Big rise in Australian card fraud

October 9, 2015
/   Insights

Cases of card not present (CNP) fraud are continuing to rise across all corners of the globe, as EMV forces criminals away from traditional fraud channels.

EMV is Here: Tips & Tricks You Need to Know

October 7, 2015
/   Insights

The EMV (Europay, MasterCard, Visa) shift went into effect on October 1, 2015 and a majority of large retailers and merchants have upgraded POS terminals to accept EMV chip cards. Despite this new mandate,...

FI Highlight: BankMobile

October 2, 2015
/   Spotlight

Financial institutions that aren’t developing and catering to the wants and needs of younger demographics are missing out on huge opportunities for growth. Luvleen Sidhu, Chief Strategy and Marketing Officer at BankMobile, spoke with...

EMV Liability Shift: Are You Ready?

September 28, 2015

The talking is nearly over for the US payments industry as October 1st sees the all-important EMV liability shift. Chip cards are being issued to consumers and merchants are upgrading their point of sale...

The 5 Most Dangerous Mobile Banking Habits

September 14, 2015
/   Voices

Mobile banking grows more ubiquitous every year. 52 percent of smartphone owners with a bank account use mobile banking, according to the Federal Reserve, and more than half of users log in at least...

The Case for CSR

September 7, 2015

The demise of a New York City law shouldn’t stop good works

FI Highlight: Nusenda Credit Union

September 1, 2015
/   Spotlight

While it is important for banks and credit unions to consider the needs of consumers, it’s also important for FIs to take employee needs into consideration as well. Michelle Dearholt, SVP of Human Resources at Nusenda...

Is a .bank Domain Right for Your Bank?

August 28, 2015
/   Voices

With the general availability of the .bank registry under way, more than 5,500 applications from over 2,200 banks have already taken place, according to fTLD Registry Services.

Can Smartphones Solve ATM Skimming

/   Insights

ATM skimming remains a big business for organized crime rings. According to a recent article in, card skimming accounted for more than $2 billion in losses. One new approach that banks are exploring...

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

The Top 10 Trends in the Digital Banking Industry

December 18, 2013
/   Spotlight

2014 is rapidly approaching and as the year wraps, the Digital Insight team has pulled together the top 10 trends in the digital banking industry based on data and trends from studying financial institutions....

Making Banking Fun: Gamification in Financial Services

August 5, 2013
/   Insights

Recently, the team sat in on American Banker’s webinar, “Gamification in Financial Services: Five Proven Ways to Get an Edge,” which shared how leading brands in financial services have applied gamification to reach...

Small Business: Perception vs. Reality

November 21, 2012
/   Insights

In the most recent election cycle, like most others before it, the one sector of the economy that got the most attention was small business.  This is the future, we were told by every...

Technology M&As: The Beats Go On

May 29, 2014
/   Insights

The ongoing fascination with Apple’s $3 billion purchase of Beats Electronics is entirely understandable, because it’s a cool story. However, it also says a lot about what’s going on between finance and tech.

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below. Virtual Banking Worlds Provide Tangible Lessons American...

What We’re Reading: Thanksgiving Edition

November 22, 2012
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom. Mobile Thursday? Plans for Thanksgiving...

For the average banking customer, little attention is paid to the security aspect of public wireless networks at banks. Today’s users are so accustomed to attaching to free, public Wi-Fi services that they inherently trust that financial institutions are protecting their data and confidential information.

Contributor, James W. Gabberty

Contributor, James W. Gabberty

However, that is not always true. Often times, financial institutions do not regularly monitor and update their routers which put their wireless networks at risk. As routers are the devices that handle network connectivity, they are susceptible to many of the same anomalies as tablets and personal computers, such as performing sluggishly, occasionally locking up, and much worse, becoming infected with malware. Just like their computer counterparts, routers are usually shipped with an operating system that has been installed by the manufacturer which needs to be occasionally refreshed with an updated version, begging the questions: “how often do banks actually perform this upgrade?” The answer, simply put, is that while some do, others don’t. Why is this so?

One of the primary reasons that financial institutions are loathe to update their routers’ operating systems has to do with the sheer number of routers deployed by mid- and large-sized banks and the common sense notion that when one router is updated, all the rest must likewise be updated, which requires substantial planning and attention to detail (not to mention significant time and money).  While upgrading routers periodically is certainly a nuisance, not performing them en masse would be akin to individual users running disparate versions of the Microsoft operating system and office suites within a company – a seriously problematic proposition since the number of security vulnerabilities would skyrocket.

Many banks also simply don’t have an accurate, updated list of all the routers in their organization, not to mention each router’s individual IOS level and almost certainly, it’s configuration.  Asset management has long been a problem for all companies and banks are no exception.  Corporate policy is frequently bypassed and end-users often connect their own devices (USBs, smartphones, and even routers) into the corporate backbone. While there are security awareness techniques designed to stem the rush of employees connecting non-corporate devices to the company’s IT infrastructure, insider activity is still the number one vector of information security breaches within all corporations. Moreover, since keeping track of all infrastructure equipment is a monumental task – especially since proper change management policies are often by-passed, many firms don’t perform as good a measure of due diligence in terms of patching routers as they should.

Still another reason why router upgrades are problematic for financial institutions is tied to the configuration that many routers have been specifically tuned, or set at.  Internet-facing ports are a time-tested invitation for exploitation from outside the firm and significant time and effort must be expended to ensure that these ports are all closed while simultaneously enabling only those ports that are critical for the firm to operate.  Each time a router is updated, the configuration is lost and must be set again to match corporate policy guidelines; failure to reset the proper configuration causes vulnerabilities inside the firm to reappear.

Understanding some reasons why financial institutions do not invest the proper time needed for router software updates, here are some simple questions for IT security management to simplify the process and ensure protection for wireless networks: (1) Do you have a list of all routers in your organization, the IOS level and the configuration? (2) Have you validated the authenticity of the vendor you purchased your routers from? (3) When was the last time you checked your routers’ configuration and does it match policy? (4) Have you checked that it hasn’t been modified on a daily or weekly basis? (5) Are you logging improper events and staying vigilant? (6) Are you continuously making sure that there are no open ports facing the internet?

Due diligence on the part of maintaining your bank’s many routers can go a long way in ensuring that your customers – and their trust – remain loyal.

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.


Insights’s perspective on industry news and trends



Must-read news and insights from financial industry leaders



Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Brad Strothkamp

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.