Data security

A vast majority of IT leaders at banks want to ditch passwords for something better and safer, and many tech vendors are moving in that direction already. But it's easier said than done.

Early Warning Services brought back its Authentify moniker for a new digital ID service. It's not being marketed as a way to stop P2P fraud, but it should appeal to banks wanting to improve security for online transactions.

In the lead-up to a data breach, phishing is second only to use of stolen credentials in terms of how attackers infiltrate institutions. Here's what else you need to know.

Researchers recently described a scheme that allows affiliates to buy access to phishing materials. The case provides an insight into the methodical nature of some cybercrime.

Robinhood Markets' cryptocurrency arm was fined $30 million by New York's financial regulator after the brokerage was accused of violating anti-money-laundering and cybersecurity rules.

The National Crime Agency has seen a surge in so-called suspicious activity reports filed by banks and other regulated institutions in the U.K. since February. 

A class action said the company, which has suffered two breaches in the past year, also was responsible for a larger breach and “downplayed” the situation when it notified consumers.

Rogers Communications is experiencing a widespread network failure in its wireless and internet services, causing payment systems and automated teller machines at banks to go down.

Traditional banks already have the tools they need to win back consumers’ confidence, but they need to be smart about deploying them.

Tuesday’s announcement provides clarity to institutions that are trying to stay ahead of quantum computing’s threat to data security.

Fraudsters sometimes target customers of credit unions and smaller banks because the institutions lack the cybersecurity resources of larger players.

With global tensions rising over Ukraine, the cutthroat competitiveness of the U.S. financial sector is yielding to partnership over the conviction that a cyberattack against even a group of minor banks — or a third-party service provider — could imperil everyone in a highly connected system.

The data breach, which occurred over a two-day period last December, is the largest disclosure by a mortgage lender this year.

A recent survey indicated banks and other firms continue to grapple with the cybersecurity challenges of remote work. To defend their data, they’re looking far beyond the traditional VPN.

A recent campaign targeting Quickbooks users claimed customers had their accounts suspended because of problems verifying their business information. It’s the latest example of scams that slither through multiple lines of defense.

The credit union’s members are disproportionately targeted by cybercrime. Password managers are critical to helping them protect themselves, said data security chief Mike Newborn.

Widespread sharing of financial and other data creates enormous privacy risks for consumers, many of whom have no real understanding of the danger.

Researchers may now have more leeway in helping banks uncover vulnerabilities to their systems, but legal gray areas remain.

Several federal agencies have recently stepped up requirements on banks to notify regulators and the public when they fall victim to cybersecurity incidents.

David Reilly oversaw cybersecurity efforts at the bank for years and has learned how employees with access to sensitive information can be flipped, conned or extorted into cooperating with hackers.