Bank regulator eyes tougher rules to fight hacking

February 26, 2015
Banks could be required to beef up their online password systems under new regulations designed to avert a so-called "cyber 9/11," a top financial regulator says

Banks could be required to beef up their online password systems under new regulations designed to avert a so-called "cyber 9/11," a top financial regulator said Wednesday.

Benjamin Lawsky, who leads New York state's Department of Financial Services, said more steps were needed to prevent what he called an "Armageddon-type cyber event" that disables the financial system.

The current password system for online accounts is "very vulnerable," said the regulator, who rose to prominence with big financial settlements negotiated with the US against BNP Paribas and other financial heavyweights.

"I am deeply worried that we are soon going to see a major cyber attack aimed at the financial system that is going to make all of us to shudder," he said.

"Indeed, we are concerned that within the next decade or perhaps sooner we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time —what some have termed a 'cyber 9/11.'"

Lawsky said such an event could create "a run or panic that spills over into the broader economy."

He said the department is considering mandating banks and other financial institutions to establish a "multifactor authentication" system whereby users would log in with a randomly generated password sent to a smartphone in addition to a conventional password.

The agency is weighing whether such new password requirements would fall on bank employees or consumers who do online banking, a Lawsky spokesman said.

Other proposals under consideration include rating banks and insurers on their cybersecurity as part of regular oversight of the banks used to determine if banks can pay dividends or make acquisitions.

Lawsky is also considering forcing financial institutions to require certifications of cybersecurity controls from third parties working in a bank, such as a law firm or a company brought in to do maintenance.

Cybersecurity was spotlighted at a summit two weeks ago in California at which President Barack Obama, Apple chief executive Tim Cook and others called for closer collaboration between government and the private sector to hold hackers at bay.

The biggest hacking episode on a bank came last year when contact details were taken for some 76 million households and seven million businesses in an attack on JPMorgan Chase.

However, JPMorgan said there was no evidence that critical account information such as account numbers, user identities or were stolen by the hackers.

While the Treasury and Federal Reserve are main US bank regulators, New York is important because it is home to many large banks. Lawsky's office has the authority to revoke the charters of and insurance companies operating in the state.

Explore further: NY surveying banks on cyber security defenses

Related Stories

NY surveying banks on cyber security defenses

February 25, 2015

(AP)—New York financial regulators are considering tougher cyber security requirements for banks to mandate more complex computer sign-ins and certifications from the contractors of their cyber defenses, the state's top ...

Several US banks attacked by hackers who hit Chase

October 8, 2014

Several US financial institutions were targeted by the same computer hackers who breached the systems of JPMorgan Chase earlier this year, sources familiar with the matter said Wednesday.

London-based banks simulate giant cyber-attack

November 12, 2013

Dozens of London-based banks joined other financial institutions in the capital on Tuesday for a giant exercise to test their defences against a cyber-attack, officials said.

Recommended for you

Robot designed for faster, safer uranium plant pipe cleanup

April 21, 2018

Ohio crews cleaning up a massive former Cold War-era uranium enrichment plant in Ohio plan this summer to deploy a high-tech helper: an autonomous, radiation-measuring robot that will roll through miles of large overhead ...

After Facebook scrutiny, is Google next?

April 21, 2018

Facebook has taken the lion's share of scrutiny from Congress and the media about data-handling practices that allow savvy marketers and political agents to target specific audiences, but it's far from alone. YouTube, Google ...

How social networking sites may discriminate against women

April 20, 2018

Social media and the sharing economy have created new opportunities by leveraging online networks to build trust and remove marketplace barriers. But a growing body of research suggests that old gender and racial biases persist, ...

Virtually modelling the human brain in a computer

April 19, 2018

Neurons that remain active even after the triggering stimulus has been silenced form the basis of short-term memory. The brain uses rhythmically active neurons to combine larger groups of neurons into functional units. Until ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.