Top Story Technology Related

The Federal Trade Commission has reported it has sued to stop a Voice over Internet Protocol (VoIP) provider, XCast Labs, Inc., that continued to funnel hundreds of millions of illegal robocalls through its network, even after receiving multiple warnings. The Department of Justice filed the complaint in the Central District of California on the FTC’s behalf.

XCast Labs, headquartered in Los Angeles, California, is a nationwide provider of VoIP technology, providing services that allow its customers to send and receive phone calls, including robocalls (calls that play a prerecorded message), over the Internet. Telemarketers who blast illegal robocalls typically use VoIP service providers like XCast Labs to transmit their calls.

According to the complaint, in January 2020, the FTC sent letters to a number of VoIP providers, including XCast Labs, warning them that assisting and facilitating illegal telemarketing or robocalling was against the law. The complaint also alleges that XCast Labs received dozens of “traceback” inquiries from US Telecom’s Industry Traceback Group regarding suspected illegal calls that originated on XCast Labs’ network, as well as inquiries from law enforcement agencies about transmission of suspected illegal traffic on the XCast Labs network. Even after receiving these direct warnings, the FTC alleges that XCast Labs transmitted illegal robocalls to consumers.

In addition, the FTC discovered that many of these suspect robocalls were part of organized campaigns designed to generate telemarketing leads by, for example, impersonating federal officials from the Social Security Administration. Lead generators sell the information they gather to telemarketers, who then use consumers’ information to pester them with even more unwanted, illegal calls.

OFAC has issued an Important Technical Notice for Users of the OFAC website on SSL Certificates. If your bank or a service provider uses scripts and other automated processes that download OFAC's list-related data products, or if members of your staff browse OFAC's website (depending on browser used and its configuration), there could be problems accessing the data if the advice in the Notice is not heeded. Share this information with your institution's IT department and/or service provider.

The Treasury Department is initiating its annual renewal of the public-trusted certificate securing the www.treasury.gov website, including OFAC sanctions list downloads. The existing certificate will be replaced on May 15, 2023, at 8 p.m. EDT.

Officials from the CFPB, Federal Trade Commission, the Civil Rights Division of the Justice Department, and the Equal Employment Opportunity Commission pledged yesterday to uphold America’s commitment to the core principles of fairness, equality, and justice as emerging automated systems, including those sometimes marketed as “artificial intelligence” or “AI,” become increasingly common in our daily lives – impacting civil rights, fair competition, consumer protection, and equal opportunity.

The agencies released their Joint Statement on Enforcement Efforts Against Discrimination and Bias in Automated Systems outlining a commitment to enforce their respective laws and regulations to promote responsible innovation in automated systems.

• CFPB press release

The Federal Reserve has issued initial findings from its 2022 triennial payments study. The information shows how consumers and businesses chose to make noncash payments, using checks, different types of cards, and the automated clearinghouse (ACH). Additional details will be available as analysis is completed.

The data show that the average values of consumers' and businesses' ACH, check, and card payments increased substantially from 2018 to 2021. The data also show that consumers and businesses made more noncash payments, leading to a greater total value of noncash payments in the same time period. Cards were used most frequently, and accounted for 84 percent of the increase in the number of payment transactions. The increase in total value, however, was driven almost entirely by the increase in the value of ACH payments.

The Federal Reserve Payments Study is a collaborative effort of the Federal Reserve Bank of Atlanta and the Federal Reserve Board. The triennial study has been conducted every three years since 2001 with annual supplements since 2017. The study develops aggregate estimates using data collected from voluntary surveys of depository institutions, card networks, and other major payment processors.

BankersOnline editorial comment: It is likely the large increases in the numbers of noncash, and in particular, card payments was due largely to a move away from cash for retail payments in 2020 with the onset of the COVID-19 pandemic. The reason the increase in total value of noncash payments was primarily seen in ACH transactions is probably due to the phase-in of same-day ACH payments and the steps up in their per item dollar caps.

U.S. Deputy Secretary of the Treasury Wally Adeyemo chaired a meeting yesterday with members of the Financial and Banking Information Infrastructure Committee (FBIIC) to discuss the group’s collective and individual cybersecurity efforts.

The Deputy Secretary recognized the agencies’ work to monitor and harden their cyber defenses at a time of increased threats, including those arising from Russia’s invasion of Ukraine. He emphasized the importance of information sharing to support detection of suspicious or malicious activity so that financial entities can better protect themselves.

The participants received an update on the efforts of the FBIIC Cloud Working Group and other joint efforts to make progress on incident response plans. Adeyemo underscored that a heightened threat level is likely to continue in the future and urged participants to accelerate efforts on joint cybersecurity projects.

The FBIIC includes the leadership of federal financial regulatory agencies and the associations of state regulatory agencies. The FBIIC is charged with improving coordination and communication among financial regulators, promoting public-private partnership within the financial sector, and enhancing the cyber and all-hazards resiliency of the financial sector.

• Treasury Department press release

Yesterday, Acting Comptroller of the Currency Michael J. Hsu discussed the Office of the Comptroller of the Currency’s approach to open banking in remarks at FDX Global Summit Spring 2023 in Raleigh, N.C.

In his remarks, Hsu highlighted the evolution of open banking and its potential impact on the OCC’s supervision in the context of liquidity, operational, third-party, and compliance risks. He also discussed the importance of data, and the relationship of banking and commerce, in the development of open banking to build trust among consumers and the public.

• OCC press release

The Federal Trade Commission on Monday announced it has acted to stop Nexway, a multinational payment processing company, along with its CEO and chief strategy officer, from serving as a facilitator for the tech support scammers through credit card laundering. The defendants in the case have agreed to court orders that prohibit them from any further payment laundering and require them to closely monitor other high-risk clients for illegal activity. The complaint and orders were filed by the U.S. Department of Justice on behalf of the FTC.

The FTC’s complaint against Nexway (and several of its subsidiaries and an associated company known as Asknet), its CEO Victor Iezuitov, and its chief strategy officer Casey Potenzone charges that the defendants were at the center of several offshore tech support scams, processing tens of millions of dollars in charges and giving the scammers access to the U.S. credit card network.

The complaint details Nexway’s relationships with tech support scammers, in which Nexway acquired credit card merchant accounts and then used those accounts to collect money from consumers on behalf of the scammers. The complaint charges that Nexway, Iezuitov, and Potenzone were aware that their tech support clients were scammers and directly received numerous complaints about the companies.

The stipulated court orders include a number of restrictions and requirements on Nexway and Iezuitov, asknet, and Potenzone:

• Prohibition on credit card laundering: The orders will prohibit the defendants from laundering sales through their merchant accounts.
• Requirement to monitor high-risk clients: The orders require the defendants to screen and monitor any clients they serve who meet criteria that make them an elevated risk of violating the law, and also require them to take action if their clients charge consumers without authorization or violate the Telemarketing Sales Rule (TSR).
• Prohibition on payment processing or assisting tech support scammers: The orders will prohibit the defendants from engaging in payment processing for tech support companies that use pop ups, telemarketing or false or unsubstantiated advertising.
• Monetary judgments: The orders require Nexway and its subsidiaries to pay $350,000; Asknet and its subsidiaries to pay $150,000; Iezuitov to pay $100,000; and Potenzone to pay $50,000.

The orders contain a total monetary judgment of $16.5 million, which is partially suspended based on the defendants’ inability to pay the full amount.

The Financial Stability Board (FSB) has announced its publication, at the request of the G20, of a report with recommendations to achieve greater convergence in cyber incident reporting.

The report sets out a concept for developing a common format for incident reporting exchange (FIRE) to collect incident information from financial institutions and that authorities could use for information sharing.

The FSB has also updated its Cyber Lexicon, which aims to:

• enable a common understanding of relevant cyber security and cyber resilience terminology across sectors
• enhance work to assess and monitor financial stability risks of cyber risk scenarios
• facilitate information-sharing as appropriate
• aid work by the FSB and/or standards-setting bodies to provide guidance related to cyber security and cyber resilience, including identifying effective practices

A number of new terms were added and some existing definitions were clarified.

Vice President Kamala Harris and Deputy Secretary of the Treasury Wally Adeyemo have announced that the U.S. Department of the Treasury’s Community Development Financial Institutions Fund (CDFI Fund) has awarded over $1.73 billion in grants to 603 Community Development Financial Institutions across the country through the CDFI Equitable Recovery Program . These funds will strengthen the ability of CDFIs to help low- and moderate-income communities recover from the COVID-19 pandemic and invest in long-term prosperity.

ERP is a competitive grant program designed to provide funding to CDFIs to expand lending, grant making, and investment activities in low- or moderate-income communities, which have significant unmet capital and financial services needs and have experienced disproportionate economic impacts from the COVID-19 pandemic. It will also enable CDFIs to build organizational capacity and acquire technology, staff, and other tools necessary to accomplish these goals.

The institutions that received grants through CDFI ERP include banks, holding companies, and credit unions as well as non-depository loan funds and venture funds that are designated as CDFIs by the Treasury Department’s CDFI Fund. These mission-driven financial institutions specialize in delivering responsible capital, credit, and financial services to underserved communities.

OFAC has announced a settlement with Microsoft Corporation. Microsoft has agreed to remit $2,980,265.86 to settle its potential civil liability for 1,339 apparent violations of the Cuban Assets Control Regulations, the Iranian Transactions and Sanctions Regulations, the Syrian Sanctions Regulations, and the Ukraine-/Russia-Related Sanctions Regulations involving the exportation of services or software from the United States to comprehensively sanctioned jurisdictions and to Specially Designated Nationals or blocked persons. The settlement amount reflects OFAC's determination that Microsoft's conduct was non-egregious and voluntarily self-disclosed.

OFAC's action was completed coordinated with the Commerce Department's Bureau of Industry and Security (BIS), which settled with Microsoft for a civil penalty of $624,013, with $276,382 of that amount suspended pending payment of Microsoft's settlement amount with OFAC. The BIS settlement involved seven alleged violations of the Export Administration Regulations by Microsoft subsidiary Microsoft Rus LLC.

• OFAC Enforcement Release
• BIS order
• Joint press release of Departments of Commerce and Treasury