Data security

Though banks were not directly affected by security flaws discovered in Azure systems last week, they need to be aware of the kinds of misconfigurations that could lead to massive data breaches.

For banks that want to replace usernames and passwords with more secure options, there's hope: Consumers are becoming more comfortable with biometrics, the technology is getting easier to use and regulators are starting to require it.

Chief executives from across the business world are set to join President Biden for a discussion Wednesday on how industry and the federal government can partner to improve cybersecurity in the face of debilitating ransomware and cyberattacks.

Infrastructure will command most of lawmakers’ attention, but expect banks to keep pushing for bills that would ease the transition away from a key benchmark rate and help them serve legal cannabis businesses.

The incident, which may have exposed customers’ account information to other customers, was caused by a technical glitch, the company wrote in a notice posted on a state attorney general's website.

Online attacks on travel and other nonfinancial industries grew at a much faster rate in the second quarter than those on financial services companies. Yet hackers pose considerable risk to banks and credit unions, especially in payments.

The Federal Financial Institutions Examination Council says bank accounts and information systems have become more vulnerable as mobile and other technologies have expanded. It issued guidelines on detailed steps financial institutions should take to heighten security.

Companies like Arkose Labs say they're so confident in their ability to deter the attacks — automated attempts to break into online banking sites using stolen usernames and passwords — that they can offer banks a warranty.

Criminals' efforts to steal identities and take over accounts have become increasingly sophisticated. Banks must upgrade their mitigation processes, which can be held back by antiquated systems and organizational silos.

Citigroup’s chief financial officer said China’s recent moves to crack down on companies isn’t likely to harm the bank’s business across the Asia-Pacific region.

After recent attacks on ATM networks, the PCI Council, a prominent standards body, recommended extra protections for mainframes that handle card and payment data.

The Reserve Bank of India says the card brand failed to comply with a requirement to store transaction details locally. The handling of payment information has become a point of contention between the Asian nation and American firms.

Salt Labs researchers exploited four types of vulnerabilities in the application programming interfaces of a large financial company. Their findings contradict conventional wisdom about the safety of APIs in the sharing of consumer data.

The technology holds great promise for financial services, but it could be just as powerful for scammers looking to break payment card encryption. Visa, Mastercard and others are already building new defenses.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

Fraudsters use different tactics based on their intended victims, and banks like Republic Bancorp and Wells Fargo are targeting the kinds of notices they send — and which channels they direct them to — in response.

Europe has encouraged adoption with rules that put consumers in control of the way their data is shared among banks, fintechs and third-party vendors. Whether the U.S. can make similar progress without its own rules is unclear.

The government helped the gas pipeline operator recoup some of the funds it paid to cyberthieves, but that's unlikely to happen often. Banks should shore up password security to minimize risk and be willing to reject hackers' demands in the event of a breach.