Legal issues and news

With Microsoft, Equifax and others acknowledging that the SolarWinds hack of U.S. government entities had affected their holdings, security teams and vendors have put the holiday aside while continuing around-the-clock surveillance to ensure no financial services or payments networks have been hacked.

As risk rises and budgets tighten post-pandemic, training all employees about security risks and conducting quarterly penetration tests helps to offset threats and potential losses.

By upgrading permissions and defining access, firms can get ahead of the new threat, says vArmour's Marc Woolword.

The Pittsburgh bank says the data aggregator deceptively uses PNC's logo in obtaining bank customers' login credentials.

The Federal Reserve and the New York State Department of Financial Services have ordered the Swiss bank’s U.S. arm to improve oversight and better monitor the activities of its customers.

Congress’s passage of a measure requiring startup companies — instead of their banks — to identify true owners was arguably the industry’s biggest legislative achievement in 2020. Now the industry is urging lawmakers to revisit proposals that would ease other anti-money-laundering reporting requirements.

The bank's release from a five-year-old enforcement action would mark progress in CEO Charlie Scharf's efforts to resolve its sprawling regulatory problems. But 10 more consent orders, including an asset cap imposed by the Federal Reserve in 2018, remain in place.

Remote learning and work heightens the security risk, says Pulse Secure's Mike Riemer.

The agency's rule outlines steps collectors must take to inform consumers about an outstanding debt, and prohibits companies from pursuing lawsuits after a statute of limitations has ended.

The agency said it may exempt certain institutions from having to file suspicious activity reports if they have “innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively." But in those circumstances, law enforcement may still require SARs.

Manual transaction monitoring doesn't scale to the acceleration of online activity, leading to many potential false negatives, and reduced efficiencies as teams demand quick growth and analysts take time to train properly, says Acuant's Jose Caldera.

Bansley & Kiener, without admitting wrongdoing, agreed to pay $2.5 million to address allegations that lax oversight contributed to the 2017 collapse of Washington Federal Bank for Savings.

A co-founder of a cryptocurrency firm was sentenced to a year in prison after pleading guilty to tricking investors out of more than $25 million in an investment scam promoted with the help of celebrities including Floyd Mayweather and the musician DJ Khaled.

Federal banking agencies want to give the industry a hard deadline for notifying their regulators about serious security breaches and failed system upgrades.

Tokenization, click to pay and other advancements boost efficiency and safety, says the Electronic Payments Coalition's Jeff Tassey.

Paying on delivery with tokenization, biometric fingerprint cards, vein scanning or phone-to-phone with a variety of card payment options helps create a universe of consumer choice, convenience, personal preference and better fraud protection, says Radar Payments' Jane Loginova.

Global collaboration among researchers creates a network effect to share resources and spot threats, says Bugcrowd's Casey Ellis.

The e-commerce expansion borne out of the pandemic heightens the balancing act between security and user experience, a challenge Forter and Nuvei hope to address through a mix of data analysis and an expansive network of merchants.

The defense spending bill includes language requiring businesses to report their owners to Fincen.

It's important that breach mitigation strategies take younger people, gaming and school into account, says ForgeRock's Ben Goodman.