Tag Archive for: banks

Editorial | Cybercrime and banks | Commentary

/in


With reports of cybercriminals targeting local bank networks, customers are understandably feeling vulnerable that they, too, might become targets in the future.

Cybercrime, to include online banking, is complicated. There are three critical groups to consider when examining cybercrime – organised criminals, victims, and those who seek to deter those criminals.

Online technologies have given birth to a new generation of fraudsters who have become experts at breaking into people’s accounts and illegally removing their money for their own benefit. It is happening all over the world despite the fact that some institutions have ramped up cybersecurity spending to keep these criminals at bay. It is estimated that breaches against banks have increased by 300 per cent since 2014, costing the industry some $1 trillion.

With the onset of the COVID-19 pandemic, many financial institutions accelerated their use of alternate platforms on which customers could conduct business in order to eliminate face-to-face interaction because of lock-down measures. By employing technology, the banking sector aims to be more efficient. Unfortunately, it is these same platforms that criminals are using to commit a litany of fraudulent actions, involving credit card scams, blackmail, and other illegal activities such as personal attacks.

ACUTE DAMAGE

Acute damage can be done to an economy by cybercriminals because they threaten the safety and security of the country. Not only do they develop methods to steal money, they also gain access to vital business information, which they can use to interrupt commercial activity. One of the looming threats is that people might take their money overseas if they get the sense that their funds are not safe in local banks. Besides, the monetary losses from these crimes are borne by customers and the banks, whose credit ratings and reputations could be shredded.

The Bank of Jamaica (BOJ), the country’s central bank, is itself not immune to these attacks. There are documented examples of central banks being hacked and millions of dollars siphoned off by hackers who can be anywhere from Bangladesh to Vietnam. Therefore, the BOJ has an overriding…

Source…

Merchants, Banks Confront Rising Friendly Fraud

/in


Sometimes the biggest threats come from the foes who pose as friends, spinning tales that seem legitimate and often urgent. And then comes the realization:

You’ve been scammed.

Eric Kraus, V.P. and general manager of Fraud, Risk and Compliance Solutions at FIS, told PYMNTS that friendly fraud looms as a growing threat for merchants and banks alike.

Friendly fraud is another name for first party chargeback fraud, which occurs when a consumer buys something online through a card-based purchase, and then disputes the charges or requests a chargeback, having already received the item or the service that they bought. The conversation was held against the backdrop where merchants of all sizes say “friendly fraud” is the No. 1 fraud trend they are dealing with, representing a significant increase in loss exposure the past few years.

Then there’s “refund fraud” which also occurs after the transaction is completed. However in this scenario, the goods that have been purchased are not returned — or something else entirely is sent back to the merchant.

As he said, illustrating what might happen to an unwitting merchant:

“The last thing you want is to initiate a refund and then open up the iPad box and see that it’s empty.”

Friendly fraud, he said, has become a favorite of scammers in recent months, so much so that he said FIS has seen some eCommerce merchants estimate that 80% of their claims are tied to it.

“These scams are especially high in the digital goods space,” he said.

Banks and credit unions are also feeling the pinch. Disingenuous cardholders, he said, will try to make claims with their financial institutions (FIs), stating that their cards were stolen multiple times in a short period of time as an example.

In the digital age, the bad actors are also leveraging technology to help them launch attacks at scale, compromising point-of-sale devices and “testing” cards. To figure out if a stolen credit card number is valid, thieves sometimes attempt small purchases to see which cards get approved. The fraudster can then make larger purchases over time. Manually testing takes time, so criminals use botnets to run thousands of low-value transactions quickly.

Source…

Take adequate cyber security measures, CP CV Anand tells city banks

/in


Hyderabad: Take adequate cyber security measures, CP CV Anand tells city banks

Source…

Final Rule Places New Cybersecurity Reporting Requirements On Banks – Finance and Banking

/in



United States:

Final Rule Places New Cybersecurity Reporting Requirements On Banks

09 March 2022


Crowe & Dunlevy



To print this article, all you need is to be registered or login on Mondaq.com.

Last month, the Federal Reserve System’s Board of Governors,
the Federal Deposit Insurance Corporation and the Office of the
Comptroller of the Currency approved a final rule that places
reporting requirements on banks and banking service providers.
Under this new rule, banks must report cybersecurity incidents
within 36 hours to federal regulators. In addition, banking service
providers must notify banks as soon as possible after suffering a
computer security incident. This new rule also requires banks to
inform customers of any computer security incident lasting more
than four hours.

This new rule is part of a current trend of requiring critical
infrastructures to report cybersecurity incidents. This rule goes
into effect starting April 1, 2022, and banks are required to be in
compliance by May 1, 2022. While the rule doesn’t go into
effect until next year, there are several ways that banks and
service providers can get prepared.

  1. Determine who will be responsible for reporting the
    incident to the regulators.     Cybersecurity incidents are
    stressful. While the rule provides a more extended deadline than
    the 12-hour reporting requirement for pipelines, 36 hours is still
    a quick turnaround. Taking the time now to identify the person
    responsible will…

Source…