Chinese association introduces guidelines for facial-recognition payments

(Jan 23, 2020) Biometric Update reports the Payment & Clearing Association of China introduced guidelines for facial-recognition payments. The guidelines require companies to encrypt facial-recognition data and store it separately from other information, such as bank numbers, according to the original report from Caixin Global. Organizations are not allowed to keep facial data following the completion of a transaction. Anli Partners Senior Partner Wang Xinyue said companies that use the technology should g... Read More

US lawmakers call for FTC investigation of fintech firm's data sale

(Jan 21, 2020) U.S. Sens. Ron Wyden, D-Ore., and Sherrod Brown, D-Ohio, along with Rep. Anna Eshoo, D-Calif., penned a letter urging the Federal Trade Commission to investigate alleged improper data sale by financial technology firm Envestnet and its subsidiary, Yodlee, The Wall Street Journal reports. The lawmakers wrote, "Consumers generally have no idea of the risks to their privacy that Envestnet is imposing on them." In a statement, Yodlee refuted the allegations, saying it complies with regulatory standa... Read More

'Account aggregator' system gives consumers access to financial data

(Jan 16, 2020) India’s top banks will soon give consumers access to a considerable amount of their financial data, allowing them to control who sees what and when, the Hindustan Times reports. The “account aggregator” system will be licensed by India’s central bank and offered by banks. Users will be able to log in to authorized apps to access financial data, including spending patterns, tax returns and business transactions, which they can share to pursue loans, investments or insurance. “If it works, it coul... Read More

US financial regulators discuss cloud data obligations

(Jan 16, 2020) The Wall Street Journal reports U.S. financial regulators have reminded banks and brokers they are still responsible for consumer data stored on a third-party cloud. While attending a Financial Industry Regulatory Authority conference, Securities and Exchange Commission Senior Examiner Salvatore Montemarano explained how liability for cloud data breaches falls back on companies that own the data. “Even if you have identified who has responsibility for what controls, you’re still outsourcing your... Read More

US court approves $1.38B Equifax class-action settlement

(Jan 15, 2020) The U.S. District Court Northern District of Georgia has signed off on Equifax's $1.38 billion class-action settlement over its 2017 data breach, BankInfoSecurity reports. According to Chief Judge Thomas Thrash Jr.'s decision, Equifax will put $1 billion toward improving its data security, while a maximum of $31 million in damages will be distributed among affected consumers. "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders o... Read More

Perspective: Financial industry must solve identity fraud problem

(Jan 10, 2020) A recent study found identity fraud impacts nearly 17 million people per year and results in $16.8 billion in losses. These statistics, combined with strict regulatory requirements, give financial companies "tremendous incentive to invest in the latest identity verification technologies," according to Consumer First Coalition Executive Director Jason Kratovil. In this piece for Privacy Perspectives, Kratovil writes, "the financial industry must stay ahead of increasingly clever identity thieves ... Read More

In banking, the search for identity truths continues

(Jan 10, 2020) "Who are you?" It’s a question that occurs to most of us every day, triggered usually by harmless events, like a surprise knock on the door or an unrecognized phone number appearing on our cellphones. For financial institutions, it’s a question that demands an accurate answer. According to a recent study, identity fraud impacts nearly 17 million people each year, resulting in $16.8 billion in losses. These sobering statistics, combined with strict regulatory requirements to “know your customer... Read More

ICO discusses data protection in open banking

(Jan 9, 2020) In a blog post on its website, the U.K. Information Commissioner's Office wrote about the positives of data sharing through the scope of open banking. The ICO said open banking's sharing structure, which is designed to improve customers' control of their own data through application programming interfaces, has "created a culture of organisations working together to create competition and not just be in competition." Additionally, the ICO opined that businesses or individuals aiming to use simila... Read More

FTC, mortgage broker reach $120K settlement over data exposure

(Jan 8, 2020) The U.S. Federal Trade Commission has announced it has agreed to a $120,000 settlement with California-based Mortgage Solutions FCS, over personal-data-related violations of the Fair Credit Reporting Act. The mortgage broker allegedly responded to negative customer reviews by revealing personal information belonging to those customers. The exposed information included credit histories, debt-to-income ratios, taxes, sources of income, family relationships and more.  FTC Bureau of Consumer Protect... Read More

JPMorgan to limit fintech app data sharing

(Jan 2, 2020) JPMorgan Chase has plans to begin prohibiting financial technology apps from using customer passwords to access bank accounts, the Financial Times reports. In lieu of password access, JPMorgan will send tokens to third-party apps with a more secure and narrower set of customer data. Chase Head of Digital for Consumer & Community Banking Bill Wallace said the token system "lets the customer know exactly what information is being used ... and removes the need to hand over their passwords." Mea... Read More