Upload
febelfin
View
989
Download
0
Embed Size (px)
Citation preview
The financial sector
experience with information
sharing Patrick Wynant
Manager Banking Operations
Febelfin
B-CCENTRE | 28 March 2012
AGENDA
1. Context 2. Interbank 3. External
B-CCENTRE | 28 March 2012 | 2
Internetbanking in Belgium
• Simple, quick, comfort, cheap... > popular and growing
• Attractive target for cybercrime
• Risks: financial, reputation, continuity…
• Maintain trust in this distribution channel
B-CCENTRE | 28 March 2012 3
Why should we (not) share information?
- Sharing of vulnerabilities is ‘not done’ - Can I trust the information receiver? - What happens with my information? … + understand better the potential vulnerabilities, threats & attacks + assess the impact of incidents + mitigate these threats and risks with (sector wide) measures + …save money
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> • Delicate balancing act • Reciprocity - Win-win
B-CCENTRE | 28 March 2012 4
Internetbanking security information sharing in
Belgium
• Working Group:
• banks + Isabel + NBB (supervisor) + FCCU
• Recurrent + adhoc meetings + Task forces
• Forum of all banks: yearly + adhoc infosessions
• NDA - Disclosure classification: green/amber/red
• Alert communication channel:
• Anonymous (filter) email to list of subscribers
• Template with structured data on new/evolving threat
• No personal data (compliance with privacy regulations)
• CERT.be
• Belgian Cybercrime Centre of Excellence for Training, Research &
Education (B-CCENTRE)
B-CCENTRE | 28 March 2012 5
Financial cybercrime information sharing in
Europe
• WG IT Fraud in European Banking Federation
• ISSG Fraud Information Sharing Expert Group
(CISEG) in European Payments Council (EPC)
• Financial Institutions - Information Sharing and
Analysis Centre (FI-ISAC) - Europe
B-CCENTRE | 28 March 2012 6
External information sharing
> New website (1/12/2011)
www.safeinternetbanking.be
www.internetbankierendoeikveilig.be
www.labanqueparinternetentoutesecurite.be
B-CCENTRE | 28 March 2012 | 7
Internetbanking fraud statistics
• Internetbanking is very secure: # frauds / # sessions = 0,00002 %
• Re-imbursement (except if proven that payer has acted fraudulently)
B-CCENTRE | 28 March 2012 8
The fraudster at work
B-CCENTRE | 28 March 2012 | 9
5 fraud vectors
Security, an issue for my bank?
B-CCENTRE | 28 March 2012 | 10
Veiligheid, een zaak van mijn bank ?
Wat de bank zoal doet om zowel internetbankieren als betalen via het internet zo veilig mogelijk te laten verlopen is terug te vinden onder de rubriek “veiligheid, een zaak van mijn bank”.
Security, also my business/concern?
B-CCENTRE | 28 March 2012 | 11
Veiligheid, ook mijn zaak ?
De site zet bovendien alle tips op een rijtje waarmee de consument zelf kan bijdragen aan de veiligheid van zijn online transacties. Deze tips & tricks zijn terug te vinden onder de rubriek “veiligheid, ook mijn zaak”.
External information sharing > Press
| 12
• Febelfin press releases (‘malware’) :
• 18 August 2011
• 26 September 2011
• Press in January 2012
• Phishing 9 March 2012
Mon argent,
4 november 2011
Le Soir,
19 augustus 2011
B-CCENTRE | 28 March 2012
La Libre Belgique,
4 januari 2012
De Tijd, 3 januari 2012
Het Nieuwsblad,10 maart 2012