Stay on top of emerging threats to fight cybercrime

Protecting data from hackers, fraudsters, and even nation-states launching cyberattacks against the financial services sector is a relentless battle.

Legal requirements for data security come from many places. Protection Rules of the Gramm-Leach-Bliley Act, screening requirements, payment network rules and contractual requirements. we, Federal Trade Commission (FTC) for many years.

recently, Consumer Financial Protection Bureau (CFPB) suggests it stepped up its data security scrutiny in August. RoundThe CFPB says it views lax data security as a potential fraud or violation of the Consumer Financial Protection Act (CFPA). An unfair act or practice under the CFPA is likely to cause serious harm, cannot reasonably be avoided, or does not outweigh the interests offset by consumers or competition. The CFPB claimed unfair violations related to inadequate data security. In particular, the Equifax data breach incident stands out. The CFPB’s memorandum hints at increased law enforcement going forward.

Sharing information between law enforcement and the financial services industry is a key weapon in the fight against cybercrime and proof of your commitment to meeting CFPB and other legal data security standards. Staying abreast of emerging threats can significantly reduce losses from cyberattacks.

The following federal agencies are heavily involved in combating cybercrime in the financial sector and provide financial service providers with resources to protect against common cyberattacks such as business email compromise, ransomware, and synthetic identity fraud. It offers.

FBI Internet Crime Complaint Center (IC3)

Federal law enforcement has a Cyber ​​Fraud Task Force working group that shares information and meets quarterly with industry.You can join one by contacting your local FBI Field Office. of FBI’s Internet Crime Complaint Center (IC3) receives cybercrime complaints, tracks emerging threats, and alerts law enforcement and industry to suspicious internet activity. IC3’s 2021 Internet Crime Report states: IC3 homepagereports receiving 847,376 internet crime complaints in 2021. Top types of cybercrime included ransomware and business email compromise.

In a typical business email compromise scam, cybercriminals compromise legitimate business email accounts and demand payments from employees for what appear to be business purposes, such as payments to vendors.Instead, Payments are sent to cybercriminal accounts.

Cybercriminals have taken advantage of the pandemic’s growth in virtual meeting platforms to hack emails, use deep fakes to impersonate business executives, or simply claim technical issues to explain audio discrepancies. and avoid using cameras in video conferencing. Cybercriminals typically use social engineering to review information on her website and social media to obtain information about employees and their roles. Cyberattacks may include malware or other vectors of entry to conduct fraudulent transactions.

In 2021 alone, losses from business email compromises will total nearly $2.4 billion. IC3’s Financial Fraud Kill Chain, an information-sharing tool between law enforcement and financial institutions, successfully stopped ongoing fraudulent money transfers and frozen $329 million in illicit funds.

Of the 14 critical infrastructure sectors, financial services had the second highest number of ransomware victims in 2021. shut out. Cybercriminals promise to return access to your data only if the ransom is paid. Attack methods include phishing emails, Remote Desktop Protocol (RDP), and software vulnerabilities. Although the FBI advises against paying the ransom, many ransomware victims find they have no other choice.

Federal Reserve Synthetic ID Fraud Resources

of federal reserve has devoted significant resources to combating synthetic identity fraud.In addition to educational material on synthetic identity fraud and how to carry it out, the Fed has Synthetic ID Fraud Prevention Toolkit Contains modules on specific ways to combat synthetic identity fraud, including detection tips and technology usage. Again, sharing information with law enforcement and other financial service providers is highlighted as a valuable way to learn about synthetic ID fraud activity impacting your area and protect your organization.

US secret service

many people know us secret service Fighting cybercrime is another secret service mission. In addition to providing guidance on how to protect organizations from cyberattacks, the Secret Service participates in cybercrime investigations.You can sign up to receive cybercrime Alert Direct from the Secret Service.

Cybersecurity and Infrastructure Security Agency

of Cybersecurity and Infrastructure Security Agency (CISA) Continuously post alerts on emerging and current cyber threats, including nation-state attacks. for example, shield up The initiative alerts the industry to an increase in cyberattacks from Russia related to its invasion of Ukraine. In addition to threat information, CISA provides guidance to organizations and their leaders on steps to take to protect their organizations from cyberattacks.

Fighting cybercrime can be overwhelming, but you don’t have to fight it alone.information–Sharing information between law enforcement and financial service providers can help keep organizations from becoming another cybercrime statistic.

Catherine Romano Schnack is an adviser to a law firm mcgrincheeAt , she advises financial institutions, fintechs and processors on complex liability, fraud and compliance considerations, including overlapping schemes for regulation and card network rules.

Automotive Finance Summit, the premier industry event For auto lending and leasingreturns October 26-28 at Wynn Las Vegas. Find out more about the 2022 event and registration here. www.AutoFinanceSummit.com.