Fidelity National Information Services Inc. has named Greg Schaffer as its new chief information security officer.
The move signals FIS' intention to be stronger partner in banks' quest for greater security controls, particularly as banks outsource more of their technology demands, and as increased regulatory scrutiny stemming from new Federal Financial Institutions Examination Council guidelines for online banking security come into play.
"FIS has not been as proactive as they could be with helping their customers" around security, Avivah Litan, a vice president and distinguished analyst at Gartner, says.
"This is one step of their move to improve security," Litan says.
Among the things the new FFIEC guidelines, released last summer, stipulate is that banks use a multi-layered approach to protecting online security, including device detection, behavioral analysis, anomaly detection, and more sophisticated systems for granting customers access to their online accounts.
FIS, of Jacksonville, Fla., is not alone. Fiserv Inc., Jack Henry & Associates Inc., and ACI Worldwide Inc., which recently acquired online banking provider S1 Corp., are all similarly charged to show themselves to be active partners around security, Litan says.
Schaffer is a well-known name in the security world. He held senior positions at the National Protection and Programs Directorate and the U.S. Department of Homeland Security, where he was assistant secretary for Cybersecurity and communications. He also oversaw implementation of enterprise security and compliance operations at Alltel Communications LLC., serving as CISO and chief risk officer.
"Greg is one of the industry's leading security experts …and we thought [his appointment] was a great way to establish the tone of how important security is for the company," Gary Norcross, chief operating officer for FIS says.
FIS itself was the victim of a security breach last May, which it reported in an earnings statement at the time. It said it had lost $13 million in a scheme that affected more than 7,000 accounts.
Norcross says the problem for banks is not that they are outsourcing core banking and their ancillary security needs, but that the demands of banking are changing, and so is the nature of cybercrime.
"We have always had processes in place to make our client feel very comfortable about security," Norcross says.
Cybercriminals are now targeting banks whose many overlapping systems create new attack points, and customers themselves, who criminals can use to piggyback into bank systems.
FIS expects Schaeffer to be an active security advocate, Norcross says.
"We have to make sure our clients' environments are as secure as they can be and work with them to help educate the end consumer about how they make their environments more secure," Norcross says.
"Greg brings a balance and knowledge base that is unparalleled in the industry," Norcross says.
Schaffer will replace Adriel Ginsburg, who will continue on as part of the security team's senior management, Norcross says.