds Provide Tangible Lessons American...

What We’re Reading: Thanksgiving Edition

November 22, 2012
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom. Mobile Thursday? Plans for Thanksgiving...

Not too long ago, the New York Times reported that a collection of Russian thieves collected a stash of Internet account credentials totaling 1.2 billion user names and password combinations, and 500 million email addresses taken from 420,000 websites. The attack vector employed by the cybercriminals was believed to be spam – the use of electronic messaging systems to send unsolicited bulk messages indiscriminately.

Contributor, James W. Gabberty

Contributor, James W. Gabberty

Estimates vary, but a rough calculation of 7 trillion spam attacks occur annually, and the costs associated with lower worker productivity and fraud are borne mostly by the general public, not to mention the Internet Service Providers (ISPs) who must increase the bandwidth of their messaging systems to accommodate the increased messages transmitted associated with this deluge of phishing activity.

Unless you are a Luddite, the odds that your online credentials have been compromised are extremely high, even if you typically take defensive measures to keep from becoming a victim of Russian cyber criminals.

That said, have you ever wondered just how your credentials got lifted or how your computer became infected with malware, despite taking every possible precaution to prevent this from happening?

One reason we all have likely fallen prey to the cyber thieves is because we surf the web as system administrators; that is, when we initially set up our login information on our own personal devices, we deliberately established our user accounts as ‘administrators’ instead of ‘standard’ users. The difference between the two is that standard users are not permitted to perform tasks such as installing software, altering system configurations and changing file permissions of programs and log files. Administrators, on the other hand, have the power to do anything they want, such as installing new programs, making files ‘hidden’ from the operating system and most precariously, enabling the operating system itself to fall prey to a particular kind of malware known as rootkits. Rootkits embed themselves so deeply into your system that many anti-virus checkers are unable to even detect them, effectively hijacking your system without your ever knowing that it succumbed to an attack.

By surfing the internet as administrator-level users, we are granting every program that we run – from videos on YouTube to mail attachments to nefarious programs embedded into seemingly legitimate web addresses – to run programs on the computer with the highest privilege level available. Hackers take advantage of the fact that most surf the web as administrators from private computers often used to conduct financial transactions from various accounts (credit card, debit, equity, and loan accounts to name a few) and plant malware at every location we are likely to visit.

If you are someone who regularly surfs the Internet with an administrator account, your system has likely already been compromised, and the only sure-fire way to get rid of the active (and dormant) malware sitting inside your machine is to format your drive(s) and reinstall everything from scratch. Using system backups are generally not a good idea since they themselves may contain malware that has been previously backed up.

So, after taking measures to ensure you start with a ‘clean’ system, the safest way to prevent more than 90% of the identity theft that occurs annually is to immediately perform 4 simple steps:

1)      Set up an ‘administrator’ account using some innocuous login ID composed of random numbers and letters (r7DHm3oK6, for example) and an associated password with a similar random character composition between, say 8 – 12 characters. Use that administrator account to ONLY install new programs and configure system devices such as printers and wireless connections to trusted routers & switches.

2)      Set up another account for everyday use using the same credentialing methodology, making sure that it is set up as a ‘standard user’ to ensure that malware access attempts are thwarted without the necessary privileges.

3)      Change your password on any account that matters to you, employing the same technique of establishing a password that cannot be guessed easily using brute-force methods.

4)      Install a full suite of anti-virus software with Internet scanning that you update each day to ensure your system is protected at maximum levels.

Having done each of the steps outlined above, you can rest easy that your banking sessions stay safe; after all, even if the bad guys have your old password, it does them no good since you changed it to a much stronger – and newer – authentication method.  Changing your logon ID is one more step that can be added to the protective measures but, whatever you do, don’t surf as administrators.


James Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.


Insights’s perspective on industry news and trends



Must-read news and insights from financial industry leaders



Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Brad Strothkamp

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.