The settlement detailed the missteps PayPal took in the lead-up to the attack and highlighted common risks — both on compliance and security — banks face.

The ruling lets state Attorney General Letitia James continue arguing Citi should have reimbursed customers for wire fraud, though some claims were dismissed.

A security researcher found a database exposing names, addresses, and bills apparently belonging to Willow Pay, a fintech for short-term financing on bills.

The order calls on federal agencies to support more forms of digital identity documents and could lead more states to adopt digital driver's licenses.

Banks must comply with a European Union law known as DORA by Friday. The law aims to improve cybersecurity and reduce tech failures in financial services.

Amendments to New York's cyber rules — and a focus on privacy in California — mean banks must enhance risk controls, encryption and customer protections.

An alarming percentage of cyberattacks in 2024 exposed eight or more pieces of sensitive customer information, a notable increase in severity. Banks need to have both proactive and reactive strategies in place to protect customers.

Modeled after Energy Star, the Cyber Trust Mark will label smart devices that pass federal cybersecurity standards.

Financial institutions need to beware of advanced persistent threats and of the potential security shortcomings of their vendors, experts say.

2024 brought important issues front and center for bankers, ranging from the rise of artificial intelligence to the fall of banking-as-a-service.