A group of 12 leading regional and digital financial institutions have joined together as investors and members in KY3P®, a company dedicated to working with the financial industry to standardize best practices for managing third-party risk and optimizing the processes by which financial institutions assess and monitor inherent risk in engaging suppliers and entering into third-party relationships.

As technological innovation continues, customer expectations evolve at a similarly rapid pace.  In navigating this dynamic landscape, financial institutions are increasingly seeking assistance from outside, third party providers, a strategy that itself poses inherent risks, like cybersecurity challenges and the potential for digital-related fraud.  Greater attention and scrutiny from regulators naturally results from this developing risk paradigm.

The sidecar pattern shows itself as a very powerful tool in the new world of containers and can be found in several use cases. In this post we focus in analyzing some of the most interesting use cases from an IT security perspective.

The European Commission (EC) is convening institutions, businesses, and regulators today and tomorrow in BBVA’s headquarters in Madrid with the aim of promoting security and privacy measures that will stimulate greater use of cloud services and the free flow of data in Europe’s digital single market (DSM). BBVA is hosting the event and is an active member of the EC working group, which is seeking to standardize security certification for cloud providers and establish a code of conduct that will facilitate data portability and the ability to switch providers.

On February 26, BBVA will host the sixth plenary meeting of the working group that promotes the use of cloud technologies in Europe’s Digital Single Market (DSM Cloud Stakeholders). The stakeholder group includes business and regulatory representatives specializing in the fields of cybersecurity and the free flow of data.

It’s the holiday season, which means many of us are hitting our favorite stores or shopping online with plastic in hand. With all this activity, it only makes sense that credit and debit card fraud tends to increase during this time of year.

Friday November 30 is International Computer Security Day (ICSD), a day that aims to raise awareness and remind society about the importance of protecting both company and personal computer resources in order to prevent the misuse of financial and personal data, and even identity theft.

Now that using a cell phone and computer has become an everyday part of life, it’s important to be aware of the different types of online threats.  Phishing, vishing and smishing are just a few of the online scams cybercriminals use to steal private data, but this can be avoided through information and preventative action.

Flora Egea is BBVA’s Data Protection Officer (DPO). She has a critical assignment in her hands: to ensure that BBVA complies with Europe’s GDPR (General Data Protection Regulation), which has revolutionized the way companies handle personal data. On the six month anniversary of its implementation, she believes the legislation has raised awareness among the general public about the need to protect their personal data, but there is still work to be done. In her opinion, GDPR is a positive step and positions Europe as a world leader given its unique treatment of data as a fundamental right.

The problem of data integrity verification is a classic topic that has been well-studied in the last decades. Many database or log systems run on untrusted servers or are subject to malicious attacks from insiders and, therefore, vulnerable to tampering. With the advent of cloud computing and the possibility of dealing with outsourced data, such situation has been aggravated. This problem is an essential challenge for financial institutions where preserving the correctness of customer data and transactions is crucial in terms of legal compliance and reputation.

BBVA had the opportunity to share with the European Commission (EC) its vision of the cybersecurity challenges facing the financial sector. It provided its insight in a report submitted by the working group, ECIL (European Cybersecurity Industry Leaders), where the bank participates alongside companies from different sectors.

BBVA collaborated with a research team from the Massachusetts Institute of Technology (MIT) to develop a model that can reduce the level of false positives in fraudulent card transactions up to 54 percent, thanks to algorithms based on machine learning.

The BBVA Compass Mobile Banking App has made it easier than ever to take an active role in keeping your money safe and secure, with features that allow you to decide on alerts and enabling or disabling your card.

For the sixth year in a row, the European Commission and the European Union Agency for Network and Information Security (ENISA) are calling October “European Cybersecurity Month” in order to promote cybersecurity across the EU. The goal is to raise awareness of cybersecurity, identify and change unsafe behavior and provide users resources to learn how to protect themselves online.

In an online world, scammers are using new tricks and forms of deception to get what they want from their victims. Although the tools may have changed, today’s scams are not much different from the old-school “pigeon drop” scam in which a victim is persuaded to give the scammer money with the promise of receiving a much larger sum. In this new scenario, cybersecurity training is essential to protect the private data of both individuals and professionals.

For the sixth year in a row, the European Commission and the European Union Agency for Network and Information Security (ENISA) are calling October “European Cybersecurity Month” in order to promote cybersecurity across the EU. The goal is to raise awareness of cybersecurity, identify and change unsafe behavior and provide users resources to learn how to protect themselves online.

In an online world, scammers are using new tricks and forms of deception to get what they want from their victims. Although the tools may have changed, today’s scams are not much different from the old-school “pigeon drop” scam in which a victim is persuaded to give the scammer money with the promise of receiving a much larger sum. In this new scenario, cybersecurity training is essential to protect the private data of both individuals and professionals.

For the sixth year in a row, the European Commission and the European Union Agency for Network and Information Security (ENISA) are calling October “European Cybersecurity Month” in order to promote cybersecurity across the EU. The goal is to raise awareness of cybersecurity, identify and change unsafe behavior and provide users resources to learn how to protect themselves online.

With the slogan “Stop. Think. Connect. Cybersecurity is a shared responsibility”, more than 400 activities will take place during ‘European Cybersecurity Month’ across Europe. Activities like conferences, workshops, training sessions, presentations, webinars, Internet campaigns and much more are all designed to protect users from Internet scammers.

In an online world, scammers are using new tricks and forms of deception to get what they want from their victims. Although the tools may have changed, today’s scams are not much different from the old-school “pigeon drop” scam in which a victim is persuaded to give the scammer money with the promise of receiving a much larger sum. In this new scenario, cybersecurity training is essential to protect the private data of both individuals and professionals.

The concept of a ‘dictionary attack’, although it sounds like a fight in a library, refers to a method of hacking to break password-protected security systems.

Summer has come to an end, and the usual back-to-school season gets underway. It’s the time of the year to prepare school supplies, and it can also be a good time to take stock of our digital habits to be sure to start the year safely on the right foot:

In May 2018, the Federal Bureau of Investigations released its 2017 Internet Crime Report from its Internet Crime Complaint Center, or IC3. According to the report, in the last year, $1.42 billion in total losses was reported, all attributable to Internet crime. The crime reporting the biggest monetary loss was related to Business Email Compromise/Email Account Compromise (BEC/EAC).

What does rooting or jailbreaking a mobile device mean? Both verbs refer to the same action of removing the limitations that mobile device manufacturers impose to limit user access to the devices’ resources, thus becoming some sort of superuser. Root however is used when the action is performed on android devices, and jailbreak on iOS devices.

On the back of increased web attacks, the priority of cybersecurity has increased for businesses and banks worldwide. How do financial institutions balance this risk with the need to expand their digital services?

Moviegoers can remember a time when they’d watch a sci-fi, spy or crime picture in the theaters, complete with a scene that shows a main character gaining access to a top-secret area with finger print identification. We’re looking at you, Ocean’s Eleven.

This post in 10 seconds

In this post we will address software dependency management: the security problems it implies, how to automate its management, receiving new vulnerabilities alerts in real time and how to implement a productive and satisfactory system using new Open Source tools as Deeptracy and Patton.

Virtually everybody today has a username and password. We are required to provide them to log on to popular online services, including social media, online stores and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. If you are inclined to answer ‘yes’, keep reading because you’ll find this information of use.

Throughout history, there have been several versions of the family and different models of relating with one another. The latest version is the family 2.0.

New modes of communication have transformed the way news is delivered. Thanks to the Internet, access to information has never been so fast. Each minute more than 3.5 million Google searches are made, Facebook is accessed 900,000 times, and 156 million emails are sent. The compulsion to be informed every minute of the day has provoked a surge in so-called “fake news.”

In this article we explain how to include security in the browser and to be able to monitor in real time attacks directed to the client and that are very complicated to control in the server.

Malware, or malicious software, covers different programs which, when run in devices, cause different types of damage and complications such as interrupting their operations, disrupting how they work, stealing information and displaying unwanted advertising.

That surfing on the internet means leaving a trail of personal information is nothing new. Browsers gather preferences and habits thanks to the cookies installed in computers when surfing.

At this point, it’s not surprising that apps that are spontaneously installed on our devices use our personal data in a number of ways.

There is no greater source of pride in the world than to see our children get ahead in life. Their achievements, their charms… It can be marvelous to share each moment of their progress with family members, friends and work colleagues. But is it a good idea to do so on social networks? Is this the right place to share this information?

Fair-trade coffee, quality guarantee, ecological tomatoes… consumers read the labels on the things they eat. But is there any way of checking that what they say is correct? In order to do so, you would need a register of the processes to which the product has been submitted, something blockchain can do.

The widespread use of mobile devices on a day-to-day basis brings with it the risk of very personal information such as bank details, photographs, messages, contacts and emails and a long list of private details falling into unwanted hands.

The BBVA Foundation´s Frontiers of Knowledge Award was won by four mathematicians – Shafi Goldwasser, Silvio Micali, Ronald Rivest and Adi Shamir – for their outstanding contributions to cryptology, a science that has proven crucial to ensuring security in the online world.

BBVA announced the creation of the Information Security & Engineering Risk (IS&ER) unit, a new area within Engineering, to coordinate the group’s information security, cybersecurity and engineering risk efforts. Álvaro Garrido has been appointed head of IS&ER, reporting directly to BBVA’s Global Head of Engineering, Ricardo Moreno.

More and more companies and consumers are turning to biometric technologies to enhance their authentication and payment methods. Compared to traditional password-based mechanisms, these solutions provide a better user experience and increased security.

The security of online identity has never been a more pressing issue as more and more people bank, shop and run their lives through digital channels.

Exhibitionism is one of the defining traits of today’s society. We have access to every imaginable way to take pictures, store them, upload them, share them and comment on them.

One of the biggest financial stories of 2018 will be the entry into force of the European Union’s Payment Services Directive 2 (PSD2). For customers, the measure will mean faster, simpler and more secure digital payments. And for banks and the fintech ecosystem, it presents a great opportunity.

We live in a digital society. Technology and the Internet are part of the everyday lives of people and organizations. As technologies evolve, risks and threats evolve with them. We need to strengthen cybersecurity, but do we have the resources we need?

Samsung and BBVA today presented the iris scanning feature, which will allow BBVA customers with Samsung-compatible smartphones to log on to the bank’s Spanish mobile banking app just by looking at their displays[1].

BBVA’s Group Executive Chairman is convinced that technological advances will be accompanied by greater progress and well-being, but he is also calling for policies and structural reforms that are capable of mitigating the costs of the transition to the new digital society. Supporting research and education, promoting competition and transparency in the markets and developing new employment policies and social protection systems were among the recommendations Francisco González shared at an event organized by El Periódico de Catalunya and BBVA in Barcelona.

These new technological tools have the potential to improve all kinds of economic exchanges and open the door to new ways of doing business that today are unimaginable.

In a few years, we may not be paying with cash, cards or even with smartphones, but rather, by car. Vehicle connectivity will change the way we manage time and money, but a number of problems still need to be addressed.

For the banking industry, the digital revolution has brought new technologies and new types of customers and competitors. But it has also created a new set of ethical responsibilities regarding cybersecurity and the use of data. José Manuel González-Páramo, BBVA’s Executive Director, talked about those ethics, and the opportunities and challenges of digitization, during a speech at the Atrium of the Gentiles, a cultural dialogue organized by the engineering school ICADE and the Ecumenical Social Forum of Madrid. He said these ethics will require acting from a triple perspective: educational, business and regulatory