Page : 1/20

Inside TRC

First Page    Prev. Page    Next Page    Last Page

Thursday, 30 Apr 2015

A combination malware and social engineering campaign has already stolen over $1 million! Dubbed the “Dyre Wolf”, the malware targets online banking systems. Security experts believe that those behind the malware attacks are extremely knowledgeable about financial institutions' online banking systems.

"Dyre Wolf" targets businesses that use wire transfers to move large sums of money, even when the transactions are protected with two-factor authentication. The heist starts with mass e-mailings that attempt to trick people into installing Dyre, a strain of malware that largely remains undetected by the majority of antivirus products.

Infected machines then send out mass e-mails to other people in the victim's address book. Then the malware lies in wait. Once the infected victim tries to log in to one of the hundreds of financial institution websites for which Dyre is programmed to monitor, a new screen will appear instead of the corporate banking site. The page will explain the site is experiencing issues and that the victim should call the number provided to get help logging in.

The attackers are bold enough to use the same phone number for each website and know when victims will call and how to answer for each financial institution. This all results in successfully duping their victims into providing their organizations’ banking credentials.

As soon as the victim hangs up the phone, the wire transfer is complete. The money starts its journey and bounces from foreign bank to foreign bank to circumvent detection by the financial institution and law enforcement.

TRC Interactive’s First Line of Defense™ program offers interactive and engaging fraud training to help financial institutions identify and prevent fraud attempts. To learn more, visit http://trcinteractive.com/training-solutions/fraud-training.asp or contact us at either info@trcinteractive.com or (800) 222-9909.

Wednesday, 8 Apr 2015

On March 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released two statements about ways financial institutions can identify and mitigate cyber attacks. Industry experts suggest that the primary reason for the release of the statements is to ensure that smaller financial institutions are taking the necessary steps to protect themselves from cyber threats.

There are also those who have raised concerns that the two statements may indicate that the FFIEC has some knowledge of possible upcoming attacks. In either case, the FFIEC felt compelled to release these statements and financial institutions need to take action.

In accordance with FFIEC guidance, institutions should:

  • Securely configure systems and services;

  • Review, update, and test incident response and business continuity plans;

  • Conduct ongoing information security risk assessments;

  • Perform security monitoring, prevention, and risk mitigation;

  • Protect against unauthorized access;

  • Implement and test controls around critical systems regularly;

  • Enhance information security awareness and training programs; and

  • Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.


The FFIEC statements can be accessed here:

Statement of Destructive Malware
http://www.ffiec.gov/press/PDF/2121759_FINAL_FFIEC%20Malware.pdf

Statement on Compromising Credentials
http://www.ffiec.gov/press/PDF/2121758_FINAL_FFIEC%20Credentials.pdf


To stay up to date on financial institution trends and news, frequently visit our blog. To learn more about our online training solutions, contact us at info@trcinteractive.com or (800) 222-9909.

Wednesday, 25 Mar 2015

Your customers who turned 70½ during 2014 likely must start receiving required minimum distributions (RMDs) from Individual Retirement Accounts (IRAs) and workplace retirement plans by Wednesday, April 1, 2015.

The April 1 deadline applies to owners of traditional IRAs but not Roth IRAs. Normally, it also applies to participants in various workplace retirement plans, including 401(k), 403(b) and 457 plans.

The April 1 deadline only applies to the required distribution for the first year. For all subsequent years, the RMD must be made by December 31. So, a taxpayer who turned 70½ in 2014 and receives the first required payment on April 1, 2015, for example, must still receive the second RMD by December 31, 2015.

TRC provides training on IRA Fundamentals. For your convenience we provide the current and previous tax year information. You can also learn more about courses available through TRC Interactive by contacting us at info@trcinteractive.com or (800) 222-9909.

Thursday, 19 Mar 2015

The New York Attorney General Eric Schneiderman announced a deal with the credit reporting giants, Experian, TransUnion, and Equifax on the reporting of medical bills and the handling of error resolution processes.

Under this new agreement, the agencies will replace automated error resolution processes with specially trained employees. The agencies will also establish a six-month interim period before reporting unpaid medical debts to allow time for resolution of issues involving delayed insurance payment or consumer disputes. When a medical debt is paid by insurance, it will be removed from a consumer's report.

The agencies will also take steps to increase awareness of the availability of free annual credit reports through the website annualcreditreport.com.

The credit reporting giants maintain credit information on consumers that directly affects a consumer's ability to not only access credit but that can also determine how good of a deal the consumer may get. “Credit reports touch every part of our lives,” Mr. Schneiderman said in a statement. “They affect whether we can obtain a credit card, take out a college loan, rent an apartment, or buy a car — and sometimes even whether we can get jobs.”

As bankers, we use credit reports nearly every day and in many aspects of our business processes. If you have worked with credit reports for many years you likely have a story about a situation gone wrong, a consumer nightmare or a problem situation that was never able to be resolved.

To stay up to date on regulatory trends and news, frequently visit our blog. TRC Interactive also offers online, interactive training on various compliance related topics. To learn more, contact us at info@trcinteractive.com or (800) 222-9909.

Thursday, 15 Jan 2015

The Department of the Treasury's Office of Foreign Assets Control (OFAC) is amending the Cuban Assets Control Regulations, (the "CACR"), to implement policy changes announced by the President on December 17, 2014, to further engage and empower the Cuban people by facilitating authorized travel to Cuba by U.S. persons, certain authorized commerce, and the flow of information to, from and within Cuba.

The CACR amendment will be published in the Federal Register January 16, 2015, at which time the changes will take effect. OFAC is also publishing a number of Frequently Asked Questions pertaining to this regulatory amendment.

To stay up to date on regulatory trends and news, frequently visit our blog. TRC Interactive also offers online, interactive training on various compliance related topics. To learn more, contact us at info@trcinteractive.com or (800) 222-9909.

First Page    Prev. Page    Next Page    Last Page