Data and information management

As Nvoicepay expands, the payment automation company is keeping an eye on how it may fall under European data rules that have a knack for requiring compliance even from companies that should be exempt.

Phone-based customer service opens opportunity for voice phishing, or "vishing," and other types of attacks linked to card not present transactions, according to Rafael Lourenco, an executive vice president at ClearSale.

The Illinois commercial bank gained a new role when it realized it shared the same digital transformation challenges as its customers.

Whatever the reason that Plaid, a prominent data aggregator, can no longer access data from Capital One, the situation demonstrates how fragile fintechs are when they lose banking access.

The measure, which has been compared to the EU’s new consumer privacy rules, grants Californians new rights over how companies collect and use their personal data.

Disruptive upstarts. Glitches galore. Open banking adoption. Financial institutions are being challenged on multiple fronts — here’s a look at how they’re coping.

Eight states want the credit bureau to show what it’s doing to improve data security; Goldman, Morgan Stanley and Wells Fargo will be the focus of this set.

In the past few years of fighting against cyberattacks, security teams have developed "kill chain" models that document what steps the bad guys take to infiltrate a network and how to thwart them. The problem is, a significant number of data breaches occur from insider threats, which these models often overlook.

Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.

Ticket sales company Ticketmaster has warned customers in the U.K. that malicious code running on its website could have led to personal data and payment details being stolen. This kind of breach through third-party JavaScript code is quite common and may go undetected for months.

Capital One Financial Corp. is limiting how account data flows to outside apps for managing finances, prompting a backlash from the bank’s customers who say they have been locked out of their own information.

Payments fraud from business email compromise, or BEC, occurs when scammers use phishing tricks and email to fool businesses into making fraudulent payments to perceived suppliers. Experts suggest newer factors are accelerating the trend.

HSBC is the first bank in the U.S. to deploy SoftBank's lifelike Pepper robot in a branch to help customers learn about bill pay, remote check capture and even ask the weather — but in Pepper's current iteration, it won't take deposits or payments.

Credit unions know they need big data, but many aren't sure what to do with it.

A ballot initiative that taps into the public's anger about online data abuses has qualified for the November ballot. But lawmakers are considering whether to head off the statewide vote by passing a measure that may be more amenable to the financial industry.

Almost two-thirds of financial institutions have yet to form threat hunting teams — a growing necessity as the number of high-profile attacks rises.

Called Mezu, the P2P platform has been live for about a week and uses a location-based code to execute payments, avoiding the need to even share usernames or other identifying information to move money.

Once companies can recognize their customers without constantly asking security questions, they can shower them with benefits to enhance the shopping experience while bolstering their brand, writes Robert Capps, vice president at NuData Security, a Mastercard company.

Malware operators are joining forces, installing each others’ tools on compromised computers to target a wider range of victims, and possibly also sharing the work of harvesting funds using stolen account details.