Banks should share cyber crime information

Financial institutions across Europe should be sharing information about e-crime - as the Dutch already do.

Dr. Wim Hafbank, responsible for IT security strategies at Rabobank, told ENISA's annual conference in Greece how banks in the Netherlands have been sharing such information for the past six years and showed how advanced they were compared to the rest of Europe.

Hafbank was the chairman of a Dutch Financial Service Information Sharing and Information Analysis Centre (FS-ISAC). In 2006, they joined an initiative called the National Infrastructure of Cybercrime, a public/private project sponsored by the Dutch Ministry of Economic Affairs.

"It was a group of 10 banks in the Netherlands which shares information on cybercrime related issues, incidents and vulnerabilities," he said.

He explained that regulators and telcoms operators joined the meetings to share information.

This lead to a notice and takedown service, where banks could ask the Dutch national Computer Emergency Response Team (CERT) to close down suspected phishing sites.

There was also a monitoring and information service, which looked for banking-related trojans over the internet and analysed them. It also took information from customers malware-infected computers.

Hafbank said that banks around Europe should share information about cyber crime in the same way, together with law enforcement and government security agencies.

He revealed meetings have been held over the past year to form an European-wide FS-ISAC.