WASHINGTON (8/29/14)--Even if a phone's caller ID says "Federal Trade Commission" (FTC) or "Internal Revenue Service" and shows a Washington, D.C., area code, it could still be scammers, the FTC warned in a recent announcement. According to the FTC, scammers know how to display fake information on caller ID systems.
The FTC's warning states that scammers have been calling consumers, saying the caller is from the government and the consumer owes taxes or some other debt. The scammer tells them to put money on a prepaid debit card and then to tell the phony government representative the card number. Others scammers say there is a large sweepstakes prize from the FTC or some other agency, and that the money will be awarded after the consumer pays for shipping, taxes or some other expense.
The FTC's Consumer Information website has released information on how to spot potential scammers claiming to be from the government.
The website says all consumers should be aware of the following:
- Federal government agencies and employees don't ask people to send money for prizes or unpaid loans. The FTC doesn't supervise sweepstakes, and when the IRS contacts people about unpaid taxes, they usually do it by postal mail, not by phone;
- Federal government agencies and employees also don't ask people to wire money or use a prepaid debit card to pay for anything. Once a prepaid card is sent or a money transfer is made, the funds are gone; and
- Do not rely on caller ID. Scammers know how to rig it to show the wrong information. Scammers might have personal information about individuals before they call, so it should not be taken as a sign the caller is legitimate.
Use the resource link below to access the FTC's government impostor scams homepage.
WASHINGTON (8/29/14)--A New Jersey-based money services business has been fined for "willful and repeated violations" of the Bank Secrecy Act (BSA), the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) announced Thursday. BPI Inc. has admitted its conduct violated the BSA and has consented to a civil money penalty of $125,000.
BPI was cited in 2005 and 2006 for what FinCEN called "serious concerns with its anti-money laundering program" found by examiners. Federal and state examiners issued warnings and corrective actions at that time.
In 2011, an examination found the same deficiencies were still present. In addition to deficiencies with its internal controls, independent testing and training, examiners also found that, prior to the 2011 examination, BPI had never filed a single suspicious activity report.
In addition, it was found that BPI employees allowed customers to conduct transactions without verifying and retaining required identification information and allowed customers to conduct money transfers by using expired identification documents.
"There is absolutely no excuse for a financial institution to ignore such warnings and render the U.S. financial system vulnerable to money laundering and terrorist financing," said FinCEN Director Jennifer Shasky Calvery, noting that BPI had "plenty of notice of its problems" from examiners and an independent auditor.
According to FinCEN, BPI ceased operations as a money services business in March 2014.
Use the resource information to access FinCEN's civil penalty assessment.
- WASHINGTON (8/29/14)--The Consumer Financial Protection Bureau unveiled a new publication,
"Financial Wellness at Work
The report provides case studies designed to educate employers about practices that can improve employees' financial health and increase worker productivity.
"We've been researching how innovative companies are leveraging technology, peer-to-peer relationships, and other promising practices to find low-cost, high-impact ways to promote financial wellness at work," the CFPB said in a
. "Our report is a resource for employers, non-profits, and others interested in promoting financial wellness programs in the workplace" ...
WASHINGTON (8/29/14)--The Consumer Financial Protection Bureau (CFPB) has announced new members of the Credit Union Advisory Council (CUAC), as well as new senior leaders and other advisory board members. The CUAC advises the CFPB on regulating consumer financial products or services, specifically to share the unique perspectives of credit unions.
The bureau supervises credit unions and other depository institutions with more than $10 billion in assets. It does not have authority over those credit unions with less than $10 billion in assets, other than limited authority conveyed by a section of the Dodd-Frank Act.
The members of the CUAC are:
- Robert Falk, president/CEO, Purdue FCU, West Lafayette, Ind., with $823 million in assets;
- Jason Lee, executive vice president/chief financial officer, Orion FCU, Memphis, Tenn., with $545 million in assets;
- Robin Loftus, chief operating officer, Heartland CU, Springfield, Ill., with $243 million in assets;
- James McDaniel, president/CEO, Heritage Trust FCU, Charleston, S.C., with $487 million in assets;
- Robin Romano, CEO, MariSol FCU, Phoenix, with $33 million in assets;
- Ronald Scott, president/CEO, Appalachian Community FCU, Gray, Tenn., with $171 million in assets;
- David Seely, president/CEO, Kirtland FCU, Albuquerque, N.M., with $674 million in assets; and
- John Winne, president/CEO, Boston Firefighters CU, Dorchester, Mass., with $193 million in assets.
New members to the council will serve two-year terms.
The bureau also named the following new senior leaders:
- Patricia McClung, assistant director for mortgage markets. McClung worked at the Federal Housing Administration as a senior housing policy adviser and, since January, has been acting director of program development in single-family housing, with responsibility for the home mortgage insurance, valuation and program support divisions;
- Janneke Ratcliffe, assistant director for financial education. Ratcliffe has served as executive director at the Center for Community Capital at the University of North Carolina at Chapel Hill since 2005; and
- Will Wade-Gery, assistant director for card and payments markets. Wade-Gery has been serving in the same position as the acting assistant director since January. Prior to being named acting assistant director, he was senior counselor on the card and payments markets team.
WASHINGTON (8/29/14)--Cybercrime is a "sleeper issue" with the potential for huge impact on markets, says Greg Medcraft, chairman of the board of the International Organisation of Securities Commissions (IOSCO), according to a report this Monday in the
Medcraft predicted that the next major financial shock will come from cyberspace, following attacks on large players in the financial marketplace.
According to the
, Medcraft believes there needs to be consistency around the world when it comes to identifying and mitigating cyberthreats. This would include a global "toolbox" that would identify risk-management standards for detecting and responding to cyberattacks.
JPMorganChase, and at least four other banks, were struck by coordinated attacks by hackers earlier this month, according to a report from
The New York Times
. The article states that hackers siphoned "gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack."
A report from
cites unnamed sources that say Russian hackers likely perpetrated the attacks, and that authorities are investigating whether recent attacks on major European banks using a similar vulnerability could be linked. The
report cites experts who contend the attacks, which "plowed through layers of elaborate security to steal the data," appear "far beyond the capability of ordinary criminal hackers."
Businesses have been the target of attacks as well. Last week the U.S. Secret Service issued a bulletin about malware known as "Backoff" that has been associated with several point-of-sale data breaches. The bulletin estimated that more than 1,000 businesses are affected with the malware, which accesses a businesses' administrator account remotely to exfiltrate consumer payment data.
According to the Secret Service, Backoff was not recognized by antivirus software until this month, but bas been detected as far back as October 2013. This means that even computers with the latest antivirus updates and security patches did not recognize Backoff as malicious.
A recent Ponemon Institute study of data breaches showed that that average financial cost to victims of a data breach averages $157 per consumer, when the breach is a result of malicious criminal intent. For companies that are hit with such attacks, the average cost is $3.5 million (
And as Charles Lybrand, an information security analyst with TraceSecurity, points out, for any target of a cyberattack financial losses are just the beginning of the damage. There are reputational losses, a possible loss of business, and other costs, such as reimbursement and legal fees. TraceSecurity is a CUNA Strategic Services alliance provider.
U.S. financial regulators, as well as the Congress, are grappling with policy issues involving cybersecurity. There is apparent agreement that the cost and effort required to prevent an attack is lower, and seems more manageable, than the cost and effort to react to one. Beyond that, there is much debate.
However, financial regulators are working to give resources and guidance to financial institutions. For instance, in March the National Credit Union Administration launched a new resource for credit unions--a webpage that provides links to cybersecurity and data security resources. (Use the resource link.)
The Credit Union National Association is pressing federal lawmakers to address data security relative to merchants, who are not held to the same standards of security as credit union and other financial institutions. CUNA is a strong proponent that all payments system participants must be held to comparable levels of federal data security requirements; those responsible for the data breach should be responsible for the costs of helping consumers; and those responsible should ensure consumers know where their information was breached.
Use the resource links below for more information.
BENTONVILLE, Ark. (8/29/14)--Wal-Mart announced holders of its branded MasterCard will be receiving new cards with EMV (Europay-Visa-MasterCard) chips embedded within the next few weeks.
The announcement comes two weeks after the Payments Security Task Force (PST), an organization made up of more than a dozen companies and organizations, announced that 575 million EMV cards will be issued by the end of 2015 (
EMV, which stands for the companies that developed the technology, is a new global standard that would replace the magnetic strip on cards with an embedded chip. Instead of swiping, customers insert the cards into compatible point-of-sale terminals.
The chip-embedded cards are considered more secure against fraud since authentication provided by the use of a PIN and cryptographic algorithms are more difficult to duplicate.
The Credit Union National Association is a member of the PST, and Eric Richard, CUNA general counsel/executive vice president for regulatory affairs, said that EMV cards are picking up momentum within the financial industry.
Richard also said that there is still a question about whether the merchant community will be prepared to make the full-time change, as well as a need for all stakeholders to continue working on security strategies to combat data breaches.
In October 2015, organizations deploying EMV cards will be protected from financial liability from card-present counterfeit fraud losses.
Guy Chiarello, president of First Data, a global payment processing firm, said his company is encouraging institutions to launch EMV plans as soon as possible before the October 2015 deadline.
"Issuing EMV now will benefit consumers by making the most secure payment card available sooner, while reducing fraud losses and enhancing payments system security for all," he said.
The EMV Migration Forum has estimated that approximately 100 million EMV cards, approximately 9% of the card base, will be issued by the end of 2014. Javelin Strategy and Research estimates that 52% of point-of-sale terminals will be EMV-enabled by the end of 2015.
Wal-Mart currently has EMV terminals in more than 4,600 stores already, including all Sam's Club locations. According to a statement, terminals in the remaining U.S. stores will be activated by the end of this year.
WASHINGTON (8/28/14)--Two identical, two-day cyberattack simulation exercises will be hosted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) in September.
The annual free Cyberattack Against Payment Processes (CAPP) exercises are held in conjunction with the Payments Risk Council. This is the third year of the program.
Over a two-day period, a simulated attack will take place on payment processes to help organizations assess readiness in the event of such an attack. These events help the industry identify ways to prevent, detect and respond to cyberattacks against payment processes.
According to FS-ISAC, the exercises are meant to:
Evaluate current risk mitigation procedures related to cyberattacks and identify potential critical gaps in planning;
Engage in a live test of an incident response team's ability to respond to major incidents;
Raise awareness and educate staff regarding procedures to respond to complex threats;
Benchmark your business practices based on the responses of other firms;
Develop appropriate risk mitigation recommendations in response to the types of attacks used in this exercise; and
Receive an after-action report highlighting lessons learned from the exercise and category benchmark results.
Participants can choose from one of the two free sessions, one on Sept. 9 and 10, with a registration deadline of Sept. 5, and the other on Sept. 16 and 17, with a registration deadline of Sept. 12. The exercise is scheduled to take approximately an hour each day.
The simulations were announced by Federal Reserve Financial Services, which is the portal to national financial services for depository institution customers of the Federal Reserve System.
Use the resource link below for more information.