Endpoint
12/11/2012
02:11 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Chubb Cyber Endorsement Addresses Increase In Bank Account Takeover Frauds

Endorsement expands the definition of fraudulent communications

WARREN, N.J., Dec. 11, 2012 /PRNewswire/ -- The Chubb Group of Insurance Companies is helping to protect community banks from a more than three-fold increase in fraudulent online commercial transactions.

An endorsement to the ForeFront Security by Chubb Community Bank Bond expands the definition of fraudulent communications. Fidelity bonds, which help indemnify banks against losses resulting from a broad range of dishonest and fraudulent acts, typically require a bank to authenticate customer fund transfer instructions via a telephone callback. Chubb's new Cyber Fraud Endorsement also allows a bank to authentic commercial customer instructions through text messaging, email or other methods.

According to the American Bankers Association, the number of account takeover attempts reported at the 100 financial services firms it surveyed increased from 87 in 2009 to 314 in 2011.

"This survey points to an alarming trend that is prompting banks to look for the type of protection afforded by Chubb's Cyber Fraud Endorsement," said George Allport, vice president and worldwide fidelity manager for Chubb. "Although regulations may not hold banks responsible for commercial customer's losses due to fraudulent transfer instructions, businesses frequently sue their bank to make them whole. Chubb's endorsement helps indemnify community banks from defense costs and direct damages arising out of such a lawsuit."

The member insurers of the Chubb Group of Insurance Companies form a multi-billion dollar organization providing property and casualty insurance for personal and commercial customers worldwide through 8,500 independent agents and brokers. Chubb's global network includes branches throughout North America, Europe, Latin America, Asia and Australia. For more information, visit www.chubb.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.