Tech Talk: Cyber insurance, third-party risk, ATM jackpotting, and more!
- Cyber insurance for FIs
- Assessing third-party risk
- New ATM jackpotting malware
- Botnets targeting banks
- Membership-based banking
- PayPal branching out
- AI for money laundering
- FTC scam bust leads to scam
- Fraud prevention partnership
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
Cyber insurance for FIs
With cyberattacks increasing in volume and sophistication, financial institutions are at risk for significant fallback and penalties in the event of a direct attack or a cyber event targeting a third-party vendor. To address the potential risks, members of the Federal Financial Institutions Examination Council (FFIEC) have issued a joint statement on Cyber Insurance and Its Potential Role in Risk Management Programs. Noting that traditional insurance policies may not sufficiently cover cyber risk exposures, the FFIEC recommends that banks assess the scope of current coverage and consider adding cyber insurance as a component of the institution's broader risk management strategy. ATM Marketplace has the details and a link to the FFIEC statement.
Assessing third-party risk
Faced with increased regulatory scrutiny, financial institutions must practice effective risk management regardless of whether the institution performs the activity internally or through a third party. Fintech partners and other outsourced providers should be included in an institution's risk management program. According to a 2017 Thomson Reuters Legal survey of anti-money laundering (AML) professionals, only a small percentage of respondents had extreme confidence in their AML and customer due diligence (CDD) data vendors. Dealbreaker has the details.
New ATM jackpotting malware
ATM Jackpotting – criminal attacks involving commands sent to the ATM dispenser to empty the machine of cash using malware, a USB device or other nefarious methods – are becoming more prevalent. A new strain of jackpotting malware, aptly named ATMJackpot, has been discovered by Netskoke Research Labs, reports Security Week. To educate ATM deployers and provide tips for protecting their networks, TMD Security, provides some insight into the history of ATM Jackpotting and how institutions and other ATM network providers can mitigate these threats. ATM Marketplace has the details.
Botnets targeting banks
When several banks in the Netherlands were hit by multiple DDoS attacks in January, the source of the attacks was unknown. Security researchers have tied at least one of those attacks to the use of Reaper, aka IoTroop, a powerful internet of things (IoT) botnet. While the criminals deploying these attacks have thus far targeted banks in Russia, Brazil and Ukraine, researchers are monitoring the botnet for updates and future attacks targeting financial institutions, reports Threatpost has the details.
Membership-based banking
The financial industry is facing increased competition from alternative providers who want to woo consumers away from traditional banks by providing innovative (and less costly) options for managing their finances. Fintech startup MoneyLion, a financial and wealth management app, has announced a membership-based alternative to traditional banks with a suite of premium banking products – including checking, savings and debit card accounts. Finextra has the details.
PayPal branching out
With its latest announcement, global payments provider PayPal is inching even closer to securing its place in the traditional banking market. In partnership with small banks, PayPal is branching out with a consumer debit card that can be used at ATMs throughout the U.S., mobile check deposit (or direct deposit), and FDIC insurance for funds held in a PayPal mobile wallet. The online payments giant is targeting unbanked or underserved consumers with alternative products that provide them with digital banking options. ITProPortal has the details.
AI for money laundering
Banks are showing increased interest in artificial intelligence (AI) to automate tasks, enhance customer service, improve performance, and combat financial crime. One of the largest banks in the world, HSBC, has joined the ranks of other European banks who are leveraging technology to fight fraud. Following a successful pilot in 2017, HSBC has partnered with data startup firm Quantexa to deploy artificial intelligence for detecting and mitigating money laundering and other financial crimes, reports CIO Dive. As with any emerging technology, there are pros and cons to consider before adopting AI. CIO Dive has the details.
FTC scam bust leads to scam
The Federal Trade Commission (FTC) has been cracking down on tech support scams. Following a settlement with Inbound Call Experts LLC, dba Advanced Tech Support, involving the company's use of high-pressure sales tactics to market products and services by falsely claiming to find viruses and malware on consumers' computers, the FTC announced Advanced Tech Support refunds last month. The FTC has issued an alert for consumers regarding a scam using the promise of those refunds to gain remote access to victims' computers. FTC.gov has the details.
Fraud prevention partnership
They say when one door closes, another door opens. While the widespread adoption of EMV technology and chip-enabled cards has reduced counterfeit card fraud, fraudsters have turned to other entry points to gain access to card data. According to Javelin Strategy and Research, CNP (card-not-present) fraud is now 81 percent more prevalent than POS (point-of-sale) fraud. To help retailers mitigate CNP fraud, payment processing provider Worldpay has partnered with machine learning company Featurespace on an enhanced fraud prevention strategy that leverages the power of data, reports PYMNTS.com.
Spams, Scams and Breaches
- Threatpost: Ransomware doubles in past year
- CU Times: Cybersecurity firm thwarts LinkedIn attacks
- Security Week: Mobile phishing attacks are rising
- Krebs on Security: Tax ID thieves going after CPAs
- Techspot: New web standard for stronger authentication coming to web browsers
Updates, Patches and Alerts...
- US-CERT: Current Activity
- Security Week: AMD, Microsoft release Spectre patches
- Security Week: SAP patches critical flaws in business client
- Sophos: Three critical Flash vulnerabilities patched. Update now!
- Security Week: Microsoft adds new security features to Office 365
- Threatpost: Microsoft fixes 66 bugs in April Patch Tuesday release
- ATM Marketplace: How 125 ATM industry players plan to make Windows 10 your last Microsoft upgrade
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
Cyberattacks continue to rise in frequency and scope, affecting everyone from private citizens to corporations to city governments, with frequently embarrassing or distressing results. The Onion takes a satirical look at some key facts about cybercrime.