ABA Banking Journal - September 2007 - (Page 55) Hackers for hire? You bet’cha Dave Chronister is president of Parameter Security, a new business based in St. Louis that engages in ethical hacking. Though hardly alone in this emerging and rapidly maturing field, Chronister founded Parameter after serving as IT security executive at a community bank and realizing he couldn’t get the full range of testing services that he required at the time. Here Chronister talks about why penetration testing is important. Case in Point Tellers scan, too, at First Federal The $2.6 billion-assets First Federal, Charleston, S.C., has taken item processing to the teller station with the installation of scanners throughout its 53-branch footprint. With branches in the counties of Beaufort, Berkeley, Charleston, Dorchester, Florence, Georgetown, and Horry in South Carolina, and in Brunswick County, North Carolina, First Federal undertook the project to make research more efficient and improve customer service as well as decrease float times and gain overall processing efficiency. Tellers are now essentially proofing and balancing the items they collect on a per-customer basis. The bank has deployed approximately 250 check scanners to date, supplied by Digital Check, Inc. Robert Bailey, senior vice-president branch administration, says the application programming interface for the scanner supports features such as adaptive threshold reading, or the ability to distinguish “background noise” from amount, name, and other legitimate fields. Intelligent document verification allows a mixed deposit of paper checks, cash, and deposit ticket items to be processed. “Basically, unless there is a problem with the handwriting or the check itself [it’s a fake], it will run through the system without keying of amounts or routing numbers or other information, ” says Bailey. The power encoding step that used to happen in a traditional processing environment has also been eliminated. Digital Check’s TellerScan API conducts MICR OCR verification. Partnering with Benchmark on the installation, First Federal, which completed the work over a six-month period from last October to March, has made gains in fraud detection, particularly making a dent in check kiting and foreign items at the teller station. Bailey says that his institution’s thrift origins and resulting real-time core processor made it a challenge to find scanners and other software that would sync up in real time. “We went with the Digital Check STeller and Proof21 products because of image quality and ease of use,” Bailey says. Those programs also interfaced easily with the bank’s existing teller system. “But the real-time fit was also a primary consideration.” In terms of project management, the bank kept to a tight timetable, meeting daily during the initial planning phase then twice weekly throughout the installation period to pick off issues that came up, such as problem reads or duplicate postings. Still, in the four years since Check 21 became law, vendors have improved interoperability of scanner, proofing system, and cash letter creation applications for more easy links to the general ledger. First, what’s ethical hacking? It’s the systematic attempt to get behind the firewall using all the tricks that “black hat hackers” use for the purposes of assessing the viability of a firm’s tech environment. Is a given network or server or web application configured correctly? Is it secure? These efforts will outline the situation. The term also implies that the “white hat hacker” makes use of real-world attacks against financial institutions to see what’s actually going on. Contrast this with merely enacting a series of scripted penetration tests designed to flag a problem. When you talk to bankers on this subject, what are some key themes you cover? That security should be more than a compliance exercise. I think that most bankers feel this way, but in the desire to be well documented and meet examiner requirements, they sometimes get bogged down with secondary procedures and get in a “check off the box” mentality. A lot of security is in knowing the details. Unfortunately, some bankers don’t want to embrace IT detail. They just “want to be safe.” This can lead to false security by relying on a vulnerability assessment. What are the differences between VA and penetration tests? A vulnerability assessment is almost like a risk rating. It’s based on an operations profile—that is, the likelihood of something happening to your business based on your key areas of operation, how many servers you have, who has access, what levels of encryption and level of policy are in use, etc. The actual penetration test, in contrast, is a living picture of the profile. It sets a company up for a focused remediation effort. With it, you can pick up vulnerabilities to attacks or see simple system misconfigurations. Sounds like the penetration testing could be dangerous in that it could damage an IT environment. No. That shouldn’t happen. Not if the security firm knows what it’s doing. We have certification from Ethical Hackers, which includes extensive background and credit checks, drug tests, and intensive training. Firms like ours are set up to sift through all the information that, for instance, detection systems can generate. We can do the interpretation. What problem areas are on your radar now? There are tools that are publicly available that can render a virus undetectable. Trojans, reverse Trojans, and key-logger programs all have negative potential in environments where there is a lot of sensitive information being accessed. www.ababj.com/subscribe.html ABA BANKING JOURNAL/SEPTEMBER 2007 55 http://www.parametersecurity.com/index.php?section=1 http://www.firstfederal.com http://www.firstfederal.com http://www.ct-vaninc.com/html/51_company.html# http://www.ct-vaninc.com/html/51_company.html# http://www.benchmarkinternational.com http://www.ct-vaninc.com/html/51_company.html# http://www.ababj.com/subscribe.html
Table of Contents Feed for the Digital Edition of ABA Banking Journal - September 2007 Contents Editor's Column Briefing: Why Money Sense is a Top Priority Briefing: Sleight of Mind Briefing: Snapshot: What the First Half Tells Us About the Second Half Briefing: ABA Resources ABA Chairman’s Position Briefing: Get Away and Get Ahead: ABA's Banking Leaders Forum Community Banking: Trim the Fat: Winning the "Battle of the Buck" Community Banking: Pass the Aspirin Cover Story: Meeting the Challenge of the "Unbanked" Bank Marketing: Don't Miss the Boom! On the Job: Time to Power Up Your Presentations? Insurance Sales: The Art & Craft of Cross Selling Tech Topics: The Price is Right? Tech Topics: Security: Protect Information First Tech Topics: Hackers for Hire? You Bet'cha Tech Topics: Case in Point: Tellers Scan, Too, at First Federal Compliance Clinic: Adverse Action Clarified The Economy Banker’s Mart To Advertise/Index of Advertisers ABA Banking Journal - September 2007 ABA Banking Journal - September 2007 - (Page Cover1) ABA Banking Journal - September 2007 - (Page Cover2) ABA Banking Journal - September 2007 - (Page 1) ABA Banking Journal - September 2007 - (Page 2) ABA Banking Journal - September 2007 - Contents (Page 3) ABA Banking Journal - September 2007 - Editor's Column (Page 4) ABA Banking Journal - September 2007 - Editor's Column (Page 5) ABA Banking Journal - September 2007 - Editor's Column (Page 6) ABA Banking Journal - September 2007 - Briefing: Why Money Sense is a Top Priority (Page 7) ABA Banking Journal - September 2007 - Briefing: Sleight of Mind (Page 8) ABA Banking Journal - September 2007 - Briefing: Sleight of Mind (Page 9) ABA Banking Journal - September 2007 - Briefing: Snapshot: What the First Half Tells Us About the Second Half (Page 10) ABA Banking Journal - September 2007 - Briefing: Snapshot: What the First Half Tells Us About the Second Half (Page 11) ABA Banking Journal - September 2007 - Briefing: Snapshot: What the First Half Tells Us About the Second Half (Page 12) ABA Banking Journal - September 2007 - Briefing: ABA Resources (Page 13) ABA Banking Journal - September 2007 - ABA Chairman’s Position (Page 14) ABA Banking Journal - September 2007 - ABA Chairman’s Position (Page 15) ABA Banking Journal - September 2007 - Briefing: Get Away and Get Ahead: ABA's Banking Leaders Forum (Page 16) ABA Banking Journal - September 2007 - Briefing: Get Away and Get Ahead: ABA's Banking Leaders Forum (Page 17) ABA Banking Journal - September 2007 - Community Banking: Trim the Fat: Winning the "Battle of the Buck" (Page 18) ABA Banking Journal - September 2007 - Community Banking: Trim the Fat: Winning the "Battle of the Buck" (Page 19) ABA Banking Journal - September 2007 - Community Banking: Trim the Fat: Winning the "Battle of the Buck" (Page 20) ABA Banking Journal - September 2007 - Community Banking: Trim the Fat: Winning the "Battle of the Buck" (Page 21) ABA Banking Journal - September 2007 - Community Banking: Trim the Fat: Winning the "Battle of the Buck" (Page 22) ABA Banking Journal - September 2007 - Community Banking: Trim the Fat: Winning the "Battle of the Buck" (Page 23) ABA Banking Journal - September 2007 - Community Banking: Pass the Aspirin (Page 24) ABA Banking Journal - September 2007 - Community Banking: Pass the Aspirin (Page 25) ABA Banking Journal - September 2007 - Community Banking: Pass the Aspirin (Page 26) ABA Banking Journal - September 2007 - Community Banking: Pass the Aspirin (Page 27) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 28) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 29) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 30) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 31) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 32) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 33) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 34) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 35) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 36) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 37) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 38) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 38A) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 38B) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 38C) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 38D) ABA Banking Journal - September 2007 - Cover Story: Meeting the Challenge of the "Unbanked" (Page 39) ABA Banking Journal - September 2007 - Bank Marketing: Don't Miss the Boom! (Page 40) ABA Banking Journal - September 2007 - Bank Marketing: Don't Miss the Boom! (Page 41) ABA Banking Journal - September 2007 - Bank Marketing: Don't Miss the Boom! (Page 42) ABA Banking Journal - September 2007 - Bank Marketing: Don't Miss the Boom! (Page 43) ABA Banking Journal - September 2007 - Bank Marketing: Don't Miss the Boom! (Page 44) ABA Banking Journal - September 2007 - On the Job: Time to Power Up Your Presentations? (Page 45) ABA Banking Journal - September 2007 - Insurance Sales: The Art & Craft of Cross Selling (Page 46) ABA Banking Journal - September 2007 - Insurance Sales: The Art & Craft of Cross Selling (Page 47) ABA Banking Journal - September 2007 - Insurance Sales: The Art & Craft of Cross Selling (Page 48) ABA Banking Journal - September 2007 - Insurance Sales: The Art & Craft of Cross Selling (Page 49) ABA Banking Journal - September 2007 - Insurance Sales: The Art & Craft of Cross Selling (Page 50) ABA Banking Journal - September 2007 - Insurance Sales: The Art & Craft of Cross Selling (Page 51) ABA Banking Journal - September 2007 - Tech Topics: The Price is Right? (Page 52) ABA Banking Journal - September 2007 - Tech Topics: The Price is Right? (Page 53) ABA Banking Journal - September 2007 - Tech Topics: Security: Protect Information First (Page 54) ABA Banking Journal - September 2007 - Tech Topics: Case in Point: Tellers Scan, Too, at First Federal (Page 55) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 56) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 57) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 58) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 59) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 60) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 61) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 62) ABA Banking Journal - September 2007 - Compliance Clinic: Adverse Action Clarified (Page 63) ABA Banking Journal - September 2007 - Banker’s Mart (Page 64) ABA Banking Journal - September 2007 - Banker’s Mart (Page 65) ABA Banking Journal - September 2007 - To Advertise/Index of Advertisers (Page 66) ABA Banking Journal - September 2007 - To Advertise/Index of Advertisers (Page 67) ABA Banking Journal - September 2007 - The Economy (Page 68) ABA Banking Journal - September 2007 - The Economy (Page Cover3) ABA Banking Journal - September 2007 - The Economy (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.