Tech Talk: Equifax failures, Same Day ACH delay, fintech banking services, and more!
- Scathing Senate report on Equifax
- Not so fast Same Day ACH payments
- Old bank trojan up to new tricks
- Innovative new ATM skimming attack
- ATM outsourcing considerations
- PayPal offers Instant Transfer to banks
- Fintech launches banking services
- Data privacy protection efforts
- Banking on crypto assets – or not
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
Scathing Senate report on Equifax
Credit reporting firm Equifax has been under scrutiny from regulators and lawmakers since the firm's September 2017 disclosure of the massive breach that impacted 148 million Americans. A scathing new report released by the United States Senate's Permanent Subcommittee on Investigations blasted the company for its poor security practices, including being aware of security weaknesses in its systems for two years and failing to properly address the vulnerabilities, and provides more details on the credit report agency's failures that led up to the incident. Security Week has the details.
Not so fast Same Day ACH payments
Plans to expand same day ACH transactions and establish a third processing window have been put on hold by the Federal Reserve. A rule that was passed by ACH network administrator NACHA in September 2018 to provide extended access for all ODFIs (Originating Depository Financial Institutions) and their customers through a "new window" was contingent upon the Federal Reserve Board's approval. But the Fed Board wants to issue a request for public comment and allow time for the feedback before it approves the new rule. PYMNTS.com has the details.
Old bank trojan up to new tricks
The old adage "You can't teach an old dog new tricks" doesn't apply to malicious malware or the nefarious actors who design the data-stealing tools. The infamous Ursnif banking Trojan that has a long history of targeting banks and online banking users dating back to 2007 has resurfaced with new tricks to evade detection and extend its reach beyond just bank details and passwords. Security researchers suspect this latest campaign may be linked to the Cutwail Botnet, a cybercrime operation that's also been around for the past decade. ZDNet has the details.
Innovative new ATM skimming attack
Card data thieves are increasingly devising new and clever ways to pilfer card and PIN data from unwitting consumers at ATMs. ATM skimming attacks often involve a hidden pinhole camera disguised as a PIN pad privacy cover or hidden in all-in-one skimmer over the green flashing card acceptance slot. Scammers have found more innovative ways to capture PINs by hijacking the ATM's built-in security camera, reports Krebs on Security.
ATM outsourcing considerations
While financial institutions may already outsource some of their ATM services, operational, logistical and regulatory challenges have many institutions considering outsourcing end-to-end management of their ATM fleets. ATM Outsourcing can not only reduce costs and provide banks and credit unions with the resources to focus on more relational aspects of customer service and sales, but may also lend the ability to provide more innovation features for their customers. ATM Marketplace has the details and some things to consider when deciding on ATM outsourcing.
PayPal offers Instant Transfer to banks
Appealing to a growing number of gig economy workers, PayPal has launched an Instant Transfer to banks functionality for qualified individual and business customers in the U.S. The new service is made possible by the company’s expanded partnership with JPMorgan Chase which enables PayPal to access the ACH network. The popular P2P payment network already has its eye on global expansion of the new service. TechCrunch has the details.
Fintech launches banking services
Personal finance and investing app Stash is making its move into the traditional banking market. In partnership with Green Dot's Banking-as-a-Service platform, the company will offer a full range of banking services, including a debit account with no overdraft or monthly maintenance fees. In addition, its more than 3 million users will be able to participate in a new Stock-Back loyalty feature, which rewards debit cardholders with fractional shares in individual stocks based on where they spend money. MarketWatch has the details.
Data privacy protection measures
In the wake of Europe's new GDPR (General Data Protection Regulation), a series of high-profile consumer data privacy lapses, and the emergence of state regulations designed to more adequately protect consumer information, data privacy has become a front burner issue across all sectors. Armed with feedback it has received, the National Institute of Standards and Technology (NIST) is developing a Privacy Framework that can be adapted across organizations, technologies, and sectors, reports CIO Dive. As we enter a potential new era of data regulation, the impact will be felt by both consumers and banks. Forbes has the details.
Banking on crypto assets – or not
Tech giant IBM is moving into the crypto custody market with a cloud-based and encrypted storage solution for digital assets that is designed for banks, brokers, and other financial firms, reports Coindesk. Meanwhile, global banking watchdog, the Basel Committee on Banking Supervision, is warning the industry about the potential risks that crypto assets or related services poses for banks and global financial stability. Finextra has the details.
Spams, Scams and Breaches
- Sophos: Taxpayer vishing scams on the rise
- Threatpost: Company payouts may lead to resurgence of ransomware
- Krebs on Security: Fraudsters may be bypassing Equifax credit freeze PIN
- Threatpost: New malware targeting PoS systems for sale on the Dark Web
- Forbes: Email marketing firm breach exposed more than 2 billion personal data records
Updates, Patches and Alerts...
- US-CERT: Current Activity
- Threatpost: Cisco patches critical default password bug
- Security Week: Adobe patches flaws in Sandbox, Photoshop, Digital Editions
- Security Week: WordPress 5.1.1 patches remote code execution vulnerability
- Computerworld: Urgent updates for Windows and IE for March Patch Tuesday
- Bleeping Computer: Google Chrome to block drive-by-downloads from ad frames
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
March is Women's History Month, dedicated to honoring and celebrating women's contributions to society and history. On International Women's Day March 8, security firm Sophos highlighted five female technoheroes you may be unfamiliar with, but who have achieved notable accomplishments.
First published on 03/15/2019