Data and information management

Citigroup’s chief financial officer said China’s recent moves to crack down on companies isn’t likely to harm the bank’s business across the Asia-Pacific region.

After recent attacks on ATM networks, the PCI Council, a prominent standards body, recommended extra protections for mainframes that handle card and payment data.

The Reserve Bank of India says the card brand failed to comply with a requirement to store transaction details locally. The handling of payment information has become a point of contention between the Asian nation and American firms.

Salt Labs researchers exploited four types of vulnerabilities in the application programming interfaces of a large financial company. Their findings contradict conventional wisdom about the safety of APIs in the sharing of consumer data.

The technology holds great promise for financial services, but it could be just as powerful for scammers looking to break payment card encryption. Visa, Mastercard and others are already building new defenses.

Banks should let consumers download their account data and transfer it to other financial providers, according to a new presidential order. Some experts argue aggregators are already making this happen, but others say the directive implies more consumer control.

The White House is calling on the Department of Justice and federal regulators to give bank deals more scrutiny as part of a broader executive order meant to encourage competition across the U.S. economy.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

Fraudsters use different tactics based on their intended victims, and banks like Republic Bancorp and Wells Fargo are targeting the kinds of notices they send — and which channels they direct them to — in response.

Europe has encouraged adoption with rules that put consumers in control of the way their data is shared among banks, fintechs and third-party vendors. Whether the U.S. can make similar progress without its own rules is unclear.

The government helped the gas pipeline operator recoup some of the funds it paid to cyberthieves, but that's unlikely to happen often. Banks should shore up password security to minimize risk and be willing to reject hackers' demands in the event of a breach.

The Faster Identity Online Alliance has established its first user-experience guidelines and delivered new standards designed to more quickly move authentication processes past traditional username-and-password combinations.

How technology is enabling new types of payment transmission and what this means for banking.

Distributed ledger projects in banking are few and far between — many have stalled and others remain experiments. Robert Townsend, who has worked with banks around the world and written a book about blockchain technology, explains some of the ways financial institutions could be using it, for instance in small-business lending and supply chain finance.

A slew of websites operated by financial institutions, governments and airlines including Hong Kong Exchanges & Clearing and Australia’s central bank went down briefly Thursday in the second global internet outage in two weeks.

Before its disappearance, Avaddon said it hacked Valley National Bank's network and threatened to leak sensitive data. The bank is still investigating.

Financial firms can minimize the damage by understanding where key threats lie, educating employees and customers about phishing scams, and breaking down silos between compliance, fraud and security teams.

With the Colonial Pipeline attack still in the news, bank CEOs testifying at a recent hearing cited cyber risk as the biggest threat facing the industry. But members of Congress did not share those concerns, and instead were more focused on criticizing banks about overdraft fees and their level of investment in minority communities.

Scams in which a real person’s information is used to create fictitious businesses or individuals have led to $6 billion in credit losses. The Federal Reserve has developed a standard definition for synthetic identity fraud so lenders can distinguish it from traditional identity theft.

The initiative would standardize and expand security, but marketing restrictions weigh against the business case for adoption.