Compliance & Regulations

> US & Canada

> Latin America

> Europe

US & Canada
 

The FFIEC Guidance on Risk Management for Mobile Financial Services: What You Need to Know
 
Recently the Federal Financial Institutions Examination Council (FFIEC) released a new guidance detailing how financial institutions should be securing mobile financial transactions. It will be the template that federal examiners will be using when the time comes for an inspection, so it is crucial that financial institutions understand what is expected of them going forward. More..

New Recommendations from FFIEC After Rise in Extortion Attacks

 
Recently, the Federal Financial Institutions Examination Council (FFIEC) sounded alarm bells about the rise in the number and severity of cyberattacks against financial institutions involving extortion. The attacks are carried out by cybercriminals who hijack the computer systems and databases of banks and other financial organizations, and then hold sensitive company information or systems “hostage” until a sum of money is paid. More..

FFIEC Unveils Cybersecurity Assessment Tool to Assist with Risk Identification and Preparedness

 
In July, the Federal Financial Institutions Examination Council published a Cybersecurity Assessment Tool (CAT), to help financial institutions detect potential risks and measure the level of their cybersecurity “maturity” or readiness. This assessment was based on a pilot program carried out by FFIEC members in 2014 to evaluate the fitness of smaller community institutions in mitigating cybersecurity risks, and was designed to be consistent with the FFIEC Information Technology Examination Handbook and other industry-approved cybersecurity best practices. More..

Six Steps to 2011 FFIEC Authentication Compliance.

 
For the first time since 2005, the FFIEC has released new guidelines for authentication in an Internet banking environment. Compliance assessments begin January 1, 2012. This document outlines the six steps financial institutions should take to conform to the new FFIEC authentication guidance. More..

Detect Monitoring Services and Detect Safe Browsing: Empowering Tools to Prevent Account Takeovers.
 
The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction authentication guidelines for the first time since 2005. This regulatory oversight plans to put greater responsibility on the banks and credit unions to enhance their security and prevent fraud. Easy Solutions’ Detect Monitoring Services and Detect Safe Browsing are two state of the art tools that will surpass the security requirements set forth by the FFIEC and can help detect fraud before it happens. English Version Spanish Version

Webinar - Corporate Customer Sues Bank after Phishing Attack and Wins Financial Institutions Should Expect and Prepare for an Onslaught of Similar Lawsuits.

On June 13th, 2011 for the very first time, a commercial banking customer was victorious in a lawsuit resulting from an Internet phishing attack. The financial institution now must come up with and reimburse the $561,000 that was never recovered. There are many key lessons learned that banks and credit unions can draw from this case. More..

Supplement to Authentication in an Internet Banking Environment. The Federal Financial Institutions Examination Council (FFIEC), June 2011.

The purpose of the Supplement to the 2005 Guidance (Supplement) is to reinforce the Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment. More..

Latin America
 

Cybercrime in El Salvador: The Banking Industry Must Face the Challenge

This year, El Salvador’s Superintendency of the Financial System published new regulations on how the country’s banking sector must protect the connections to banks’ transactional pages. This includes protecting the website from malware injections, and the strengthening of password-based logins through second-actor authentication. The document dictates a total of 23 new guidelines that banks in El Salvador must follow if they want to offer online banking services to their customers. Spanish Version

Compliance with Circular 193: A Path to the Future of Banking

Electronic fraud is evolving at an alarming pace, threatening banks and users all over the world. As a countermeasure, the Financial Systems Supervision Authority of Bolivia published Circular 193 to update the security requirements needed to provide online banking services and bring Bolivia in concordance with the most recent world standards. In this document, you will learn about the current fraud landscape, the Circular’s contents and how Easy Solutions’ products and services can help banks and financial institutions to effectively comply with this security regulation. Spanish Version

Using Multilayer Protection to Comply with Resolution No. JB-2014-3066 from the Superintendence of Banks of Ecuador

Cybercrime increases its presence in Ecuador, and the Superintendence of Banks strikes back with a strong group of new regulations created to mitigate the risks the electronic transactions face. The goal of these guidelines is to strengthen security through a range of protection measures, which must be implemented across the different stages of an attack life cycle. Therefore, it is possible to stop a higher amount of attacks, even if one of the protection layers has been compromised since the other layers are ready to intercept and stop these attacks. This document describes the implications of the new resolution and explains how your organization can comply with it in a quick and easy manner. Spanish Version

Resolution JB-2014-3021 From The Superintendency of Banks and Insurance of Ecuador - Maintain Regulatory Compliance with Push Authentication

The new regulations from the Superintendency of Banks and Insurance of Ecuador mandate that banks must send Out-of Band authentication messages for financial and non-financial transactions. While any Out-of-Band user verification system helps with the regulatory compliance, not all of these systems are designed alike, and many have been defeated by large-scale attacks. On the other side, Push technology reduces operational costs, improves security and increases mobile banking adoption, standing as a superior alternative that provides safer and more meaningful interactions with your clients. Learn more about the power of Push Authentication in this document. Spanish Version

Circular 40 from the Superintendency of Banks and Financial Institutions (SBIF) of Chile: How to Quickly and Easily Comply with the Regulation and Protect your Customers from Fraud

A number of recent massive credit card breaches have dominated headlines and caused millions of dollars in losses for a variety of credit-card-issuing organizations around the world. With an eye towards preventing such incidents in Chile, new regulations that go into effect in 2014 mandate that all businesses dispensing credit cards fall under the supervision of the SBIF, including all retailers. All credit card issuers must now have extensive security and risk management procedures in place to prevent fraud, unauthorized data access and money laundering, and issuers can legally and financially be held liable for any losses or breaches traceable to security gaps. This document explains what the new security guidelines contained in Circular 40 entail, and how your card-issuing organization can simply and straightforwardly comply with them. Spanish Version - English Version

Managing the Risks and Threats in Electronic Payment Systems - SIPAP Comes to Paraguay

Paraguay's Central Bank has announced that a new electronic payment system, the Sistema Nacional de Pagos Electrónicos del Paraguay (SIPAP), will give the country's citizens the ability to make electronic payments no matter what bank the sender and recipients are clients of, and will eventually allow online and mobile banking as well. But while this new system promises to greatly reduce the amount of fraud related to bad checks, electronic payment systems have their own vulnerabilities that financial institutions must be sure to protect against. This document explores the types of fraud that have proliferated as electronic payment systems like SIPAP have grown more popular, and describes how Paraguayan financial institutions and easily and efficiently secure themselves against them. English Version - Spanish Version

Circular 193 from the Financial Supervising Authority of Bolivia How to comply with the law and protect your business and its users at the same time

The Financial Supervising Authority of Bolivia released their latest regulation, Circular 193, on September 16th, 2013. The document updates and reinforces the minimum security requirements that are necessary for offering services related to electronic banking and transactions. The new guidelines bring Bolivia’s regulations more in line with world standards regarding electronic commerce and respond to new threats that have emerged since the last time the regulations were updated. This white paper gives details about what’s new in Circular 193, and how your business can simply and straightforwardly comply with it. (Document written in Spanish) More...

Chapter 10 of the Single Banking Circular from the National Banking and Securities Commission (CNBV) of Mexico

Historically, many people in Mexico have not had access to the formal banking system, but the widespread adoption of internet and mobile phones gives financial institutions the opportunity to reach millions of potential additional customers who have never had an account. Although e-banking methods involve a fresh set of potential risks to consider and electronic fraud is on the rise, the strong e-banking regulations contained in Chapter X of the Single Banking Circular, published by the National Banking and Securities Commission (CNBV), give financial institutions the necessary guidance to confront the threats facing different transaction channels. (Document written in Spanish). More...

Communication A5374 from the Central Bank of Argentina - How to comply using a strategy of risk-based authentication

Communication A5374 was issued last year by Argentina’s Central Bank to address the explosive growth of e-commerce and require more stringent security standards for all transactional channels in the country. Our white paper about this new directive gives an overview of the contemporary fraud environment in Argentina and offers counsel on how your company can comply with the new rules by using a strategy of risk-based authentication. (Document written in Spanish). More...

External Bulletin 042 from the Financial Superintendence of Colombia - How to comply with the law while protecting your business and its customers at the same time

The Financial Superintendence of Colombia published External Bulletin 042 on October 4th, 2012 with the objective of strengthening and updating the minimum security requirements for carrying out electronic banking operations and transactions. This document explains what’s new in External Bulletin 042, and how your financial institution can easily and efficiently comply with it. (Document written in Spanish). More...

Rule 006-2011 from the Superintendencia de Bancos de la República de Panamá - A guide for easy compliance

La Superintendencia de Bancos de la República de Panamá released Acuerdo 006-2011 at the end of 2011 with the aim of enhancing previous regulations related to e-banking and outlining the ways that financial institutions must manage risk for transactions performed over these channels. Our white paper on the new standards describes how technology is changing the way Panamanians bank, explains the most relevant points of Acuerdo 006-2011, and presents a guide for easily and efficiently complying with it. (Document written in Spanish) More...

Resolution No. JB-2012-2148 by the Ecuador Banking Board - How to comply with the regulation and protect your business at the same time.

The Ecuador Banking Board has released in May 2012 the Resolution No. JB-2012-2148, with the goal of minimizing the risk related to the use of information technologies. The Resolution calls for the financial institutions of Ecuador to implement security measures to prevent the fraud in electronic channels. This white paper explains in simple terms the main points of the Resolution and offers a practical guide to reach compliance. (Document written in Spanish). More..

SUDEBAN 641-10- Regulation on Electronic Services in Venezuela - How to comply with the norm and protect your business in an easy and effective way.

The rise of electronic services has presented new security challenges to the Latin American financial institutions. The governments are playing a more active role in establishing norms and regulations to increase the security levels and protect the users. The 641-10 Resolution of Sudeban is an example of this kind of norms that, though useful, could turn to be very complex for the financial institutions. (only available in Spanish). More..

Europe
 

European Online Payments Regulations
 

Cyber fraud in Europe is growing at a staggering rate; even with more innovations in anti-fraud security, the amount of losses that organizations have suffered recently continues to rise. Due to this reality, the European Banking Authority published the Guidelines on the Security of Internet Payments to identify, bring awareness to and help solve this ever-growing problem. The guidelines are based on recommendations that were originally developed and published by the European Forum on the Security of Retail Payments (SecuRE Pay) and go into effect in August 2015. This white paper carefully explains how banks are to comply with these new expectations while lowering losses and decreasing vulnerability to cyber-attacks.. More..

The European Central Bank's Recommendations for the Security of Mobile Payments.
 

The popularity of mobile payments is exploding thanks to their convenience, but the mobile channel has specific security concerns that must be addressed before it can reach its full potential. To that end, the European Central Bank has issued a series of recommendations to improve security for this emerging channel that must be implemented in the next few years by any business seeking to offer mobile payment services. Find out what the new regulations entail and how your business can rapidly and efficiently comply with them in this white paper. More..

Easy Solutions, Inc. All rights reserved.