first community bank prevx safe online rollout & best practice presentation
TRANSCRIPT
• Given the increasing cyber threats and Trojans that specifically target business on-line bank accounts, we at First Community Bank looked for some options to offer customers to help protect their on-line banking sessions. In the recent past, we've had a few customers infected with the Zeus or related Trojans, which led to some attempted ACH fraud.
• We found a vendor that offered a product that helps protect users when they log into a web site such as on-line banking. The vendor is Prevx. The product we are offering is Prevx 'SafeOnline' .
• We went live 2/22/2010 with this offering.
• This software is offered for free to our customers. It provides protection of the on-line sessions as well as some anti-virus like scanning. It protects from the key board thru the browser to the website. The vendor advertises it as still protecting the on-line banking sessions even if the PC is infected. Note - The free version will scan for viruses, but will not remove the viruses. A user can upgrade to a full version that removes the infections for a nominal annual fee. This software is compatible with other security products and anti-virus software
Internet Fraud – What is it? Viruses, Trojans, malicious software growing and
spreading rapidly Allows unauthorized electronic access to customer
accounts - Able to defeat two factor authentication Scams – Phishing, Spoofing Impact to date – estimated at $40 million
transferred out of US in 2009, primarily to Eastern Europe
Impacts ACH, Wire Transfer, Auto transfers, Bill Pay, and check fraud
Can we stop Internet Fraud?• Education of customers• Customer security procedures
– Dual control– Prohibit password sharing– Policy regarding internet access and unauthorized e-mail– Confirm communications with the bank via e-mail or phone– Communicate personal changes to bank immediately
• Verify account balances daily• Immediately report unusual activity• Dedicated PC for on-line activity
Is there risk for an individual as well?
• Yes, phishing and spoofing scams are not limited to businesses. These criminals are attempting to move as many dollars as possible and in many cases individuals are an easy target
• Do not open e-mails from unknown sources• Keep your PC’s operating system up-to-date with all of the
current patches from Microsoft• Install and keep current your virus protection software• Set-up multiple users on your personal computer that do not
have complete administrative rights. All of the current viruses require a software program to be downloaded and installed on your computer, without administrative rights the user cannot complete the task and the software cannot be activated.
Customer Experience - Start
Step 1: Customer views the First Community Bank information webpage, accesses the Prevx landing page for more information and downloads Prevx SafeOnline
First Community Bank
information webpage
Customer Experience – plus 15secs
All HTTPS websites
First Community bank HTTP websites
All social networking websites
Step 2: Customer accepts EULA and they are instantly protected
MI Reporting – 7 days plus
Step 3: Prevx provide detailed reports on First Community Bank customers using Prevx SafeOnline
• Downloads• Infected PCs• PC state• Existing security software• Blocked websites
7
Summary Report:This was provided to the Bank over 2 week period after rollout:21 downloads to date
19 PCs seen since launch
No support requests to date
7 PCs have been seen that were infected
4 PCs now clean were infected with:
Adware
Malicious software
Cloaked malware
Fraudulent security program (Vundo, typically used to deliver fraudulent AV software)
Spyware
3 PCs still infected
No access to blocked URLs
3 PCs upgraded to Prevx 3.0
Customer Experience – 7 days plus
Step 4: Security review advises customer of recommended actions
7+
Hijacked Internet Connectivity
Prevx SafeOnline blocks any attempt to direct a user to an unauthorised IP address:
• Visit www.fcbnm.com the
First Community Bank Website Current linkage to the our Fraud information https://
fcbnm.com/index.php/personal/legal_fraud/ PrevX link: http://www.prevx.com/firstcommunitybank.asp
Questions- Call PrevxGarry Scott-Savage
Work: (630) 761-0722
Cell: (630) 660-5816
Email: [email protected]