GS Logo
The Green Sheet, Inc

Please Login

Banner Ad
Skyscraper Ad

Thursday, June 22, 2017

Global cybersecurity trends a mixed bag

N ew data from Trustwave Holdings Inc. forensics investigations indicates that despite efforts to increase POS data security following the U.S. EMV (Europay, Mastercard and Visa) mandate in 2015, adoption has been slow, and payment card data remained a target in 63 percent of the data incidents perpetrated globally in 2016. As of November 2016, only 38 percent of U.S. transactions used EMV technologies, Trustwave noted.

According to the 92-page 2017 Trustwave Global Security Report, the North American region and the retail sector accounted for 49 percent and 22 percent of total breaches, respectively. Next in line regionally were Asia-Pacific (21 percent); Africa, Europe and Middle East (20 percent); and Latin America (10 percent). Just behind the retail sector, the food and beverage industry was targeted in nearly 20 percent of data breaches committed globally.

Consistent with past Trustwave reports, corporate and internal networks persisted as the environments most breached in 2016, at 43 percent. POS systems were targeted in 31 percent of incidents, up from 22 percent in 2015, with card track data exposed in 33 percent of such incidents. Ecommerce transactions accounted for 22 percent of breaches, down from 38 percent, while card-not-present data was targeted in 30 percent of cases.

Trustwave determined that progress has been made in breach detection and containment; detection time dropped from 80.5 days to 49 days year-over-year. The time from detection to containment dropped from 13 days to 2.5 days. However, median time from cyber intrusion to containment remained stable at 62 days versus 63 days in 2015.

Exploits evolve

Malicious advertising remained the top source of traffic to exploit kit landing pages, Trustwave found. An exploit kit is software designed to locate system vulnerabilities. Trustwave forensics discovered an alleged undisclosed Windows zero-day vulnerability and exploit code for sale in 2016 at an initial price of $95,000; a zero-day vulnerability is a hole in software code undetected by the vendor.

"As our data breach investigations and threat intelligence show, attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses," said Robert J. McCullen, President and Chief Executive Officer at Trustwave. "Meanwhile security skills and talent remain scarce."

Also trending: 83 percent of malware samples Trustwave examined in 2016 used obfuscation, and 36 percent used encryption to hide attacks. Spam messages containing malware jumped from 3 percent in 2015 to 35 percent in 2016. As a whole, 99.7 percent of the web applications Trustwave tested in 2016 contained at least one data security vulnerability, with 11 vulnerabilities per application being the mean.

"As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats," McCullen said.


Trump Administration aims to overhaul Dodd-Frank, gut CFPB
Wednesday, June 21, 2017

T he Consumer Financial Protection Bureau’s detractors have much to be happy about now that the Trump Administration and Congress are pushing to curb the federal consumer watchdog agency’s power to supervise providers of payment and other financial services. The Treasury Department, on June 12, 2017, laid out a set of proposals in a report titled A Financial System that Creates Economic Opportunities: Banks and Credit Unions. This came just days after the House passed the Financial CHOICE Act, which would revamp the CFPB and undo many rules imposed under the 2010 Dodd-Frank Act.

The Treasury’s new report is the first in a series intended to identify and propose changes to onerous federal regulations, treaties, regulatory guidance, supervisory standards and other government policies. Like the Financial CHOICE Act, the report takes aim, in particular, at changes ushered in by the Dodd-Frank Act, an omnibus financial reform package passed in response to the 2008 financial meltdown and ensuing major recession. By Treasury’s reckoning, that legislation required about 390 regulations implemented by more than a dozen federal agencies.

“A sensible rebalancing of regulatory principles is warranted in light of the significant improvement in the strength of the financial system and the economy as well as the benefit of perspective since the Great Recession,” Treasury wrote. “Through thoughtful reform, the soundness of the financial system can be further strengthened.” For example, by dialing back the powers of the CFPB.

Limiting CFPB authority

The CFPB has been controversial from the start, largely because of the scope of its power, its leadership structure and its funding. It was established as an independent agency of the Federal Reserve and given broad supervisory and enforcement authority over large financial institutions with respect to consumer protection laws. These consumer-protection laws were previously enforced by bank regulatory agencies and the Federal Trade Commission. The Dodd-Frank Act also gave the CFPB broad supervisory and enforcement powers over nonbank providers of consumer financial products, like mortgage lenders and prepaid card companies.

Unlike other federal consumer protection agencies, which are run by appointed board members (for example, the FTC and the Securities Exchange Commission), the CFPB is led by a single director, appointed by the President for a five-year term, who can only be removed for “inefficiency, neglect of duty, or malfeasance in office.” (A federal court ruled last year that this leadership structure rendered the CFPB unconstitutional, and the bureau is appealing that ruling.)

The CFPB also skirts the congressional appropriations process that most other federal agencies confront yearly. Instead, it draws funding from Federal Reserve System earnings, which in 2016 totaled $564.9 million, according to a Treasury report. The CFPB also has access to funds from civil penalties it imposes that are not used to pay restitution to consumers.

In its report, the Treasury Department describes all of these problems in detail and concluded that “the CFPB has exercised its authorities in a manner aimed at maximizing its discretion, rather than creating a stable regulatory environment.” For example, the report noted, the CFPB has brought enforcement actions against financial services providers “despite not having promulgated rules banning the targeted practice or issued guidance that it considered the practice contrary to law. Remarkably, the CFPB has even sanctioned companies for complying in good faith with an interpretation adopted by a previous agency with respect to conduct that pre-dated the CFPB’s establishment.”

Treasury said the solution for these and related problems is to reform the structure of the CFPB so that it becomes accountable to elected officials, is run by a board, and is funded through congressional appropriations. The report also recommends that the bureau’s rulemaking be more akin to other regulators – with public notice, comment periods and regular reviews to weed out unnecessary and/or outdated requirements. And it wants Congress to repeal the CFPB’s power to examine financial institutions for compliance with consumer protection laws, entrusting that responsibility solely to federal financial institution regulators.

Other items on Treasury’s wish list

The June 12 report – which weighed in at 149 pages – also deals exclusively with the supervision of banks and credit unions. Still pending are reports detailing sought-after reforms in capital markets regulation; asset management, insurance, and retail and institutional investment rules; and the oversight of nonbank financial institutions, financial technology firms and financial innovations.

In addition to revamping the CFPB, the report calls for better overall coordination among financial regulatory agencies, easing restrictions on bank trading operations, scaling back banks’ annual stress tests, and simplifying regulation of small banks and credit unions. It also recommends broader authority for the Financial Stability Oversight Council, an inter-agency group led by the Treasury that monitors and addresses overall risks to financial stability – risks that often span industries and markets.

Initial banking industry reactions to the report have been positive. Tim Pawlenty, Chief Executive Officer of the Financial Services Roundtable, said the Treasury tome “is an important step toward modernizing America’s financial regulatory system so both economic growth and consumer protection are advanced.”

Senator Elizabeth Warren, D-Mass., who spent time leading the CFPB in its early days, blasted the Treasury report. She said it “calls for radical changes that would make it easier for big banks to cheat their customers and spark another financial meltdown.”


Facing federal hostility, cannabis merchants eye bitcoin
Tuesday, June 20, 2017

C annabis merchants and payment processors face hurtles on the road to legitimacy due to regulatory challenges and uncertainties posed by a new presidential administration. U.S. Attorney General Jeff Sessions voiced his opposition to the Rohrabacher-Farr amendment in a May 1, 2017, letter to Congress. Enacted in 2014 as part of a larger budgetary bill, the amendment protects state-sanctioned medical marijuana dispensaries from being prosecuted by the Department of Justice, a grave mistake according to Sessions.

"I believe it would be unwise for Congress to restrict the discretion of the Department to fund particular prosecutions, particularly in the midst of an historic drug epidemic and potentially long-term uptick in violent crime," Sessions wrote. "The Department must be in a position to use all laws available to combat the transnational drug organizations and dangerous drug traffickers who threaten American lives."

Emily Gordon, In-House Counsel at Simplifya, said Session's opinions are at odds with most Americans, 73 percent of whom oppose federal interference in state marijuana legislation, according to a recent poll. "If nothing else, this latest attack may spur a renewed push among marijuana businesses to continue to be good citizens and neighbors in their communities, and to make sure their operations are in full compliance with all state and local laws, which can only help to take away any legitimacy that could be possibly be given to this attack and any future attacks Sessions may make," she stated.

Conflicting state, federal guidelines

Payment service providers are especially concerned by recent efforts to rein in the nascent industry. Some high-risk processors will refrain from onboarding cannabis accounts until certain federal guidelines and standard Federal Deposit Insurance Corp. protections are in place.

"Today, marijuana is a federal Schedule 1 drug, which means a Cannabis Dispensary business cannot legally accept credit cards," said Mike Ackerman, President, DigiPay Solutions Corp. "Financial institutions must comply with the Federal Reserve System's money transfer system and FinCEN-approved deposit services, even in states where marijuana is legal."

Ackerman said processors and third-party service providers must be mindful of rigorous compliance guidelines associated with onboarding marijuana merchants. Signing a marijuana dispensary under a different merchant category code or as part of an aggregator account could be seen as an effort to obtain money under fraudulent premises, which is equivalent to money laundering, he added.

"Money laundering, bank fraud and criminal conspiracy are federal crimes," he said. "Processors can be fined as much as $500,000, or twice the value of the property involved in the transaction, whichever is greater, and up to twenty years' imprisonment."

Ackerman said that if federal guidelines become more favorable to the cannabis industry, marijuana merchants would be best served by large financial institutions that provide processing services at cost, and cash management and commercial lending as a profit center. Until such time, his company chooses not to take the risk, he noted.

Exploring bitcoin, alternative currencies

Seattle, Wash.-based SinglePoint Inc. said its subsidiary SingleSeed plans to accept cryptocurrency at the POS. The company partnered with First BitCoin Capital, reflecting the cannabis community's growing interest in alternative currencies. Wil Ralston, Vice President, Sales and Marketing at SinglePoint, stated he expects bitcoin acceptance to solve banking and underwriting issues.

"We started working with a bitcoin application in 2014, and with this partnership we can confidently address payment challenges in the cannabis industry and other high-risk markets," he said. "The recent explosion of bitcoin in the marketplace has been unbelievable."

Ralston noted bitcoin's value has increased 236 percent in the past year and that Japan has recognized bitcoin as a legal currency. SinglePoint is planning a potential Initial Coin Offering (ICO) to support blockchain transactions in the cannabis and other high-risk sectors, he stated.


Visa, MC settle surcharging suit with Canadian merchants
Monday, June 19, 2017

V isa Canada and Mastercard issued brief statements, June 12 and 13, 2017, respectively, heralding the settlement of a lawsuit over surcharging rules brought against the card brands by Canadian merchants in 2011. The settlement is subject to court approval in the provinces in which the claims were brought ‒ British Columbia, Alberta, Saskatchewan, Ontario and Quebec.

Among the terms agreed upon, the card brands will:

(Basic information on Visa's current U.S. surcharging rules, along with links to more detailed information can be found here: https://usa.visa.com/support/small-business/regulations-fees.html#2)

"We believe that an amicable resolution is in the best interests of our stakeholders," Mastercard stated. "Although we have strong defenses to the claims, a settlement avoids the continued costs and uncertainties that are inherent in litigation."

Visa expressed similar sentiments, stating, "Visa has settled without admission of any wrongdoing and remains of the view that it had strong defenses to all of the allegations advanced in the class proceedings."

Both companies emphasized protections would be in place for consumers. "The agreement to revise Visa's no-surcharge rule and allow merchants to impose checkout fees on credit card transactions includes consumer protections, such as a maximum surcharge limit and requirements for merchants to disclose their surcharging practices," Visa said.

In addition to mentioning a surcharge cap and requirement that merchants disclose surcharging practices, Mastercard stated there would also be "provisions to ensure a level playing field with cardholders of competing payment networks."

Revised rules are expected to come into effect 18 months after court approval of the settlement.


Women's Enterprise Development Center honors Mastercard
Friday, June 16, 2017

T he Women's Enterprise Development Center held a gala dinner and award ceremony June 15, 2017, at the Westchester Marriott in Tarrytown, N.Y., to celebrate its 20th anniversary. The not-for-profit organization has provided educational and financial guidance to entrepreneurial women since 1997. Programs and services have expanded into seven New York counties and parts of Connecticut, helping to launch nearly 8,000 women-owned businesses, representatives stated.

"WEDC's overarching goal is to build a vibrant community of women business owners, comprised of startup and established companies," stated Anne M. Janiak, Chief Executive Officer of the WEDC. "We have accomplished this by providing comprehensive business training programs, offering long-term, one-on-one business counseling; assistance with MWBE certification; and advising clients on preparing and applying for capital for their businesses."

Local, global initiatives

Among the evening's honorees, Mastercard was recognized for its local and global contributions to female entrepreneurship. Tara Maguire, Chief Financial Officer for North America at Mastercard, accepted the 2017 Corporate Enterprising Award on behalf of Mastercard. Maguire noted that the WEDC and Mastercard share the same values of "doing well by doing good," and thanked WEDC members, graduates and alumni for their commitment to diversity and inclusion.

Mastercard interest in connecting entrepreneurs to the greater economy is reflected in the company's active role in a series of global initiatives, Maguire noted. Following are some examples of partnerships:

Equal opportunity

Ajay Banga, President and CEO of Mastercard, said "For society to operate at its best, women must be in a position to operate at their best. And that can only happen with equal partnership, equal opportunities and equal participation."

WEDC individual award recipients included Jean Chatzky, Financial Editor at NBC's Today Show; Carol Fishman Cohen, CEO and founder of iRelaunch, a career re-entry program; and Monica Flaherty, founder and President of The Flatz Properties LLC, a property management company.


View prior breaking news

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services