Tag Archives | bank

Pick a Flower, Snap a Photo, and Win $500 This Valentine’s Day

If you pass by Mar Mikhael today then you will definitely notice red flowers bouquets hanging around the place and up for grab to anyone roaming the street. I first thought it was some sort of a practical joke when I was passing by last night since red flowers tend to get expensive around Valentine’s and you would not expect someone to just give them away for free during this period.

As I got closer, I figured it was Banque Libano-Française who staged that stunt around their e-branch in the area, and aside from giving people flowers to offer to their loved one they are also giving them an opportunity to win $500.

To qualify for winning the prize, all you have to do is taking a cool picture of the hanging bouquets or the flower that you pick (they’re staying there until tomorrow evening), share it it on Instagram via post or story tagging @blflebanon or @luckytobeyoung, and wait for their jury’s decision ext Wednesday February 20th.

You know everybody hates overpaying a red flower on Valentine’s, so there’s nothing wrong with getting one for free this year and even having a $500 on top of it! So Happy Valentine’s and good luck winning.

0

Banque Libano-Française New Mobile App Commercial

It’s not everyday that Lebanese banks make funny commercials. This one was made for Banque Libano-Française’s new Mobile app (MyBLF 2.0) and the actress portraying the client is absolutely hilarious!

Make sure to watch the video till the end.

0

It’s 2017 and The General Security Just Started Accepting Debit/Credit Cards

Although the General Security is probably the only governmental institution that you feel is actually efficient with its smooth operations, but no one can deny that fee payment there can really be irritating sometimes.

You probably have been through it too, each time I renewed my passport I had to bring that exact renewal fees in Lebanese Lira in addition to -god knows why- a photocopy of the bills! And yes, carrying dollars instead is guaranteed to delay your application a bit until you go exchange the money… but it seems like those days are long gone.

I was on my way to work this morning when I noticed several billboards announcing that the General Security has just started accepting payment cards to settle application fees. I know it may sound silly to some but it’s definitely a life saver for others, especially those who do not have the luxury to spend an extended time to submit a simple application form.

And now that this governmental institution seems to have caught up with “modern” payment methods, let’s hope for others such as municipalities or Electricité du Liban (HA HA HA!) to follow suit and hopefully even offer online payments. It’s 2017 for god’s sake!!

P.S: I couldn’t find any online article about this new service except for this post on Blom Bank’s FB page announcing their partnership with the General Security to make it happen.

0

Banque Libano-Française is Getting a Cool New Headquarters in Saifi

blf-magic-box

Earlier this year Banque Libano-Française launched a competition to build their new headquarters in Saifi and at the end of the selection process it was announced that Norwegian-American studio Snohetta won with their “Magic Box” design.

The design looks cool and I thought it is worth sharing since the new building will be a landmark in the area. The chequerboard-pattern facades look nice, but what stand out are definitely the plant-covered terraces carved into the roof and walls of the building.

Regarding the exact location of the project, the competition page shows it will be built on a piece of land opposite to the Lebanese Emigrant statue.

blf-7

blf-4

blf-6

blf-5

Photos via Design Boom

0

No, our banks are still vulnerable to cyber attacks

Remember when it was revealed back in August that many Lebanese bank have been targeted by a malware called “Gauss”? I bet people are starting to forget about the matter and there’s really nothing wrong about that. I mean you can’t expect people to keep talking about the issue for ever, but what’s really worrying is when regulators disregard the threat this malware is still posing to the information systems at our banks.

On September 15th, an article was published in The Daily Star aiming to assure everyone that Lebanese banks are safe and no one will be able to break into their systems because of the “preventive measures” they’re taking. What measures you may ask? Updating their antivirus programs.

Lebanese banks have upgraded their software security systems to block any virus designed to spy on transactions and operations, the Central Bank and IT experts said Thursday.

Jonny Torbey, the head of the IT department at Credit Libanais, said Lebanese banks have developed a security system to prevent any outside party from penetrating their computers regardless of how strong the virus. Read more here

I don’t claim to be a security professional, but I work in the IT sector, and if you also have some basic knowledge in IT and Information Security, you’ll know that updating programs and virus definitions is not sufficient to be protect yourself from cyber attacks. Even the biggest organizations in the world are not immune to attacks, but the difference is in how these organizations react when facing such issue, and that can only be done with proper policies, standards, processes, and systems in place.

A group of independent security professionals wrote this reply to let people know why these actions are insufficient and I decided to publish it here for you guys to read.

Lebanese banks upgrading anti-virus systems: Isn’t it business as usual? Are they truly willing to fight back?

First and foremost, the authors are speaking as Lebanese banking customers who happen to be subject matter experts!

Some of us have had first hands experience reacting to the Gauss Malware in Lebanese banks, and we have taken notice of the Central Bank memorandum released to the IT Departments of all Lebanese banks as well as last week’s related press release.

We can quite understand the need for such communication. It was surely aimed at re-increasing the level of confidence in Lebanese banks in the media and reassuring the general public, who are mostly illiterate in the works of Gauss.

However, knowing how lethal and stealthy the Gauss malware is, we are afraid that such an analysis, if considered sufficient and remained unchallenged, is hurting the Lebanese Banking’s sector reputation rather than increasing confidence in it.

Indeed, the quoted explanations might be misleading and give the impression that the Lebanese Central Bank might have not fully understood the dynamics of the Gauss malware, specially that the latter targets customers’ workstations rather than the banks’ Information Systems.

The reported solution consisting of upgrading the anti-virus systems alone will not prevent future sophisticated malware from targeting the Lebanese banking sector again! More dangerously it might encourage more lethal and frequent hacking and cyber-espionage…

Gauss falls into the category of highly advanced cyber-espionage attacks, more commonly known as Advanced Persistent Threats (APT), and is far from being a playground for script-kiddies.
By only conveying simplistic views about Gauss, the banking sector might not be showing enough readiness to fight back.

Moreover, when it comes to the Lebanese banking sector intrinsic sensitivity, it is quite shocking to read “Other bankers confidently say that they are not concerned about any virus because they insist that they have nothing to hide.”

Is the Lebanese Central Bank enforcing security standards as it should? Is it emphasizing more on implementing policies and procedures? Is there enough security awareness preached and are banks investing enough in this area?

Regulatory authorities should really focus more on pushing Lebanese Banks to become ISO 27001 certified with a clear Information Security Management System (ISMS).

Such a continuous improvement lifecycle will concretely increase Lebanese Banks’ reputation when it comes to operational risk management.

Apparently, much more work needs to be done there, and it’s not that great to hear about these attacks targeting same assets once again. We sincerely hope this will trigger some sort of a more serious action! An information security program must exist, and must be based on a well-established strategy with measured deliverables, and clear accountability for all the involved parties.

As too much time has elapsed between the Gauss info disclosure from Kaspersky and the “public” reaction from the Lebanese Central Bank, one could legitimately look for an officially appointed crisis management spokesperson. Such speaker would rely on a Computer Security Incident Response Team (CISRT) and/or relevant structure in order to protect the sector and the public from unverified media delivery and from misleading information.

It’s not a shame to admit our shortcomings as long as we are determined to work on eliminating them and reassuring the customers in parallel about all sorts of required actions taken to contain and eradicate this malware from the internal workspace.

Remember, big worldwide financial and non-financial companies got compromised too. Even the most sophisticated information security organizations’ operations got hacked as well, but with proper ISMS in place, they were able to stand on their feet and react quickly and expertly.

Remember the Confidentiality, Integrity, Availability (CIA) triad? It’s a great model, but we prefer CIAA instead – Last “A=Accountability” is what matters everywhere used…

To end on a lighter note, we all recall that Lebanese applause when the plane lands safely in Beirut airport but isn’t it business as usual to have a successful landing? The same applies to bankers “continuously updating their antivirus systems”: Isn’t it business as usual?

Sustainable security can only happen with a process enhancement security program!

4

A new malware targets Lebanese Bank customers!

Kaspersky Labs recently discovered a new malware called “Gauss” with a module that aims to capture Lebanese bank accounts login credentials. And the targeted banks included Bank of Beirut, EBLF, Blom Bank, Byblos Bank, Fransabank, and Credit Libanais.

The article suggests the malware has been created by the US and Israeli governments and was not intended to steal money from client accounts, but rather to trace the source of funding to certain individuals (Hezbollah members I suppose).

The spyware, dubbed Gauss after a name found in one of its main files, also has a module that targets bank accounts in order to capture login credentials. The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.

The researchers don’t know if the attackers used the bank component in Gauss simply to spy on account transactions, or to steal money from targets. But given that the malware was almost certainly created by nation-state actors, its goal is likely not to steal for economic gain, but rather for counterintelligence purposes. Its aim, for instance, might be to monitor and trace the source of funding going to individuals or groups, or to sabotage political or other efforts by draining money from their accounts.

Still, that doesn’t seem like the only purpose for that malware, since the people at Kaspersky are still working to crack the larger part of its code and identify what is it responsible for.

Make sure to read the very interesting and worrying report from Wired.com here.

I know protecting your network from a nation-state-created malware is quite hard, but I hope Lebanese banks are now taking the necessary measures to protect themselves from such attacks and eventually safeguard our information.

 Thank you Ibrahim Lahoud

0

BLC women’s empowerment ad

Below is one of BLC’s new ads promoting an initiative they started a while ago to support women entrepreneurs by making it easier on them to get loans to start or expand their business.

It’s a great initiative indeed, but couldn’t they think of a business women can start other than a bakery as it shows in the ad?

2

Bank Audi’s interactive kiosk

I stumbled upon this cool kiosk by Bank Audi on Saturday night at City Mall. Aside from the ATM on the right, there are two large screens that, among many options, allow you to do a video call with one of the bank’s representatives and inquire them about their services. A room offering privacy is also available in the back, which I assume can be used to sign confidential papers and send them directly to the bank from within that kiosk.

The purpose of this project is apparently to let people get most of their banking needs done at a kiosk like this one instead of having to physically be present at one of the bank’s branches, which is pretty nice for people whose time is not flexible enough in the morning.

I just hope they’re putting similar efforts into enhancing their e-banking application as well!

4

Powered by WordPress. Designed by WooThemes