The correct strategy needs to be built around the mindset that the attackers might eventually succeed, and that with the right tools, the breach can be detected early, the extent of it can be controlled, and the attack can be stopped before a lot of damage is inflicted, writes Engin Kirda, a professor of computer science at Northeastern University.

Security is a top priority for financial institutions around the world. In the past few weeks, the U.K.’s TSB Bank has learned the hard way that availability is even more important. And when availability is an issue, security can’t be ignored.

Ryan, McConnell say they have a deal on a bipartisan Dodd-Frank rollback; New York won more than $5 billion in settlements from big banks under the former AG.

Even as banks have built up their defenses, fraudsters continue to find new ways to try steal consumers’ identities to open accounts, take out loans or intercept payments.

Among the findings, credit unions may not be doing enough to protect against malware, which involved in nearly 40 percent of hacking incidents, as well as Trojan botnets and denial of service attacks.

The hackers gained entry to affected systems through a client-access portal and the company’s internal monitoring systems detected the intrusion.

The spread of breached identity information has resulted in an outbreak of new account creation fraud with a new ground zero for the crimes pointing right at Latin America.

Agencies are examining regulating cybercurrencies not named bitcoin; is Paul Achleitner to blame for the German bank’s problems?

Acting CFPB Director Mick Mulvaney told a group of bankers last week that he intends to end public access to complaints, but Sen. Elizabeth Warren and two other Democrats argue that would be a mistake.

In addition to changing the name of the Consumer Financial Protection Bureau, the acting director wants to also nix public complaints; the good, bad and ugly in Zelle's ascendance; a case study for digital outage recovery; and more from this week's most-read stories.

John Chiang says the bank “reeks of betrayal” a day before the bank’s annual meeting; the former chair of the CFTC has doubts about cryptocurrencies.

The agency's acting chief said hundreds of data breaches justified a halt on collecting information from firms, but experts question that logic.

With new data breaches becoming public on an almost routine basis, it’s no surprise that our findings revealed that consumers are starting to favor safety over speed and ease of checkout, writes Joseph Daly, COO of Paysafe Payment Processing in North America.

The bank faces June 15 AML compliance deadline; the features that make Zelle popular with customers entice thieves.

SunTrust let about eight weeks pass before telling the public that data tied to 1.5 million customers had been stolen.

The news of the data breach cast a shadow over relatively strong first-quarter earnings for the Atlanta bank.

PCI compliance can't solve all security problems. EMV, encryption are all necessary to protect merchants from data breaches, writes Jeff Zimmerman, COO of Clearent.

WebAuthn could eventually mean passwords are replaced with fingerprints and facial recognition. But how hard will it be to implement?

The Senate is expected to pass a bill that would ax controversial guidance on loans at car dealerships; lower tax rate may have skewed year-on-year comparisons.

Whether due to costs, growing cyber threats or other factors, a growing number of credit unions are outsourcing an important C-level security role.