This type of cyberattack –targeted at companies’ employees – has been increasing steadily during the last year. The ‘CEO fraud’ can affect any type of company, from small family businesses to large multinationals and it is essential to understand how it works in order protect companies from it.

Crooks have tapped into a goldmine by getting personal data over the phone. This scam, known as vishing, is a new method of social engineering, which is rooted in the psychological manipulation of its victims.

Internet shopping is more and more common: grocery shopping, movie tickets, airline travel, and more. Shopping online has become habitual day-to-day practice, though occasionally potential buyers leave themselves open to fraud or data theft. The following cybersecurity tips serve to reduce the risks associated with card payments on the Internet.

This summer, approximately 400 children and teens between the ages of 9 and 17 enjoyed BBVA’s cybersafe Fridays. The bank held a series of different workshops to raise awareness and educate employee families about how to use technology and social networks safely.

After coming back from summer vacation, the back-to-school shopping preparations get underway. We frequently choose to buy school materials online in order to save time and money. Consequently, we should familiarize ourselves with security measures to be sure we are making our back-to-school purchases with trusted ecommerce sites and protecting our personal data.

Although ransomware attacks (holding a victim’s data ransom) and phishing have recently become more and more frequent, distributed denial of service (DDoS) attacks continue to top of the lists of those techniques most used by cybercriminals.

Garanti BBVA’s data center, formerly located in Istanbul’s Güneşli district, has moved to an Uptime Institute Tier IV certified building in Pendik, also in Istanbul.

In the business world, the CISO or Chief Information Security Officer is the person responsible for ensuring and upgrading information security within the organization. At home, we can apply many of the basic principles that are foundation of the CISO role to protect and preserve our family’s private information. No matter how daunting the task may seem at first, it is really not that hard to achieve this goal without being an expert on the subject.

Any company can fall victim to this kind of crime in which criminals trick an employee authorized to give bank payment orders into performing a transaction for them. Financial institutions like BBVA never request sensitive information, such as passwords or personal data, by email or outside of the secure environment on Net Cash and BBVA.es. For organizations, the key to preventing this kind of fraud is to reinforce control systems and  exercise great caution.

BBVA Group has developed a platform to facilitate mobile payments across all the countries in its footprint. The platform developed by BBVA connects to Visa and Mastercard directly from each country’s application and provides the data required to process digital transactions from a smartphone.

This new payment method replaces sensitive debit or credit card data with a unique identification code called a ‘token,’ which is used during a digital transaction. Online transactions are therefore more secure because the customer’s actual card data no longer needs to be provided. BBVA has already committed to helping its customers adopt this new payment approach.

A group of 12 leading regional and digital financial institutions have joined together as investors and members in KY3P®, a company dedicated to working with the financial industry to standardize best practices for managing third-party risk and optimizing the processes by which financial institutions assess and monitor inherent risk in engaging suppliers and entering into third-party relationships.

As technological innovation continues, customer expectations evolve at a similarly rapid pace.  In navigating this dynamic landscape, financial institutions are increasingly seeking assistance from outside, third party providers, a strategy that itself poses inherent risks, like cybersecurity challenges and the potential for digital-related fraud.  Greater attention and scrutiny from regulators naturally results from this developing risk paradigm.

The sidecar pattern shows itself as a very powerful tool in the new world of containers and can be found in several use cases. In this post we focus in analyzing some of the most interesting use cases from an IT security perspective.

The European Commission (EC) is convening institutions, businesses, and regulators today and tomorrow in BBVA’s headquarters in Madrid with the aim of promoting security and privacy measures that will stimulate greater use of cloud services and the free flow of data in Europe’s digital single market (DSM). BBVA is hosting the event and is an active member of the EC working group, which is seeking to standardize security certification for cloud providers and establish a code of conduct that will facilitate data portability and the ability to switch providers.

On February 26, BBVA will host the sixth plenary meeting of the working group that promotes the use of cloud technologies in Europe’s Digital Single Market (DSM Cloud Stakeholders). The stakeholder group includes business and regulatory representatives specializing in the fields of cybersecurity and the free flow of data.

It’s the holiday season, which means many of us are hitting our favorite stores or shopping online with plastic in hand. With all this activity, it only makes sense that credit and debit card fraud tends to increase during this time of year.

Friday November 30 is International Computer Security Day (ICSD), a day that aims to raise awareness and remind society about the importance of protecting both company and personal computer resources in order to prevent the misuse of financial and personal data, and even identity theft.

Now that using a cell phone and computer has become an everyday part of life, it’s important to be aware of the different types of online threats.  Phishing, vishing and smishing are just a few of the online scams cybercriminals use to steal private data, but this can be avoided through information and preventative action.

Flora Egea is BBVA’s Data Protection Officer (DPO). She has a critical assignment in her hands: to ensure that BBVA complies with Europe’s GDPR (General Data Protection Regulation), which has revolutionized the way companies handle personal data. On the six month anniversary of its implementation, she believes the legislation has raised awareness among the general public about the need to protect their personal data, but there is still work to be done. In her opinion, GDPR is a positive step and positions Europe as a world leader given its unique treatment of data as a fundamental right.

The problem of data integrity verification is a classic topic that has been well-studied in the last decades. Many database or log systems run on untrusted servers or are subject to malicious attacks from insiders and, therefore, vulnerable to tampering. With the advent of cloud computing and the possibility of dealing with outsourced data, such situation has been aggravated. This problem is an essential challenge for financial institutions where preserving the correctness of customer data and transactions is crucial in terms of legal compliance and reputation.

BBVA had the opportunity to share with the European Commission (EC) its vision of the cybersecurity challenges facing the financial sector. It provided its insight in a report submitted by the working group, ECIL (European Cybersecurity Industry Leaders), where the bank participates alongside companies from different sectors.

BBVA collaborated with a research team from the Massachusetts Institute of Technology (MIT) to develop a model that can reduce the level of false positives in fraudulent card transactions up to 54 percent, thanks to algorithms based on machine learning.

The BBVA Compass Mobile Banking App has made it easier than ever to take an active role in keeping your money safe and secure, with features that allow you to decide on alerts and enabling or disabling your card.

For the sixth year in a row, the European Commission and the European Union Agency for Network and Information Security (ENISA) are calling October “European Cybersecurity Month” in order to promote cybersecurity across the EU. The goal is to raise awareness of cybersecurity, identify and change unsafe behavior and provide users resources to learn how to protect themselves online.

In an online world, scammers are using new tricks and forms of deception to get what they want from their victims. Although the tools may have changed, today’s scams are not much different from the old-school “pigeon drop” scam in which a victim is persuaded to give the scammer money with the promise of receiving a much larger sum. In this new scenario, cybersecurity training is essential to protect the private data of both individuals and professionals.

For the sixth year in a row, the European Commission and the European Union Agency for Network and Information Security (ENISA) are calling October “European Cybersecurity Month” in order to promote cybersecurity across the EU. The goal is to raise awareness of cybersecurity, identify and change unsafe behavior and provide users resources to learn how to protect themselves online.

In an online world, scammers are using new tricks and forms of deception to get what they want from their victims. Although the tools may have changed, today’s scams are not much different from the old-school “pigeon drop” scam in which a victim is persuaded to give the scammer money with the promise of receiving a much larger sum. In this new scenario, cybersecurity training is essential to protect the private data of both individuals and professionals.

For the sixth year in a row, the European Commission and the European Union Agency for Network and Information Security (ENISA) are calling October “European Cybersecurity Month” in order to promote cybersecurity across the EU. The goal is to raise awareness of cybersecurity, identify and change unsafe behavior and provide users resources to learn how to protect themselves online.

With the slogan “Stop. Think. Connect. Cybersecurity is a shared responsibility”, more than 400 activities will take place during ‘European Cybersecurity Month’ across Europe. Activities like conferences, workshops, training sessions, presentations, webinars, Internet campaigns and much more are all designed to protect users from Internet scammers.

In an online world, scammers are using new tricks and forms of deception to get what they want from their victims. Although the tools may have changed, today’s scams are not much different from the old-school “pigeon drop” scam in which a victim is persuaded to give the scammer money with the promise of receiving a much larger sum. In this new scenario, cybersecurity training is essential to protect the private data of both individuals and professionals.

Summer has come to an end, and the usual back-to-school season gets underway. It’s the time of the year to prepare school supplies, and it can also be a good time to take stock of our digital habits to be sure to start the year safely on the right foot:

In May 2018, the Federal Bureau of Investigations released its 2017 Internet Crime Report from its Internet Crime Complaint Center, or IC3. According to the report, in the last year, $1.42 billion in total losses was reported, all attributable to Internet crime. The crime reporting the biggest monetary loss was related to Business Email Compromise/Email Account Compromise (BEC/EAC).

What does rooting or jailbreaking a mobile device mean? Both verbs refer to the same action of removing the limitations that mobile device manufacturers impose to limit user access to the devices’ resources, thus becoming some sort of superuser. Root however is used when the action is performed on android devices, and jailbreak on iOS devices.

On the back of increased web attacks, the priority of cybersecurity has increased for businesses and banks worldwide. How do financial institutions balance this risk with the need to expand their digital services?

Moviegoers can remember a time when they’d watch a sci-fi, spy or crime picture in the theaters, complete with a scene that shows a main character gaining access to a top-secret area with finger print identification. We’re looking at you, Ocean’s Eleven.

This post in 10 seconds

In this post we will address software dependency management: the security problems it implies, how to automate its management, receiving new vulnerabilities alerts in real time and how to implement a productive and satisfactory system using new Open Source tools as Deeptracy and Patton.

Throughout history, there have been several versions of the family and different models of relating with one another. The latest version is the family 2.0.

New modes of communication have transformed the way news is delivered. Thanks to the Internet, access to information has never been so fast. Each minute more than 3.5 million Google searches are made, Facebook is accessed 900,000 times, and 156 million emails are sent. The compulsion to be informed every minute of the day has provoked a surge in so-called “fake news.”

In this article we explain how to include security in the browser and to be able to monitor in real time attacks directed to the client and that are very complicated to control in the server.

Malware, or malicious software, covers different programs which, when run in devices, cause different types of damage and complications such as interrupting their operations, disrupting how they work, stealing information and displaying unwanted advertising.

That surfing on the internet means leaving a trail of personal information is nothing new. Browsers gather preferences and habits thanks to the cookies installed in computers when surfing.

At this point, it’s not surprising that apps that are spontaneously installed on our devices use our personal data in a number of ways.

There is no greater source of pride in the world than to see our children get ahead in life. Their achievements, their charms… It can be marvelous to share each moment of their progress with family members, friends and work colleagues. But is it a good idea to do so on social networks? Is this the right place to share this information?

Fair-trade coffee, quality guarantee, ecological tomatoes… consumers read the labels on the things they eat. But is there any way of checking that what they say is correct? In order to do so, you would need a register of the processes to which the product has been submitted, something blockchain can do.

The widespread use of mobile devices on a day-to-day basis brings with it the risk of very personal information such as bank details, photographs, messages, contacts and emails and a long list of private details falling into unwanted hands.

The BBVA Foundation´s Frontiers of Knowledge Award was won by four mathematicians – Shafi Goldwasser, Silvio Micali, Ronald Rivest and Adi Shamir – for their outstanding contributions to cryptology, a science that has proven crucial to ensuring security in the online world.

BBVA announced the creation of the Information Security & Engineering Risk (IS&ER) unit, a new area within Engineering, to coordinate the group’s information security, cybersecurity and engineering risk efforts. Álvaro Garrido has been appointed head of IS&ER, reporting directly to BBVA’s Global Head of Engineering, Ricardo Moreno.