3. Internetbanking in Belgium
• Simple, quick, comfort, cheap... > popular and growing
• Attractive target for cybercrime
• Risks: financial, reputation, continuity…
• Maintain trust in this distribution channel
3
4. Why should we (not) share information?
- Sharing of vulnerabilities is ‘not done’
- Can I trust the information receiver?
- What happens with my information?
…
+ understand better the potential vulnerabilities, threats & attacks
+ assess the impact of incidents
+ mitigate these threats and risks with (sector wide) measures
+ …save money
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
• Delicate balancing act
• Reciprocity - Win-win
B-CCENTRE | 28 March 2012 4
5. Internetbanking security information sharing in
Belgium
• Working Group:
• banks + Isabel + NBB (supervisor) + FCCU
• Recurrent + adhoc meetings + Task forces
• Forum of all banks: yearly + adhoc infosessions
• NDA - Disclosure classification: green/amber/red
• Alert communication channel:
• Anonymous (filter) email to list of subscribers
• Template with structured data on new/evolving threat
• No personal data (compliance with privacy regulations)
• CERT.be
• Belgian Cybercrime Centre of Excellence for Training, Research &
Education (B-CCENTRE)
B-CCENTRE | 28 March 2012 5
6. Financial cybercrime information sharing in
Europe
• WG IT Fraud in European Banking Federation
• ISSG Fraud Information Sharing Expert Group
(CISEG) in European Payments Council (EPC)
• Financial Institutions - Information Sharing and
Analysis Centre (FI-ISAC) - Europe
B-CCENTRE | 28 March 2012 6
7. External information sharing
> New website (1/12/2011)
www.safeinternetbanking.be
www.internetbankierendoeikveilig.be
www.labanqueparinternetentoutesecurite.be
B-CCENTRE | 28 March 2012 |7
8. Internetbanking fraud statistics
• Internetbanking is very secure: # frauds / # sessions = 0,00002 %
• Re-imbursement (except if proven that payer has acted fraudulently)
B-CCENTRE | 28 March 2012 8
9. The fraudster at work
5 fraud vectors
B-CCENTRE | 28 March 2012 |9
10. Security, an issue for my bank?
Veiligheid, een zaak van mijn bank ?
Wat de bank zoal doet om zowel internetbankieren als betalen via het internet
zo veilig mogelijk te laten verlopen is terug te vinden onder de rubriek
“veiligheid, een zaak van mijn bank”.
B-CCENTRE | 28 March 2012 | 10
11. Security, also my business/concern?
Veiligheid, ook mijn zaak ?
De site zet bovendien alle tips op een rijtje waarmee de consument zelf kan
bijdragen aan de veiligheid van zijn online transacties. Deze tips & tricks zijn
terug te vinden onder de rubriek “veiligheid, ook mijn zaak”.
B-CCENTRE | 28 March 2012 | 11
12. External information sharing > Press
• Febelfin press releases (‘malware’) :
• 18 August 2011
• 26 September 2011 Le Soir,
• Press in January 2012 19 augustus 2011
• Phishing 9 March 2012
Mon argent,
4 november 2011
La Libre Belgique,
4 januari 2012
Het Nieuwsblad,10 maart 2012
B-CCENTRE | 28 March 2012 | 12
De Tijd, 3 januari 2012