A special Electronic Crimes Task Force formed by the United States Secret Service and the Texas Department of Banking recently issued a report entitled “Best Practices: Reducing the Risks of Corporate Account Takeovers” (the “Report”). The Report details nineteen recommended processes and controls that focus on the core elements of a risk-management framework developed by the Secret Service, the FBI, the Internet Crime Complaint Center, and the Financial Services Information Sharing and Analysis Center: protect, detect, and respond. The Report expands on the standards set forth in the FFIEC’s Supplement to Authentication in an Internet Banking Environment issued in June of 2011, which we discussed in a prior blog post.
The value of the Report lies in the specificity of its recommendations. Each of its nineteen recommended processes and controls is accompanied by detailed examples and “best practices” for consideration. The Report also provides a number of references and sample forms, including for risk assessment and employee/customer training. Although certain best practices may not be appropriate in a particular circumstance, the Report can serve as a useful checklist and resource in developing risk assessment and mitigation programs.