By Jim Daly
@DTPaymentNews
Best known nationally for its powerful basketball teams, the University of Connecticut is about to make a name for itself in cybersecurity. UConn’s School of Engineering and retail credit provider Synchrony Financial on Tuesday announced that Synchrony is providing $2.2 million to fund a new cybersecurity education initiative in hopes of training graduates to help fill more than 200,000 jobs in the data-security field.
Meanwhile, a prominent security researcher is wondering if financial institutions are not responding quickly enough to what he sees as a rising threat from malware targeting mobile banking.
The new UConn facility will be called Synchrony Financial’s Center of Excellence in Cybersecurity. The initiative includes the “Synchrony Financial Chair in Cybersecurity,” whose goal is to lead cybersecurity education at UConn, and help develop a strong pipeline of information-security talent, according to a news release.
Synchrony also is funding two new programs, a cybersecurity fellows program and a scholarship program, over five years. In all, the funding from Stamford, Conn.-based Synchrony totals $2.2 million. Synchrony, which formerly was part of General Electric Co.’s finance subsidiary and now is publicly traded, further said it is in “active discussions” about providing additional funding for cybersecurity research at UConn, whose main campus is in Storrs.
“We are passionate about cultivating top technology talent in Connecticut who will soon be on the nation’s front lines of defense against cybercrime,” Carol Juel, executive vice president and chief information officer at Synchrony, said in a statement. “Our partnership with UConn is an important step towards building the research and resources needed to fuel hiring in this growing area of technology.”
Payments-industry security experts have said in recent years that jobs in the field exceed the number of qualified personnel. Synchrony cited a March 2015 analysis of data from the Bureau of Labor Statistics by Stanford University’s Peninsula Press that said the U.S. had 209,000 unfilled cybersecurity jobs and that postings had risen 74% in five years.
“The program builds on the success of the Engineering School, which celebrates its centennial this year, and allows us to provide robust opportunities for our students looking to pursue a career in cybersecurity,” Kazem Kazerounian, the school’s dean, said in a statement.
It’s possible some of UConn’s cybersecurity graduates will work on improving the security of mobile banking and payments. According to a recent blog post by Al Pascual, senior vice president and head of fraud and security at Pleasanton, Calif.-based Javelin Strategy & Research, financial institutions aren’t paying enough attention to new variants of Trojans—malicious software that looks legitimate—specifically aimed at compromising mobile-banking applications.
The Zeus online-banking Trojan first appeared in 2007, when “bank robbery went virtual and there was no looking back,” Pascual said. Since then, fraudsters adapted Zeus and a cousin, Citadel, to target mobile devices by compromising one-time passwords sent by short message service (SMS), the technology behind text messaging. More recently, malware such as Acecard and Slembunk has appeared that is specifically designed to capture mobile-banking credentials, according to Pascual.
The Federal Financial Institutions Examination Council, a consortium of regulatory agencies, recently warned about the growing threat of mobile malware, but “I’ve been hearing from some folks that it isn’t a major concern,” Pascual wrote. “In fact, mobile-banking Trojans have been compared to Bigfoot—all hype and no substance.”
Banks and credit unions, however, must acknowledge that many consumers have abandoned branches and now do most of their banking online or via mobile devices—and note the corresponding response by cybercrooks, according to Pascual. “Looking at how consumer banking behaviors have changed and the effect this change in banking behavior has had on the evolution of crime, there should be little doubt that [financial institutions] must bolster their abilities to mitigate this very real threat,” he wrote.