Industry Updates

Data Breach Notifications May Get Standardized

A new piece of legislation is making its way through the halls of Congress that could standardize and streamline the data security and breach notification process for financial institutions. This is something that most people in the industry tout as an improvement over the current situation.

The Consumer Information Notification Requirement Act (H. R. 6743) legislation was approved by committee not long after Congress received a letter cosigned by members from the American Bankers Association, the Consumer Bankers Association, the Credit Union National Association, the Independent Community Bankers of America and the National Association of federally-Insured Credit Unions.

The letter read, in part:

“Our existing payments system serves hundreds of millions of consumers, retailers, financial institutions and the economy well.  Protecting this system is a shared responsibility of all parties involved and we must work together and invest the necessary resources to combat never-ending threats to the payment system.”

Despite so many influential organizations weighing in, many state regulators are skeptical of the proposed legislation and are actively pushing back against it over concerns that it would undermine state-level authority.

Whether you agree that those are valid concerns or not, the reality is both stark and terrifying.  In the first half of 2018, ThreatMatrix recorded more than 81 million cybercrime attacks against financial institutions.  27 million of those targeted the mobile channel, given greater mobile banking adoption rates.

ThreatMatrix weighed in on the debate saying, “Financial services mobile transactions are growing globally, with China, South East Asia and India showing the strongest regional growth.  Overall, the biggest threat in financial services comes from device spoofing, as fraudsters attempt to trick banks into thinking multiple fraudulent log-in attempts are coming from new customer devices, perhaps by repeatedly wiping cookies or using virtual machines.”

Clearly, something must be done, and while the politicians debate the issue, the attacks continue unabated.