Articles Posted in Internet Banking

Radio Frequency Identification (RFID) could be the next thing in spending as banks, retailers and businesses race to incorporate the latest technology into the consumer relationship. However, protection of private information continues to be a concern — illustrating the need for a Massachusetts business attorney whenever new technology is introduced into the sales and marketing equation.

A data breach in Massachusetts or elsewhere is a real concern. Recent issues at Citi Bank (more than $2 million was stolen after hundreds of thousands of accounts were breached), Sony and other corporate giants continue to illustrate the dangers.
A recent gathering of researchers at UMass Amherst focused on improving security and privacy of RFID and electronic payments. Radio frequency identification is the next-generation technology, which allows consumers to pay for purchases by swiping their mobile phones. Concerns primarily focus around the fact that it’s equally possible for fraud to occur by anyone who can get close enough to your phone to pick up the frequency. The workshops June 26 to 28 at the Hotel Northampton will focus on the security and privacy concerns and are the first to take place in the United States.

One demonstration will include a device built from parts purchased on eBay, which has the ability to peer into a wallet for sensitive credit card and identifying information from several feet away.

Like bar codes, RFID technology permits contactless payments simply by waving a cell phone at a cash register or other device; the concern comes when fraudsters intentionally intercept the radio waves for the purpose of recording bogus transactions.

“Good security and privacy is built in, not bolted on. It is less costly to anticipate threats and to secure systems from the start than to patch after the fact,” said Kevin Fu, a UMass Amherst computer scientist.

Similarly, it is best to consult a Massachusetts technology attorney whenever new technology is being instituted or changes are being made to billing processes. Getting it right at the start is much easier than trying to correct errors or illegalities after the fact.

High-profile computer breaches continue to plague corporate America. Most recently, Citigroup is under fire for taking too long to notify customers after hundreds of thousands of accounts were hacked and more than $2 million was stolen, Infosecurity Magazine reports. The company waited six weeks.

The Boston Globe reports 3,400 customers lost $2.7 million but will be reimbursed. The bank reports more than 360,000 credit card accounts — or about 1.5 percent of the bank’s North American accounts — were compromised.

Now Reuters reports Citgroup also failed to provide its customers with the degree of privacy protection that many other companies provide. Most companies suffering a similar breach have offered to buy or give customers a year of identity theft protection or credit monitoring services. Citi did not — only reminding customers that they could place a fraud alert on their credit files.
Continue reading

A Bedford security systems maker is scrambling to deal with an “advanced persistent threat” against some of its high-value computer systems. The company’s clients include Wells Fargo & Co. and the system is similar to those used by many Internet banks.

The Boston Globe reports the company revealed the attack on Thursday and said it involved its SecurID technology. The redundant security system is of a type popular with Internet banks; it uses two different passwords to gain access to a network. One password is memorized by the user, while the second is a random set of numbers that appears on a token — a small electronic device carried by a user.
Boston bank attorneys should always be consulted when establishing an Internet bank’s user service agreements. Banks dealing with a security breach should also work in tandem with a law firm to limit liability that could ultimately result from theft from customers, identity theft and other consequences of a security breach.

The SecureID uses random numbers that change every minute. The token, typically carried on a keychain, displays the number a user types into the system to gain access to the network. It is used by 40 million people at 30,000 organizations worldwide, including Wells Fargo & Co., Rolls Royce Motor Cars Ltd. and Lockheed Martin Corp.

A successful breach could allow access to customer information. Such a breach could also be used by hackers to establish back doors in to the system, which could grant them future access to token numbers and customer accounts. The company said in a filing with the Securities and Exchange Commission that it does not believe employee or customer information was accessed.
Continue reading

Boston Bar Assosiation