Data security

The Federal Financial Institutions Examination Council says bank accounts and information systems have become more vulnerable as mobile and other technologies have expanded. It issued guidelines on detailed steps financial institutions should take to heighten security.

Companies like Arkose Labs say they're so confident in their ability to deter the attacks — automated attempts to break into online banking sites using stolen usernames and passwords — that they can offer banks a warranty.

Criminals' efforts to steal identities and take over accounts have become increasingly sophisticated. Banks must upgrade their mitigation processes, which can be held back by antiquated systems and organizational silos.

Citigroup’s chief financial officer said China’s recent moves to crack down on companies isn’t likely to harm the bank’s business across the Asia-Pacific region.

After recent attacks on ATM networks, the PCI Council, a prominent standards body, recommended extra protections for mainframes that handle card and payment data.

The Reserve Bank of India says the card brand failed to comply with a requirement to store transaction details locally. The handling of payment information has become a point of contention between the Asian nation and American firms.

Salt Labs researchers exploited four types of vulnerabilities in the application programming interfaces of a large financial company. Their findings contradict conventional wisdom about the safety of APIs in the sharing of consumer data.

The technology holds great promise for financial services, but it could be just as powerful for scammers looking to break payment card encryption. Visa, Mastercard and others are already building new defenses.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

Fraudsters use different tactics based on their intended victims, and banks like Republic Bancorp and Wells Fargo are targeting the kinds of notices they send — and which channels they direct them to — in response.

Europe has encouraged adoption with rules that put consumers in control of the way their data is shared among banks, fintechs and third-party vendors. Whether the U.S. can make similar progress without its own rules is unclear.

The government helped the gas pipeline operator recoup some of the funds it paid to cyberthieves, but that's unlikely to happen often. Banks should shore up password security to minimize risk and be willing to reject hackers' demands in the event of a breach.

A slew of websites operated by financial institutions, governments and airlines including Hong Kong Exchanges & Clearing and Australia’s central bank went down briefly Thursday in the second global internet outage in two weeks.

Before its disappearance, Avaddon said it hacked Valley National Bank's network and threatened to leak sensitive data. The bank is still investigating.

Financial firms can minimize the damage by understanding where key threats lie, educating employees and customers about phishing scams, and breaking down silos between compliance, fraud and security teams.

With the Colonial Pipeline attack still in the news, bank CEOs testifying at a recent hearing cited cyber risk as the biggest threat facing the industry. But members of Congress did not share those concerns, and instead were more focused on criticizing banks about overdraft fees and their level of investment in minority communities.

Scams in which a real person’s information is used to create fictitious businesses or individuals have led to $6 billion in credit losses. The Federal Reserve has developed a standard definition for synthetic identity fraud so lenders can distinguish it from traditional identity theft.

Hackers, including the group behind the breach at Colonial Pipeline, have posted convincing evidence that they have broken into the servers of community banks in Florida and California and stolen customers' data.

The most sophisticated cyberattacks can begin with something as simple as a text message.

The risk is growing that criminals or hostile nations could use quantum computing to hack into the ledger systems that control bitcoin and other digital currencies.