SUPPLEMENTARY INFORMATION CRR 2008
Corporate Responsibility Report 2008
14
ISO 9001:2000 CERTIFICATIONS
ISO 9001:2000 Certifications
Spain
Argentina (1)
Mexico
Rest of the world
TOTAL
(1) The main reason for this reduction is that most of the certifications corresponded to Consolidar Salud (sold recently by the
Group) and Consolidar AFJP (the new legal framework for retirement plans removed these companies).
Scope: BBVA Group (excl. BBVA Compass).
SECURITY, CUSTOMER PROTECTION AND BUSINESS CONTINUITY
2008
PHISHING: ISSUES AND MEASURES TAKEN
The expansion of the Internet as a means of communication and work has transferred the problems of
the real world to the virtual world. The new channels offer numerous advantages but also some challenges,
specifically, cases of phishing and Trojan horses indiscriminately directed at the customers of many banks,
which, in the end, is a cause for fraud for citizens at large.
The unit for the Prevention of Technological Crimes within the Computer and Network Security
Division has taken concrete measures to address these new challenges, among which are:
• a 24 x 7 telematic monitoring service run by 20 people with an isolated monitoring and supervision
room, its own laboratory operated by specialists in anti-malware (any program, document or message
liable to cause harm to the users of computer systems) who carry out the analysis and monitoring of
criminal activity on the Internet. Leading technology and open-code systems are used for managing
security events.
• The promotion of the formalization and publication of methods and the development of an open code
as part of the Computer and Network Security Innovation Plan of Technology & Operations, which
facilitates the prevention of technological crimes.
In addition, the BBVA anti-malware laboratory carries out advanced forensic analysis of the customer’s
PCs which have been subjected to fraud attempts, and ensures that the malware samples are sent to
antivirus producers so that they can be detected in later antivirus versions; in some cases, when the malware
code and behaviour is analysed, the users affected can be identified and further fraud prevented.
The exchange of samples of bank malware (any program, document or message liable to cause harm to
the users of computer systems) and other types of security alerts are valuable means for the improvement
not only of customer’s security but also that of the rest of the citizens.
Furthermore, BBVA is a member of the Information Security Forum (ISF), one of the most prestigious
forums in the world in matters of computer security. BBVA also actively participates in the security group of
the Inter-Bank Cooperation Centre (CCI) and in the IT Fraud Working Group of the European Banking
Federation. It likewise cooperates with the INTECO-CERT (Computer Emergency Response Team of the
Institute of Communication Technologies, the Spanish CERT for citizens and SMEs, as well as with other
CERTs in Mexico and South America.
Accumulated experience has led the BBVA Group to develop and implement its own systems to detect
phishing websites, which are deployed throughout the Group and help detect and shut down over 80% of
2007 2006
11 14 17
7 14 21
9 10 7
5 8 8
32 46 53
To view a Ceros magazine you need to have JavaScript enabled in your browser and have the flash player 8 or higher installed. To install the latest flash player, click the icon above, install the flash plugin and then click here to refresh this page.