It is obvious that customers are not always able to adequately assess the threats and risks associated with remote management of their accounts, and to oppose those threats adequate countermeasures. Therefore, one of the main tasks to ensure security of banks and payment systems is user training. It should be noted that the attacker's perspective of potential interest in Internet banking system is not only the possibility of theft of funds (Protection of the transaction, as a rule, banks are paying the most attention), but also personal data of the client. Possession of such information makes it possible for fiddling with plastic cards, or conducting a fraud. The researchers even say that every record of customer accounts has quite a specific price on the black market. Unfortunately, the design and operation of Internet banking is not always comply with the requirements of industry standards. As a rule, each bank is developing a system of internet banking on their own and none of the standards is not actually binding.
In the current situation, entry into force requirements FZ-152 is a great difficulty for the whole banking sector, as evidenced by the repeated attempts by the Banking Association to postpone the date of entry into force requirements. Preparation organization to fulfill the requirements of the law with a view to preparing the organization to fulfill the requirements of the law FZ-152 is necessary to conduct an audit of information systems and business processes, directly or indirectly affecting the processing personal data. Such an audit can be conducted both by the organization (if qualified) and by independent auditors.
The Banking Association
March 11, 2011
News
Comments Off on The Banking Association
adminTree
It is obvious that customers are not always able to adequately assess the threats and risks associated with remote management of their accounts, and to oppose those threats adequate countermeasures. Therefore, one of the main tasks to ensure security of banks and payment systems is user training. It should be noted that the attacker's perspective of potential interest in Internet banking system is not only the possibility of theft of funds (Protection of the transaction, as a rule, banks are paying the most attention), but also personal data of the client. Possession of such information makes it possible for fiddling with plastic cards, or conducting a fraud. The researchers even say that every record of customer accounts has quite a specific price on the black market. Unfortunately, the design and operation of Internet banking is not always comply with the requirements of industry standards. As a rule, each bank is developing a system of internet banking on their own and none of the standards is not actually binding.
In the current situation, entry into force requirements FZ-152 is a great difficulty for the whole banking sector, as evidenced by the repeated attempts by the Banking Association to postpone the date of entry into force requirements. Preparation organization to fulfill the requirements of the law with a view to preparing the organization to fulfill the requirements of the law FZ-152 is necessary to conduct an audit of information systems and business processes, directly or indirectly affecting the processing personal data. Such an audit can be conducted both by the organization (if qualified) and by independent auditors.