September 14, 2006

U.K. Government to Protect LSE From Foreign Regulation

In a speech at the Hong Kong General Chamber of Commerce, Ed Balls, economic secretary to the U.K. Treasury revealed that the UK Government will grant the Financial Services Authority the power to veto and potential regulatory changes that would result from the purchase of the London Stock Exchange by a foreign investor. The move is designed to quell the concern of the uncertain regulatory fallout of a potential buyout.

"This legislation will confer a new and specific power on the FSA to veto rule changes proposed by exchanges that would be disproportionate in their impact on the pivotal economic role that exchanges play in the U.K. and EU economies," said Balls, during the speech. "It will outlaw the imposition of any rules that might endanger the light touch, risk based regulatory regime that underpins London's success."

The FSA released a statement in support of the proposed legislative approach, and reiterated its indifference to the nationality of the ownership of the entities it regulates.

Regulator Expects Phishing Surge at FFIEC Compliance Date

The Office of the Comptroller of the Currency issued an alert to bankers about the potential for a phishing surge near the compliance date for FFIEC guidance on multifactor authentication.

The OCC anticipates that there will be increased activity by fraudsters who will attempt to exploit the December 31, 2006, conformance date. For example, communications purporting to be from a national bank could inform customers that, due to the FFIEC guidance, the bank is required to change its security procedures and, as a result, request customers to re-register or provide personal information that would enable the bank to comply with the regulatory requirement.

In addition to the common practice of cloning financial institution Web site, logo and e-mail formats, such attempts may also use or include the FFIEC logo and may even contain or provide a link to the interagency guidance. Sophisticated schemes may employ multiple methods to "convince" the customer of their legitimacy.

The OCC is advising that national banks should inform their customers well in advance of the year-end deadline of their plans and any changes to the bank's Internet or electronic banking applications, or that no changes are expected. Customers should be advised to call the bank for verification before responding to any such request. Banks should consider the establishment of a hotline or toll-free number if one is not currently available.

Barclays Target of Major Phishing Attack

Panda Software has detected a large-scale phishing attack targeting clients of Barclays Bank's online services and involving at least 61 variants of a spoof e-mail. Panda Software Labs reports an increase of 30 percent in the number of fraudulent e-mails detected in just a few hours from this attack.

Of all phishing messages currently analyzed by the software company, 64 percent target Barclays' clients.

The message text, imitating Barclays' corporate image, informs users that the bank is upgrading software and that they should go to a link in order to confirm their bank details. Users that click on the link will access a form, similar to those used by the bank, requesting their account number, credit card number or PIN.

"We believe this could be a coordinated attack, initiated in several places at the same time in order to spread rapidly and gather a considerable amount of confidential bank details in record time," said a Panda Software spokesperson, in a release.

ABOUT THE AUTHOR