Security and Infrastructure Standing Committee

The Security and Infrastructure Standing Committee sets the information security agenda for the FSTC by identifying issues, collaborative project opportunities, and cross-industry information security topics of interest to the financial services community.  The Committee has active participation from over 20 US and global financial institutions and over 50 top name technology and service provider firms.

The Committee was formed to help member financial institutions anticipate and respond better to challenges and opportunities in the dynamic area of information security technology, while in turn helping technology and services providers and standardization forums to understand the unique security needs of the financial services industry.   

Our Charter

All aspects of information security risk, technology, business, and operations are considered in the Committees charter, including:

• advancements in traditional security technologies and techniques, such as applications to enable the federation of traditional identity and authentication data;
• the enablement of emerging information security methods such web services security, fraud data sharing, trusted computing and distributed software assurance, and
• breakthrough thinking around new information security challenges, such as consumer-driven identity, compliance aware data management, and sponsored domains for financial internet services.

In addition, the Committee stays closely aligned with the security component associated with current and emerging regulations, such as breach notification, ID theft red flags, electronic discovery, and government issued credentials.

FSTC supports the committee's mission through its unique capability to sponsor hands-on projects and proofs-of-concept. Previous committee initiatives include the Blueprint for Mutual Authentication, an exercise to establish requirements and options for bi-directional authentication on the Web; and the Secure Web Browsing Concept – a design to enable a highly reliable level of security in internet browsers; the Account Opening Initiative, designed to describe requirements for opening financial accounts using less non-public consumer data; and Counter-Phishing Phase I, an industry-level initiative that evaluated individual and coordinated technology approaches to counter the practice of phishing and related threats.

Agenda

Leading into 2008 and 2009, the agenda for the Security and Infrastructure Committee of the FSTC is being shaped around significant topics that drive the attention and resource commitments from the Technology Risk and Information Security programs, products, and services of our members.  This topic list includes:

• Insider Threat
• Compliance Aware Data/Records Governance
• Provisioning mobile security
• Authentication of email, text messages and call center applications
• Sponsored Domains for Internet Financial Services
• Credentialing Standards
• Consumer-driven Identity
• Trusted Computing
• Software assurance
• Security metrics
• Application Security

Current Projects

FSTC and its industry partners The Clearing House, The Federal Reserve, ABA, BITS, PaymentsNation, NACHA, and SWIFT are working with the telecommunication industry to develop the technology framework for a secure interoperable process that provides expanded customer service and profit center opportunities in mobile payments. This initiative will play an important role in identifying and documenting the technology that will enable banks to meet growing customer demand for mobile payments. The project has completed phase 1 which identified the current environment and documented use cases.  Phase 2 will focus on the Architecture and Security. FSTC is also focusing on how to work with other industry groups to insure more collaboration.

With the taxonomy created in phase 1, it is now possible to build out the fraud patterns associated with each fraud scheme, product and channel. Although a significant undertaking to do so, the value in having a consistent, comprehensive and industry adopted fraud taxonomy, that provides data down to the individual fraud pattern level, is extremely high.

Projects in Formation

There are currently no Projects in Formation.

Projects under Development

FSTC and its industry partners The Clearing House, The Federal Reserve, ABA, BITS, PaymentsNation, NACHA, SWIFT will take the framework from phase one and the Security requirements and Architecture developed in phase 2 as the basis for a recommended standard and work with the industry partners at designing a workable standard for our industry partners and a working pilot with measurable success criteria. The likely focus of Phase 3 will be on the specific infrastructure enhancements and practices; business rule consistency; and extensions beyond consumer market to B2B.

Projects Recently Completed

There are currently no Projects Recently Completed.

Member Benefits

The Security and Infrastructure Standing Committee provides a setting for participants to turn the results of their dialogues into action and potential FSTC projects. It also provides a vehicle for standing committee participants to reduce their research and development costs through collaborative projects. Plus, project participants get to know their peers at other financial institutions and develop a professional network that lasts beyond the project lifecycle. The standing committee is chartered with setting the security agenda for FSTC.

If you would like to learn more about the Security and Infrastructure Standing Committee or would like to share your expertise with us, contact Mike Versace.

Co-Chairs

FSTC Managing Executive: Roger Lang

For more information Roger D. Lang

FSTC Security and Infrastructure Committee
(O) 201-389-3571
(C) 917-538-8041

About | Membership | Conferences | Projects | News | Standing Committees | Jobs | Search | Join FSTC | Contact Us | Home