January 10, 2012, 5:09 PM — Major banks are reportedly preparing to use a few of their actual core skills – not the ones they had to learn to stay in business – to identify security threats as they're developing, rather than when a huge catastrophe makes them too obvious to miss.
In order to make the new effort work they'll have to overcome their major cultural weakness, however: secrecy, according to the Wall Street Journal, which broke the story today.
This month, according to the journal, security execs from Morgan Stanley and Goldman Sachs Group Inc. plan to meet with researchers at the Polytechnic Institute of New York University to talk about how to create a center available to all major banks that would mine mountains of banking data to find patterns that could indicate an attempt to probe existing security or create new ways to spoof identities, steal passwords or create money-transfer authorizations where none should be.
Bank of America is trying to put together a separate industry-security cooperative by hosting experts from other banks at informal conferences that allow them to share information about recent attacks and the responses that did or did not counter them.
Sharing information of any kind is a tetchy subject with banks. Information about customers and about the banks' own transactions are highly regulated and any irregularity tends to hint at theft or embezzlement, rather than sloppy record keeping, which is the default solution in most other industries.
Talking to other banks about anything but the weather also tends to make regulators think "collusion" and "conspiracy," rather than "professional networking."
So banks are even more reluctant to talk about security threats than other types of companies, none of which wants to be either embarrassed by a foiled scam or identified as an easy mark by a successful one.
"The mentality of the banks has been, 'Let's do everything internally because we don't want to give anything away,' " bank analyst Peyman Mestchian, with Chartis Research in London told the Journal.
Banks are becoming the target of choice for serious hackers, according to recent studies from PricewaterhouseCoopers LLP.