B.3.2.2 Consistent Policies for Customer Communications
Improvements to the way that
organizations communicate messages to customers, including refinements of style, form, content, and choice of medium.
B.3.2.3 Proactive Measures to Improve Customer Confidence
Any measure that can proac-
tively improve customer confidence in their financial institution and online financial transactions, including notifications of
suspect activities against the customer’s account or requests for their credit ratings.
B.3.3 Category XI: Legal Actions
To the extent that phishing represents criminal activity, but using appar-
ently legitimate means, legal actions will be required to block phishing activities and pursue prosecution and conviction of
the perpetrators.
B.3.3.1 Cease & Desist Notices
Any notices or orders that can authorize shutdown of phishing systems or
prevent phishing practices.
B.3.3.2 Search Warrants & Wiretap Orders
Legal authorizations to conduct focused investigations of
alleged criminal phishing activities, including warrants to search for evidence, or orders to allow monitoring of the private
communications or correspondence of phishers.
B.
3.3.3 Capture/Confiscation of Evidence
Legal authorizations to capture evidentiary data (e.g.,
databases of stolen account credentials) or to confiscate evidence of criminal phishing activities. A complicating factor with
gaining such authorizations is that phishers often leverage systems owned by others (e.g., “zombie” PCs).
B.3.3.4 Expedited Legal Actions
Procedures for expediting legal actions that were originally intended to
deal with criminal activities involving physical resources and real-world interactions, but that must now deal with virtual
resources and cyber interactions.
B.3.3.5 Cross-Border Legal Actions
Procedures and services to facilitate legal actions that cross-jurisdic-
tional boundaries, especially international borders.
B.3.3.6 Mapping of Relevant Laws/Regulations by Jurisdiction
Documentation and tools
for mapping requirements to pursue phishers on legal fronts into the myriad jurisdictional contexts that exist on a global
basis.
B.3.4 Category XII: Law Enforcement and Prosecution
Successful prosecutions of phishers are
essential to stopping their illegal activities and also as a deterrent to other current or new phishers. In reality, the relative
immunity phishers enjoy from prosecution is one of the factors contributing to the growth of phishing, including the conver-
sion of criminals involved with other forms of crime into phishers.
B.3.4.1 Capture of Cyber-Forensics
Tools and techniques for capturing evidence of criminal activities that
exists only in “cyberspace.” Also, the means for interpreting evidence to track down the actual perpetrators and tie them to
their crimes.
B.3.4.2 Takedown Actions
Actions by law enforcement agents to shutdown phishing operations, seize hard evi-
dence, and arrest alleged perpetrators.
B.3.4.3 Efficient Processes for Notifying Law Enforcement
New techniques and services for
providing notification to law enforcement of phishing attacks and victim claims in ways that centralize reporting to all juris-
dictions and agencies involved in fighting phishing-related crimes.
B.3.4.4 Improved Data Sharing Across Jurisdictional Boundaries
Tools and services for
improving the ability of law enforcement agencies to share information amongst each other and across jurisdictional bound-
aries on a global basis.
B.3.5 Category XIII: Legislation or Regulations
In some cases, existing laws and regulations may
not adequately address phishing activities, especially on the international front where many phishers operate from countries
that have little experience legally with cyber crimes.There may also be a need for regulations that enforce new disciplines on
the financial industry to shore up confidence in the overall system and to assure that all financial institutions are responding
to the threat in responsible ways.
B.3.5.1 Proactive Recommendations to Regulatory Bodies
Proactive, industry-developed rec-
ommendations to regulatory bodies (including some outside of the financial industry) can be used to steer regulatory
responses in a coordinated manner and avoid reactionary regulations driven by hyped concerns.
B.3.5.2 Establish Cogent Lobbying Position for New Legislation
Efforts to define the
appropriate laws needed domestically and in countries around the world to address phishing activities can serve as the foun-
dation for a coordinated industry lobbying effort that moves on many fronts
Do'stlaringiz bilan baham: 
