Julie Conroy

November 6, 2017

Simple Banking Security Tip: Verbal Passwords

This post was originally published on this siteThere was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn’t acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn’t let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone. Most financial institutions will let customers add verbal passwords […]
August 28, 2018

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

This post was originally published on this siteFiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based Fiserv [NASDAQ:FISV] is a Fortune 500 company with 24,000 employees and $5.7 billion in earnings last year. Its account and transaction processing systems power the Web sites for hundreds of financial institutions — mostly small community banks and credit unions. Two weeks ago this author heard from security researcher Kristian Erik Hermansen, who said […]
December 4, 2018

A Breach, or Just a Forced Password Reset?

This post was originally published on this siteSoftware giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case. Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward. The notice sent to ShareFile users looked like this: Dozens […]