Close panel

Close panel

Close panel

Close panel

Security

23 Jun 2021

After the incidents of the previous months (SolarWinds, Codecov,...) it is becoming more evident that it is necessary to have a strong inventory and control over the components with which we build our software, as well as to strengthen the process used to build it.

14 Oct 2020

BBVA has launched Aqua, a new line of pioneering credit cards in Spain which feature a dynamic CVV code and do not contain card numbers (PAN) or expiration dates printed on them. This reinforces security both for its digital and physical versions since not having this data prevents possible fraudulent use of them. In addition, BBVA´s app has renewed the entire payment experience to make it easier for the customer to manage their expenses and order the services it offers based on their use. The bank is already working to launch this mobile experience in other countries.

08 Oct 2020

28 Jul 2020

How do cybercriminals think? What techniques do they use and how do they set up to implement them? What are their goals? There's nothing better than putting yourself inside the bad guy's mind so you will be ready to react. We tell you how these criminals behave.

16 Jun 2020

A few weeks ago some colleagues from a development team told us about their worries on the JSON Web tokens (JWT) generation they were doing as part of a new tool integration they were working on. They had heard about several security issues regarding the use of JWT tokens so they asked us for help in order to validate if the tokens they were issuing were correct and met some basic security requirements.

We are currently working on a project to help automate security tests, APICheck, which we’ve recently released as open source. APICheck is comprised of a set of small tools that can be pipe chained in order to run several tests on API requests, so we got down to work with the development of a new tool for validating the JWT they were issuing, jwt-checker, in which we’ve implemented the ability to pass the validations on the tokens we’ll talk about. Below I’ll show you an example of a test implemented using the tool.

26 May 2020

Essential remote working has forced a change to on-site employee training plans. BBVA had already espoused a culture of online learning before the pandemic, offering its staff a comprehensive digital training catalog via the Campus BBVA platform. The platform has been refreshed to adapt to employee needs during the weeks of confinement. Employee response has been positive: traffic to the training portal shot up 96 percent with more than two million sessions during the first month of lockdown. A review of the most consumed topics reveals employees’ growing interest in developing new competencies (data, design, sustainability), which are priority for BBVA and and even more apropos given the new reality that awaits.

28 Feb 2020

Voice is already the gateway to many services and applications that have become an integral part of our daily lives. The level of intuitiveness and user-friendliness enabled by voice-based interfaces place them heads and shoulders above other options when it comes to interacting in a seamless way with our devices. From a biometrics standpoint, voice offers additional benefits.

29 Nov 2019

28 Oct 2019

23 Oct 2019

Data available in physical format represent an important source of information for cybercriminals - things like passwords written on paper or cards, as well as information susceptible to theft that moves through social networks and computers. Here are some of the different social engineering techniques designed to extract information available in non-digital format.

09 Oct 2019

This type of cyberattack –targeted at companies' employees – has been increasing steadily during the last year. The ‘CEO fraud’ can affect any type of company, from small family businesses to large multinationals and it is essential to understand how it works in order protect companies from it.

12 Sep 2019

Crooks have tapped into a goldmine by getting personal data over the phone. This scam, known as vishing, is a new method of social engineering, which is rooted in the psychological manipulation of its victims.

09 Sep 2019

Internet shopping is more and more common: grocery shopping, movie tickets, airline travel, and more. Shopping online has become habitual day-to-day practice, though occasionally potential buyers leave themselves open to fraud or data theft. The following cybersecurity tips serve to reduce the risks associated with card payments on the Internet.

03 Sep 2019

This summer, approximately 400 children and teens between the ages of 9 and 17 enjoyed BBVA’s cybersafe Fridays. The bank held a series of different workshops to raise awareness and educate employee families about how to use technology and social networks safely.

30 Aug 2019

After coming back from summer vacation, the back-to-school shopping preparations get underway. We frequently choose to buy school materials online in order to save time and money. Consequently, we should familiarize ourselves with security measures to be sure we are making our back-to-school purchases with trusted ecommerce sites and protecting our personal data.

23 Aug 2019

14 Aug 2019

Although ransomware attacks (holding a victim’s data ransom) and phishing have recently become more and more frequent, distributed denial of service (DDoS) attacks continue to top of the lists of those techniques most used by cybercriminals.

29 Jul 2019

04 Jul 2019

In the business world, the CISO or Chief Information Security Officer is the person responsible for ensuring and upgrading information security within the organization. At home, we can apply many of the basic principles that are foundation of the CISO role to protect and preserve our family’s private information. No matter how daunting the task may seem at first, it is really not that hard to achieve this goal without being an expert on the subject.

21 Jun 2019

Any company can fall victim to this kind of crime in which criminals trick an employee authorized to give bank payment orders into performing a transaction for them. Financial institutions like BBVA never request sensitive information, such as passwords or personal data, by email or outside of the secure environment on Net Cash and BBVA.es. For organizations, the key to preventing this kind of fraud is to reinforce control systems and  exercise great caution.

27 May 2019

BBVA Group has developed a platform to facilitate mobile payments across all the countries in its footprint. The platform developed by BBVA connects to Visa and Mastercard directly from each country's application and provides the data required to process digital transactions from a smartphone.

08 May 2019

This new payment method replaces sensitive debit or credit card data with a unique identification code called a ‘token,’ which is used during a digital transaction. Online transactions are therefore more secure because the customer’s actual card data no longer needs to be provided. BBVA has already committed to helping its customers adopt this new payment approach.

27 Mar 2019

A group of 12 leading regional and digital financial institutions have joined together as investors and members in KY3P®, a company dedicated to working with the financial industry to standardize best practices for managing third-party risk and optimizing the processes by which financial institutions assess and monitor inherent risk in engaging suppliers and entering into third-party relationships.

As technological innovation continues, customer expectations evolve at a similarly rapid pace.  In navigating this dynamic landscape, financial institutions are increasingly seeking assistance from outside, third party providers, a strategy that itself poses inherent risks, like cybersecurity challenges and the potential for digital-related fraud.  Greater attention and scrutiny from regulators naturally results from this developing risk paradigm.

01 Mar 2019

The sidecar pattern shows itself as a very powerful tool in the new world of containers and can be found in several use cases. In this post we focus in analyzing some of the most interesting use cases from an IT security perspective.

26 Feb 2019

The European Commission (EC) is convening institutions, businesses, and regulators today and tomorrow in BBVA's headquarters in Madrid with the aim of promoting security and privacy measures that will stimulate greater use of cloud services and the free flow of data in Europe's digital single market (DSM). BBVA is hosting the event and is an active member of the EC working group, which is seeking to standardize security certification for cloud providers and establish a code of conduct that will facilitate data portability and the ability to switch providers.

18 Feb 2019

21 Dec 2018

It’s the holiday season, which means many of us are hitting our favorite stores or shopping online with plastic in hand. With all this activity, it only makes sense that credit and debit card fraud tends to increase during this time of year.

30 Nov 2018

29 Nov 2018