Bank regulator eyes tougher rules to fight hacking

February 26, 2015
Banks could be required to beef up their online password systems under new regulations designed to avert a so-called "cyber 9/11," a top financial regulator says

Banks could be required to beef up their online password systems under new regulations designed to avert a so-called "cyber 9/11," a top financial regulator said Wednesday.

Benjamin Lawsky, who leads New York state's Department of Financial Services, said more steps were needed to prevent what he called an "Armageddon-type cyber event" that disables the financial system.

The current password system for online accounts is "very vulnerable," said the regulator, who rose to prominence with big financial settlements negotiated with the US against BNP Paribas and other financial heavyweights.

"I am deeply worried that we are soon going to see a major cyber attack aimed at the financial system that is going to make all of us to shudder," he said.

"Indeed, we are concerned that within the next decade or perhaps sooner we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time —what some have termed a 'cyber 9/11.'"

Lawsky said such an event could create "a run or panic that spills over into the broader economy."

He said the department is considering mandating banks and other financial institutions to establish a "multifactor authentication" system whereby users would log in with a randomly generated password sent to a smartphone in addition to a conventional password.

The agency is weighing whether such new password requirements would fall on bank employees or consumers who do online banking, a Lawsky spokesman said.

Other proposals under consideration include rating banks and insurers on their cybersecurity as part of regular oversight of the banks used to determine if banks can pay dividends or make acquisitions.

Lawsky is also considering forcing financial institutions to require certifications of cybersecurity controls from third parties working in a bank, such as a law firm or a company brought in to do maintenance.

Cybersecurity was spotlighted at a summit two weeks ago in California at which President Barack Obama, Apple chief executive Tim Cook and others called for closer collaboration between government and the private sector to hold hackers at bay.

The biggest hacking episode on a bank came last year when contact details were taken for some 76 million households and seven million businesses in an attack on JPMorgan Chase.

However, JPMorgan said there was no evidence that critical account information such as account numbers, user identities or were stolen by the hackers.

While the Treasury and Federal Reserve are main US bank regulators, New York is important because it is home to many large banks. Lawsky's office has the authority to revoke the charters of and insurance companies operating in the state.

Explore further: NY surveying banks on cyber security defenses

Related Stories

NY surveying banks on cyber security defenses

February 25, 2015

(AP)—New York financial regulators are considering tougher cyber security requirements for banks to mandate more complex computer sign-ins and certifications from the contractors of their cyber defenses, the state's top ...

Several US banks attacked by hackers who hit Chase

October 8, 2014

Several US financial institutions were targeted by the same computer hackers who breached the systems of JPMorgan Chase earlier this year, sources familiar with the matter said Wednesday.

London-based banks simulate giant cyber-attack

November 12, 2013

Dozens of London-based banks joined other financial institutions in the capital on Tuesday for a giant exercise to test their defences against a cyber-attack, officials said.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.