Data security

The Reserve Bank of India says the card brand failed to comply with a requirement to store transaction details locally. The handling of payment information has become a point of contention between the Asian nation and American firms.

Salt Labs researchers exploited four types of vulnerabilities in the application programming interfaces of a large financial company. Their findings contradict conventional wisdom about the safety of APIs in the sharing of consumer data.

The technology holds great promise for financial services, but it could be just as powerful for scammers looking to break payment card encryption. Visa, Mastercard and others are already building new defenses.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

Fraudsters use different tactics based on their intended victims, and banks like Republic Bancorp and Wells Fargo are targeting the kinds of notices they send — and which channels they direct them to — in response.

Europe has encouraged adoption with rules that put consumers in control of the way their data is shared among banks, fintechs and third-party vendors. Whether the U.S. can make similar progress without its own rules is unclear.

The government helped the gas pipeline operator recoup some of the funds it paid to cyberthieves, but that's unlikely to happen often. Banks should shore up password security to minimize risk and be willing to reject hackers' demands in the event of a breach.

A slew of websites operated by financial institutions, governments and airlines including Hong Kong Exchanges & Clearing and Australia’s central bank went down briefly Thursday in the second global internet outage in two weeks.

Before its disappearance, Avaddon said it hacked Valley National Bank's network and threatened to leak sensitive data. The bank is still investigating.

Financial firms can minimize the damage by understanding where key threats lie, educating employees and customers about phishing scams, and breaking down silos between compliance, fraud and security teams.