could include some of the policy enforcement measures that have been developed for telecommuters, but targeted at the gen-
eral consumer.
B.1.1.7 Security Enhanced (less vulnerable) eMail Clients
Any enhancements to email client
applications that reduce the likelihood that email messages can be used to deliver phishing attacks or help users avoid social
engineering attacks.This category is intended to include enhanced client applications or plugins that work with the email
application.
B.1.1.8 Security Enhanced (less vulnerable) Browsers
Enhancements to Web browser applications
(including plugins) that help to eliminate vulnerabilities or aid users in avoiding sites that might be used by phishers to cap-
ture user financial information.Techniques that prevent browsers from being used as vectors for malware deployment, that
make it difficult to hide key browser visual indicators, that prevent or alert users to various obfuscations by phishers, and that
improve authentication of users to sites and sites to users are examples of desirable features.
B.1.1.9 Security Enhanced (less vulnerable) IM/IRC/P2P Client Applications
Enhancements to Instant Message, Internet Chat, and P2P client applications that eliminate vulnerabilities or help prevent
abuse by phishers, including alerts to users of potential abuses.
B.1.1.10 Add-on and Built-in Security Augmentation Devices for PCs
Hardware add-on
peripheral devices or built-in hardware mechanisms that can be used to strengthen security of PC operating systems and
applications. Examples include cryptographic processors, crypto tokens, biometric scanners, secure key vaults, and secure
storage devices.
B.1.2 Category II: Hardening Mobile Devices
Phishing attacks have already been launched against
users of mobile phones and PDAs, and it appears likely that such mobile devices will increasingly serve as attack vectors for
phishing, and other types of fraud. As with PCs, mobile devices could represent the “weak link,” especially given the suscepti-
bility of end users to social engineering attacks.
B.1.2.1 Security Hardening for Mobile Platforms
Any techniques or approaches that can be used to
strengthen the security of mobile computing platforms, such as cell phones and PDAs. Potential counter measures can be as
extensive as for PCs, even though mobile platform vulnerabilities and exploits are not as commonplace today.
B.1.2.2 Security Enhanced (less vulnerable) Mobile Applications
Security enhancements to
mobile client applications—such as email, browser, instant messaging (SMS) and file (e.g., photo) swapping—that can help to
prevent or defend against abuses by phishers.
B.1.3 Category III: Hardening Systems Used in Financial Transactions
The systems used
in financial transactions and operated by financial institutions, merchants, and businesses contain vulnerabilities that can be
exploited, but they also represent opportunities to improve overall transaction security as well as detection of potential abuse
or fraud.
B.1.3.1 Effective Traffic and Transaction Analysis for On-Line Financial Systems
Tools for analyzing, not just transactional data, but ancillary information (e.g., log files, network traffic) in ways that can iden-
tify potential phisher activity or actual fraud/abuse.
B.1.3.2 Security Enhancements for FI Servers & Systems
Measures that can be used to enhance
security of systems used by FIs to provide financial services, including measures that reduce/mitigate vulnerabilities or
improve the level of security offered as part of the services.
B.1.3.3 Security Enhancements for Merchant and Business eCommerce Systems
Measures that can be used to enhance security of systems used by merchants and businesses to conduct eCommerce transac-
tions, including measures that reduce/mitigate vulnerabilities or improve the level of security employed in conducting trans-
actions.
B.1.3.4 Enhanced Database Protection Measures
Measures that can be deployed to reduce vulnera-
bilities in databases that store sensitive financial information, including stronger access control, limits on bulk extracts, and
stronger protections for confidentiality at the record and item level.
B.1.3.5 Detection/Reporting of Vulnerabilities in Client Access Systems
Techniques
that can be used to detect client access from compromised PCs or improperly configured or maintained PC software with
options to disallow or limit use of financial services. Also, options allowing end users to test their PCs using FI-approved ser-
vices before conducting sensitive financial transactions.
B.1.4 Category IV: Hardening “What’s in the Cloud”
The Internet and related services comprise
an ever-growing “cloud” that provides much of the infrastructure on which online financial services and eCommerce are
based.The many vulnerabilities in this cloud have been widely exploited by phishers and other cyber criminals and miscre-
ants. Solutions that eliminate/mitigate vulnerabilities or enhance security are vital to addressing the phishing problems.
Do'stlaringiz bilan baham: 
