In response to this letter sent by the NAAG, CBI in conjunction with the Iowa Bankers Association and the Iowa Credit Union League have issued a statement to Iowa's Attorney General Tom Miller asking that he either decline to sign the above mentioned NAAG letter, or to withdraw his support if already given.
Two weeks ago the National Association of Attorneys General (NAAG) sent a sign-on letter to attorneys general across the nation urging the implementation of chip and PIN technology in their states. The letter, to be sent to major card brands and issuers after those attorneys general added their signatures, sets forth the belief that chip and PIN should be the standard in the US and should be implemented without delay. This letter contains several mis-characterizations of security technology currently being used in the financial services industry, and directly contradicts the official positions of all four federal bank regulators, including the CFPB.
In response to this letter sent by the NAAG, CBI in conjunction with the Iowa Bankers Association and the Iowa Credit Union League have issued a statement to Iowa's Attorney General Tom Miller asking that he either decline to sign the above mentioned NAAG letter, or to withdraw his support if already given.
ATM card skimming is on the rise in the nation, and hit home in Iowa last week. Two men have been charged with using skimmer devices to capture bank account information at three locations around Des Moines. A skimmer device fits over the ATM's card reader slot and has its own memory chip to record the information on the card as it is swiped. Skimmers secretly record bank account data when a user inserts an ATM card into the machine. Criminals then can encode the stolen data onto a blank card and use it to access the customer's bank account. Skimmers also come in different colors like the green one used in Des Moines, or in a grayish color that would look similar to an ATM, making it hard to tell it's fake. Original card readers are usually concave in shape (curving inward), while skimmers are more convex (curving outward). The use of keypad overlays placed directly on top of the factory-installed keypad is a relatively new technique that takes the place of a concealed camera. Instead of visually recording users punching in PINs, circuitry inside the phony keypad stores the actual keystrokes. View the gallery below for examples of skimmers and keypads being used to steal account info from ATMs: by CBI Lobbyist Jeff Boeyink - Senior Vice President, LS2 Group Overview/Major Events
We have now competed 11 weeks of what is scheduled to be a 16-week session. However, the impasse over school funding has meant that the House and Senate have been unable to agree on joint budget targets and that neither Chamber has passed even one budget bill. The state budget is normally crafted through nine separate budget bills and then a 10th bill that is known as “Standings” that provides one final opportunity to make last minute budget adjustments and is also often home to policy language that did not survive the normal funnel process but that has the support of leaders for inclusion as part of the end game. If there is no resolution on school funding, then expect the House and Senate to set their own individual budget targets and begin moving their own version of budget bills to the other Chamber. The bottom line for those who follow the process: don’t make any vacation plans in the month of May. School Funding There was no movement on school funding this week. The House remains firm on growing supplemental state aid by 1.25% and the Senate will not move off of their position at 4.00%. In the meantime, school districts are likely going to have to start certifying their local budget soon and if there is no deal made, then they will likely to have to set their budgets based on zero for additional growth. Impending "net neutrality" rules would help level the playing field for an ever-changing assortment of companies competing for financial services success, according to observers.
The Federal Communications Commission is moving closer to a plan to regulate online and mobile providers like other utilities, which would impede their ability to act as Internet gatekeepers and block or limit access to specific sites. The effects of the FCC plan — assuming it is approved at a scheduled vote on Thursday — will likely not be immediately felt by banks, and the financial industry has stayed out of the debate. But experts say keeping the Internet open would afford financial institutions future benefits similar to other online players. Net neutrality would prevent a carrier from "throttling" sites of institutions offering similar products, as well as from charging certain banks a higher price for faster online service. "They would be prohibited from doing anything that could be viewed as discriminatory toward competing applications provided by banks," said Brooks Harlow, a principal at Lukas Nace Gutierrez & Sachs. "To our knowledge, this hasn't been an issue yet. But one of the concerns is that an Internet service provider that has its own payments applications might in some way favor its applications at the expense of competitors." The FCC's plan has received strong backing from Chairman Tom Wheeler, but some commission members had pushed either to narrow the rule's scope or delay the vote, according to published reports. DES MOINES, Iowa (February 5, 2015) — This week’s update to SHAZAM BOLT$, the mobile app offered by the SHAZAM Network, will give debit cardholders even greater access to their cash. New features include a person-to-person (P2P) money transfer service and an interactive ATM locator.
The app offers even greater value to community financial institutions looking to provide expanded digital services, particularly P2P features, to their customers. According to research firm Forrester, P2P activity is expected to grow to $17 billion in volume by 2019. The P2P money transfer feature allows SHAZAM BOLT$ cardholders to send money to other enrolled cardholders instantaneously. “While other P2P solutions use ACH to support their transactions, we’re using our SHAZAM debit rails, resulting in a much faster transaction,” said Terry Dooley, SHAZAM executive vice president and CIO. “A user can easily determine whether an intended recipient is enrolled simply by entering the recipient’s email address into the app.” SHAZAM also integrated GPS technology into the mobile app to help cardholders in the U.S. locate nearby ATMs. Users can confirm if the ATMs are surcharge-free Privileged Status terminals and get directions. Reposted from Iowa Banking Blog - Dickinson Mackaman Tyler & Hagen PC
In an important ruling in December 2014, the United States District Court for the District of Minnesota ruled in favor of banks suing Target over a December 2013 data breach, previously covered by this blog. Target had previously filed a motion asking the court to dismiss the banks’ lawsuit on the grounds that the banks had not stated a claim for which relief could be granted. Target attacked three claims asserted by the banks. Specifically, Target argued that the banks could not state claims for negligence, negligent omission, or a violation of Minnesota’s Plastic Card Security Act. The court addressed each of the three arguments in detail. First, the court concluded that the banks suing Target plausibly stated a rationale that Target owed each of the banks a duty. Under Iowa as well as Minnesota law, an entity is only liable for negligence if the entity first owed a duty to the party suffering injury. The court concluded that “Target’s actions and inactions—disabling certain security features and failing to heed the warning signs as the hackers’ attack began—caused foreseeable harm to [banks] . . . . .” As a result, the Court concluded that “[i]mposing a duty on Target in this case will aid Minnesota’s policy of punishing companies that do not secure consumers’ credit- and debit-card information.” The court’s conclusion was based in part of the fact that Minnesota has enacted a statute intended to safeguard the security of customer credit card information by limiting the retention period for the data. Community Bankers of Iowa and CBI Endorsed Member Secure Banking Solutions (SBS) have partnered to offer online Community Banking Certification courses through the SBS Institute. The next course session offered is the Certified Community Banking Incident Handler, beginning Monday, January 5. The 10-week Incident Handler program is a mix of hands-on activities, lectures, and managerial policy practices. The lectures and labs are organized in an easy-to-follow format and presented in a concise structure that helps to reinforce each of the course topics. Each lecture includes a relevant topic related to common incidents banks face included BYOD, Incident Response Policies, CATO, Malware analysis, Insider threats, and data breach response. Community bankers should ensure their processors are aware of the “Poodle” hack and to take steps to block the cyber-attack. Banks and other institutions are susceptible to the attack, which can intercept sensitive data used by website visitors. The name of the hack is an acronym for Padding Oracle On Downgraded Legacy Encryption. The good news for banks is that Poodle attacks are fairly easy to block. The first step for a company is to check its websites to see if they're vulnerable. There are a several free scanners that check for the presence of flawed encryption that allows it, such as https://www.poodletest.com. |
Community Banking NewsCurrent news, events, regulations and other information in banking, and at Community Bankers of Iowa. Stay Connected.
CBI Blog Archives
March 2024
Categories
All
|