Filene’s CU Tomorrow blog recently posted research called “The First Credit Card,” which looks into credit union marketing to undergrads looking for credit. You can download the report by following the “Full Article” link below.

Banks will spend 3.2 percent less on technology this year than they did last year and they will try to trim costs with “domestic outsourcing” to areas such as the MidWest, according to an IDC forecast teleconference today, Jan. 5.

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers.

Saying Yes, WaMu Built Empire on Shaky Loans By PETER S. GOODMAN and GRETCHEN MORGENSON Published: December 28, 2008

Washington Mutual stands out as a singularly brazen case of lax lending in a financial landscape littered with wreckage.

This is a great news article. Read it!

@dmgerbino

Found this good article showcasing the dumbest business moves of 2008. It’s been a very busy year in that regard. :)

From Hannaford to Countrywide to the Bank of New York Mellon, 2008 has been a year of high-profile security breaches in or impacting the financial services industry. Here’s our list of the top 10 – and lessons that should be learned, so we aren’t back revisiting these issues in ‘09.

First off, kudos to BankInfoSecurity for now posting fully formed posts without needing to login! Regarding the article, I see this as a BIG deal and community banks and credit unions better be ready for it as examiners aren’t going to be lax anymore.

The FDIC announced details regarding their recently approved 2009 operating budget. Not exactly your “stop the presses, hold all my calls” sort of thing, but it was worth my time to read through it. It was fairly mundane in the abstract, but one of the details jumped right off the screen at me: “The Board also approved an authorized 2009 FDIC staffing level of 6,269, an increase of 1,459 positions from the staffing level authorized at the beginning of 2008.”

One of the themes in response to my How to a Build a Better Economy post was: how can we create a next-gen currency?! That sounds like sci-fi!

Is it? Not by a longshot. In fact, radical innovators have achieved a strikingly similar reconstruction of consumer finance on a global scale in the not too distant past. Who? Visa, for example.

Underestimating/Overestimating end users, audit logging, and sloppy security are common to what I see within the bank environments I’m in.

I love the point it makes about communicating with tech savvy end users and getting them on your side. Information Security must be multi-layered and that doesn’t just mean firewalls and anti-virus. It includes discussions with the multiple levels of users within an organization.