Refinitiv CEO: Hong Kong needs to standardize privacy laws

(Oct 18, 2018) Refinitiv CEO David Craig said Hong Kong needs to standardize its privacy laws and improve data-sharing protections in order to better combat financial crime, the South China Morning Post reports. Speaking at the Refinitiv Pan Asian Regulatory Summit, Craig said financial institutions have been hesitant to share information with regulators out of fear of violating privacy laws. “There needs to be a global movement to harmonise what we mean by data privacy and what is an acceptable standard, and ... Read More

Federal agencies fail to meet PCI DSS standards

(Oct 12, 2018) CBC News reports several federal agencies failed to uphold the Payment Card Industry Data Security Standards. Of the 34 federal institutions authorized to accept credit card payment from citizens, 17 of them do not meet the PCI standards. Shared Services Canada maintains the data systems for 13 of the 17 noncompliant agencies, including the Royal Canadian Mounted Police, Transport Canada, Statistics Canada, and the Canada Revenue Agency. "Based on the latest information, all 13 departments which... Read More

The very real problem of synthetic identity theft

(Oct 3, 2018) Fraudsters are nothing if not resourceful. But gone are the days of dumpster diving for credit card carbon papers. As is the relative ease of fabricating new plastic with stolen account numbers, which is no longer such an enticing proposition as EMV chip cards now dominate consumers’ wallets. If instant gratification is getting hard to come by, what’s a would-be identity thief to do? The answer is, as it turns out: Be patient and commit synthetic identity fraud. Traditional identity theft is w... Read More

Perspective: The very real problem of synthetic identity theft

(Oct 3, 2018) Keeping up with adversaries engaged in bank fraud and identity theft is no easy task. Though EMV-chip cards have helped stymie some traditional fraud, a new and more advanced form of identity theft has emerged: synthetic identity theft. Though process often takes time and persistence, it costs financial institutions money in bogus credit card charges. However, "the situation is worse for the children whose [Social Security numbers] were used to create the synthetic identities," a common practice... Read More

Overview of reporting updates to Chile's financial sector

(Oct 3, 2018) In an article for Hipervínculos, Paulina Silva and Carlo Benussi provide an explanation and brief analysis of recent updates to cybersecurity measures in Chile’s financial sector. They write that, following cybersecurity incidents, the country’s Superintendence of Banks and Financial Institutions updated regulation Aug. 31 to facilitate better access to quality information about incidents and raise the security standards of the financial system. Changes include modifications to Chapters 20–8 and... Read More

Telephone-based phishing scams becoming more sophisticated

(Oct 2, 2018) KrebsOnSecurity reports on the growing sophistication of telephone-based phishing scams. Scammers use various tools to change their phone number to one that looks familiar to their target and will use information they have obtained from the dark web to add legitimacy to the call. The malicious actors, which may either be a real person or an automated voice, will ask their target to provide CVVs and PIN numbers, leaving the victim to obtain new cards and clear up the fraudulent charges. Full Stor... Read More

US banks see increase in attempted cyberattacks

(Oct 2, 2018) As the U.S. Department of the Treasury has been sending cyber risk warnings to large U.S. banks, those financial institutions have seen an increase in attempted cyberattacks, The Wall Street Journal reports. Bank of America, Citigroup, JPMorgan Chase and Wells Fargo have been asked by federal officials to monitor traffic from potential hackers who are seeking to discover vulnerabilities within the banks’ networks. The Office of Critical Infrastructure Protection and Compliance Policy within the ... Read More