19 Jul 2021
We are increasingly aware of the importance of passwords: we create stronger ones, change them regularly and make sure not to use the same ones for everything. We also know that one of the biggest risks we face is password theft, since passwords unlock our information. But are we as careful with the passwords we store in our browsers?
23 Jun 2021
14 Oct 2020
BBVA has launched Aqua, a new line of pioneering credit cards in Spain which feature a dynamic CVV code and do not contain card numbers (PAN) or expiration dates printed on them. This reinforces security both for its digital and physical versions since not having this data prevents possible fraudulent use of them. In addition, BBVA´s app has renewed the entire payment experience to make it easier for the customer to manage their expenses and order the services it offers based on their use. The bank is already working to launch this mobile experience in other countries.
08 Oct 2020
28 Jul 2020
How do cybercriminals think? What techniques do they use and how do they set up to implement them? What are their goals? There's nothing better than putting yourself inside the bad guy's mind so you will be ready to react. We tell you how these criminals behave.
16 Jun 2020
A few weeks ago some colleagues from a development team told us about their worries on the JSON Web tokens (JWT) generation they were doing as part of a new tool integration they were working on. They had heard about several security issues regarding the use of JWT tokens so they asked us for help in order to validate if the tokens they were issuing were correct and met some basic security requirements.
We are currently working on a project to help automate security tests, APICheck, which we’ve recently released as open source. APICheck is comprised of a set of small tools that can be pipe chained in order to run several tests on API requests, so we got down to work with the development of a new tool for validating the JWT they were issuing, jwt-checker, in which we’ve implemented the ability to pass the validations on the tokens we’ll talk about. Below I’ll show you an example of a test implemented using the tool.
26 May 2020
Essential remote working has forced a change to on-site employee training plans. BBVA had already espoused a culture of online learning before the pandemic, offering its staff a comprehensive digital training catalog via the Campus BBVA platform. The platform has been refreshed to adapt to employee needs during the weeks of confinement. Employee response has been positive: traffic to the training portal shot up 96 percent with more than two million sessions during the first month of lockdown. A review of the most consumed topics reveals employees’ growing interest in developing new competencies (data, design, sustainability), which are priority for BBVA and and even more apropos given the new reality that awaits.
28 Feb 2020
Voice is already the gateway to many services and applications that have become an integral part of our daily lives. The level of intuitiveness and user-friendliness enabled by voice-based interfaces place them heads and shoulders above other options when it comes to interacting in a seamless way with our devices. From a biometrics standpoint, voice offers additional benefits.
29 Nov 2019
28 Oct 2019
23 Oct 2019
Data available in physical format represent an important source of information for cybercriminals - things like passwords written on paper or cards, as well as information susceptible to theft that moves through social networks and computers. Here are some of the different social engineering techniques designed to extract information available in non-digital format.
09 Oct 2019
This type of cyberattack –targeted at companies' employees – has been increasing steadily during the last year. The ‘CEO fraud’ can affect any type of company, from small family businesses to large multinationals and it is essential to understand how it works in order protect companies from it.
12 Sep 2019
09 Sep 2019
Internet shopping is more and more common: grocery shopping, movie tickets, airline travel, and more. Shopping online has become habitual day-to-day practice, though occasionally potential buyers leave themselves open to fraud or data theft. The following cybersecurity tips serve to reduce the risks associated with card payments on the Internet.
03 Sep 2019
30 Aug 2019
After coming back from summer vacation, the back-to-school shopping preparations get underway. We frequently choose to buy school materials online in order to save time and money. Consequently, we should familiarize ourselves with security measures to be sure we are making our back-to-school purchases with trusted ecommerce sites and protecting our personal data.
23 Aug 2019
14 Aug 2019
29 Jul 2019
Garanti BBVA's data center, formerly located in Istanbul's Güneşli district, has moved to an Uptime Institute Tier IV certified building in Pendik, also in Istanbul.
04 Jul 2019
In the business world, the CISO or Chief Information Security Officer is the person responsible for ensuring and upgrading information security within the organization. At home, we can apply many of the basic principles that are foundation of the CISO role to protect and preserve our family’s private information. No matter how daunting the task may seem at first, it is really not that hard to achieve this goal without being an expert on the subject.
21 Jun 2019
Any company can fall victim to this kind of crime in which criminals trick an employee authorized to give bank payment orders into performing a transaction for them. Financial institutions like BBVA never request sensitive information, such as passwords or personal data, by email or outside of the secure environment on Net Cash and BBVA.es. For organizations, the key to preventing this kind of fraud is to reinforce control systems and exercise great caution.
27 May 2019
BBVA Group has developed a platform to facilitate mobile payments across all the countries in its footprint. The platform developed by BBVA connects to Visa and Mastercard directly from each country's application and provides the data required to process digital transactions from a smartphone.
08 May 2019
This new payment method replaces sensitive debit or credit card data with a unique identification code called a ‘token,’ which is used during a digital transaction. Online transactions are therefore more secure because the customer’s actual card data no longer needs to be provided. BBVA has already committed to helping its customers adopt this new payment approach.
27 Mar 2019
A group of 12 leading regional and digital financial institutions have joined together as investors and members in KY3P®, a company dedicated to working with the financial industry to standardize best practices for managing third-party risk and optimizing the processes by which financial institutions assess and monitor inherent risk in engaging suppliers and entering into third-party relationships.
As technological innovation continues, customer expectations evolve at a similarly rapid pace. In navigating this dynamic landscape, financial institutions are increasingly seeking assistance from outside, third party providers, a strategy that itself poses inherent risks, like cybersecurity challenges and the potential for digital-related fraud. Greater attention and scrutiny from regulators naturally results from this developing risk paradigm.
01 Mar 2019
26 Feb 2019
The European Commission (EC) is convening institutions, businesses, and regulators today and tomorrow in BBVA's headquarters in Madrid with the aim of promoting security and privacy measures that will stimulate greater use of cloud services and the free flow of data in Europe's digital single market (DSM). BBVA is hosting the event and is an active member of the EC working group, which is seeking to standardize security certification for cloud providers and establish a code of conduct that will facilitate data portability and the ability to switch providers.
18 Feb 2019
On February 26, BBVA will host the sixth plenary meeting of the working group that promotes the use of cloud technologies in Europe's Digital Single Market (DSM Cloud Stakeholders). The stakeholder group includes business and regulatory representatives specializing in the fields of cybersecurity and the free flow of data.
21 Dec 2018
30 Nov 2018
Friday November 30 is International Computer Security Day (ICSD), a day that aims to raise awareness and remind society about the importance of protecting both company and personal computer resources in order to prevent the misuse of financial and personal data, and even identity theft.