Bad actors targeting fintech aggregators: Fincen chief

Fraudsters are increasingly trying to exploit fintech data aggregators to avoid detection, the head of the Financial Crimes Enforcement Network said Tuesday.

Fincen Director Kenneth Blanco warned about a rising number of cyber criminals using "synthetic identities" to commit fraud with data stolen from aggregators.

Treasury Department building
The U.S. Department of the Treasury building stands in Washington, D.C., U.S., on Friday, July 29, 2011. President Barack Obama and congressional leaders began a fresh attempt to reach agreement on raising the U.S. debt cap, with a potential framework for a deal emerging two days before a default deadline. Photographer: Andrew Harrer/Bloomberg

“In some cases, cybercriminals appear to be using fintech data aggregators and integrators to facilitate account takeovers and fraudulent wires,” Blanco said in a Tampa, Fla. speech. Fincen is a bureau of the Treasury Department.

His remarks signal enhanced scrutiny of data aggregators' role financial tech by regulators. Firms that link individual customer data across various financial institutions have been able to keep a relatively low profile in Washington but that could be changing.

Blanco said fintech platforms could be enabling bad actors to escape the notice of standard methods for identifying fraud.

"By using stolen data to create fraudulent accounts on fintech platforms, cybercriminals are able to exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts," he said.

"Some criminals are also monetizing stolen credit card information through fraudulent merchant accounts to charge victims’ cards, or are simply creating fraudulent user accounts on fintech platforms as part of identity theft or synthetic identity fraud."

In April 2018, the Financial Industry Regulatory Authority warned that giving aggregators access to financial data would open up banks and consumers to risk, including “potential vulnerability to cyber fraud, unauthorized transactions and identity theft.”

For reprint and licensing requests for this article, click here.
Data security Fintech regulations AML Fraud detection FinCEN
MORE FROM AMERICAN BANKER