Tech Talk: Data privacy, a BOI filing tool, bank training tech, and more!

• State-level financial data protections
• Risky vendor practices at community banks
• New BOI filing tool for SMBs
• FinCEN issues deepfake fraud alert
• Innovative bank training tech
• Banks see surge in digital scams
• Payments fraud up and rising
• A collaborative framework to fight cybercrime
• The blockchain revolution in banking
• Spam, Scams & Breaches
• Updates, Patches & Alerts
• and on the lighter side...

State-level financial data protections
Consumers' growing reliance on digital financial tools that require detailed personal and financial information to operate effectively increases the potential for data privacy risks. Many consumers are unaware of the extent of data being collected and how it is used or shared. While federal protections, such as the GLBA and FCRA, exist to safeguard consumer data in the U.S., the CFPB urges states to provide consumers with additional financial data protections to bridge gaps where federal law currently falls short. Finextra has the details.

Risky vendor practices at community banks
In light of evolving and newly emerging threats, banks have stepped up their game of securing their internal systems and procedures for data security. But when bringing new players such as fintech and other third parties on to the playing field to assist, many community banks are dropping the ball on due diligence and third-party practices, putting their customer data at risk. Banking Dive has the details.

New BOI filing tool for SMBs
The Beneficial Ownership Information (BOI) Reporting rule, effective January 1, requires certain companies to report information on individuals with significant control or ownership stakes to increase transparency and combat financial crimes. The rule will simplify the customer due diligence process for banks by providing a centralized BOI registry. Identity and compliance platform Palm has launched a free AI-powered BOI filing tool to help small businesses streamline their reporting and meet the deadline. PYMNTS.com has the details.

FinCEN issues deepfake fraud alert
AI deepfakes are presenting both new threats and potential opportunities for criminals who are leveraging the technology to add a new layer of sophistication to traditional identity theft and account takeover attacks. There has been an increase in these growing threats targeting financial institutions in fraudulent schemes that involve criminals altering or creating fraudulent identity documents to circumvent ID verification and authentication methods. FinCEN has issued an alert that includes nine red flags to help U.S. banks identify these scams and report deepfake fraud schemes. PYMNTS.com has the details.

Innovative bank training tech
Developing training programs for your employees that isn't boring or trivial can be challenging. Many organizations are turning to VR (virtual reality) to enhance training and immerse employees in realistic scenarios that help them learn more efficiently and improve retention. Enterprise XR platform Strivr has released the industry's first XR (extended reality) training bundle for retail banking and financial services that incorporates modules in key areas including client care, professional etiquette, and empathetic leadership. Finextra has the details.

Banks see surge in digital scams
In the proverbial cat-and-mouse game between cybercriminals and the financial sector, the more controls we implement to keep the bad actors out, the more fraudsters devise new tools and tactics to circumvent those controls. According to a new report from cybersecurity firm BioCatch, account-opening fraud has declined by nearly 60% in the last year, but social engineering and other digital scams have increased tenfold. CNBC has the details.

Payments fraud up and rising
Payments fraud has also continued to increase in 2024. According to the Association for Financial Professionals (AFP), 80% of organizations experienced attempted or actual payments fraud in 2023 – up 15% from 2022 and reaching the highest level since 2018. A new report released by payments giant Visa highlights how payment fraud threat actors continue to probe the payments ecosystem for vulnerabilities and leverage AI to deploy fraud schemes targeting banks and consumers. Payments Dive has the details.

A collaborative framework to fight cybercrime
The growing risk of cyber inequity in an increasingly dynamic tech landscape underscores the urgent need for stronger collaboration between public and private sectors. The World Economic Forum (WEC) has released a framework for cyber-defenders to join forces and work together to stay ahead in the fight against cybercrime. Infosecurity has the details.

The blockchain revolution in banking
With bitcoin soaring to all-time highs in the aftermath of Donald Trump's election victory, forward thinking financial institutions may want to reassess their blockchain strategies to innovate and remain competitive. The distributed ledger technology that underpins bitcoin could help banks regain their competitive edge by improving efficiency, enhancing security, and meeting rising customer expectations for speed and transparency. PYMNTS.com has the details.

Spams, Scams, and Breaches

• Cybersecurity Dive: Cyberattacks hit 1 in 3 SMBs last year
• Payments Dive: Young people fall prey to payments fraudsters
• KnowBe4: Attackers don't hack, they log in. Can you stop them?
• Help Net Security: Cyber crooks push Android malware via letter
• Finextra: NatWest reveals the fastest-growing scams of 2024
• Help Net Security: Infostealers increasingly impact global security
• Infosecurity: Microsoft Visio files used in sophisticated phishing attacks
• Help Net Security: Social engineering scams sweep through financial institutions
• Help Net Security: Massive troves of Amazon, HSBC employee data leaked
• Infosecurity: Massive telecom hack exposes U.S. Officials to Chinese espionage
• Dark Reading: Revamped Remcos RAT deployed against Microsoft Windows users
• Security Week: FBI warns of fake emergency data requests made by cybercriminals
• Security Week: Debt relief firm Forth discloses data breach impacting 1.5 million people

Updates, Patches, and Alerts...

• US-CERT: Current Activity
• Dark Reading: AI & LLMs show promise in squashing software bugs
• Security Week: Adobe patches critical-severity bugs in multiple products
• Cybersecurity News: SAP Security Update: Patch for high severity vulnerabilities
• Cybersecurity Dive: Attackers target Palo Alto Networks’ customer migration tool
• Cyber Security News: Chrome 131 released with fix for 12 security vulnerabilities
• Security Week: Palo Alto Networks confirms new firewall zero-day exploitation
• Bleeping Computer: Microsoft says recent Windows 11 updates break SSH connections
• Cybersecurity Dive: Zero-days from top security vendors were most exploited CVEs in 2023
• Bleeping Computer: Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
• Cyber Security News: CISA, NSA, & FBI release list of 15 most exploited vulnerabilities in 2023
• Cyber Scoop: Here’s how misconfigurations in Microsoft Power Pages could lead to data breaches
• Security Week: Veeam patches high-severity authentication bypass vulnerability in Backup Enterprise Manager

See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.

And on the lighter side...

As our world becomes increasingly more interconnected, the lines between privacy, convenience, and security are blurring. A group of Harvard students conducted an experiment to show how seemingly innocent smart glasses raise significant privacy concerns.