Tech Talk: Financial data rights, AI for ATMs, APP fraud, and more!
- CFPB moves to finalize data rights rule
- Big bank sued over lax data security
- BaaS bank fails BSA/AML controls
- Managing ATM networks with AI
- Firms (and banks) banning GenerativeAI
- APP scams are top payment fraud threats
- A bank cybersecurity guide
- A compliant digital onboarding solution
- Harnessing data pipelines and mesh
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
CFPB moves to finalize data rights rule
In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that would transform how financial institutions handle personal data about their customers. The CFPB is now in the process of writing regulations to implement the new rule which will provide banks and credit unions with more visibility into what their customers are doing and who they're sharing data with. The CFPB's proposed rule, which is expected to be finalized by this summer, has the potential to level the financial services playing field and give banks a competitive advantage. The Payments Journal has the details.
Big bank sued over lax data security
Consumers in New York have lost millions of dollars as a result of cybercrime schemes. The New York Attorney General (AG) contends that one of the nation's and state's biggest banks is responsible for their customers' losses due to its failure to implement strong data security and anti-breach practices. The AG is suing Citibank over the financial institution’s alleged failure to protect customers against hackers and fraudsters, as well as its refusal to reimburse victims for fraud losses. Bleeping Computer has the details.
BaaS bank fails BSA/AML controls – again
Federal banking regulators are keeping a close eye on U.S. banks with fintech partnerships. In 2023, the small number of BaaS (banking as a service) banks accounted for 13.5% of severe enforcement actions. Virginia-based Blue Ridge Bank was one of the BaaS banks previously hit with an enforcement order from the OCC for its weak anti-money laundering controls. The regulator has issued its second enforcement action against the bank for BSA/AML compliance failures. Banking Dive has the details.
Managing ATM networks with AI
AI is increasingly being deployed in the banking sector for its capabilities to increase efficiency and enhance customer service. The technology is also unlocking new capabilities in ATM maintenance and security. By analyzing data patterns and other key data points, AI systems can identify, diagnose, and even make fixes remotely, as well as detect potential physical or virtual attacks.
ATM Marketplace has the details.
Firms (and banks) banning GenAI
Emerging technologies, such as generative AI, are being leveraged by companies in every sector to optimize processes and augment operational efficiency. However, growing concerns over privacy, accuracy, and potential legal implications has many firms – and major banks – banning the use of generative AI. Unvetted third-party software, like ChatGPT, can pose significant inherent risks – particularly in the heavily regulated banking industry. CIO Dive has the details.
APP scams are top payment fraud threats
Authorized push payment (APP) fraud, in which a fraudster poses as a legitimate company and coerces their victim to send them a payment, has accelerated in recent years due to the advancement of technology and the increasing sophistication of cybercriminals. In the U.K., 1 in 3 consumers fell victim to APP fraud in 2023, reports Finextra. According to identity risk solution provider Alloy’s 2024 State of Fraud Benchmark Report, APP fraud was ranked as the top fraud driver by businesses in the U.S. and U.K. last year. IBS Intelligence has the details.
A bank cybersecurity guide
In today's rapidly evolving digital landscape, banks face increasingly complex cybersecurity challenges. As financial institutions embrace innovative technologies to stay competitive and provide seamless services, they inadvertently open themselves up to sophisticated cyber threats. It is more critical than ever that banks deploy a multi-faceted approach to safeguard sensitive information and maintain the integrity of financial systems. Techie Expert has the details.
A compliant digital onboarding solution
In a significant move for the digital banking sphere, Amsterdam-based fintech firm Plumery has teamed up with global ID verification platform Sumsub to offer banks and fintechs swift and cost-effective digital and mobile onboarding. The collaboration will see Sumsub’s comprehensive Know Your Customer (KYC) suite integrated into Plumery’s innovative Headless digital banking platform. Finovate has the details.
Harnessing data pipelines and mesh
The banking industry is on the cusp of major data management advancements, driven by machine learning (ML) and AI. The convergence of data pipelines and mesh will greatly enhance analytics and decision-making capabilities and result in more streamlined, adaptable systems. It's evident that the banking sector is moving towards a more dynamic, predictive, and customer-centric era of data management, making it imperative for banks to adopt and harness these technologies in order to stay ahead. Global Banking and Finance has the details.
Spams, Scams, and Breaches
- Finextra: The CFTC issues warning about AI-related scams
- SecurityWeek: 31 people arrested in global cybercrime crackdown
- Finextra: Venmo, Zelle and Cash App leave users vulnerable to fraud
- Security Week: The ransomware threat in 2024 is growing: report
- Finextra: DOJ uncovers $1.89 billion cryptocurrency fraud scheme
- Help Net Security: Cybercriminals embrace smarter strategies, less effort
- FBI: FBI disrupts Chinese botnet used for targeting US critical infrastructure
- Security Week: 1.5 million affected by data breach at insurance brokerage firm
- Cybersecurity Dive: Johnson Controls reports $27M hit from ransomware attack
- Help Net Security: Cybercriminals replace familiar tactics to exfiltrate sensitive data
- Cybernews: Mother of all breaches reveals 26 billion records: what we know so far
- Bleeping Computer: DHS employees jailed for stealing data of 200K U.S. govt workers
- Finextra: IT firm ransomware attack impacted some of Swedish central bank's IT systems
- Bleeping Computer: Police disrupt Grandoreiro banking malware operation, make arrests
- Bleeping Computer: FBI: Tech support scams now use couriers to collect victims' money
- Help Net Security: Hundreds of network operators’ credentials found circulating in Dark Web
Updates, Patches, and Alerts...
- US-CERT: Current Activity
- Computerworld: Office 365: A guide to the updates
- SecurityWeek: Linux GNU C Library vulnerability leads to full root access
- TechCrunch: Ivanti patches two zero-days under attack, but finds another
- Dark Reading: CISA orders Ivanti VPN appliances disconnected: what to do
- Help Net Security: Critical Jenkins RCE flaw exploited in the wild. Patch now!
- Security Week: Juniper Networks patches vulnerabilities in switches, firewalls
- Help Net Security: Custom rules in security tools can be a game changer for vulnerability detection
- Help Net Security: A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
Today the nation's most famous groundhog, Punxsutawney Phil, did not see his shadow, predicting an early spring. Groundhog Day also refer to situations in which the same negative experiences occur repeatedly, or are felt to occur repeatedly, with no change or correction. Most IT workers can probably relate to these common top five technology-related "recurring issues" and the consequences of not addressing them.