Industry News
Articles for October 28, 2022
- FHFA Announces Validation of FICO 10T and VantageScore 4.0 for Use by Fannie Mae and Freddie Mac
- UK Lawmakers Vote to Recognize Crypto as Regulated Financial Instruments
- Equifax Wants to Help KYC DeFi and NFT Users—And Keep Their Data Private
- Federal Reserve Bank of Boston: In Crypto, “DeFi” Could Offer 24/7 Access to Financial Services. But Could It Disrupt the Economy?
- Fintech Firm Upgrade Offers Top U.S. Savings Rate of 3.5% As Competition for Deposits Heats Up
FHFA Announces Validation of FICO 10T and VantageScore 4.0 for Use by Fannie Mae and Freddie Mac
Fannie Mae and Freddie Mac will accept FICO 10T and VantageScore 4.0 in a multiyear effort with the industry
Oct. 24, 2022 — The Federal Housing Finance Agency (FHFA) today announced the validation and approval of both the FICO 10T credit score model and the VantageScore 4.0 credit score model for use by Fannie Mae and Freddie Mac (the Enterprises).
As a result of FHFA’s announcement, lenders, investors and other industry stakeholders, as well as borrowers and first-time homebuyers, can expect:
- More Accurate Credit Scores: Part of the evaluation of new credit score models included extensive testing by the Enterprises to ensure that any validated and approved models met the necessary accuracy standards to treat borrowers fairly and to protect the safety and soundness of the mortgage market and the Enterprises. Both FICO 10T and VantageScore 4.0 met those standards.
- More Inclusive Credit Scores: While both Enterprises have already taken steps to expand equitable access to credit, such as enhancements to their underwiting systems, both FICO 10T and VantageScore 4.0 include new payment history information such as rent, utilities, and telecom payments when available.
- Enhanced Safety and Soundness in the Housing Market: Promoting accuracy and newer innovative credit score models in the housing finance system will ultimately lead to better outcomes for borrowers, lenders, and the Enterprises. Additionally, because both FICO 10T and VantageScore 4.0 are more accurate than Classic FICO, the mortgage market will be provided with an improved view of risk from two different credit score models.
Fact Sheet: FHFA Announcement of Credit Score Models
“Today’s decision will benefit borrowers and the Enterprises, along with maintaining safety and soundness,” said FHFA Director Sandra L. Thompson. “While implementing the newer credit score models is a significant change that will take time and require close coordination across the industry, the models bring improved accuracy and a more inclusive approach to evaluating borrowers.”
FHFA expects that implementation of FICO 10T and VantageScore 4.0 will be a multiyear effort. Once implemented, lenders will be required to deliver both FICO 10T and VantageScore 4.0 credit scores with each loan sold to the Enterprises. FHFA and the Enterprises will conduct outreach to stakeholders to ensure a smooth transition to the newer credit score models.
For nearly 20 years, the Enterprises have relied on Classic FICO. Today’s announcement is the result of a years-long effort by FHFA and the Enterprises to implement Section 310 of the Economic Growth, Regulatory Relief, and Consumer Protection Act. The new models improve accuracy by capturing new payment histories for borrowers when available, such as rent, utilities, and telecom payments.
FHFA also announced today that the Enterprises will work toward changing the requirement that lenders provide credit reports from all three nationwide consumer reporting agencies (CRAs). Instead, the Enterprises will require lenders to provide credit reports from two of the three nationwide CRAs. The Enterprises will work with stakeholders on a plan for implementing the change from a tri-merge credit report requirement to a bi-merge credit report requirement.
UK Lawmakers Vote to Recognize Crypto as Regulated Financial Instruments
Courtesy of Sandali Handagama, CoinDesk.com
Oct. 24, 2022 — The lower house of the Parliament voted in favor of adding crypto to the scope of activities to be regulated via the proposed Financial Services and Markets Bill – which already seeks to extend payments rules to stablecoins.
Lawmakers in the U.K. voted in favor of recognizing crypto assets as regulated financial instruments and products in the country on Tuesday. The House of Commons, the Parliament’s lower house, met on Tuesday for a line-by-line reading of the proposed Financial Services and Markets Bill, which broadly covers the U.K.’s post-Brexit economic strategy. The lawmakers considered a list of proposed amendments to the bill, including one put forward by parliamentarian Andrew Griffith to include crypto assets in the scope of regulated financial services in the country.
The draft bill already included measures to extend existing regulations to payments-focused stablecoins, which are cryptocurrencies pegged to the value of other assets like the U.S. dollar or gold. “The substance here is to treat them [crypto] like other forms of financial assets and not to prefer them, but also to bring them within the scope of regulation for the first time,” Griffith, the financial services and city minister, said during the parliamentary meeting before lawmakers voted largely in favor of keeping the amendment in the legislative package.
The local crypto industry, which recently welcomed the news of Rishi Sunak’s appointment as the country’s new Prime Minister, stands to welcome the efforts to give legal recognition to digital assets broadly. The markets bill – and by extension the stablecoin rules – was introduced during Sunak’s time as finance minister in the Boris Johnson administration.
The crypto provision, which relies on the definition of “crypto asset” inserted by a new clause 14, “clarifies that crypto assets could be brought within the scope of the existing provisions” of the Financial Services and Markets Act 2000 relating to regulated financial activities, Griffith said. The measures could regulate crypto promotions and outlaw companies that are not authorized to operate in the country.
“The Treasury will consult on its approach with industry and stakeholders ahead of using the powers to ensure the framework reflects the unique benefits and risks posed by crypto activities,” Griffith said.
Equifax Wants to Help KYC DeFi and NFT Users—And Keep Their Data Private
Equifax and Oasis Labs will together provide a privacy-focused KYC solution for Web3 companies.
Courtesy of Mat Di Salvo, Decrypt.co
Oct. 26, 2022 — Credit reporting giant Equifax, best known for one of the largest data breaches in history, will now help build a data privacy solution for Web3 projects.
Related Reading: How Binance Is Training Law Enforcement Around the World to Combat Crypto Crime
Crypto exchange Binance has built a specialist team to teach law enforcement officers about the ins and outs of cryptocurrency. Fighting crypto crime starts with fighting the many misconceptions that have built up around it. Like the idea that cryptocurrency transactions are untraceable and anonymous, for example, and that the blockchain industry doesn’t care enough to investigate bad behavior or take action to prevent it.
Related Reading: Top NFT-Related Cybersecurity, Phishing, Hacking and Other Risks in 2022
The continued growth of the market for nonfungible tokens (NFTs) in 2022 has helped shape the zeitgeist of what has been referenced colloquially by some as the “fourth industrial revolution,”[1] defined largely by network effect (e.g., virality); rapid innovation; social, creative and civic engagement; and evolved perspectives with regard to how rights and obligations between and among parties to automated agreements are defined and enforced.
Federal Reserve Bank of Boston: In Crypto, “DeFi” Could Offer 24/7 Access to Financial Services. But Could It Disrupt the Economy?
Boston Fed researchers explore benefits, stability risks of growing “decentralized finance” system.
Courtesy of Amanda Blanco, Federal Reserve Bank of Boston
Oct. 2022 — “Decentralized finance” products and services – or DeFi – are rapidly growing in the world of cryptocurrency. By using public, digital ledgers called blockchains, DeFi aims to create a financial system that operates without any traditional central institutions, like banks.
In theory, DeFi services such as lending, payments, investing, and crowdfunding could be executed all day, every day – with no need for a third party to verify their accuracy and reliability, said Edward Dumas, a lead markets specialist at the Federal Reserve Bank of Boston. Transactions would be secure and anonymous, with financial services available to all people.
“That’s the vision,” Dumas said. “Now, the reality of DeFi … is still in its infancy.”
Dumas said that amid the focus on its benefits, the continually evolving technology may also pose risks to the broader economy. These risks – and what they could mean to the financial system – are explored in a Supervisory Research and Analysis working paper that Dumas co-authored, “Decentralized Finance (DeFi): Transformative Potential & Associated Risks.”
In the paper, the authors note that blockchains aren’t as secure as many people believe. They warn that DeFi can become a tool for criminals and that the very interconnectedness of DeFi can also lead to vulnerabilities. “The rapid growth (of DeFi) … suggests that policymakers should start giving serious consideration to a full range of financial stability issues that could arise should such activities become systemically important,” they wrote.
Linked Report: Decentralized Finance (DeFi): Transformative Potential & Associated Risks
Dumas – who works in the Boston Fed’s Supervision, Regulation & Credit department – wrote the paper with four fellow researchers in the Bank’s Supervisory Research and Analysis Unit: Francesca Carapella, Jacob Gerszten, Nathan Swem, and Larry Wall.
They note that by using blockchains, DeFi offers transparency on near-real time transactions. Users can access a public, continuously updated record of activities generally considered to be “immutable” or unchangeable. But the researchers say that blockchains have been successfully hacked by malicious actors seeking cryptocurrency profits. And they say that even if blockchains were to become completely immutable, that may not be a good thing.
“Blockchain transactions that involve fraud or theft might not be reversed as quickly or easily as they would in traditional finance,” the researchers said.
The authors say that because DeFi has no central authority, there could be technical challenges fixing “bugs,” or mistakes, in the programs stored on the blockchains that run DeFi products and services. The researchers add that the interconnections DeFi creates between markets also present a financial risk: “A shock to one market may spread through DeFi connections to other markets.”
They also note that the censorship-resistant nature of DeFi, which aims to make it accessible to everyone, can invite criminal activity and risk-taking. “Blockchains are already being used to facilitate scams, theft, money laundering, and a variety of other criminal activity. (And they) could facilitate activities that, despite being legal, may increase the risk of financial instability,” the authors wrote.
DeFi could work together with traditional finance, or cause disruptions
Dumas said it’s still unclear how DeFi will co-exist with the traditional financial system. He said they could work in tandem, or DeFi could disrupt the traditional system and cause competition.
The researchers say that as traditional banks offer more cryptocurrency services and loans, it’s possible they may not fully realize the market’s risks, which could lead to legal issues. And it may be easier for customers to sue banks and other traditional financial firms – even in cases where they had relatively minor involvement – rather than try to determine responsible parties “on the DeFi side.”
“If a meltdown occurs in the crypto market, banks could suffer direct losses on their services and loans, create legal exposure from customers who suffered losses in the crypto market, and risk reputational damage,” they wrote. Dumas said DeFi experimentation is ongoing, and it’s important to acknowledge and plan for potential risks related to DeFi and cryptocurrency.
Fintech Firm Upgrade Offers Top U.S. Savings Rate of 3.5% As Competition for Deposits Heats Up
Courtesy of Hugh Son, CNBC
- The fintech startup’s Premier Savings account is being launched Thursday with a 3.5% annual percentage yield, according to CEO Renaud Laplanche. That is higher than any account currently tracked by Bankrate.com, senior analyst Ted Rossman said in an email.
- Upgrade’s product requires a minimum balance of $1,000 to earn the 3.5% APY. It has few restrictions apart from that.
- The rate is likely to climb further in coming months and could hit 4.5% next year if the Fed continues to raise rates, Laplanche said.
Oct. 27, 2022 — Credit card startup Upgrade is releasing a new savings account with what it says is the country’s top interest rate as competition for deposits heats up, CNBC has learned.
The fintech firm’s Premier Savings account is being launched Thursday with a 3.5% annual percentage yield, according to CEO Renaud Laplanche. That is higher than any account currently tracked by Bankrate.com, senior analyst Ted Rossman said in an email.
The dynamic is closely watched by banking analysts because higher funding costs affect how much the industry stands to benefit from future Fed moves. Even big banks, including JPMorgan Chase and Wells Fargo, have boosted rates for CDs recently, unlike earlier this year when it was mostly smaller institutions raising payouts, Morgan Stanley analyst Betsy Graseck said in a Sept. 30 note.
“This suggests that deposit-pricing pressure is becoming more widely dispersed across the banking industry as rates move sharply higher,” Graseck said. “We believe deposit price competition will continue intensifying from here.”
One reason for that is because fintech players are more established now than in previous rate-hiking cycles, and they tend to pay the highest rates, according to the veteran analyst.
Network effects
Upgrade, a San Francisco-based startup founded by Laplanche in 2016, can afford to pay higher rates than rivals because of its network of 200 small banks and credit unions, according to the CEO. These institutions don’t have national deposit-gathering platforms and, as a result, are willing to pay more for funding, he said.
Ironically, the next highest rate listed by Bankrate.com this week was offered by LendingClub at 3.12%. Laplanche co-founded the fintech pioneer in 2006 before departing a decade later. Similar to other fintech firms like Chime which offer banking services through smartphone apps, Upgrade isn’t a bank; it partners with institutions including Cross River Bank to offer FDIC-backed accounts.
Upgrade’s new account requires a minimum balance of $1,000 to earn the 3.5% APY. It has few restrictions apart from that; the accounts aren’t capped and don’t require users to sign up for Upgrade’s other products to take advantage of the rate, Laplanche said. Other fintech players offer higher rates on limited amounts of money. Fintech firm Current, for instance, offers a 4% APY, but only for savings up to $6,000.
Headed higher
Laplanche said his product’s rate is likely to climb further in coming months as the Fed attempts to wrangle inflation by boosting its benchmark rate, he said. “We’ll follow along with what the Fed is doing,” the CEO said. “If they continue to raise rates, there might be a point next year where we’ll pay 4.5%.”
Upgrade, which was valued at $6.28 billion in a private funding round late last year, is best known for credit cards that turn monthly balances into installment loans.
That feature automates financial discipline for its users and generally reduces the interest they pay versus traditional cards. The product appears to be gaining traction; Upgrade was the fastest-growing card issuer by outstanding balances among the top 50 players, according to industry newsletter the Nilson Report.
Upgrade will continue to build products with the aim of helping Americans navigate life events, including by eventually offering car loans and mortgages, Laplanche said. And unlike many other direct-to-consumer fintech firms, Upgrade is profitable and doesn’t need to raise more funding, he said.
Articles for October 21, 2022
- US Lawmakers Introduce Bill Allowing Crypto Investments in 401(k) Retirement Plans
- Microsoft Confirms Data Breach, But Claims Numbers Are Exaggerated
- IRS Expands Key US Tax Language to Include NFTs: Newly released draft instructions for the 2022 tax year change the language from “virtual currency” to broader “digital assets.”
- Digitalization Ranks as Top Priority; Macroeconomic Conditions as Greatest Risk for Global Credit Union Movement Approaching 400-million Members
- Federal Reserve Board, Washington, D.C.: How Much Does Racial Bias Affect Mortgage Lending? Evidence from Human and Algorithmic Credit Decisions
US Lawmakers Introduce Bill Allowing Crypto Investments in 401(k) Retirement Plans
Courtesy of Kevin Helms, Bitcoin.com
Several U.S. lawmakers have introduced the Retirement Savings Modernization Act to provide 401(k) retirement savers access to a wide range of investments, including crypto assets. “With inflation at record highs, a stock market downturn, and a potential recession on the horizon, many Americans are rightfully concerned about their financial future,” said U.S. Senator Pat Toomey.
Retirement Savings Modernization Act Introduced
The U.S. Senate Committee on Banking, Housing, and Urban Affairs announced Thursday that Senators Pat Toomey (R-PA) and Tim Scott (R-SC) and Representative Peter Meijer (R-MI) have introduced a bill called the Retirement Savings Modernization Act.
The bill aims “to bolster Americans’ retirement savings by allowing workers to diversify assets included in defined contribution plans, such as 401(k) plans,” the announcement details. “This legislation will amend the Employee Retirement Income Security Act of 1974 (ERISA) to clarify that private sector retirement plan sponsors may offer plans, including both pensions and 401(k)s, that are prudently diversified across the full range of asset classes.”
Senator Toomey opined, “With inflation at record highs, a stock market downturn, and a potential recession on the horizon, many Americans are rightfully concerned about their financial future,” elaborating: “By providing 401(k) savers with access to the same asset classes as pension plans, my legislation will open the door to a more secure retirement for millions of Americans.”
Related Reading: IRS Expands Key US Tax Language to Include NFTs: Newly released draft instructions for the 2022 tax year change the language from “virtual currency” to broader “digital assets.”
While pension plans and 401(k) plans are covered by the same law, the former have incorporated asset classes outside of the public markets since 1982. Meanwhile, the latter “almost never incorporate exposure to alternative assets due to fiduciaries’ anticipated litigation risk,” the announcement explains. The bill lists “digital assets” as a “covered investment.”
Senator Scott described: “Inflation has eroded and devalued the savings many Americans spent their lives accumulating. This bill would modernize retirement plans to ensure they can provide diverse investments with higher returns. American workers and their families deserve to go about their lives with peace of mind, knowing their hard-earned money will be secure when they choose to retire.”
Until the 1970s, most Americans working in the private sector relied on pension plans for retirement. Today, the vast majority of private sector workers rely on 401(k) plans. “However, pension plans have consistently outperformed 401(k) plans because they diversify across the full range of asset classes, putting one of every five dollars in alternative asset classes like private equity,” the lawmakers noted.
Click here to read the entire article.
Microsoft Confirms Data Breach, But Claims Numbers Are Exaggerated
Courtesy of Eduard Kovacs, Security Week
October 20, 2022 — Microsoft has confirmed that it inadvertently exposed information related to prospective customers but claims that the company which reported the incident has exaggerated the numbers.
Threat intelligence firm SOCRadar revealed on Wednesday that it has identified many misconfigured cloud storage systems, including six large buckets that stored information associated with 150,000 companies across 123 countries.
These buckets, which the firm has dubbed BlueBleed, included a misconfigured Azure Blob Storage instance allegedly containing information on more than 65,000 entities in 111 countries. SOCRadar described it as “one of the most significant B2B leaks”.
SOCRadar said the exposed data belonged to Microsoft and it totaled 2.4 Tb of files collected between 2017 and August 2022. The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users.
The company said the leak included proof-of-execution (PoE) and statement of work (SoW) documents, user information, product orders and offers, project details, and personal information.
Microsoft confirmed on Wednesday that a misconfigured endpoint exposed data, which the company said was related to “business transaction data corresponding to interactions between Microsoft and prospective customers”. The tech giant said it quickly addressed the issue and notified impacted customers.
“The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability,” Microsoft explained.
The tech giant has thanked SOCRadar, but it’s not happy with the company’s blog post, claiming that it greatly exaggerates the scope of the issue and the numbers involved.
“Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users,” Microsoft pointed out.
SOCRadar has also made available a free tool that can be used to search for digital assets, hashes, and specified keywords on the dark web and darknet websites. Microsoft is disappointed that this tool has been publicly released, saying that it’s “not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk”.
The company believes such tools should include a verification system to ensure that a user can only look for data pertaining to them, and not to other users.
IRS Expands Key US Tax Language to Include NFTs
Newly released draft instructions for the 2022 tax year change the language from “virtual currency” to broader “digital assets.”
Courtesy of Jesse Hamilton, Coindesk
October 18, 2022 — The U.S. Internal Revenue Service (IRS) has made a move this week to clarify at least one question for crypto investors: how taxpayers account for non-fungible tokens (NFT).
The tax division of the Treasury Department released an updated draft for its 2022 instructions for form 1040 filers that swaps the old category for “virtual currency” with broader new language on “digital assets,” including an explicit recognition of NFTs.
“Digital assets are any digital representations of value that are recorded on a cryptographically secured distributed ledger or any similar technology,” according to the draft instructions. “For example, digital assets include non-fungible tokens (NFT) and virtual currencies, such as cryptocurrencies and stablecoins.”
The previous year’s “virtual currency” section of the U.S. tax-filing instructions was a narrower definition of a digital token “that functions as a unit of account, a store of value or a medium of exchange.” The final tax instructions haven’t yet been released, so the crypto section could still be tweaked before it’s official.
Crypto investors will have to calculate and report taxable income “if you disposed of any digital asset in 2022, that you held as a capital asset, through a sale, exchange, gift, or transfer,” according to the latest document.
Digitalization Ranks as Top Priority; Macroeconomic Conditions as Greatest Risk for Global Credit Union Movement Approaching 400-million Members
Expanded 2021 Statistical Report features several new categories of data
Courtesy of Greg Neumann, World Council of Credit Unions
October 18, 2022 — Despite year-to-year growth in overall membership and total assets for the global credit union movement, World Council of Credit Unions’ (WOCCU) 2021 Statistical Report shows major gaps in key product and service offerings have resulted in different priorities and risk concerns for credit unions in different parts of the world.
As of December 31, 2021, there were a total of 393,871,631 members of 87,914 credit unions worth $3.48 trillion in assets across 118 countries.
Along with providing statistics on members, assets, savings and loans, the 2021 Statistical Report also features first-time data sets on credit union:
- Strategic priorities.
- Risk Concerns.
- Access to various products and services.
- Taxation
“Despite the COVID-19 pandemic continuing to impact credit unions across the globe in 2021, they still managed to increase membership by 5% and grow assets by 9%,” said Elissa McCarter LaBorde, WOCCU President and CEO. “For WOCCU to ensure that type of growth continues, and credit unions are able to reach even more underserved populations, we need to gather more specific data from national credit union associations than ever before. While some data sets in this report are more complete than others, this is just the first step in our plan to offer a continuously clearer picture of the challenges and opportunities credit unions face in each region of the world.”
Membership and assets up, but not everywhere
Credit unions in Africa and Latin America saw the most substantial growth in terms of membership and assets. Africa saw a 42% spike in assets—the largest worldwide. Latin America witnessed the biggest growth in membership at 16%.
Europe was the only region to see a decline in credit union assets, while Australia and New Zealand both saw declining membership.
New data provides insights into regional differences
WOCCU’s 2021 Statistical Report also provides several sets of new data obtained from national credit union associations in more than 40 countries and six regions of the world. Specifically, we asked the credit union associations to:
- Rank their top strategic priorities and risk concerns moving forward.
- Describe the level of access credit unions and their members have to certain products and services that are necessary to strengthen and grow our movement.
Strategic priorities
Digitalization is the clear top priority for credit unions overall, with 81% of respondent credit union associations ranking it at or near the top of their lists.
- 66% identified membership and asset growth as another top priority, including 83% in Europe, 80% in Africa and 57% in Asia.
Regulatory reform was a top priority for 51% of those surveyed, and easily the top priority for respondent credit union associations in North America (100%) and the Caribbean (80%).
Federal Reserve Board, Washington, D.C.: How Much Does Racial Bias Affect Mortgage Lending? Evidence from Human and Algorithmic Credit Decisions
Abstract
We assess racial discrimination in mortgage approvals using new data on mortgage applications. Minority applicants tend to have significantly lower credit scores, higher leverage, and are less likely than white applicants to receive algorithmic approval from race-blind government-automated underwriting systems (AUS). Observable applicant risk factors explain most of the racial disparities in lender denials. Further, we exploit the AUS data to show there are risk factors we do not directly observe, and our analysis indicates that these factors explain at least some of the residual 1-2 percentage point denial gaps. Overall, we find that differential treatment has played a limited role in generating denial disparities in recent years.
Introduction
American families use mortgages to purchase their homes, to lower their housing costs when interest rates decline, and to tap into home equity for a variety of reasons including investments in human capital and small businesses. But not all families can easily get a mortgage; in particular, access to mortgage credit differs sharply by race and ethnicity, which may contribute to the wide racial and ethnic gaps in homeownership and wealth (e.g. Bhutta et al. 2020). For example, in 2018 and 2019, Black mortgage applicants were twice as likely as white applicants to have their application denied by lenders.
In order to craft policies that can address these disparities in credit access, it is crucial to identify what drives them. The landmark study of Munnell et al. (1996) found compelling evidence that discrimination played a major role in mortgage lending decisions in the early 1990’s.1 Since then, the mortgage industry has evolved in many ways, including widespread adoption of technologies such as automated underwriting that can help reduce racially biased credit decisions. Nonetheless, the wide gaps in mortgage denials present in recent data have led many to conclude that discrimination persists. Media reports and survey evidence indicate widespread beliefs that financial institutions do not treat minorities fairly.2 But it has been challenging to firmly assess the role of discrimination without detailed underwriting data on mortgage applicants similar to what Munnell et al. had collected.
In this paper, we use new confidential supervisory data collected under the Home Mortgage Disclosure Act (HMDA) to estimate the extent to which racial and ethnic discrimination by mortgage lenders continues to generate disparities in denial rates. “Discrimination” here refers to lenders treating applicants with identical observed risk factors differently on the basis of race or ethnicity—including both taste-based and statistical discrimination—which has been illegal since 1968 under the Fair Housing Act. Overall, we find that differential treatment has played a limited role in generating denial disparities in recent years, consistent with significant progress in fair lending over the last 30 years.
Rather than differential treatment, we find that group differences in risk characteristics drive most of the disparities in credit access. To start, we show that Black and Hispanic applicants tend to be more leveraged and have much lower credit scores. For example, the average credit score for Black applicants is over 40 points lower than white applicants. We also document that Black and Hispanic applicants are less likely to receive algorithmic approval recommendations from government automated underwriting systems (AUS) than white applicants. These AUS recommendations reflect the underwriting and eligibility guidelines of Fannie Mae, Freddie Mac, the Federal Housing Administration (FHA), and the Veterans Administration (VA), and are “color blind” in that race and ethnicity (or proxies like neighborhood location) cannot be used in the algorithm.
Articles for October 14, 2022
- How Wi-Fi Spy Drones Snooped on a Financial Firm
- White House to Unveil Ambitious Cybersecurity Labeling Effort Modeled After Energy Star
- US Senator Introduces ‘No Digital Dollar Act’ to Prohibit Treasury and the Fed From Interfering With Americans Using Paper Currency
- Treasury Announces Two Enforcement Actions for over $24M and $29M Against Virtual Currency Exchange Bittrex, Inc. Enforcement Actions by OFAC and FinCEN for Apparent Violations of Sanctions and Anti-Money Laundering Obligations
How Wi-Fi Spy Drones Snooped on a Financial Firm
Check your rooftops: Flying gear caught carrying network-intrusion kit
Courtesy of Thomas Claburn, The Register
Oct. 6, 2022 — Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming Fist in 2017. And in 2013, security researcher Samy Kamkar demonstrated his SkyJack drone, which used a Raspberry Pi to take over other drones via Wi-Fi.
Now, these sorts of attacks are actually taking place.
Greg Linares, a security researcher, recently recounted an incident that he said occurred over the summer at a US East Coast financial firm focused on private investment. He told The Register that he was not involved directly with the investigation but interacted with those involved as part of his work in the finance sector.
The Register corresponded with an individual affiliated with the affected company who corroborated Linares’s account and asked not to be identified owing to a non-disclosure agreement and employment concerns. In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company’s network.
The company’s security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user’s MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device.
“This led the team to the roof, where a ‘modified DJI Matrice 600’ and a ‘modified DJI Phantom’ series were discovered,” Linares explained.
The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building’s heating and ventilation system and appeared to be damaged but still operable.
“During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker’s credentials and Wi-Fi,” Linares said. “This data was later hard coded into the tools that were deployed with the Matrice.”
Click here to read the entire article.
White House to Unveil Ambitious Cybersecurity Labeling Effort Modeled After Energy Star
Courtesy of Suzanne Smalley, CyberScoop
Oct. 11, 2022 — The White House National Security Council will announce plans Tuesday for a consumer products cybersecurity labeling program intended to improve digital safeguards on internet-connected devices, a senior White House official told CyberScoop.
About 50 representatives from consumer product associations, manufacturing companies and technology think tanks will convene at the White House on Oct. 19 for a workshop on the voluntary effort ahead of an expected spring 2023 launch.
The White House briefly described the effort in a document it released Tuesday outlining various cybersecurity initiatives. The administration plans to start with recommending three or four cybersecurity standards that manufacturers can use as the basis for labels that communicate the risks associated with using so-called internet of things devices.
Related Fact Sheet: Biden-Harris Administration Delivers on Strengthening America’s Cybersecurity
Deputy National Security Adviser for Cyber and Emerging Tech Anne Neuberger is spearheading the initiative, which is modeled after Energy Star, a labeling program the Environmental Protection Agency and the Department of Energy operate to promote energy efficiency, the senior administration official said.
“Today when folks buy tech, they buy it for a cool feature, speed to market — cybersecurity is often an afterthought,” said the official, who requested to remain anonymous to speak candidly about the effort. “Everybody realizes that it’s an idea whose time has come.”
The administration is working with the European Union to align on standards since the White House wants products with cybersecurity labels to be sold globally.
The standards under consideration could rate products based on how often manufacturers deploy patches for software vulnerabilities or whether devices connect to the internet without a password, the official said. It is not yet clear who will verify companies’ claims.
The White House hopes the program will reward companies that invest in cybersecurity while also helping consumers find safer products. The status quo in which products hit the market quickly, leaving consumers to muddle through or ignore products’ cybersecurity features, is “not sustainable,” the official said.
In its final report, the U.S. Cybersecurity Solarium Commission recommended that Congress create a nonprofit national cybersecurity certification and labeling authority tasked with “establishing and managing a voluntary cybersecurity certification and labeling program for information and communication technologies,” including software, devices and industrial control systems.
CSC Executive Director Mark Montgomery hailed the White House decision to pursue a labeling program but warned it will be difficult to design and stand up.
Click here to read the entire article.
US Senator Introduces ‘No Digital Dollar Act’ to Prohibit Treasury and the Fed From Interfering With Americans Using Paper Currency
Courtesy of Kevin Helms, Bitcoin.com
Oct. 1, 2022 — A U.S senator has introduced the “No Digital Dollar Act to prohibit the U.S. Treasury and the Federal Reserve from interfering with Americans using paper currency” if a central bank digital currency is adopted. The bill further states: “No central bank digital currency shall be considered legal tender under section 16 5103 of title 31, United States Code.”
No Digital Dollar Act Introduced
U.S. Senator James Lankford (R-OK) announced Thursday that he has introduced a bill titled “No Digital Dollar Act to prohibit the U.S. Treasury and the Federal Reserve from interfering with Americans using paper currency if a digital currency is adopted and makes certain individuals can maintain privacy over their transactions using cash and coins.”
The bill will “amend the Federal Reserve Act to prohibit the Board of Governors of the Federal Reserve System from discontinuing Federal Reserve notes if a central bank digital currency is issued, and for other purposes,” according to the text of the bill.
Furthermore, “the Secretary of the Treasury may not discontinue minting and issuing coins under this section if a central bank digital currency is issued,” the bill details, adding: No central bank digital currency shall be considered legal tender under section 16 5103 of title 31, United States Code.
Senator Lankford explained that residents in his state have expressed to him their concern that the Treasury “could phase out paper money and transition to a digital dollar.” He stressed that many Oklahomans “still prefer hard currency or at least the option of hard currency.”
The lawmaker added, “There are still questions, cyber concerns, and security risks for digital money,” emphasizing: “There is no reason we can’t continue to have paper and digital money in our nation and allow the American people to decide how to carry and spend their own money.”
Lankford stressed: As technology advances, Americans should not have to worry about every transaction in their financial life being tracked or their money being deleted.
The lawmaker explained that “There is currently no federal statute that prohibits the Treasury from only having a digital currency.”
While the Federal Reserve is working on a digital dollar, Fed Chair Jerome Powell said this week that a U.S. central bank digital currency (CBDC) will take at least a couple of years. “We are looking at it very carefully. We are evaluating both the policy issues and the technology issues, and we are doing that with a very broad scope,” Powell said.
Treasury Announces Two Enforcement Actions for over $24M and $29M Against Virtual Currency Exchange Bittrex, Inc.
Enforcement Actions by OFAC and FinCEN for Apparent Violations of Sanctions and Anti-Money Laundering Obligations
Oct. 11, 2022 — The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) announced settlements for over $24 million and $29 million, respectively, with Bittrex, Inc. (Bittrex), a virtual currency exchange based in Bellevue, Washington. This is OFAC’s largest virtual currency enforcement action to date. It also represents the first parallel enforcement actions by FinCEN and OFAC in this space. Investigations by OFAC and FinCEN found apparent violations of multiple sanctions programs and willful violations of the Bank Secrecy Act’s (BSA’s) anti-money laundering (AML) and suspicious activity report (SAR) reporting requirements. These enforcement actions emphasize to the virtual currency industry the importance of implementing appropriate risk-based sanctions compliance controls and meeting obligations under the BSA. The failure to take action can result in violations of OFAC and FinCEN regulations and expose exchanges and others in the virtual currency industry to potential abuse by illicit actors.
OVERVIEW OF OFAC SETTLEMENT WITH BITTREX
Bittrex has agreed to remit $24,280,829.20 to OFAC to settle its potential civil liability for 116,421 apparent violations of multiple sanctions programs. As a result of deficiencies related to Bittrex’s sanctions compliance procedures, Bittrex failed to prevent persons apparently located in the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria from using its platform to engage in approximately $263,451,600.13 worth of virtual currency-related transactions between March 2014 and December 2017. The applicable sanctions programs generally prohibited U.S. persons from engaging in transactions with these jurisdictions. Based on internet protocol (“IP”) address information and physical address information collected about each customer at onboarding, Bittrex had reason to know that these users were located in jurisdictions subject to sanctions. At the time of the transactions, however, Bittrex was not screening this customer information for terms associated with sanctioned jurisdictions. This information was not voluntarily self-disclosed.
A full description of OFAC’s settlement can be found here.
OVERVIEW OF FINCEN SETTLEMENT WITH BITTREX
Bittrex has agreed to remit $29,280,829.20 for its willful violations of the BSA’s AML program and SAR requirements. FinCEN will credit the payment of $24,280,829.20 as part of Bittrex’s agreement to settle its potential liability with OFAC. FinCEN’s investigation found that, from February 2014 through December 2018, Bittrex failed to maintain an effective AML program. This included deploying inadequate and ineffective transaction monitoring on its platform resulting in significant exposure to illicit finance. Further, Bittrex’s AML program failed to appropriately address the risks associated with the products and services it offered, including anonymity-enhanced cryptocurrencies. Bittrex failed to file any SARs between February 2014 and May 2017, a period of over three years. Bittrex also failed to file SARs on a significant number of transactions involving sanctioned jurisdictions, including transactions that were suspicious above and beyond the fact that they involved a sanctioned jurisdiction. A detailed description of FinCEN’s consent order can be found here.
ADDITIONAL RESOURCES
For information on complying with virtual currency sanctions, see OFAC’s Sanctions Compliance Guidance for the Virtual Currency Industry here and OFAC’s FAQs on virtual currency here.
Articles for October 7, 2022
- FinTech Partnerships Pave Path for Branchless Banking
- When are State Money Transmission Laws Applicable? Blockchain Game Developers and FinCEN
- Mortgage Borrowers Can Challenge Inaccurate Appraisals Through the Reconsideration of Value Process
- Innovator Q&A: Digital Currency Risks May Be On The Rise, But There’s Hope For Tracking Fraud
- Crypto Contributions to US Election Campaigns Require Legal Navigation
FinTech Partnerships Pave Path for Branchless Banking
Courtesy of PYMNTS.com
Oct. 6, 2022 — The successful digital bank offers more than banking cloaked in an online wrapper.nTreasury Prime Vice President of Banking Jeff Nowicki, Emprise Bank Senior VP of Innovation and Development Emily Reisig and Zeta CEO Aditi Shekar told PYMNTS that the branchless approach has the potential to open up new opportunities to both traditional banks and FinTechs.
But to get there, providers need to understand the changing needs and desires of their targeted, tech-savvy — and younger — customers. PYMNTS’ own studies show that a majority of consumers love digital banking features and are happy using digital banks and FinTechs. But fewer than 10% use them as their primary account.
Shekar noted that — with a nod to the millennials out there that opt to interact with their financial services providers online — “our generation has evolved as a digitally native generation.” And as those consumers get older, the expectations of every aspect of lives, banking included, are that the experiences will be “upgraded” to be increasingly available online.
Related Reading: Why Banking Apps Need to Be More Than Just Banking Apps
As so much of life is shifted online, Shekar said, “community is not going to be about where you live — it’s going to be about who you like to talk to and who you like to spend your time with online.” The pressure is on, then, for the banks to upgrade their digital offerings, too, enabling a seamless flow of money movement. To do so, financial institutions (FI) and FinTechs both need to understand the very real shifts happening in the households they seek to serve more adroitly.
We’re no longer in what Shekar termed “single payer mode,” where one person earns the money and spends it. The millennial generation, she remarked, is typically marked by dual income households, and younger consumers neither earn nor manage spend — or even share it — the same way as their parents.
Emprise Bank’s Reisig remarked that “there’s the pressures of technology and of innovation — the technology experiences become the new expectation of our customers.”
Linking Banks and FinTechs
In the past, said panelists, banks may have eyed FinTechs with suspicion, and consumer FinTechs may have sought to build everything in house, or eyed banking charters as a key way to create the digital bank of the future.
But Reisig said there’s room for a partnership model where FinTechs can innovate, create delightful experiences and solve frictions inherent in the digital channels emerging in financial services. Banks like Emprise, she said, can be a supportive banking partner, bringing their knowledge and expertise to bear on all manner of critical banking products.
The banks and FinTechs need a bit of connective tissue to tie their respective strengths together, Nowicki said, who added that providers including Treasury Prime can help connect the two sides of that digital banking equation. The banks, he said, bring their strengths in risk management and regulatory compliance to the table, as purely digital relationships continue to be forged between consumers and banking entities.
“It’s important for the banks that are entering into [the digital banking] space,” he said, “to keep control of certain aspects of the programs and of the relationships.” For the FinTechs, said Shekar, there’s the advantage of not having to build deep integrations with each and every bank partner.
As she noted, “I am not a compliance expert — I’m a software builder, and I like the ability to stay in my lane while still leveraging the capabilities of a bank partner and Treasury Prime at the same time.”
Click here to read the entire article.
When are State Money Transmission Laws Applicable? Blockchain Game Developers and FinCEN
Courtesy of Sheppard Mullin Richter & Hampton LLP; National Law Review, Volume XII, Number 277
Oct. 4, 2022 — The rising prevalence of crypto and virtual currencies has invited the scrutiny of several regulatory bodies who continue to grapple with the unique challenges posed by blockchain technology, FinCEN being one prime example. The Financial Crimes Enforcement Network (“FinCEN”) is an arm of the United States Department of Treasury that seeks to impede financial crimes such as money laundering and terrorist financing, and was the first financial regulator in the U.S. to address virtual currency.
Unsurprisingly, the potential misuse of blockchain technology to conceal money laundering activities—among other financial crimes—is a central issue for FinCEN, which is tasked with implementing and enforcing regulations applicable to these activities. Game developers and publishers monetizing the evolving ecosystem of blockchain games should take particular note—especially as it relates to games that facilitate in-game fungible or non-fungible token exchanges.
As background, FinCEN serves to regulate money transmitters under the federal Bank Secrecy Act. A money transmitter is typically an individual or business that engages in the transfer of funds whether they be based in real or virtual currencies. Such a transfer can occur by any means including by wire or electronic transfer. FinCEN requires all money transmitters to register with FinCEN and comply with a number of compliance obligations including regular reporting to FinCEN (particularly as it relates to user/customer identification and transaction data). On top of that, a myriad of state laws also exists that impose additional regulations on money transmitters. For instance, many states have instituted expensive licensure requirements.
To date, FinCEN has published guidance in several instances regarding its view on how convertible virtual currencies should be treated. First, in 2013, FinCEN explained that “[t]he definition of a money transmitter does not differentiate between real currencies and convertible virtual currencies” and noted that “[a]ccepting and transmitting anything of value that substitutes for currency makes a person a money transmitter under the regulations implementing the [Bank Secrecy Act].” Then, in 2019, FinCEN’s update to its original guidance in fact affirmed its 2013 interpretation and did not establish any new regulatory expectations or requirements.
Thus, under FinCEN’s interpretation, a business that serves as a middleman, accepting payment via virtual currency from one user and passing it along to another, likely qualifies as a money transmitter. In the context of blockchain games, if a game publisher plays a role as a money transmitter in an exchange of tokens—that are deemed a convertible virtual currency—between players, the game publisher is likely also subject to the Bank Secrecy Act and other money transmitter laws. As a result, each game developer that facilitates token exchanges should evaluate which legal and regulatory obligations are applicable to it, in order to maintain compliance with federal laws.
As for state money transmitter laws, such a game might or might not qualify as a money transmitter based on these facts. For instance, California’s Department of Financial Protection and Innovation regulates money transmitters in the state under California’s Money Transmission Act (Cal. Fin. Code § 2000 et seq.), but the guidance around classifying and commercializing certain virtual currency services is still evolving. Thus, if a game developer resides in California and his or her game includes any form of token exchange using virtual currencies, then consulting with an attorney to consider the specific facts would be highly advised to determine whether a license to transmit money is required in California. However, even if a California license is not required, the game developer might still need to comply with federal and other states’ licensure requirements.
Mortgage Borrowers Can Challenge Inaccurate Appraisals Through the Reconsideration of Value Process
Courtesy of Patrice Alexander Ficklin, Makalia Griffith, and Tim Lambert, CFPB
Oct. 6, 2022 — Accurate appraisals are essential to the integrity of mortgage lending. Overvaluation can decrease affordability, make it harder to sell a home or refinance, and increase the risk of foreclosure. Undervaluation can prevent a homeowner from accessing accumulated equity, whether through sale or a home equity loan. Both over- and under-valuation keep individuals, families, and neighborhoods from building wealth through homeownership.
Homebuyers and homeowners can ask for a lender to reconsider a home valuation the consumer believes to be inaccurate. This process is often referred to as a “reconsideration of value” or “ROV.” Borrowers can point out, for example, factual or other errors or omissions, inadequate comparable properties, or provide evidence that the appraisal was influenced by prohibited bias.
Responsible lenders focused on serving their customers typically will provide borrowers with clear, actionable information about how to raise concerns about the accuracy of an appraisal. A lender’s reconsideration of value process must ensure that all borrowers have an opportunity to explain why they believe that a valuation is inaccurate and the benefit of a reconsideration to determine whether an adjustment is appropriate. While an individual lender’s reconsideration of valuation process may vary, lenders must make sure that their reconsideration of value process is nondiscriminatory and available and accessible to all.
Some lenders include information about how to request a reconsideration of value in the copies of appraisals and other home valuations required under the Equal Credit Opportunity Act Valuations Rule. Other lenders may provide information about the reconsideration of value process and a borrower’s ability to provide relevant information before an appraisal is conducted. When lenders provide borrowers with clear, plain-language notice of reconsideration of value opportunities, lenders help ensure that their reconsideration of value process is nondiscriminatory. Lenders that fail to have a clear and consistent method to ensure that borrowers can seek a reconsideration of value risk violating federal law.
Ensuring that homebuyers and homeowners can challenge inaccurate appraisals is one of many efforts that the CFPB and other federal agencies are working on to ensure fair and accurate appraisals. The CFPB has already taken the first step to implement legal requirements to limit bias in algorithmic appraisals. Regulators are also working to provide more oversight over the activities of the Appraisal Foundation, which wields enormous power over the appraisal industry. Learn more about the work of the Interagency Task Force on Property Appraisal and Valuation Equity (PAVE) .
Innovator Q&A: Digital Currency Risks May Be On The Rise, But There’s Hope For Tracking Fraud
Courtesy of Zach Warren, Thomson Reuters Institute
Oct. 4, 2022 — In an in-depth interview with Gurvais Grigg of Chainalysis, we examine how the growth in the use of digital currency also has led to an increase in incidents of fraud involving such assets
For those not fully invested in the digital currency world, it may be tough to completely understand its scope. Although digital assets only began to be traded in 2009, the current worldwide market cap for digital currencies sits at around $1 trillion dollars, according to CoinMarketCap, and nearly $400 billion of that is Bitcoin alone.
Related Reading: Cost of Living Crisis: The Implications for Financial Crime
As digital currencies have become more prominent, however, so has fraud involving crypto. In fact, scammers captured $14 billion in digital currency in 2021, according to blockchain analysis company Chainalysis.
Those numbers can be eyepopping for compliance professionals tasked with tracking financial transactions and identifying potential fraud. Those numbers certainly captured Gurvais Grigg’s attention. Grigg, Chainalysis’s Global Public Sector Chief Technology Officer, moved to the private sector in April 2021 by joining Chainalysis after 23 years at the Federal Bureau of Investigation (FBI), most recently as Assistant Director of the FBI Laboratory. An eight-year-old startup, Chainalysis provides software that tracks blockchain transactions, providing the government and financial institution risk managers with both the tools and education around digital transactions and where money is flowing in this emerging ecosystem.
The past year-plus tracking digital currency transactions and fraud have only strengthened the belief that financial institutions and those with whom they work need to begin planning for digital asset risks now. Recently, the Thomson Reuters Institute caught up with Grigg to discuss why he views the blockchain and digital asset transactions as inherently transparent, emerging risks that fraud managers need to know, and what the future of digital asset transactions portends from here.
Thomson Reuters Institute: You’ve written that blockchain can actually increase transparency rather than lessen it. What about the technology makes it trackable?
Gurvais Grigg: It’s a common misconception that crypto is anonymous and untraceable. In fact, it’s quite the opposite: Cryptocurrencies operate on public, immutable ledgers known as blockchains, and anyone can look up the entire history of transactions of cryptocurrencies that use public blockchains like Bitcoin. Cryptocurrencies are more transparent than most traditional forms of value transfer.
Because the blockchain is permanent and immutable, investigators or consumers are able to see transactions in real-time or access them years later with confidence that the records have not been altered. The same is not always the case with traditional fiat investigations and other asset types. Blockchain analytics and data can significantly reduce investigation time and provide this unparalleled transparency for investigators, regulators, and compliance officers now and into the future.
Thomson Reuters Institute: Digital currency in particular has had a reputation for being where people can go to hide money or transactions. Is this reputation changing? And should it?
Gurvais Grigg: Criminals often embrace new technologies, and cryptocurrency is no exception. The early adoption of cryptocurrency by some criminals helped shape its initial reputation. And crypto remains appealing for criminals, primarily due to its pseudonymous nature and the ease with which it allows users to instantly send funds anywhere in the world, despite its transparent and traceable design. Criminals and nation state actors are turning to digital assets for many of the same reasons so many legitimate consumers: Crypto is a low cost, high speed, and secure way to transfer value.
Click here to read the entire interview.
Crypto Contributions to US Election Campaigns Require Legal Navigation
Courtesy of Todd Ehret, Thomson Reuters
Sept. 13, 2022 — As campaign fundraising heats up ahead of the US midterm elections, making political campaign contributions via cryptocurrencies requires careful navigation of federal and state law
The Federal Election Commission (FEC), which governs campaigns for Congress and the presidency, allows cryptocurrency contributions to political committees. State and local races across the country are a different story — campaign finance laws vary significantly. Further, the laws are quickly changing. California, for example, recently reversed a 2018 ban on the use of cryptocurrencies for campaign contributions.
“The landscape of crypto campaign contributions remains a rapidly developing area,” says Chris White, a campaign-finance specialist with the Washington DC-based law firm Wiley Rein.
In an article published on the law firm’s website in June, White and Wiley co-author Caleb Burns wrote: “As interest in the use of cryptocurrencies for political contributions has increased, states have begun to fashion their own sets of laws and regulations governing the use of cryptocurrencies in campaign finance. The approaches taken at the state level fall on a spectrum from a total ban on the contribution or use of cryptocurrencies to the explicit approval of contributions made via cryptocurrency.”
With such a rapidly changing patchwork of laws, it would be wise for professionals in this area to keep up with the legality of crypto campaign contributions.
Federal elections
A 2014 advisory opinion from the FEC gave a green light to political action committees accepting contributions in Bitcoin. Also, individual federal candidates can accept donations on the form of cryptocurrency, but the FEC prohibits using cryptocurrencies to pay for campaign expenditures.
The FEC holds that that cryptocurrencies fall under the “anything of value” catch-all areas of the Federal Election Campaign Act, which defines such contributions as “any gift, subscription, loan, advance, or deposit of money or anything of value made by any person for the purpose of influencing any election for Federal office.” Therefore, cryptocurrencies are treated similarly to “stocks, bonds, art objects and other similar items that cannot be deposited upon receipt, but will be liquidated at a later date.” The donation’s value is based on the market value of the cryptocurrency on the day of the donation.
Although the FEC specifically referenced Bitcoin in the 2014 advisory, it is presumed that the advisory would apply to other crypto assets. (The commission has a detailed guide to reporting crypto donations on its website.)
States with a green light
In addition to the FEC, Arizona, Colorado, Iowa, Ohio, Tennessee, and Washington have said contributions made via cryptocurrency are permissible.
California recently joined the list when it reversed its ban on crypto contributions after the California Fair Political Practices Commission voted unanimously to repeal the state’s ban on cryptocurrency donations and adopt new rules for accepting the funds. The new California regulation was finalized in late July and will take effect within 60 days. It requires that donations be verified via a know-your-customer (KYC) procedure and be processed through a US-based third-party payments processor registered with Treasury’s Financial Crimes Enforcement Network.
Colorado, Iowa, Ohio, and Tennessee have followed the FEC’s guidance and requirement that the donations should be fair valued at the time of the contributions, and any increases or decreases should be treated as other income or expenditure.
Conversely, Washington and Arizona are treating cryptocurrencies more like traditional forms of currency. Washington state has taken a more restrictive approach, treating crypto donations as the equivalent of cash contributions, capping them at $100, requiring them to be converted to fiat currency within five business days, and prohibiting the use of crypto for the purchase of goods and services. While Arizona stated that “committee[s] may accept an in-kind contribution in the form of cryptocurrency… and such contributions are generally subject to the same rules applicable to traditional contributions in US currency.”
“In keeping with this treatment of cryptocurrency as analogous to ‘traditional’ US currency rather than a commodity, Arizona has neither expressly approved nor expressly foreclosed the use of cryptocurrency by political committees to purchase goods or services,” explained the attorneys at Wiley in their article.
Click here to read the entire article.
Articles for September 30, 2022 Issue:
- The DeFi Financial Crime Arms Race: By Taking A Fresh Approach to Stamping Out Financial Crime We Can Build a Safer Future for DeFi.
- Related reading: FIs Seek Expert Insights on How Best to Tame Crypto
- Fintech Firms Suffer Data Breach Due To Critical Zoho Flaw
- Related event: Registration Open for NCUA Webinar on Defending Against Ransomware Attacks
- Related reading: 21 Hackers Made Over $1m on HackerOne
- Bank to Pay $13M in Mortgage Redlining Case, as Feds Target Discriminatory Loan Practices
- ICYMI: An Iowa Credit Union Sues Apple for Antitrust Violations
The DeFi Financial Crime Arms Race: By Taking A Fresh Approach to Stamping Out Financial Crime We Can Build a Safer Future for DeFi.
Courtesy of Michael Karbouris, CoinDesk
Sept. 27, 2022 — Decentralized finance (DeFi) is a vibrant and innovative ecosystem that has the potential to improve efficiency and transparency in financial markets and serve as a driving force in redefining the future of finance. Built on public permissionless blockchains, DeFi’s mission is to give anyone with an internet connection the ability to tap into financial services, which in turn promotes equal opportunity and financial democratization around the world.
However, given its open nature, DeFi is undergoing the same arms race that has plagued every nascent but innovative technology and industry: fighting criminals who want to take advantage of it.
Related reading: FIs Seek Expert Insights on How Best to Tame Crypto
DeFi is no stranger to financial crime. In 2021, money laundering in crypto accounted for more than $8 billion, with almost $1 billion of this being sent to DeFi protocols. While these headline numbers are concerning, let’s put them in context. It’s estimated that somewhere between 100 and 250 times that number in fiat currency is laundered each year in traditional financial markets – most of it opaque, much of it undetected, and even less acted upon by law enforcement.
The fact that we can estimate with a much higher degree of accuracy how much money is being laundered in DeFi highlights a truth that is sometimes overlooked: DeFi is largely transparent, and a transparent market should in theory be easier to police. The ability to monitor almost every transaction is something that is still near impossible to carry out in traditional fiat markets. And yes, while privacy-oriented protocols in DeFi will likely only get more popular, the beauty of zero-knowledge proof technology is that it allows opt-in transparency while maintaining privacy through pseudo-anonymity.
When it comes to DeFi, ultimately we all want an ecosystem with integrity, one that breeds confidence for the growing crypto community. But simply looking to traditional finance (TradFi) as a model on how to achieve this is not optimal. Rather than trying to fit existing regulations tailored for TradFi markets, we should be understanding DeFi’s idiosyncrasies, focusing on the types of financial crimes that are unique to the DeFi ecosystem and that truly hurt the end user, and aligning methods of detection and prevention with crypto’s core values of decentralization and trustlessness.
The various shades of DeFi-specific financial crime
The whole point of laundering money is to make illicit income, usually generated through criminal activity, appear legal. When it comes to crypto, criminal activities such as theft and fraud can look vastly different to how they appear in traditional financial markets. This is a result of the public nature of the technology, lack of intermediaries and the pseudo-anonymity afforded by permissionless blockchains.
Fintech Firms Suffer Data Breach Due To Critical Zoho Flaw
Courtesy of Jurgita Lapienytė, CyberNews
Sept. 27, 2022 — A technology platform servicing financial technology companies fell victim to a cyberattack that exposed sensitive end-user data. Most likely, threat actors behind the breach exploited a critical vulnerability in Zoho’s ManageEngine product.
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical remote code execution (RCE) vulnerability in the Indian company’s ManageEngine program, warning it has been exploited in the wild.
Rated 9.8 out of 10 on the The Common Vulnerability Scoring System (CVSS), the bug was patched by Zoho on June 24.
Related reading: 21 Hackers Made Over $1M on HackerOne
Related event: Registration Open for NCUA Webinar on Defending Against Ransomware Attacks
“This remote code execution vulnerability could allow attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360, and Access Manager Plus. Authentication is not required to exploit this vulnerability in Password Manager Pro and PAM360 products,” Zoho said in June, urging users to upgrade immediately.
Zoho has at least 80 million customers worldwide, including big companies like Netflix, Amazon, Fortinet, Facebook, KPMG, Renault, HP, and Tesla, among others.
CISA issued a warning “based on evidence of active exploitation.” The Cybernews Research team found one instance where threat actors most likely exploited the critical flaw to breach an organization.
The hack
A threat actor hacked into the BankingLab software-as-a-service (SaaS) banking platform, servicing fintech companies, and is giving away access to its clients’ servers and customers for free. It is believed that BankingLab had been relying on ManageEngine to protect its network.
On September 24, a new user on a popular hacker forum posted the following message: “Recently, we have obtained all server permissions of BankingLab and obtained all customer data, including the transaction flow of each customer’s user [and] identity information. Now I will share the data and master key of the PAM360 password management system inside BankingLab with you, which contains the sshkey of internal services [and] various system and server passwords. Please enjoy.”
BankingLab provides a “full stack of digital banking services” to financial technology (aka “fintech”) companies, including modules for customer account management, payment processing, issuing cards, and providing loans and deposits. Its clients include Vialet, Simplex, Bankera, and Perlas Finance.
“We help entrepreneurs with our technology, guiding you from business ideas to successful licensed financial institutions,” the company claims.
BankingLab is a brand owned by Baltic Amber Solutions (BAS), which is headquartered in Vilnius, Lithuania. In an interview with a local news outlet in 2021, BAS head and co-founder Narimantas Bloznelis said: “We want to build a platform corresponding to all fintech solution needs, and to become a financial services Amazon.”
The Cybernews research team has investigated the leak posted by the threat actor, and it turns out to be an SQL database dump and master key of the PAM360 password management system inside bankinglab.com. Short for “structured query language”, SQL is commonly used in programming and managing data and can be exploited as an attack vector by cybercriminals.
Click here to read the entire article.
Bank to Pay $13M in Mortgage Redlining Case, as Feds Target Discriminatory Loan Practices
Coutesy of Charles Toutant, Law.com
Redlining is getting more attention now after getting less attention during the previous administration, said Matthew Adams, a white-collar defense lawyer at Fox Rothschild who handles redlining cases. “I think it fits with the current administration’s focus on civil rights abuses,” Adams said.
What You Need to Know
- Lakeland Bank agrees to pay $13 million to settle allegations that it avoided issuing home mortgages in Black and Hispanic neighborhoods around Newark.
- The Justice Department is accelerating its investigation and prosecution of redlining.
- Lakeland Bank denies any wrongdoing in the case but says it wanted to avoid the distraction of prolonged litigation.
Sept. 28, 2022 — A New Jersey-based bank agreed to pay $13 million to resolve allegations that it engaged in discriminatory lending practices in Newark and nearby areas, the Department of Justice announced.
Lakeland Bank engaged in redlining by avoiding the issuance of loans in Black and Hispanic neighborhoods of Essex, Somerset and Union counties, the Justice Department said. The Lakeland case is part of an amped-up effort to target mortgage redlining under Attorney General Merrick Garland, the Justice Department said.
From at least 2015 to 2021, all Lakeland branches were located in majority-white neighborhoods, and its loan officers did not serve the needs of Black and Hispanic neighborhoods in Newark and nearby, the complaint alleged. The CEO of Lakeland said his bank would settle with the Justice Department even though he denied the allegations.
“While we strongly disagree with any suggestion we have acted improperly, Lakeland Bank has fully cooperated throughout this process and remains confident that we have been fully compliant with all fair lending laws,” said Thomas Shara, president and CEO of Lakeland Bank. “This resolution avoids the distraction of protracted litigation and allows us to focus our time, expertise, and resources towards achieving a shared goal of meeting the credit needs of all residents within our communities, including those who historically have been underserved.”
John Gorman of Luse Gorman in Washington represents Lakeland Bank in the redlining case. He declined to comment on the case.
Just one day before the charges were announced, Lakeland, headquartered in Oak Ridge, New Jersey, said it would merge with Iselin, New Jersey-based Provident Bank. A Provident spokesman said that bank was aware of the redlining charges, and the announcement would not derail the merger.
Last month the Justice Department said it would collaborate with the Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency to aggressively prosecute redlining, which violates the Fair Housing Act and the Equal Credit Opportunity Act.
The department said it was expanding its analyses of potential redlining to both depository and nondepository institutions, which are lenders that do not provide typical banking services but engage in mortgage lending.
More redlining prosecutions are likely in the future, said Matthew Adams, a white-collar defense lawyer at Fox Rothschild in Morristown. Redlining is getting more attention now after sitting on the back burner during the Trump administration, Adams said.
“I think it fits with the current administration’s focus on civil rights abuses,” Adams said. The nondepository institutions that are suddenly under scrutiny for redlining are the same institutions that are under the spotlight for violations related to COVID-19 stimulus funds, he said. “By their nature, being nondepository institutions, they have been subject to perhaps less scrutiny,” he said.
“Financial institutions that refuse to provide mortgage lending services to communities of color not only contribute to the persistent racial wealth gap that exists in this country, but also violate federal law,” Garland said in a statement. “The agreement with Lakeland announced today represents the Justice Department’s continued commitment to addressing modern-day redlining, and to ensuring that all Americans have equal opportunity to obtain credit, no matter their race or national origin.”
“Redlining creates an unequal playing field that unfairly prevents many persons of color from achieving the dream of home ownership, and this type of systemic and intentional discrimination cannot and will not be tolerated,” U.S. Attorney Philip Sellinger said. “It is wholly unacceptable that redlining persists into the 21st century, and this case demonstrates our commitment to combating redlining and hold banks and others accountable when they engage in unlawful discrimination. Through this agreement, we are taking a major step forward by removing unlawful and discriminatory barriers in residential mortgage lending.”
Lakeland agreed to invest $12 million in a loan subsidy fund for residents of Black and Hispanic neighborhoods in the Newark area, as well as $750,000 for outreach and consumer education, and $400,000 for development of community partnerships to provide services to increase access to residential mortgage credit.
The bank also agreed to open two branches in neighborhoods of color, including one in Newark. It also agreed to have four loan officers dedicated to serving the Newark area and to employ a community development officer who will oversee expansion of lending in communities of color.
ICYMI: An Iowa Credit Union Sues Apple for Antitrust Violations
Courtesy of Malathi Nayak, law.com
Apple is accused of using its market power to fend off competition from rival payment apps and charging card issuers fees to boost its bottom line.
Apple Inc. was hit with an antitrust lawsuit over Apple Pay, accused of using its market power in the mobile device industry to fend off competition from rival payment apps and charging card issuers fees to boost its bottom line.
The proposed class-action complaint by Affinity Credit Union marks the latest antitrust battle for the iPhone maker, after facing increased scrutiny in recent years over its App Store policies from government regulators. European regulators, after a nearly two-year investigation, also found on a preliminary basis that Apple abused its dominant position with Apple Pay in the market for tap-to-pay apps or mobile wallets.
IPhone users must use Apple Pay if they want to buy something by tapping the phone against a terminal in a store. Other iPhone payment services such as PayPal and Square, as well as financial institutions such as Chase, Citi and American Express, can’t launch tap-to-pay iPhone apps with their own features and interface.
By excluding competition, Apple can charge “payment card issuers fees that no other mobile wallet ventures to impose,” Affinity Credit Union, the Des Moines, Iowa-based payment card credit union that issues payment cards, said in the lawsuit, filed Monday in federal court in San Jose, California.
Apple charges issuers 0.15% on credit card transactions and 0.05% on debit cards. Google Pay and Samsung Pay, operating on the Android system, don’t charge card issuers any fees. The Apple Pay fees “generated a reported $1 billion for Apple in 2019, and this revenue stream — earned from card issuers — is predicted to quadruple by 2023,” Affinity Credit Union said in the lawsuit.
“If Apple faced competition, it could not sustain these substantial fees,” Affinity Credit Union said.
The credit union claims Apple is violating the Sherman Act, designed to protect competition, by tying its mobile devices and mobile wallet together and by exclusing all competitors.
Articles for September 23, 2022 Issue:
- DOJ Asks Congress for Tools to Limit NFT Money-Laundering Risk
- Related Reading: DOJ Seeks to Double Jail Time for Money Transmission Crimes
- Related Reading: How Did NFTs Become SEC’s Newest Crypto Target?
- EU Finalizes Legal Text for Landmark Crypto Regulations Under MiCA
- How the Fed’s Rate Increase Will Hit Americans’ Monthly Budgets
- The Fed Forecasts Hiking Rates as High as 4.6% Before Ending Inflation Fight
- The Data Point: Paycheck-to-Paycheck Living Now Stands at 59% of All US Consumers
DOJ Asks Congress for Tools to Limit NFT Money-Laundering Risk
Courtesy of PYMNTS.com
Sept. 22, 2022 —Down at the very bottom of the crypto crime report the Justice Department issued last week was a request that could make it a lot harder to buy and sell NFTs.
Citing examples of criminals using the sale of the popular nonfungible tokens that hold art, video, music and collectibles to launder funds, the Justice Department asked Congress to define some of all NFTs as “value that substitutes for currency” under the Bank Secrecy Act (BSA).
Doing so, it said in “The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets,” would “make clear that its key [anti-money-laundering (AML) and countering the financing of terror (CFT)] provisions — including the obligations to have customer identification programs and report suspicious transactions to regulators — apply to NFT platforms, including online auction houses and digital art galleries.”
Related Reading: DOJ Seeks to Double Jail Time for Money Transmission Crimes
Related Reading: How Did NFTs Become SEC’s Newest Crypto Target?
The impetus, the department said, is the “explosive growth in the demand and corresponding markets for NFTs, perhaps most notably in the area of digital art.”
Substantial Risk
This “presents substantial money-laundering risks,” it said, citing a February Treasury Department study on money laundering in the broader art market.
“NFTs can be used to conduct self-laundering, a sequence in which criminals purchase an NFT with illicit funds and then resell to a purchaser who pays for it with clean funds unconnected to a prior crime,” that report noted.
It also found that in most cases, “digital assets that are unique, rather than interchangeable, and that are used in practice as collectibles rather than as payment or investment instruments … are generally not considered to be virtual assets under [international regulations].”
The “nonfungible” part of NFT means that each is unique and cannot substitute for any other, as opposed to cryptocurrencies like bitcoin which all have the same uses and value.
NFT marketplaces “may take the view that this definition [of a ‘value that substitutes for currency’] does not apply to their activities — and that they are thus not subject to the BSA’s anti money-laundering and anti-terrorism laws, the department said.
Justice is asking Congress to amend the BSA “to make clear that its key AML/CFT provisions — including the obligations to have customer identification programs and report suspicious transactions to regulators — apply to NFT platforms, including online auction houses and digital art galleries.”
Already There
Redefining NFTs as “value that substitutes for currency” would allow the Treasury Department’s Financial Crimes Enforcement Unit (FinCEN) to “potentially seek to regulate such activity under its money transmission regime,” a trio of lawyers at Skadden, Arps, Slate, Meagher & Flom wrote in an April blog post.
That, according to Jamie Boucher, Eytan Fisch and Javier Urbina, would require NFT marketplaces to register as money services businesses (MSB) with FinCEN.
Some types of NFTs — notably those used to fractionalize tangible assets like physical artworks and real estate, but also other valuable art or collectible tokens — are likely securities, the Securities and Exchange Commission (SEC) has said.
In FinCEN’s view, the trio noted, those can be repurposed to fit the definition of “value that substitutes for currency” and thus may already require MSB licenses.
EU Finalizes Legal Text for Landmark Crypto Regulations Under MiCA
Courtesy of Jack Schickler, Sandali Handagama, CoinDesk
Sept. 22, 2022 —The European Union has finalized the full text of its landmark Markets in Crypto Assets (MiCA) legislation. Officially, the text is still open to comments, but sources briefed on the talks have told CoinDesk that it is, in practice, finalized.
A leaked draft of the bill dated Sept. 20 and verified by CoinDesk urges EU enforcers to take a “substance over form” approach to the law, meaning its provisions could even apply to some assets categorized as non-fungible tokens (NFT).
MiCA, once passed into law, will require issuers of crypto assets to publish white papers containing technical roadmaps, for platforms to register with the authorities, require stablecoin issuers to hold capital and be prudently managed.
The new draft also features changes that could indicate how the EU might treat algorithmic stablecoins, which were notably excluded from MiCA’s scope when it was first introduced in 2020. Algorithmic stablecoins – similar to the recently collapsed terraUSD (UST), which used another cryptocurrency and a bit of code to balance its price and supply – should fall within the scope of regulation “irrespective of how the issuer intends to design the crypto asset, including the mechanism to maintain a stable value.”
“Offerers or persons seeking admission to trading of algorithmic crypto assets that do not aim at stabilizing the value of the crypto assets by referencing one or several assets should in any event comply with Title II of this Regulation,” a Recital in the draft said, referring to the section of the law that lays out requirements for crypto asset issuers.
A Recital is a text that introduces an EU law and sets out its motivation. Though not – unlike the substantive articles of the regulation – legally binding, a recital can be used by supervisors and courts when interpreting the scope of the legislation.
An older draft also sought to limit the issuance of stablecoins backed by asset reserves that were denominated in a “non-EU currency” to introduce “a minimum denomination or to limit the amount issued,” which the industry feared would block popular U.S. dollar-pegged stablecoins like USDC out of the EU market. The new draft proposes this rule should be modified to apply to all issuers of asset-backed stablecoins, regardless of the currency of denomination.
Are NFTs in or out?
NFTs are typically designed to have a unique digital identifier that cannot be copied, interchanged or subdivided, but the rise of fractionalized assets – where a set of fungible tokens are issued to represent one NFT – have been drawing some attention from regulators as they could resemble traditional securities.
While the leaked draft – thrashed out in a series of technical meetings following a June 30 deal – shows MiCA doesn’t apply to NFTs that are genuinely unique and incapable of being traded with each other, “the issuance of crypto-assets as non-fungible tokens in a large series or collection should be considered as an indicator of their fungibility,” the final compromise text says in a Recital, even if the issuer gave it a unique identifier.
The details of the provision have caused concern within the industry. The exact drafting used could determine whether in practice the regulation covers the bulk of the NFT market – such as similar, but distinct Bored Apes, implying issuers and trading platforms would be caught by its strictures.
When considering whether to regulate a particular asset, national and EU regulators “should adopt a substance over form approach under which the features of the asset in question should determine the qualification, not its designation by the users,” the text added.
How the Fed’s Rate Increase Will Hit Americans’ Monthly Budgets
Courtesy of By Julia Carpenter, Wall Street Journal
Sept. 21, 2022 —The Federal Reserve raised rates another 0.75 percentage point Wednesday, as part of its continuing effort to stamp out stubbornly high inflation. Americans are only beginning to feel the full impact of these moves.
By raising rates, the Fed seeks to cool the economy and rein in inflation, which continued to run higher than expected in August. Higher interest rates raise the cost of carrying credit-card balances and taking out mortgages, car loans and other debt, but consumers may not immediately feel the effects. Even outsize increases like the central bank’s recent hikes reach wallets and the broader economy somewhat gradually over weeks and months, economists say.
Related Reading: The Fed Forecasts Hiking Rates as High as 4.6% Before Ending Inflation Fight
“There’s no easy answer for when it starts to pinch,” said Caroline Fohlin, an economist at Emory University. “It’s acting like a vice, just tightening more and more.”
To put the rate increases in context, it helps to look at the actual effect higher rates are having on Americans’ monthly expenses for credit cards and other debt since the Fed began this effort six months ago.
Rising rates will increase your credit card bills
The average annual percentage rate on a credit card increased from around 16.17% in early March to more than 18% in September, because of rate increases, according to Bankrate. Since the average household carries a $8,942 balance, according to WalletHub, that works out to roughly an extra $14 in interest each month.
These numbers may appear small, said Nina O’Neal, partner and investment adviser with AIM Advisors, but the relatively quick rate of increases can creep up.
Higher mortgage rates make homes less affordable
The change in the cost of borrowing to buy a house has been more pronounced in what has already been a pricey housing market. Before the Fed’s move, the average fixed rate on a 30-year mortgage recently rose to 6.02%, from 4.16% the week of March 17, and additional rate increases would likely push mortgage rates even higher.
Rising rates can translate to hundreds of dollars more in a monthly mortgage payment. The median home price reached $403,800 in July, according to data from the National Association of Realtors. Someone putting a 20% down payment on such a home and taking out a 30-year mortgage with a 6% rate will now pay around $2,400 a month. If they made the same purchase six months ago, their monthly payments would be nearly $250 less.
Click here to read the entire article.
The Data Point: Paycheck-to-Paycheck Living Now Stands at 59% of All US Consumers
Courtesy of PYMNTS.com
Sept. 2, 2022 —With inflation deflating the dollar and prices through the roof, more Americans report they are living paycheck-to-paycheck, though the stats vary month to month.
For the latest study in the series “New Reality Check: The Paycheck-To-Paycheck Report: Emergency Spending Edition,” a PYMNTS and LendingClub collaboration, we surveyed over 4,000 U.S. consumers, finding that nearly 3 in 5 U.S. consumers were living paycheck to paycheck in July 2022 — a 5 percentage-point increase from July 2021.
As the study states, “Living paycheck to paycheck is becoming the norm, and as many consumers now live paycheck to paycheck without issues paying bills as those who do not live paycheck to paycheck. The affluent are not immune to these trends, either, as the share of high-income consumers living paycheck to paycheck has increased in the past year.”
Related Report: New Reality Check — The Paycheck-To-Paycheck Report: Emergency Spending Edition
- Paycheck-to-paycheck living now stands at 59% of all U.S. consumers.
While the 59% of consumers living paycheck to paycheck in July was a slight improvement over the June figure of 61%, the year-over-year trajectory combined with the ongoing inflationary crush is a combination keeping more Americans in the “making ends meet” category.
Per the study, the share of consumers living paycheck to paycheck across income levels has fluctuated, but “it has also trended upward, especially for those in higher income brackets. For instance, 74% of consumers annually earning less than $50,000 were living paycheck to paycheck in July 2022, a decrease from 76% in July 2021.
“All other consumers became more likely to be living paycheck to paycheck: 63% of those annually earning $50,000 to $100,000 were living paycheck to paycheck in July 2022, up from 55% in July 2021, as were 43% of those earning more than $100,000 per year, a 9 percentage-point increase from 34% in July 2021.”
Articles for September 16, 2022 Issue:
- Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers
- BSA Violation: Former CUSO Owner Admits to $1 Billion Scheme Targeting a New York Credit Union
- Zelle: ‘We’re Doing Over $1 Million a Minute’ In Transactions, Early Warning Services CEO Says
- The Fed Could Crash the Housing Market
- CISA Orders Agencies To Patch Windows, iOS Bugs Used In Attacks
Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers
Courtesy of Brian Krebs, KrebsonSecurity.com
Sept. 14, 2022 — A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here’s a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.
The insert skimmer pictured is approximately .68 millimeters tall. This leaves more than enough space to accommodate most payment cards (~.54 mm) without interrupting the machine’s ability to grab and return the customer’s card. For comparison, this flexible skimmer is about half the height of a U.S. dime (1.35 mm).
These skimmers do not attempt to siphon chip-card data or transactions, but rather are after the cardholder data still stored in plain text on the magnetic stripe on the back of most payment cards issued to Americans.
Here’s what the other side of that insert skimmer looks like.
The thieves who designed this skimmer were after the magnetic stripe data and the customer’s 4-digit personal identification number (PIN). With those two pieces of data, the crooks can then clone payment cards and use them to siphon money from victim accounts at other ATMs.
To steal PINs, the fraudsters in this case embedded pinhole cameras in a false panel made to fit snugly over the cash machine enclosure on one side of the PIN pad.
Click here to see the entire range of images on ATM skimmers
The financial institution that shared the images above said it has seen success in stopping most of these insert skimmer attacks by incorporating a solution that NCR sells called an “insert kit,” which stops current skimmer designs from locating and locking into the card reader. NCR also is conducting field trials on a “smart detect kit” that adds a standard USB camera to view the internal card reader area, and uses image recognition software to identify any fraudulent device inside the reader.
Related Reading:
Crooks Go Deep With Deep Insert Skimmers
Dumping Data from Deep Insert Skimmers
Skimming devices will continue to mature in miniaturization and stealth as long as payment cards continue to hold cardholder data in plain text on a magnetic stripe. It may seem silly that we’ve spent years rolling out more tamper- and clone-proof chip-based payment cards, only to undermine this advance in the name of backwards compatibility. However, there are a great many smaller businesses in the United States that still rely on being able to swipe the customer’s card.
Many newer ATM models, including the NCR SelfServ referenced throughout this post, now include contactless capability, meaning customers no longer need to insert their ATM card anywhere: They can instead just tap their smart card against the wireless indicator to the left of the card acceptance slot (and right below the “Use Mobile Device Here” sign on the ATM).
For simple ease-of-use reasons, this contactless feature is now increasingly prevalent at drive-thru ATMs. If your payment card supports contactless technology, you will notice a wireless signal icon printed somewhere on the card — most likely on the back. ATMs with contactless capabilities also feature this same wireless icon.
Once you become aware of ATM skimmers, it’s difficult to use a cash machine without also tugging on parts of it to make sure nothing comes off. But the truth is you probably have a better chance of getting physically mugged after withdrawing cash than you do encountering a skimmer in real life.
So keep your wits about you when you’re at the ATM, and avoid dodgy-looking and standalone cash machines in low-lit areas, if possible. When possible, stick to ATMs that are physically installed at a bank. And be especially vigilant when withdrawing cash on the weekends; thieves tend to install skimming devices on Saturdays after business hours — when they know the bank won’t be open again for more than 24 hours.
Lastly but most importantly, covering the PIN pad with your hand defeats one key component of most skimmer scams: The spy camera that thieves typically hide somewhere on or near the compromised ATM to capture customers entering their PINs.
Shockingly, few people bother to take this simple, effective step. Or at least, that’s what KrebsOnSecurity found in this skimmer tale from 2012, wherein we obtained hours worth of video seized from two ATM skimming operations and saw customer after customer walk up, insert their cards and punch in their digits — all in the clear.
BSA Violation: Former CUSO Owner Admits to $1 Billion Scheme Targeting a New York Credit Union
Courtesy of By Peter Strozniak, CUTimes.com
Sept. 14, 2022 —A New York man admitted in federal court Tuesday he was part of a scheme that channeled $1 billion in high-risk transactions, including millions of dollars of bulk cash transactions from a Mexican bank, to New York State Employees Federal Credit Union.
Hanan Ofer, 69, pleaded guilty to failing to maintain an effective anti-money laundering program in violation of the Bank Secrecy Act, according to a prepared statement from the U.S. Attorney’s office for the Eastern District in Brooklyn, N.Y.
From 2014 to 2016, Ofer and Gyanendra Asre of Greenwich, Conn., devised and carried out a scheme after they opened and operated a CUSO to bring lucrative and high-risk international financial business to what prosecutors called “a small, unsophisticated credit union.” The NYSEFCU-CUSO was a money services business registered with FinCEN.
Nevertheless, the U.S. Attorney also said in its prepared statement that Ofer was experienced in international banking, trained in anti-money laundering compliance and procedures, and represented to NYSEFCU that he and the CUSO would conduct appropriate anti-money laundering oversight mandated by the Bank Secrecy Act.
Asre, whose criminal case is pending, pleaded not guilty to eight counts of failing to maintain an anti-money laundering program at the credit union, failing to maintain an effective AML program at the credit union’s CUSO, failing to file suspicious activity reports and operating an unlicensed money transmitting business.
Asre was NYSEFCU’s compliance officer from March 2015 to June 2016 and also was a member of the credit union’s supervisory committee from November 2014 to April 2016. He was a 25% owner of the NYSEFCU-CUSO. Ofer was employed as a manager of logistics at an unidentified U.S. financial institution and owned 25% of the NYSEFCU-CUSO.
In their prepared statement, prosecutors said Ofer failed to implement an effective anti-money laundering program at the NYSEFCU-CUSO and other entities, which caused the credit union to process high-risk transactions, including from Mexican banks, without appropriate oversight and without ever filing a single suspicious activity report required by law. Asre and Ofer also owned and operated DDH Group LLC, an unlicensed money transmitting and money services business that conducted some of these high-risk transactions, federal prosecutors said.
According to the indictment, from November 2014 to June 2016, the CUSO received more than $100 million in bulk cash deposits of U.S. currency into a federal reserve account that originated from an unidentified Mexican bank. Those funds were then wired to the Mexican bank’s accounts at an unidentified U.S. financial institution, according to the indictment that was unsealed in April 2021 in U.S. District Court for the Eastern District of New York in Brooklyn.
Ofer faces up to 10 years in prison, prosecutors said. His sentencing hearing has not been scheduled.
In October 2017, the $1.8 million, 1,183-member NYSEFCU was liquidated by the NCUA, which declined to comment on whether the alleged $1 billion in high-risk transactions contributed to its decision to close the credit union.
NYSEFCU’s financial performance reports showed that in the three years before Asre and Ofer were providing their services (2012-2014), the credit union was making $11,000 to $13,000 in fee income. In 2015 and 2016, the credit union’s fee income substantially increased to $87,000 and $79,000, respectively.
Zelle: ‘We’re Doing Over $1 Million a Minute’ In Transactions, Early Warning Services CEO Says
Early Warning Services CEO Al Ko joins Yahoo Finance Live to discuss Zelle notching over $5 billion in payments over the last five years, nearly 1,700 banks using the Zelle transfer service, growth for Zelle, and the future of fintech.
Click here to watch the video interview.
Sept. 8, 2022 — Video Transcript
YF: Money sharing app Zelle is marking five years in the fintech space and more than 5 billion transactions on the platform since its launch in 2017. Joining me to mark the milestone to discuss the future of fintech space, we’ve got the CEO Al Ko here with me in studio. Al, it’s good to see you in person. What is it, 500 or 5 billion transactions here that we’re looking at right now. That’s a pretty significant milestone when you consider that Zelle was kind of a latecomer when it comes to peer-to-peer transactions.
AL KO: That’s right. A lot of the top peer-to-peer applications have been around for over a decade. Zelle just celebrated its fifth birthday. And we’ve been very fortunate to have amazing distribution and amazing products. So we’re doing over $1,000,000 a minute, if you believe it. Over $1.6 billion a day. And so that’s what adds up to a run rate of over half a trillion dollars in the last 12 months.
YF: Yeah. I was just saying this morning how often I use Zelle to sort of pay out family members or whatnot. But, increasingly, I found that a lot of businesses are doing transactions on Zelle as well. So when you look over the last five years, how has that market expanded for you?
AL KO: Yeah. So if you go back to the origins, it started out as a peer-to-peer solution. And that’s what it was designed for, integrated into a consumer checking account. Fast forward to today. We’ve got 750 banks and credit unions live. That covers about 80% of the population. And here’s the surprise. And I was once a product manager. Even though it’s P2P, a lot of businesses were using it. And the average Zelle transaction is $275. And so think of your dog walker, your hairstylist, paying rent. Those are very common use cases for Zelle.
YF: And how much of that is the advantage that Zelle doesn’t necessarily charge a fee? When you think about something like Venmo, there is a fee that’s attached. The Cash App as well. How much of that has been a big driver for you?
AL KO: Well, the key advantages of Zelle, first, it’s already integrated to your bank account. So you don’t have to download anything else. It’s got the safety and security associated with your bank. The money moves within seconds. And then, of course, it’s free. So it’s all of those. But people really like that it’s tied to their bank and their checking account.
YF: How do you get from 5 billion to 10 billion? Where do you see the market potential moving forward?
AL KO: Well, we expect to continue to see a lot of growth in business and small business in particular, particularly in those service-based businesses where Zelle is better than the alternative, cash and check.
YF: When you look at the fintech space broadly, you’ve got a pretty good pulse, especially on how small businesses are right now. There’s a lot of concern about whether, in fact, we’re headed to a recession, how big the slowdown is going to be. What are you seeing from where you stand?
AL KO: What’s interesting is, from our data at least, we’re not seeing a big slowdown. So, of course, we’re subject to the overall economy. For example, during the omicron surge, we definitely saw a little bit of a pullback. But right now, we’re seeing consumers be robust. So we’re not seeing any kind of slowdown right now.
YF: There’s been a lot of changes in the space. We talk so much about the huge growth that we saw in buy now, pay later players, especially during the pandemic. It feels like there’s a bit of a reckoning happening, not just when we look at the stock moves and the pullback, the layoffs that we’ve heard, but also a lot of consumers saying, look, now it’s time to pay up. And this has not necessarily been a good solution. How do you view that part of the fintech space?
Click here to read the entire article or watch the video interview.
The Fed Could Crash the Housing Market
Courtesy of Nicole Goodkind, CNN Business
Sept. 14, 2022 —Investors are getting spooked that the Federal Reserve’s aggressive interest rate hikes could damage the US economy (just look at Tuesday’s selloff). One area of growing concern: housing. Interest rate hikes can lead to higher mortgage rates, which could cause people to think twice about buying a home.
So far, sales are slipping, while prices are holding steady. But some economists warn continued historic rate hikes by the Fed could risk crashing the housing market, underscoring the difficult task ahead for the central bank.
Related Reading: Are We Seeing a Mortgage Rate Lockdown?
What’s happening: According to Tuesday’s Consumer Price Index report, housing costs rose 0.7% in August and are up 6.2% year-over-year, the largest increase since 1991.
That increase was largely responsible for August’s higher-than-expected pace of inflation. Combined with a tight labor market, those high prices give the Fed reason to continue to go hard at its policy meeting next week and beyond, Marvin Loh, senior strategist at State Street, told me.
The Fed needs to see housing costs ease by about half a percentage point to reach its ultimate inflation goal, Loh added. The job won’t be easy. Housing prices can remain stubbornly high, even as the Fed works to counteract them.
Housing prices are “the type of sticky inflation that will not ease anytime soon,” Joseph Brusuelas, chief economist at RSM US, told me. “It’s why the Fed will need to demonstrate a show of resolve by increasing the policy rate by 75 basis points at its September meeting despite the encouraging declines in transportation and energy.”
The risks: Some economists are noting weakness in the housing market starting to peek through. Home sales declined in July for the sixth month in a row. Housing starts, a measure of new home construction, also plunged that month as the cost of building supplies remained high and prospective buyers were priced out of the market.
So should the Fed keep up its historic hikes? The central bank must walk a careful line — a housing slowdown has preceded nine out of the past 12 recessions, and investors haven’t forgotten America’s catastrophic housing crisis in 2008.
Keep in mind: Although there are some reasons to suggest the CPI report on housing lags what’s actually going on in the market, and that housing prices could already be on their way down, we’re nowhere near a market collapse.
Still, Federal Reserve officials will face a tough decision in the coming months. Do they use the housing market’s resilience as a mandate to push forward with aggressive rate hikes and risk a crash?
Americans should prepare for a heating bill shock this winter
Gas prices are easing in the US. But winter is coming and the CEO of Chevron, one of the world’s largest energy companies, is warning that relief at the pump could soon be offset by sweat-inducing heating bills. Chevron Chairman and CEO Mike Wirth said in an interview with CNN’s Poppy Harlow “there’s certainly a risk that costs will go up” for American consumers. Wirth is not predicting a rise of the magnitude seen in Europe, where natural gas prices have skyrocketed as Russia has limited exports, reports my colleague Paul R. La Monica.
But in an interview that aired Tuesday, Wirth warned that US prices could be “significantly higher” this winter.
Oil prices are stillup more than 15% so far this year. That has helped boost sales, earnings and the stock prices of companies like Chevron. Shares of the oil producer are up 36% year-to-date, while the broader S&P 500 is 17.5% lower. Wirth acknowledged that his company is making large profits while Americans struggle.
“I recognize that high energy prices are difficult for consumers. That’s why we’ve talked about increasing production, trying to increase supply to markets in a commodity business,” he said. “You go through these cycles. Two years ago, we were losing billions of dollars a quarter. Now we’re making strong profits.”
Bearish investors flock to cash
In more doom and gloom on Wall Street, pessimistic fund managers are selling stocks and piling into cash, according to a Bank of America survey published Tuesday.
“Investors’ perception of the outlook for the global economy remains bleak in September,” Michael Hartnett, Bank of America’s chief investment strategist, wrote in the report, which surveyed 212 fund managerswith more than half a trillion dollars of assets under management in September.
About 72% of respondents expected a weaker economy in the next 12 months, up 5 percentage points from August. The share of investors saying recession is likely also increased in September to 68%, the highest since May 2020.
Unsurprisingly, Wall Street is bracing for corporate profits to soften and equities to continue to crash, the survey showed. The cash levels investors are holding jumped from 5.7% last month to 6.1%, their highestlevel since the September 11 attacks in 2001.
Click here to read the entire article or watch the video interview.
CISA Orders Agencies To Patch Windows, iOS Bugs Used In Attacks
Courtesy of Sergiu Gatlan, BleepingComputer.com
Sept. 14, 2022 — CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs. Apple also patched the arbitrary code execution vulnerability on Monday and confirmed that it was exploited in attacks as a zero-day bug in the iOS and macOS kernel.
A binding operational directive issued in November 2021 says that all Federal Civilian Executive Branch Agencies agencies have to secure their networks against bugs added to CISA’sCISA’s catalog of Known Exploited Vulnerabilities.
CISA has given Federal Civilian Executive Branch Agencies agencies three weeks, until October 10th, to address these two security flaws and block attacks that could target their systems.
Related Reading: ‘This Is a Problem We Can Tackle’ — Former White House CIO Wants To Help Credit Unions Outmaneuver Cybercriminals.
“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” CISA warned today.
Since BOD 22-01 was issued, CISA has added over 800 security flaws to the catalog of bugs exploited in the wild, requiring federal agencies to address them on a tighter schedule to block attacks and potential security breaches.
Articles for September 9, 2022 Issue:
- FTC Alleges: Credit Karma Hurt People’s Credit Scores Using Dark Patterns
- Fannie Mae: High Home Prices, Mortgage Rates Weighing on Housing Sentiment
- Harvard Researcher: More Americans Tapping Buy Now, Pay Later Services For Groceries ‘Shows the Height of Personal Desperation’
- Fed Vice Chair Brainard Calls for Crypto-Specific Regulations, Notes Stablecoin Risks
FTC Alleges: Credit Karma Hurt People’s Credit Scores Using Dark Patterns
The popular credit monitoring company tricked people with false “pre-approved” credit card offers Credit Karma found got them to click ads more often.
Courtesy of Maxwell Strachan, Vice
September 1, 2022 — The Federal Trade Commission is accusing a company of tricking users into signing up for credit cards with so-called dark patterns.
Credit Karma, which offers people a free way to check their credit scores, told people that they had “90% odds” and had been “pre-approved” for credit cards that they actually did not qualify to receive, the Federal Trade Commission says in a new complaint. The federal agency alleges that between February 2018 and April 2021, almost one-third of people who were told they would qualify did not, causing them to “unnecessarily” receive a hard inquiry on their credit reports that often hurt their scores.
The FTC is requiring the personal finance company to pay out $3 million to the people they allegedly deceived and no longer falsely tell people they have been pre-approved for credit cards.
“Credit Karma’s false claims of ‘pre-approval’ cost consumers time and subjected them to unnecessary credit checks,” said Samuel Levine, the director of the agency’s bureau of consumer protection, in a statement. “The FTC will continue its crackdown on digital dark patterns that harm consumers and pollute online commerce.”
Dark patterns are user interfaces that deceive users in non-intuitive ways. According to the complaint, Credit Karma ran A/B testing experiments that showed that people were more likely to click on ads that said they had been pre-approved than they were on ones that said they had “excellent” odds of approval, which the FTC said constituted a dark pattern.
Credit Karma said in a statement on Thursday that the company altered its business so that it no longer tells people they have been pre-approved as of April 2021.
“We fundamentally disagree with the FTC’s allegations about marketing terms that aren’t even in use anymore, but ultimately we reached this agreement to avoid disruption to our mission and maintain our focus on helping our members find the financial products that are right for them,” Credit Karma chief legal officer Susannah Wright said in a statement.
Credit Karma lets people monitor their credit online without affecting their score. Part of the way it makes money is by using the data it receives to allow credit card companies and others to send targeted advertisements to people through the site. When someone buys a product, the third-party companies pay Credit Karma.
“We suggest offers based on your credit, Approval Odds, and money we make from our partners,” the company says on its website. In another area, the company elaborates: “For instance when you take an offer –– like for a credit card or loan –– through Credit Karma, we usually make some money from one of our partners, like the bank that issues the card or the lender who funds your loan.”
Credit Karma knew people were getting denied after the company told them they had been pre-approved, according to the complaint. As evidence, the FTC cited customer service training materials that said one common issue people complained about was “I was declined for a pre-approved credit card offer …. How is that possible?!?!?!”
Fannie Mae: High Home Prices, Mortgage Rates Weighing on Housing Sentiment
Year-over-Year Jump in Interest Rates Amplifying Perceptions of Unaffordability for Buyers and ‘Lock-in Effect’ for Sellers
September 7, 2022 — The Fannie Mae (FNMA/OTCQB) Home Purchase Sentiment Index®(HPSI) decreased 0.8 points in August to 62.0, its sixth consecutive monthly decline, as high home prices and elevated mortgage rates continue to weigh on consumer sentiment, particularly home-selling sentiment. Despite the relatively small aggregate change, the HPSI experienced significant volatility among four of its six components, including those measuring consumer perceptions of homebuying and home-selling conditions, as well as expectations regarding the future direction of home prices and mortgage rates.
Month over month, consumers reported that home-selling conditions have worsened – although that component remains strongly positive on net. Consumers also reported that homebuying conditions have improved, but 73% continue to report that it’s a “bad time to buy.” For the first time since the start of the pandemic, consumers are neutral, on net, about the future path of home prices, with an increasing share this month reporting that prices will decline. Meanwhile, a greater share reported the expectation that mortgage rates will decline, even though a majority continue to believe that mortgage rates will go up over the next 12 months. Year over year, the full index is down 13.7 points.
Home Purchase Sentiment Index – Component Highlights
Fannie Mae’s Home Purchase Sentiment Index (HPSI) decreased in August by 0.8 points to 62.0.The HPSI is down 13.7 points compared to the same time last year. Read the full research reportfor additional information.
- Good/Bad Time to Buy: The percentage of respondents who say it is a good time to buy a home increased from 17% to 22%, while the percentage who say it is a bad time to buy decreased from 76% to 73%. As a result, the net share of those who say it is a good time to buy increased 8 percentage points month over month.
- Good/Bad Time to Sell: The percentage of respondents who say it is a good time to sell a home decreased from 67% to 59%, while the percentage who say it’s a bad time to sell increased from 27% to 35%. As a result, the net share of those who say it is a good time to sell decreased 16 percentage points month over month.
- Home Price Expectations: The percentage of respondents who say home prices will go up in the next 12 months decreased from 39% to 33%, while the percentage who say home prices will go down increased from 30% to 33%. The share who think home prices will stay the same increased from 26% to 28%. As a result, the net share of Americans who say home prices will go up decreased 9 percentage points month over month.
- Mortgage Rate Expectations: The percentage of respondents who say mortgage rates will go down in the next 12 months increased from 6% to 11%, while the percentage who expect mortgage rates to go up decreased from 67% to 61%. The share who think mortgage rates will stay the same increased from 21% to 25%. As a result, the net share of Americans who say mortgage rates will go down over the next 12 months increased 11 percentage points month over month.
- Job Loss Concern: The percentage of respondents who say they are not concerned about losing their job in the next 12 months increased from 78% to 79%, while the percentage who say they are concerned decreased from 22% to 21%. As a result, the net share of Americans who say they are not concerned about losing their job increased 2 percentage points month over month.
- Household Income: The percentage of respondents who say their household income is significantly higher than it was 12 months ago increased from 24% to 25%, while the percentage who say their household income is significantly lower increased from 13% to 15%. The percentage who say their household income is about the same decreased from 61% to 59%. As a result, the net share of those who say their household income is significantly higher than it was 12 months ago decreased 1 percentage point month over month.
About Fannie Mae’s Home Purchase Sentiment Index
The Home Purchase Sentiment Index® (HPSI) distills information about consumers’ home purchase sentiment from Fannie Mae’s National Housing Survey® (NHS) into a single number. The HPSI reflects consumers’ current views and forward-looking expectations of housing market conditions and complements existing data sources to inform housing-related analysis and decision making. The HPSI is constructed from answers to six NHS questions that solicit consumers’ evaluations of housing market conditions and address topics that are related to their home purchase decisions. The questions ask consumers whether they think that it is a good or bad time to buy or to sell a house, what direction they expect home prices and mortgage interest rates to move, how concerned they are about losing their jobs, and whether their incomes are higher than they were a year earlier.
About Fannie Mae’s National Housing Survey
Click here to read the entire article.
Harvard Researcher: More Americans Tapping Buy Now, Pay Later Services For Groceries ‘Shows the Height of Personal Desperation’
Courtesy of Jessica Dicxkler, CNBC
KEY POINTS
- With food prices at historic highs, more consumers are turning to buy now, pay later services for their weekly essentials.
- “Once people start stretching out grocery payments it shows the height of personal desperation,” says Marshall Lux, a fellow at the Harvard Kennedy School.
September 7, 2022 —As prices rise, Americans are increasingly finding new ways to make ends meet. But with some necessary purchases, such as groceries, there are fewer options that don’t involve taking on debt.
That makes the option to pay later — through companies such as Klarna, Zip, Zilch, Affirm and Afterpay — look increasingly attractive. About two-thirds of consumers have worried in the past month about affording groceries due to the rise of inflation, a recent LendingTree survey found.
At the same time, Zip said it notched 95% growth in U.S. grocery purchases, according to The New York Times. Klarna reported that more than half of the top 100 items its app users are now buying are grocery or household items.
“The fact that there’s a large number of Americans that simply can’t afford to buy food highlights the desperation that this economic climate creates,” said Marshall Lux, a fellow at the Mossavar-Rahmani Center for Business and Government at the Harvard Kennedy School.
“Once people start stretching out grocery payments it shows the height of personal desperation,” Lux added.
Although inflation, overall, began to ease last month along with gasoline prices, food costs climbed 1.1% in July, bringing the year-over-year gain to 10.9%, according to the latest Consumer Price Index figures.
The food-at-home index, a measure of price changes at the grocery store, notched the largest 12-month increase since 1979.

Note: As of July 2022. Not seasonally adjusted. Chart: Gabriel Cortes / CNBC Source: U.S. Bureau of Labor Statistics
Using BNPL could mean people ‘overextend themselves’ “For someone who has the ability to pay, this is an interest-free loan,” Lux said.
However, BNPL’s rapid growth is driven primarily by younger consumers, with two-thirds of BNPL borrowers considered subprime, Lux noted, which makes them especially vulnerable to economic shocks or a possible recession.
“In the best-case scenario, this will enable people to hang on or, in the worst case, overextend themselves,” he said.
Further, the more BNPL accounts open at once, the more prone consumers become to overspending, missed or late payments and poor credit history, other research shows.
Generally, if you miss a payment there could be late fees, deferred interest or other penalties, depending on the lender. (CNBC’s Select has a full roundup of fees, annual percentage rates, whether a credit check is performed, and if the provider reports to the credit scoring companies, in which case a late payment could also ding your credit score.)
Fed Vice Chair Brainard Calls for Crypto-Specific Regulations, Notes Stablecoin Risks
While crypto “has all the same risks that we’re very familiar with from traditional finance,” its quirks need tailored solutions, Lael Brainard said.
Courtesy of Helene Braun, CoinDesk
September 7, 2022 —Federal Reserve Vice Chair Lael Brainard said the cryptocurrency market bears similar risks to traditional finance, but will need new regulations for situations not covered by existing laws.
“We have seen that the crypto financial system has all the same risks that we’re very familiar with from traditional finance,” she said in a speech at the Clearing House and Bank Policy Institute 2022 annual conference on Wednesday. But given the unique characteristics of crypto, there’s a need for “creating clear regulatory guardrails.”
Brainard is leading the central bank’s exploration of a digital U.S. dollar, and her role as the No. 2 person at the Fed makes her opinions on crypto quite significant. Brainard’s latest remarks echoed her previous statements that the sector needs to meet the same safety standard as traditional finance in order to prevent it from becoming a threat to the broader financial system.
Related Reading:
Banks Fire Back at Warren Over OCC Crypto Guidance: Two bank trade groups asked acting Comptroller Michael Hsu to deny Sen. Elizabeth Warren’s request that the banking agency abandon Trump-era guidance on cryptocurrency.
OCC Acting Director Hsu’s Updated Crypto Comments “Safeguarding Trust in Banking: An Update” (9/7/22): Under my direction, the OCC has adopted a “careful and cautious” approach. The agency put into place this approach through the issuance of Interpretive Letter 1179, which establishes guardrails by clarifying that national banks and FSAs should not engage in certain crypto activities unless they demonstrate that the activities can be performed in a safe, sound, and fair manner.
Vermont’s Financial Regulator Alleges Celsius and Its CEO Made ‘False and Misleading Claims’: According to the regulator, Celsius “lacked sufficient assets to repay its obligations” despite suggesting it had enough funds in its reserves to mitigate the risk of insolvency.
“Stablecoins is one of those areas that I think has the most potential for risk if not properly regulated and of course those risks can easily spill into the main core financial system because of the runnable nature of stablecoins,” she said.
Back in May, some $60 billion in value evaporated almost overnight after the collapse of algorithmic stablecoin terraUSD (UST). Meanwhile, some worry that asset-backed stablecoins such as USDT or USDC may not be able to sustain significant amounts of withdrawals.
In November 2021, a committee known as the President’s Working Group on Financial Markets – whose members include Fed Chair Jerome Powell and Treasury Secretary Janet Yellen – issued recommendations on stablecoins. Brainard characterized its report as “very strong” and she said that she agrees with its recommendations that stablecoins should be subject to bank-like regulation, and that “credential guardrails and the liquidity backstop are the best way to situate stablecoins.”
Articles for September 2, 2022 Issue:
- Rep. Presses Fed Agencies, Crypto Cos. on Fraud Prevention
- Survey: Bank Overdraft Fees Tumble to 13-Year Low While ATM Fees Are Back on The Rise
- Metaverse Scammers Have a Bridge to Sell You. This Alabama Regulator Is Fighting Back
- FHFA Announces Comprehensive Review of the Federal Home Loan Bank System
Rep. Presses Federal Agencies, Crypto Companies on Fraud Prevention
Aug. 31, 2022 — The chair of the House Subcommittee on Economic and Consumer Policy has sent letters to four federal agencies and five digital asset exchanges requesting information about the steps they are taking to combat cryptocurrency-related fraud and scams.
Rep. Raja Krishnamoorthi, D-Ill. said in the letters Tuesday that cryptocurrencies have become “scammers’ favored means of payment as well as their preferred bait for unsuspecting victims,” citing Federal Trade Commission data that says the annual amount of cryptocurrency lost to fraud is on pace to surpass $1 billion in 2022.
“As stories of skyrocketing prices and overnight riches have attracted both professional and amateur investors to cryptocurrencies, scammers have cashed in,” Krishnamoorthi said in the letters. The letters were sent to the U.S. Department of Treasury, the U.S. Securities and Exchange Commission, the Commodity Futures Trading Commission, and the FTC. The crypto exchanges that got similar letters are Binance.US, Coinbase, FTX, Kraken and KuCoin.
Related Reading: Federal Reserve Board Washington D.C.; The Financial Stability Implications of Digital Assets
Krishnamoorthi requested information he said could help Congress understand what the government and the exchanges are doing to protect consumers, and could inform potential legislative solutions to make the crypto space safer for consumers.
He called attention to a “lack of a central authority” to flag suspicious transactions, the “irreversibility of transactions,” as well as the “limited understanding” investors have of crypto’s underlying blockchain technology as cause for concern about growing fraud.
Consumers are “often unaware of the current patchwork of resources available to inform their investing decisions,” and insurance companies are reluctant to provide coverage to consumers given the lack of regulation of digital assets, he added. Krishnamoorthi also directed separate criticisms at the government agencies and the exchanges.
In the letters to the agencies, he argued “the federal government has been slow to curb cryptocurrency scams and fraud” and that “existing federal regulations do not comprehensively or clearly cover cryptocurrencies under all circumstances.” Meanwhile, he said some exchanges allow digital assets to be listed with “little or no vetting,” leaving potential vulnerabilities undiscovered even though they could “easily be identified” through audits.
“Many exchanges have also failed to implement appropriate monitoring of accounts, which can flag illicit activity, notify investors, and prevent transactions with addresses linked to scammers,” he added. Krishnamoorthi set a Sept. 12 deadline for the federal agencies and the crypto exchanges to provide documents and information dating back to Jan. 1, 2009.
For the agencies, he asked for “all policies, guidance, or other official documents” related to efforts to prevent crypto-related scams and fraud, to investigate such fraud, and to work with other agencies to regulate crypto. He also asks for the agencies’ thoughts on how such processes and frameworks could be improved to minimize the risks.
“Congress may need to pass legislation to help bring stability to the digital asset industry and protect consumers from investment fraud and abuse, but more information is needed to understand what the relevant federal agencies are already doing,” Krishnamoorthi said.
In the letters to the exchanges, he asked for “all documents” regarding their efforts to combat crypto-related scams and fraud, what processes and tools are in place to inform consumers about the risks and to investigate potential fraud, and if they provide insurance to consumers that covers fraud.
He also asked the exchanges what they believe the federal government could do to assist crypto exchanges in combating fraud and scams.
Click here to read more in this article from Bankrate.
Survey: Bank Overdraft Fees Tumble to 13-Year Low While ATM Fees Are Back on The Rise
Courtesy of Karen Bennerr and Matthew Goldberg, Bankrate.com
Aug. 31, 2022 — Banks have been reducing or eliminating overdraft fees at an unprecedented rate over the past year or so, as they face heavy public pressure to curb what one consumer watchdog has referred to as “junk fees.” In fact, the average overdraft fee of $29.80 is down 11 percent from last year’s record high, according to Bankrate’s 2022 checking account and ATM fee study. However, an overwhelming majority of accounts surveyed (96 percent) still charge a fee for overdrafts.
Unlike overdraft fees, not all bank fees are on the decline. Bankrate’s study found the average combined cost of an out-of-network ATM transaction to be $4.66, the highest amount since 2019. The average ATM surcharge levied on non-customers hit a record high of $3.14 per transaction.
The study also found that 46 percent of noninterest checking accounts are free — meaning they don’t charge monthly service fees — which is down slightly from 2021. Unlike top-yielding savings accounts, checking accounts that bear interest continue to pay record-low yields, the survey found, despite several Federal Reserve interest rate hikes in 2022.
For the study, Bankrate surveyed 10 banks and thrifts in each of 25 large U.S. markets. Information was gathered regarding checking accounts that bear interest and those that don’t, as well as ATM fee policies. Here are the highlights of the study.
Key findings:
- The average overdraft fee declined to a 13-year low of $29.80, which is down 11 percent over last year’s record high of $33.58. The average nonsufficient funds (NSF) fee decreased to $26.58, the lowest since $25.81 in 2004. While these averages have gone down and some accounts have entirely eliminated such fees, 96 and 87 percent of accounts surveyed still charge overdraft fees and NSF fees, respectively.
- The combined total of the average out-of-network ATM fee assessed by one’s own bank and the average surcharge levied by the ATM owner increased to $4.66, the highest since 2019. The surcharge on non-customers ($3.14) reached a new high, up 1.9 percent from $3.08 last year.
- Among the metropolitan areas covered in the survey, the city with the highest average total combined ATM fees is Atlanta, where you’ll pay around $5.38 for using an out-of-network ATM. Meanwhile, you’ll find the lowest combined average fees in Los Angeles at $4.21.
- The number of free checking accounts has decreased slightly in 2022 to 46 percent (down from 48 percent last year), although 99 percent of noninterest checking accounts are either free or can become free when certain requirements are met. These may include maintaining a set minimum balance or having your paycheck directly deposited.
- The average yield on interest checking accounts remains at a record low, and the most common payout is 0.01 percent annual percentage yield (APY). And while the average monthly service fee of $16.19 is down slightly from last year, it’s the second highest ever tallied.
Overdraft fees: Lowest in over a decade
Overdraft and NSF fees on the decline
An overdraft fee may be charged by a bank when you withdraw more money from your account than the amount you have in it and the bank pays that overdraft. The average overdraft fee in 2022 is $29.80, which is down 11 percent over last year’s record-high average of $33.58 — the lowest since 2009 when the fee averaged $29.58.
Like overdraft fees, the average NSF fee decreased as well in 2022 — dropping to $26.58, which reflects a 21-percent decrease from last year’s record high of $33.58. It’s also the lowest average NSF fee since 2004 when the average was $25.81.
Banks charge an NSF fee when there isn’t enough money in an account to cover a transaction, and the bank does not honor the transaction. Ways to avoid these fees include linking a savings account to your checking account in order to cover any shortfall, as well as keeping tabs on your account balance before initiating transactions.
Average overdraft fee
The average overdraft fee decreased to $29.80 in 2022 from $33.58 in 2021.
Overdraft fees may be down on average, but still prevalent
The trend among banks to reduce or eliminate overdraft and NSF fees comes at a time when proposed federal legislation would limit their ability to charge such fees. The Consumer Financial Protection Bureau (CFPB) has also called for an end to these fees, releasing a report that revealed 20 banks each earned between $50 million and $1.4 billion in overdraft and NSF fee revenue in 2021.
While average overdraft and NSF fees are lower than they’ve been in more than a decade, they’re not completely going away just yet. Fees for overdrafts and nonsufficient funds are still charged by 96 percent and 87 percent of accounts surveyed, respectively.
Click here to read more in this article from Bankrate.
Metaverse Scammers Have a Bridge to Sell You. This Alabama Regulator Is Fighting Back
The state’s securities commission is warning people about the dangers of buying virtual real estate.
Courtesy of Elizabeth Napolitano, CoinDesk.com
September 1, 2022 — Crypto investors have pumped hundreds of millions of dollars into buying up virtual land – and thieves are taking note. According to Joseph Borg, a financial regulator in Alabama, metaverse real estate scammers pose a danger to investors in his home state.
“There are offers for [metaverse] real estate [scams] where they’ll tell you, ‘Get in now while it’s hot before the price goes up,’ and everybody buys it and you’re left out,’” said Borg, the longtime director of the Alabama Securities Commission. “I put that right up there next to the one that’s selling real estate on the moon.”
Indeed, the crypto-verse has a potpourri of “metaverses” from Yuga Labs’ Bored Ape-themed Otherside realm (over $800 million in lifetime land sales) to Decentraland ($330 million), The Sandbox ($295 million) and more. One dashboard on crypto data site Dune counts the top 32 virtual worlds.
Related Reading:
- Alabama: The Unlikely Frontline for America’s Crypto Fraud Crackdown
- Metaverse Real Estate – Next Big Thing or Next Big Boondoggle?
That’s not to say these land sales are inherently fraudulent. Speculators aside, some investors see value in buying a piece of digital real estate and then building their virtual worlds atop their plot. Decentraland is full of otherworldly architecture and virtual shtick.
But some of those builders are allegedly fraudulent. In May, Borg’s ASC and four other state-level financial regulators ordered a metaverse casino with alleged Russian connections to cease sales of non-fungible tokens (NFTs). The regulators claimed the casino, called the Flamingo Casino Club, was a front for scammers.
Actually locking up the alleged scammers is another matter.
In order to stick it to the scammers, regulators must first identify them, Borg told CoinDesk. But doing so can be tough in the metaverse, where fraudsters can cloak themselves in the veil of internet anonymity, which these days means masquerading in sometimes zany ways, Borg said.
“Saying [we’re going to] issue an order against the guy who looks like a duck with a hat on in the metaverse doesn’t do us any good,” Borg said. “We got to track down a computer, trace it and figure out where their money’s going and how they’re operating.”
That doesn’t mean the commission, which has muscled crypto’s bad actors before, has given up on tracking criminals, however. Borg said ASC is still gunning to put a lid on metaverse real estate scams and hopes to issue orders against those involved in the scams once they can be identified.
And while those efforts are underway, the commission is taking steps to educate would-be investors about how the metaverse really works.
“It’s ‘get into the real estate market now because everybody’s going to want a piece,’” Borg said. “But, of course, you can create as much [real estate] as you want, because you can have a multitude of metaverses, but people don’t understand that yet.”
The Flamingo Club Casino case, and many like it, Borg says, demonstrates how the metaverse can be not only a land of opportunity, but also a land of large losses, especially for the uninformed investor.
“Bad actors are now leveraging interest in [metaverse] opportunities and products,” Borg said in a press release Wednesday. “Virtual reality can leave you virtually broke.”
The review, FHLBank System at 100: Focusing on the Future, will include a series of listening sessions and regional roundtable discussions
Aug. 31, 2022 — The Federal Housing Finance Agency (FHFA) today announced it will conduct a comprehensive review of the Federal Home Loan Bank (FHLBank) System beginning in the fall of 2022.
“FHFA plays a vital role in supporting affordable, equitable, and sustainable access to mortgage credit,” said FHFA Director Sandra L. Thompson. “FHFA’s regulated entities function as a reliable source of liquidity and funding for housing finance and community investment. As the Federal Home Loan Banks approach their centennial, FHFA will conduct a comprehensive review to ensure they remain positioned to meet the needs of today and tomorrow.”
Related Reading: Federal Housing Finance Agency Report: U.S. House Prices Rise 17.7 Percent over the Last Year; Up 4.0 Percent from the First Quarter
The FHLBanks have been a critical source of liquidity for their members for the past 90 years, especially during times of market stress, such as the Great Recession and the outset of the COVID-19 pandemic. The FHLBanks also support low-income housing and community development directly by offering a variety of programs to their members, including the Affordable Housing Program, the Community Investment Program, and the Community Investment Cash Advance Program.
As part of the review process, FHFA will host two public listening sessions and a series of regional roundtable discussions to consider and evaluate the mission, membership eligibility requirements, and operational efficiencies of the FHLBanks. FHFA will hear from stakeholders on the FHLBanks’ role or potential role in addressing housing finance, community and economic development, affordability, and other related issues.
FHFA invites interested parties to speak or attend the kick-off event for FHLBank System at 100: Focusing on the Future, a listening session on Thursday, September 29, 2022. The session will be held in person at the Constitution Center in Washington, DC, with the option to participate virtually.
FHFA is specifically interested in receiving feedback in six key areas:
- The FHLBanks’ general mission and purpose in a changing marketplace;
- FHLBank organization, operational efficiency, and effectiveness;
- FHLBanks’ role in promoting affordable, sustainable, equitable, and resilient housing and community investment;
- Addressing the unique needs of rural and financially vulnerable communities;
- Member products, services, and collateral requirements; and
- Membership eligibility and requirements.
Register to attend or speak at the September 29 listening session (12:30 – 4:00 PM). Participants will be able to select in-person or virtual attendance. FHFA is also accepting written comments through October 21, 2022, via FHFA’s website or mailed to: Federal Housing Finance Agency, 400 7th Street, SW, Washington, DC 20024.
Articles for August 26, 2022 Issue:
- Cyber News: Traditional Check Fraud Gets a Digital Makeover
- Related Reading: New ransomware HavanaCrypt poses as Google software update
- Housing Market: Fannie Mae Sees Dark Days Ahead for the Housing Market
- Crypto News: FTX’s Money Isn’t Insured, FDIC Says; FTX is Accused of Making ‘False Representations’ About FDIC Insurance
- Fraud News: Zelle Scam Targets Kansas Man for a Fake $2,500 Refund Through Bank Account; Digital Payment Scams Getting Attention from Federal Lawmakers
Cyber News: Traditional Check Fraud Gets a Digital Makeover
Courtesy of Glenn Fratangelo, NiceActimize.com
August 23, 2022 —What happens when trust is shaken in a fundamental societal institution, like the postal service system?
An emerging method of committing financial fraud is stealing checks, and the circumstances surrounding these scams are often bizarre and highly public. Checks are appropriated from the familiar blue United States Postal Service (USPS) collection boxes and rewritten, repurposed, and cashed by thieves. One victim had their check stolen twice from the same collection box, even after taking measures to get a new bank account and checks.[1]
With so much attention given to the constant uptick in digital scams, it’s easy to push concerns over physical financial assets, like checks, to the side. But criminals exploit any avenue to commit fraud—even vandalizing protected federal government property to get a payout.
Check fraud is a conduit to numerous other crimes, such as wire fraud, identity theft, synthetic identity fraud (SIF), peer-to-peer payments (P2P) fraud, account takeover (ATO), and mail fraud. As the risk of check fraud rises, so should the precautions and measures to prevent this trending crime.
Check Fraud Scams Go Digital
By now, I should be desensitized to the machinations of these criminals thanks to constant exposure to this industry. But their confidence and audacity still surprise me.
Take the infamous Telegram user, “Liam Neeson” who brazenly posted numerous stolen items for sale on social media.[2] Under the handle of this A-list actor, this criminal advertised stolen checks for sale to 1,200 subscribers. Charitable donations, DMV fees, uncashed checks, and utility payments pilfered from mailboxes in North Carolina were all presented as photos with the intent of selling to a criminal community.
The digital era introduced some unsavory variants to traditional check fraud scams. Social media platforms provide criminals with the public portal and visibility to boast about their crimes and incentivize their peers, as they occasionally seek validation or hope to inspire their teammates. These criminals also rely on the dark web to sell stolen checks and related paraphernalia, like stolen mailbox keys, to other criminals within their vast networks.
Related Reading: New ransomware HavanaCrypt poses as Google software update
A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn’t seem to be dropping a traditional ransom note.
Gain access to personal mail
Stolen mailbox keys, or arrow keys, are commonly featured for sale on the dark web or platforms like Telegram (where they’ve been known to sell for upwards of $7,000) because they’re one of the main methods available to illegally access personal mail. A report from USPS revealed that complaints of mail theft rose 161% between March 2020 and February 2021.[3]
Mail theft and subsequent check fraud via this technique has captured attention at the highest level; Congresswoman Eleanor Holmes Norton has made inquiries of the United States Postal Service (USPS) regarding this issue.[4] The USPS responded that it is aware and taking action to prevent this crime but they’re under-resourced, which makes it far more challenging to fully investigate these attacks. Ultimately, it falls on everyone to do what they can to prevent check fraud, as postal workers are being attacked.
Leverage Peer-2-Peer Platforms
Yet another example of the digital twist on this crime is the use of P2P platforms, like Cash App, to augment check fraud.[5] Criminals are targeting people through tactics like fake job offers. Victims are instructed to deposit substantial checks into their bank account as an advance for job-related items, like computers or supplies, and then told to send the deposited funds to a different person through a P2P app. Ultimately, the victim realizes the check was fake, leaving them responsible for the losses. In this scenario, criminals capitalize on Regulation CC, which enables customers to immediately use at least a portion of deposited funds prior to the check clearing. With knowledge of regulatory requirements along with a bank’s corresponding funds availability policies, they use this information to obtain a portion of deposited funds prior to the check bouncing.[6]
Housing Market: Fannie Mae Sees Dark Days Ahead for the Housing Market
Economic and Strategic Research Group expects total home sales to decrease 16.2% in 2022
Courtesy of James Kleimann, HousingWire.com
August 23, 2022 — It will get worse for the housing market – and mortgage industry – before it gets better. That’s the takeaway from a group of economists at Fannie Mae who slashed their forecast for 2022 home sales this week.
“Housing remains clearly on the downtrend — and has been for several months now — due to the combined effects of outsized home price increases and the significant and rapid run-up in mortgage rates,” Fannie Mae’s Chief Economist Doug Duncan said in a statement.
Fannie Mae’s Economic and Strategic Research Group expects total home sales to decrease 16.2% in 2022, a further downward revision from July’s projected drop of 15.6%. The latest forecast also projects total mortgage origination activity at $2.47 trillion in 2022, down from $4.47 trillion in 2021. The mortgage market is projected to slip even further in 2023, dropping to $2.29 trillion.
A brutal housing market has already tested the business models of mortgage lenders, and it will be a while before conditions improve. In the second quarter of 2022, nonbank mortgage lenders on average lost $82 per loan, according to the Mortgage Bankers Association. Combining both production and servicing operations, only 57% of companies in the MBA report were profitable in the second quarter.
Related reading: Federal Housing Finance Agency (FHFA) Announces Intent to Establish a Federal Advisory Committee on Affordable, Equitable, and Sustainable Housing:
The Committee’s activities will focus on FHFA’s regulated entities – Fannie Mae, Freddie Mac, and the Federal Home Loan Banks – and their respective roles in providing a reliable source of liquidity and funding to support housing finance in the single-family and multifamily housing markets.
On average, IMBs generated $705 million in origination volume in the second quarter, down from $808 million in the previous quarter. Total production revenue for IMBs, which includes fee income, net secondary marking income and warehouse spread, decreased to 335 bps in the second quarter, down from 350 bps a quarter prior. On a per-loan basis, production revenues declined to $10,855 per loan in the second quarter, down slightly from $10,861 per loan in the first quarter.
Many lenders have been cutting hundreds or thousands of staffers amid the dip in origination volume. Fannie Mae forecasters said that despite mortgage rates settling in the low 5% range over the past month, recent incoming data has led them to revising the home sales forecast, notably because of a drop in new home sales.
New homes sold at an annualized pace of 590,000 units in June, the lowest sales pace since April 2020. ESR Group researchers now expect new home sales to finish the year at 632,000 units, down from 668,000 in last month’s forecast. New home sales are now projected to fall 18% from last year, while existing home sales are expected to fall by 16% in 2022 to 5.143 million.
Fannie Mae’s ESR group also said it expected real gross domestic product growth for the full year 2022 and 2023 to remain flat from last month at 0.0% and negative 0.4%, respectively.
“The continued expectation that real GDP growth will be negative beginning in 2023 is due to the combined effects of tighter monetary policy weighing on business and residential investment and still-elevated inflation weighing on consumer spending,” Fannie Mae wrote in the report. The ESR group wrote that it expects inflation to tick down gradually, ending 2022 at 7.2% and 1.8% by the end of 2023.
Crypto News: FTX’s Money Isn’t Insured, FDIC Says; FTX is Accused of Making ‘False Representations’ About FDIC Insurance
Courtesy of Emma Roth, TheVerge.com
August 23, 2022 —The Federal Deposit Insurance Corporation (FDIC) slapped the Sam Bankman-Fried-owned cryptocurrency exchange FTX with a cease-and-desist order over “false and misleading statements” that suggest its assets are FDIC-insured. The FDIC doesn’t cover stocks or crypto, and only safeguards funds held in insured bank accounts.
In a letter to the exchange, the FDIC points to a now-deleted tweet from FTX president Brett Harrison, which states “direct deposits from employers to FTX US are stored in individually FDIC-insured bank accounts in the users’ names.” The referenced tweet also says that “stocks are held in FDIC-insured and SIPC [Security Investor Protection Corporation]-insured brokerage accounts.” The FDIC claims this falsely represents that FTX and the funds invested by users are FDIC-insured when they’re really not.
While not flagged in the FDIC’s letter, users have also pointed out another potentially misleading tweet from Harrison that says “cash associated with brokerage accounts is managed into FDIC-insured accounts” at FTX’s “partner bank.”
Harrison has since issued a response to the FDIC’s letter, explaining that FTX “really didn’t mean to mislead anyone,” and claims FTX “didn’t suggest that FTX US itself, or that crypto/non-fiat assets, benefit from FDIC insurance.” FTX CEO and founder Bankman-Fried provided further clarification as well, stating that while “FTX does not have FDIC insurance,” the banks it does business with do. Bankman-Fried adds that it may “explore potential ways that individual accounts using direct deposit… could, in the future, be used to further protect customers,” and that FTX “would be excited to work with the FDIC on that.”
As noted by the FDIC, the Federal Deposit Insurance Act (FDI Act) prohibits companies from ”implying that their products are FDIC–insured by using ‘FDIC’ in the company’s name, advertisements, or other documents.” The FDIC is giving FTX 15 days to provide confirmation that it has removed or corrected any alleged misrepresentations. In addition to FTX, the FDIC doled out cease-and-desist warnings to four other companies, including Cryptonews.com, Cryptosec.info, SmartAsset.com, and FDICCrypto.com. The FDIC declined to comment beyond the contents of its letter, and FTX didn’t immediately respond to The Verge’s request for comment.
Like Robinhood, FTX has started offering both traditional stock and crypto trading options. In May, crypto billionaire Bankman-Fried disclosed a 7.6 percent stake in Robinhood, and he’s reportedly looking into purchasing the trading platform.
Even with the so-called crypto winter driving several crypto companies to bankruptcy, FTX and Bankman-Fried’s crypto trading firm Alameda Research have somehow managed to stay afloat. Bankman-Fried has extended lines of credit to numerous struggling crypto firms to help them weather the uncertain economy, and told Reuters he has “a few billion” more for future bailouts. According to documents obtained by CNBC, FTX brought in $1.02 billion in revenue in 2021 and $270 million in the first quarter of 2022.
Fraud News: Zelle Scam Targets Kansas Man for a Fake $2,500 Refund Through Bank Account; Digital Payment Scams Getting Attention from Federal Lawmakers
Courtesy of Matt Flener, KMBC 9 News
August 22, 2022—Taylor Witt is hoping for a refund from U.S. Bank or Zelle after he said he fell for a very sophisticated scam. Witt emailed KMBC 9 Investigates for help after he said someone stole $2,500 from his U.S. Bank account through a fake Zelle refund scam.
Witt said the scammer called him from a number impersonating his bank’s fraud department. The scammer told him that his bank account was hit by a fraudulent Zelle transaction, convincing Witt to go through a fake refund process with Zelle.
Reluctant at first, he said the scammer convinced him to look at the back of his debit card to compare the telephone number to the caller ID on his cell phone, and the numbers then matched. Witt said that he has tried to get U.S. Bank to refund the money, but so far, the bank has not budged.
“It was just very devastating,” he said. “It just didn’t register with me that the person warning me of the fraud was the one trying to take the money.” Witt has seen news stories across the country of people falling for digital payment scams, along with a push by lawmakers to get banks to refund people’s money.
A U.S. Bank spokesman said he was looking into Witt’s account. U.S. Bank does provide tips on how to avoid being the victim of digital payment scams. Zelle did not immediately respond to an email from KMBC 9 Investigates. A spokeswoman for the parent company of Zelle, Early Warning, said the payment platform acts as a messaging service in transactions.
“Because we don’t hold the funds we’re not able to to give back the money to the consumer,” said Meghan Fintland, spokeswoman for Early Warning. “They have to do that through their bank.” Zelle also offers a list of tips to make sure people don’t get scammed.
Nikolas Reese with the Better Business Bureau of Greater Kansas City said that it is important to only send money to people you know. “Unless you know that person in your personal life that would not use a digital wallet service to send money to them,” Reese said. Witt is now hoping for a refund. “It’s very sophisticated in their approach,” he said. And he has a warning for others, “The moment you hit that button, that money is out of your account.”
Articles for August 12, 2022 Issue:
- Bank Policy Institute: Complex, Sweeping CRA Proposal Would Undercut Law’s Mission of Serving Communities
- Senators Propose Legislation to Address Digital Asset Reporting Requirements
- Cisco Hacked by Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen
- Investors Watch for Cracks In U.S. Consumer Loan Market
Bank Policy Institute: Complex, Sweeping CRA Proposal Would Undercut Law’s Mission of Serving Communities
Courtesy of Tara Payne, Bank Policy Institute
August 5, 2022 — BPI today commented on the banking agencies’ joint Community Reinvestment Act proposal. BPI strongly supports the CRA and its core mission of supporting communities, including low- and moderate-income and underserved areas, and parts of the proposal would helpfully provide some certainty about what activities qualify for CRA credit, particularly with respect to banks’ partnerships with Minority Depository Institutions; however, the proposal in other respects would stray far beyond the agencies’ statutory mandate to the point of credit allocation, and would undermine the law’s core mission by allowing CRA ratings to be driven subjectively by behavior unrelated to community development.
What BPI is saying:
“The proposal presents the worst of two worlds: its hundreds of pages of requirements dictate how banks are to allocate credit, yet at the end of the day the agencies reserve the right to downgrade a bank’s rating regardless of its compliance with the agencies’ dictates, based on any of a wide range of factors unrelated to community development.”
— Paige Pidano Paridon, BPI senior vice president and senior associate general counsel
Background: The Community Reinvestment Act, enacted in 1977, requires the federal banking regulators to evaluate banks on how they meet the credit needs of their communities, including low- and moderate-income neighborhoods. On May 5, 2022, the agencies issued a joint proposal to modernize the rule. This effort follows a previous rulemaking effort by the OCC, which was abandoned in July 2021, and advance notice of proposed rulemaking issued by the Federal Reserve in 2020.
Key issues:
- Calibration: The proposal’s Retail Lending Test would be calibrated so stringently that it could render the CRA a tool for credit allocation, rather than for ensuring credit availability. This result would conflict with the purposes of the law. Further, this test would compare banks’ performance to benchmarks that they would never know in advance, raising due process and Administrative Procedure Act concerns.
- Geographical bounds: The CRA requires that regulators evaluate banks’ lending in places where banks have domestic branches, not where they provide loans. In the context of digital banking and innovation, banks may provide loans to customers outside where they have branches. Under the proposal, such lending could be penalized by prompting a stringent distribution analysis in that new geographical area.
- Price controls: Some elements of the proposal could serve as a de facto requirement to offer specific deposit services, products and features – and could effectively impose price controls by capping deposit account fees. This would contradict the statutory mandate to encourage banks to meet the credit needs of their communities and would go beyond the agencies’ statutory authority.
- Complexity: The proposal’s multiple new tests, subtests and factors would subject several separate parts of a bank’s operation to evaluation. More straightforward alternatives could achieve similar goals.
- Mission creep: The proposal would authorize the agencies to downgrade a bank’s rating based on any consumer compliance violation, beyond the reach of the statute and with no standard for how significant a violation would have to be to merit a downgrade. As such, the CRA would be inappropriately converted into a redundant consumer compliance enforcement regime, and lose its focus on community development.
The proposal’s other problems include a rigid, one-size-fits-all approach to large bank evaluations and an extremely short compliance period.
Click here to read the entire article.
Senators Propose Legislation to Address Digital Asset Reporting Requirements
August 3, 2022 — U.S. Senators Pat Toomey (R-Pa,) Mark Warner (D-Va.), Cynthia Lummis (R-Wyo.), Kyrsten Sinema (D-Ariz.), and Rob Portman (R-Ohio) today introduced legislation to clarify the digital asset reporting requirements signed into law as part of last year’s Infrastructure Investment and Jobs Act.
Last August, the senators announced an agreement with the Department of the Treasury (Treasury) on an amendment to the infrastructure package that would have clarified the definition of “broker” with respect to who must report to the government information about a digital asset transaction. The amendment specifically excluded from reporting requirements services like mining and wallet providers who do not take custody of other individuals’ cryptocurrency, nor are able to comply with the reporting requirements of a broker. While the amendment had strong bipartisan support, including from the Biden administration, the Senate was never afforded the opportunity to vote on and pass this amendment last August due to a procedural hurdle. The legislation introduced today is the exact same text introduced as a bipartisan amendment nearly one year ago.
To read the full text of the bill, click here.
In addition to maintaining strong bipartisan support in the Senate, this legislation is widely supported by the digital asset industry.
“Coin Center supports any effort to improve the status quo created by the ill-advised crypto tax provisions in the Infrastructure Investment and Jobs Act,” said Jerry Brito, Executive Director of Coin Center. “We applaud Sen. Toomey for leading a bipartisan effort to address some of these issues and appreciate the support of Senators Warner, Sinema, Lummis and Portman.”
Related reading: Chairwoman Waters, Representatives Beatty, Green, Foster and Lynch Send Letter to Digital Assets Industry Requesting Diversity and Inclusion Data
The House Financial Services Committee sent a letter to the nation’s 20 largest crypto, Web3, and digital assets companies, as well as prominent venture capital firms with investments in crypto, urging them to provide data around their diversity and inclusion practices.
“We thank Senators Toomey, Sinema, Portman, Lummis, and Warner for their bipartisan leadership in this nuanced space,” said Sheila Warren, Chief Executive Officer of the Crypto Council for Innovation.“Clarifying how people can use and report on digital assets is important for the industry. We look forward to supporting the continued growth of innovation in the U.S. and working with policymakers on this issue.”
“The Chamber of Digital Commerce commends Senator Toomey and co-sponsors for listening to the concerns of the digital asset community and continuing to advocate for regulatory clarity,” saidCody Carbone, Director of Policy, Chamber of Digital Commerce. “The infrastructure bill included burdensome reporting requirements for nearly every participant within the ecosystem and this bipartisan bill will ensure digital asset reporting requirements match the technology’s operation. We urge that this legislation is swiftly passed into law and look forward to working with all interested parties on policy that provides additional certainty for the digital asset space.”
Click here to read the entire press release.
Cisco Hacked by Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen
Courtesy of Sergiu Gatlan, BleepingComputer.com
August 10, 2022 — Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee’s account.
“Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors,” a Cisco spokesperson told BleepingComputer. “Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.
“On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community.”
Stolen employee credentials used to breach Cisco’s network The Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser.
The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. MFA fatigue is an attack tactic where threat actors send a constant stream of multi-factor authentication requests to annoy a target in the hopes that they will finally accept one to stop them from being generated.
The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company’s corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.
“They moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers,” Cisco Talos said.
After gaining domain admin, they used enumeration tools like ntdsutil, adfind, and secretsdump to collect more information and installed a series of payloads onto compromised systems, including a backdoor malware.
Ultimately, Cisco detected and evicted the attackers from its environment, but they continued trying to regain access over the following weeks.
“After obtaining initial access, the threat actor conducted a variety of activities to maintain access, minimize forensic artifacts, and increase their level of access to systems within the environment,” Cisco Talos added.
Click here to read the entire article.
Investors Watch for Cracks In U.S. Consumer Loan Market
Courtesy of Kate Duguid, Financial Times
August 10, 2022 — Investors are watching closely for hairline cracks in the US consumer loan market as lower-income borrowers feel the squeeze of high prices and rising interest rates. US household debt levels have skyrocketed this year as Americans borrow more to pay for increasingly expensive homes and cars.
It’s not just big-ticket items: rising rents as well as higher prices at the petrol pump and in the grocery store have pushed consumers to rely more on credit cards. Research from the Federal Reserve Bank of New York shows that US households held a record-breaking $16tn in debt as of the second quarter of this year, an increase of roughly $2tn since before the pandemic.
For now, overall delinquencies — debts past their due date — remain historically low at around 2.7 percent, and big lenders including banks have not yet registered a significant uptick in losses on consumer loans. Unemployment has been steady at pre-pandemic lows, and Americans have continued to feel the benefit of early pandemic stimulus.
But while overall delinquencies did not rise in the second quarter and are still 2 percentage points lower than they were pre-pandemic, the composition has changed. A growing share is now in the early stages of delinquency, according to the New YorkFed data, which could signal developing problems. These are particularly notable in credit card and car loans, where delinquencies are picking up in lower-income areas and among subprime borrowers.
Analysts and economists warn that these problems could proliferate as the US FederalReserve rapidly lifts interest rates to rein in price growth that continues to run at 40-year highs.
The central bank’s tightening has not yet hit the US labor market, with the unemployment rate at a half-century low , but economists expect it to do so eventually companies scale back hiring. Tighter monetary policy is also expected to make new credit harder to access, all while borrowers face higher debt payments on credit cards and other variable-interest loans.
Click here to read the entire article.
Articles for August 5, 2022 Issue:
- Bank of America Customer Loses Thousands After Being Tricked By Zelle Scammers With Personal Info
- FDIC Urges Banks to Police Misleading Crypto Claims on Deposit Insurance
- FTC Fines Opendoor $62M for ‘Misleading Claims’ About Home-Buying Service
- PayPal: BNPL Volumes Surge 226% Year on Year
- Equifax Sent Wrong Borrower Credit Scores to Lenders
Bank of America Customer Loses Thousands After Being Tricked By Zelle Scammers With Personal Info
Courtesy of Michael Finney and Renee Koury, ABC 7 News

Image courtesy of TechJunkie.com
July 28, 2022 — In a widespread scam, bank imposters are tricking people into sending them money with Zelle, the popular quick payment app. The scam has been going on across the country for more than a year.
Now more are coming forward – among the latest is a San Francisco man who says the imposters knew all of his banking information, which led him into the trap. He said the shock was more than he could handle.
“I had a panic attack,” said the victim, San Francisco resident Eduardo Carrascosa. “I just couldn’t believe, I just couldn’t believe it… $3,500 is a lot of money.” That’s how much he lost, in an instant, back in June. Carrascosa says it happened while he was busy at work, managing shipping at a time when companies are trying to unclog the supply chain. “I got a call from ‘Bank of America,'” he said, using air quotes as he said the bank name. At the time, he thought it really was his bank.
RELATED READING:
- Lawsuit claims Bank of America failed to warn customers they might get scammed using Zelle
- Bank of America in Settlement Talks With U.S. Regulators Over Employee Cell Phone Use
The irony here: the imposters told him scammers had changed his Zelle account to send themselves money. In fact, that is exactly what the imposters themselves were doing. Thousands of dollars, gone in an instant. A woman on the phone said someone was transferring $3,500 out of his bank account. Was he the one authorizing it?
“No, that’s not me, go ahead and cancel it,” Carrascosa said he replied. “Let me get back to my work.” But the woman said he had to quickly reverse the transaction, or he’d lose his money. “So I started to, you know, red flags,” Carrascosa recalls. “So, I googled the number that was calling me.”
Carrascosa was suspicious, but a Google search showed the caller ID on his phone was a real B of A phone number. Then, a man came on the phone, supposedly the woman’s supervisor. Carrascosa said he kept quizzing the man, trying to determine if he really was a banker.
“I thought I was outsmarting them,” Carrascosa recalls. “I usually don’t make customer service reps answer all those questions but I was suspicious.”
He said the man answered all the questions correctly. “He knew my debit card number, my checking account number, cellphone number, address.” However, the man did answer vaguely when asked how long Carrascosa was a bank customer. “He said he’d been there 10 years.”
FDIC Urges Banks to Police Misleading Crypto Claims on Deposit Insurance
Courtesy of Pete Schroeder, Reuters
July 29, 2022 — A U.S. banking regulator is urging banks dealing with cryptocurrency companies that they need to make sure customers know which of their funds will be insured by the government in case of collapse, and which have no safety net.
The Federal Deposit Insurance Corporation (FDIC) said Friday it is concerned consumers may be confused about how safe their money may be when placed in crypto assets, particularly in cases where firms offer a mix of uninsured crypto products alongside insured bank deposit products.
In a new advisory, the FDIC said banks need to make sure any crypto firms they partner with do not overstate the reach of deposit insurance. The push comes as broad turmoil in the crypto market has led to the collapse of some high-profile firms, including one regulators publicly chastised yesterday for overstating deposit insurance coverage.
“Inaccurate representations about deposit insurance by non-banks, including crypto companies, may confuse the non-bank’s customers and cause those customers to mistakenly believe they are protected against any type of loss,” the FDIC advisory stated.
On Thursday, the FDIC and Federal Reserve issued a cease and desist order against now-bankrupt crypto firm Voyager Digital, charging the company misled customers to believe funds invested in the brokerage would be guaranteed by the government. read more
Specifically, the FDIC said banks need to make clear to the public that deposit insurance only covers insured banks in case of collapse, and that protection does not extend to the failure of any nonbank partners, which can include crypto custodians, exchanges, and wallet providers.
FTC Fines Opendoor $62M for ‘Misleading Claims’ About Home-Buying Service
Courtesy of PYMNTS.com
August 2, 2022 — The Federal Trade Commission on Monday (Aug. 1) fined online home buying firm Opendoor Labs $62 million, saying it must stop cheating potential home sellers by tricking them into thinking that they could make more money selling their homes to Opendoor, according to an FTC press release.
Opendoor allegedly pitched potential sellers using misleading and deceptive information, and most customers who sold to Opendoor made thousands less than they would have using a more traditional approach, the press release says.
“Opendoor promised to revolutionize the real estate market but built its business using old-fashioned deception about how much consumers could earn from selling their homes on the platform,” FTC Bureau of Consumer Protection Director Samuel Levine said in the press release. “There is nothing innovative about cheating consumers.”
Related: Real Estate Platform Opendoor Launches Mortgage Finance App
Opendoor, which buys homes directly from buyers, claimed to use cutting-edge technology to create “market-value” offers and reducing transaction costs compared with traditional home sales process, including charts showing that consumers would almost always make more money through the Opendoor service.
Opendoor also violated the law by misrepresenting its use of projected market value prices when making offers to buy homes, saying it made money from fees rather than from buying low and selling high and incorrectly reporting savings related to repair costs and selling their homes, according to the FTC release.
In a statement released Monday, Opendoor said, “While we strongly disagree with the FTC’s allegations, our decision to settle with the Commission will allow us to resolve the matter and focus on helping consumers buy, sell and move with simplicity, certainty and speed.”
The company added, “Importantly, the allegations raised by the FTC are related to activity that occurred between 2017 and 2019 and target marketing messages the company modified years ago. We are pleased to put this matter behind us and look forward to continuing to provide consumers with a modern real estate experience.”
In June, Opendoor launched a financing app that the company claims lets consumers get pre-approved for a mortgage in under two minutes. The app is part of the company’s suite of products, which include Buy with Opendoor, Opendoor Backed Offers, and Opendoor Complete.
The company said its technology identifies loan options based on the customer’s needs and criteria, including mortgage rate, guidelines and terms and the down payment required.
Opendoor said the app processes more than 10,000 data points in seconds to determine the maximum home purchase price a buyer can afford based on their qualifications and the minimum down payment for available loan options.
PayPal: BNPL Volumes Surge 226% Year on Year
Courtesy of PYMNTS.com
August 2, 2022 — PayPal’s most recent earnings results spotlight the continued digital shift, as active user counts eclipsed pre-pandemic levels. And buy now, pay later (BNPL) volumes surged by triple-digit percentages. PayPal’s active accounts at the end of the second quarter stood at 429 million, up 6% year-over-year, and the tally includes 35 million merchant accounts.
Total payment volumes grew by 13% on an FX-neutral basis to $339.8 billion. Excluding eBay, the company’s revenues were up 14%.
Transactions Per Active Account Surge, Too
The company said that transactions per active account grew 12% to 48.7 payment transactions. PayPal’s core daily active accounts at the end of the quarter had gained more than 40% relative to the pre-pandemic period, the company said in its supplemental filings.
Venmo volume increased 6% to $61 billion, marked by 90 million active accounts. Overall P2P volume, which includes PayPal, Venmo and Zoom, was up 3% to $93 billion (on top of 41% growth in the same period last year). Venmo commerce volume grew by 250% year over year. P2P transactions represented 27% of TPV in the quarter.
During the conference call with analysts, CEO Dan Schulman said that the “inherent network effect” remains in place and that the company is “doubling down on checkout, our PayPal and Venmo digital wallets and our Braintree platform.” He noted on the call that 80% of the company’s volume was driven by 30% of PayPal’s active accounts in the quarter. With a nod toward continued fine-tuning of the payments experience, the company is testing its new mobile SDK software development kid, which will remove friction, he said.
“We are also enhancing our checkout user experience to better serve our nearly 400 million consumer accounts by surfacing the most relevant funding instrument based on past purchase behavior, merchant category and purchase price, among other attributes,” he said on the call. Schulman added that “we’ll continue to expect to grow significant faster than the rate of eCommerce going forward, both on branded and branded [offerings] and on checkout.”
BNPL activity has been ramping, he said, marked by $4.9 billion in volume, up 226% year over year — and used by 22 million consumers, and offered by more than 200,000 merchants.
Schulman said, too, that engagement has been on an upswing with digital wallets, and management noted on the call that wallet users are twice as likely to choose PayPal at checkout. The company, he said, is working on “a debit card reboot” which will be a metal form factor with rewards built in — and which opens up the total addressable market by 20 million to 30 million users.
CFO John Rainey, who is being replaced by Blake Jorgensen, formerly of Electronic Arts, effective Aug. 3, noted that credit losses in the most recent quarter were $68 million, only a few basis points. During the question and answer session, management noted that Elliott Investment Management has taken a $2 billion stake in the company and said that discussions with the activist investor have been focused on operational improvements and long-term strategy.
Equifax Sent Wrong Borrower Credit Scores to Lenders
Courtesy of CUToday.info
August 3, 2022 — Equifax has confirmed it sent the erroneous credit scores to lenders of all asset sizes on people applying for auto loans, mortgages and credit cards and more during mid-March through early April of this year.
The confirmation did not break out separately how many credit unions may have been affected.
Equifax said the scores were sometimes off by 20 points or more in either direction, according to people familiar with the situation who spoke with the Wall Street Journal. The incorrect information was sufficient to alter the interest rates consumers were offered or to result in their applications being rejected altogether, the report stated.
The company began disclosing the errors to lenders in May, the sources indicated.
Equifax said it has since fixed the error, which the company described as a “technology coding issue.” The glitch didn’t alter the information in consumers’ credit reports, according to the company.
CEO Responds
“We have determined that there was no shift in the vast majority of scores during the three-week timeframe of the issue,” Sid Singh, president of Equifax’s U.S. Information Solutions, said in a statement. “For those consumers that did experience a score shift, initial analysis indicates that only a small number of them may have received a different credit decision.”
According to the Journal, which cited people familiar with the matter, the error affected many lenders across multiple consumer loan products, not just mortgages,
The percentage of incorrect scores provided to lenders varied, sources told the Journal. At one big bank, for example, 18% of applicants during the three-week period had incorrect scores, with an average swing of eight points, one of the people said.
Several-Thousand Affected at 1 Lender
“Equifax told one large auto lender that about 10% of applicants during the three-week period had inaccurate scores, according to a person familiar with the matter,” the Journal reported. “Of those, several thousand saw a change of 25 points or more on their credit score, the person said. In a small number of cases, applicants went from having no credit score at all to a score in the 700s—or vice versa, the person said. The most widely used credit scores range between 300 to 850; the higher the credit score, the more likely an applicant will get approved and at a lower interest rate.”
Equifax’s Singh said in the statement the company has been working closely with lenders and providing them with updated scores
Articles for July 29, 2022 Issue:
Average Data Breach Costs Hit a Record $4.4 Million, Report Says
Courtesy of Bree Fowler, CNET
According to a new report from IBM Security, the average cost of a data breach rose to $4.4 million this year.
Why it matters
More than half of the companies surveyed for the report admitted to passing on those higher costs to customers in the form of higher prices. Data breach costs keep going up, and consumers are likely paying for them.
The average data breach cost rose to an all-time high of $4.4 million this year, according to the IBM Security report released Wednesday. That marked a 2.6% increase from a year ago and a 13% jump since 2020.
More than half of the organizations surveyed acknowledged they had passed on those costs to their customers in the form of higher prices for their products and services, IBM said.
The annual report is based on an analysis of data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM, was conducted by the Ponemon Institute.
The cost estimates are based on both immediate and longer-term expenses. While some costs like the payment of ransoms and those related to investigating and containing the breach tend to be accounted for right away, others such as regulatory fines and lost sales can show up years later. On average, those polled said they accrued just under half of the costs related to a given breach more than a year after it occurred.
Case in point, T-Mobile said Friday it would pay $500 million to settle a class action lawsuit filed by customers over a data breach revealed nearly a year ago that exposed the personal information of an estimated 76.6 million people.
Pending judicial approval that could come before the end of the year, T-Mobile will pay $350 million to settle the customers’ claims and an additional $150 million to upgrade its data protection. The breach, disclosed in August, exposed information such as customer names, Social Security numbers, phone numbers, addresses and dates of birth.
Many of the highest-cost breaches analyzed in the IBM study involved critical infrastructure within the financial services, industrial, technology, energy, transportation, communication, healthcare, education and public-sector industries.
Those breaches had an average cost of $4.8 million, about $1 million more than the average cost paid by organizations outside of critical infrastructure, IBM said.
Part of that stems from the particularly high costs of health care industry breaches. Healthcare, which is considered to be critical infrastructure, had the highest average per-breach cost of $10.1 million, up from $9.2 million in 2021.
Critical infrastructure has become an increasingly tempting target for both nation-state attackers and cybercrime gangs in recent years. Last year, ransomware attacks against Colonial Pipeline and meat processor JBS USA shut down both companies for days, even though they both paid the equivalent of millions of dollars in ransom to get their data unlocked.
Millions of Android Devices Infected with Wallet-Draining Malware
Courtesy of Sead Fadilpašić, TechRadar.com
That Android wallpaper app is actually signing you up for premium services
Researchers have discovered another batch of seemingly innocent Android apps that are actually designed to push malware onto the endpoints(opens in new tab), and rake up expenses to the unsuspecting victims.
The latest batch included wallpaper apps, keyboards, photo editors, video editors, and an occasional cache cleaner or system maintenance apps, was discovered by the Dr. Web antivirus(opens in new tab) team, and have more than 10 million downloads between them. Overall, 28 apps were found on the Google Play Store, having somehow managed to bypass Google’s strict security policies.
Listen to or read the entire article here.
Related Reading: Click here for a complete list of malicious Android apps.
Related Reading: This Android malware is so dangerous, even Google is worried
Android Apps Hacked
As for the damages, the practice is more or less the same. Once installed, most apps will try to hide, changing their appearance in the app drawer to that of a system app. That way, they hope the users would be discouraged from uninstalling them. Then, the apps would push ads, and try to sign up the victim to various premium services, to rake up additional expenses.
None of this would have been possible if users wouldn’t give the apps the necessary permissions. Even though the apps are simple in design (and actually do what they’re advertised to do), they often ask the users for advanced permissions, such as the permission to be excluded from the battery saver feature, so that they can remain operational in the background even when terminated by the user – which itself is a major red flag.
Most of the apps have already been removed from the Play Store, but three remain. Still, even if all of the apps were removed, they have still been downloaded millions of times, and until all victims remove them from their devices, they’ll continue to be a threat.
Senate Bill Takes Aim at Visa, Mastercard Credit-Card Fees
Courtesy of AnnaMaria Andriotis, Wall Street Journal
July 27, 2022 — Two U.S. senators are preparing legislation that would give merchants power to process many Visa Inc. and Mastercard Inc. credit cards over different networks.
The bill, which could be introduced as soon as this week, aims to create more competition among U.S. credit-card networks, a sector where Visa and Mastercard have long dominated. Sen. Dick Durbin, an Illinois Democrat, and Sen. Roger Marshall, a Kansas Republican, are expected to introduce the bill.
Mr. Marshall said banks and major card networks lobbied his office to not sign onto the bill. He decided to move forward after hearing from a growing number of merchants, including small businesses, restaurants, gas stations and convenience stores, about the toll of the rising credit-card fees set by Visa and Mastercard that are often pocketed by large banks.
Mr. Durbin spearheaded a similar rule for debit cards over a decade ago. The Durbin amendment, part of the 2010 Dodd-Frank law, requires that merchants have the ability to choose from at least two unaffiliated debit-card networks when routing transactions.
Most shoppers don’t think twice about how their payments are processed when they buy something with a credit card. But the underlying plumbing and its associated fees represent a fierce source of contention between merchants that pay the fees and big card networks and banks that set or collect them. The expected bill reflects a growing scrutiny of the payments sector.
Because the bill would amend the Electronic Fund Transfer Act, it would likely be referred to the Senate Banking Committee, people familiar with the matter said. Neither Mr. Durbin nor Mr. Marshall is on the banking committee.
Rep. Peter Welch of Vermont plans to be the lead Democrat on a House bill, according to a person familiar with the matter. It couldn’t be determined if a House bill would have a Republican co-lead and if it would get introduced without one.
Are We in a Housing Bubble? Five Credit Union Leaders Weigh In
Courtesy of Marc Rapport, CreditUnions.com
Supply still lags demand but price hikes are slowing, and a lot has changed in the past 15 years.
There are a lot of unpleasant memories from the housing bubble that burst as the economy imploded and the Great Recession began nearly 15 years ago, including drastically falling property values, upside-down loans by the millions, and staggering foreclosure rates.
While the national median home price has surpassed $400,000, a strong labor market and stricter underwriting standards are expected to provide a buffer against a sudden collapse, as was the case during the last housing crisis. That’s been the conventional wisdom as records for high prices and low inventory fell month after month through the pandemic.
But are things changing? The Fed is waging mortal combat with inflation the likes of which haven’t been seen in 40 years, and soaring interest rates are not just crimping affordability but also raising fears of recession.
Some industries already are laying off workers (especially among the big mortgage lenders), and there are other signs of change. Black Knight, for instance, just reported the slowest month-over-month growth in home prices since 2006, while CoreLogic says foreclosures edged up this spring after hitting historic lows late last year.
So, are we in a housing bubble? Well, all real estate is local, so here’s what five credit union executives with their fingers on the pulse of their local markets have to say.
Tom Ernsperger, EVP/Chief Lending Officer, One Nevada Credit Union
“To some extent, yes. Particularly here in the Las Vegas market, where housing price appreciation has been among the national leaders for some time. Remarkable home price increases combined with quickly rising rates have already priced a number of potential borrowers out of the market.
“While I don’t see it being nearly as volatile as during the last recession, I think we’ll see home sellers coming off their asking prices to facilitate sales. We’ve already seen a bit of this.”
Marty Burke, Vice President/Mortgage Development Officer, Franklin Mint FCU
“I don’t believe we’re in a housing bubble nor are we headed for one. From 2008-2011, home prices decreased by over 30% and caused homeowners to become upside down, owing more than the home’s value.
“In this market, house appreciation will slow to low single-digit appreciation by year’s end, but values will tend to stabilize and not decline. As rates rise, home-buying demand will slow. We’ll see more inventory available for buyers still seeking the opportunity of homeownership.”
Wendy Dawson, Vice President of Mortgage Lending, Coastal FCU
“Wow, that’s the magical question. No one can know for certain how the market will change over the next few days, weeks, or months, and economic news will continue to impact the housing market one way or another.
“I do feel confident and fortunate that Coastal operates in a footprint (NC, SC, and VA) with enormous demand for housing that is likely to continue. The last estimate I read warned that the national housing inventory is well below what’s needed, potentially as much as 3 million homes below demand. This underpins the entire market and should be considered when discussing the current state of the market.
“Especially as the market shifts, we’ll do our best to make sure our products continue to be tailored to the needs of our members and our markets. This, combined with our conservative and sustainable approach to growth, will continue to help us achieve our goals.”
Doc Dougherty, Chief Lending Officer, Together Credit Union
“There are good arguments on both sides, but I wouldn’t call it a bubble. A housing bubble requires both a rush of speculators entering markets and overvalued homes. From what I review and follow, values have increased swiftly over the past few years. However, unlike the bubble of 2008 -09, this recent housing boom is not underpinned by the crazy speculation that we saw back then, and underwriting practices have improved dramatically.
“In some U.S. markets, we’ll likely see 10% to 15% declines if we end up in another recession. Fortunately, those of us living in the Midwest don’t experience the crazy market swings that occur more often in the Northwest and Southwest.”
Andrew Clarkson, Vice President for national mortgage production, United FCU
“I don’t believe so. The current economic stress isn’t originating from the housing market. Jobs and incomes remain in strong positions. Inflation and supply chain issues continue to be the primary stressors of this economy.”
“The housing market will eventually react to rising rates. We’ve seen an increase in price reductions and that trend may very well be normal over the next several months as interest rates climb. But, according to national real estate associations, there’s still a housing-supply shortage so a housing bubble seems unlikely.”
Articles for July 22, 2022 Issue:
- Google to Allow App Developers to Use Rival Payment Systems to Cut Fees
- FBI Warns About Fake Cryptocurrency Investment Apps Used to Steal Millions
- FDIC Investigating Whether Crypto-Firm Falsely Claimed Investments Were Insured
- Threat-landscape of Financial Attacks
Google to Allow App Developers to Use Rival Payment Systems to Cut Fees
Courtesy of By Foo Yun Chee, Reuters
July 19, 2022 — Alphabet (GOOGL.O) unit Google said it will from Tuesday cut fees to 12%, from 15%, for non-gaming app developers on its Google Play App Store which switch to rival payment systems, as it moves to comply with new EU tech rules.
The world’s most popular internet search engine said the fee cut applies only to European consumers while the freedom to use another payment system will eventually be expanded to gaming apps as well.
The move underscores a change in Google’s strategy since last year where it now prefers to bow to regulatory and antitrust pressure with offers of concessions rather than embark on lengthy and distracting fights.
The EU rules known as the Digital Markets Act (DMA), which will come into force next year, require tech giants to allow app developers to use rival payment platforms for app sales or risk fines of as much as 10% of their global turnover.
Apple and Google are the most affected by this requirement. “As part of our efforts to comply with these new rules, we are announcing a new programme to support billing alternatives for EEA (European Economic Area ) users,” Estelle Werth, Google’s director for EU government affairs and public policy, said in a blogpost.
“This will mean developers of non-gaming apps can offer their users in the EEA an alternative to Google Play’s billing system when they are paying for digital content and services,” she said. The EEA includes the 27 EU countries, Norway, Iceland and Liechtenstein.
“When a consumer uses an alternative billing system, the service fee the developer pays will be reduced by 3%,” Werth said.
“Since 99% of developers currently qualify for a service fee of 15% or less, those developers would pay a service fee of 12% or lower based on transactions through alternative billing for EEA users acquired through the Play platform.”
Critics say the fees charged by Apple (AAPL.O) and Google at their mobile app stores are needlessly high and cost developers collectively billions of dollars a year, underscoring the two companies’ monopoly power.
Google has been hit with more than 8 billion euros in EU antitrust fines in the last decade for anti-competitive practices related to its price comparison service, Android mobile operating system and advertising service.
FBI Warns About Fake Cryptocurrency Investment Apps Used to Steal Millions
Courtesy of Andrea Peterson, the Record
July 18, 2022 — Scammers have used fraudulent cryptocurrency investment apps to steal an estimated $42.7 million from at least 244 victims, the FBI warned investors and financial institutions Monday.
The warning comes after a collapse in the general cryptocurrency market and new reporting on schemes that lure investors into what they think are legitimate online relationships before ripping them off via fake cryptocurrency apps. The warning, which came in the form of a Private Industry Notification released by the FBI’s Cyber Division, lists recommendations for investors and financial institutions for avoiding the schemes and cites specific examples.
In one scheme uncovered by the FBI, unidentified digital fraudsters hijacked the name and logo of a U.S. financial institution to convince them to download a fake app and deposit their cryptocurrency. In that scam — which ran between December 2012 and May of this year — 13 of 28 victims also paid additional supposed “tax” when attempting to get their funds out, but “remained unable to withdraw” it.
Another scam, operating under the name “YitBit1,” pulled a similar fake tax scheme while defrauding at least four victims of some $5.5 million with a fraudulent crypto investment app between October 2021 and May 2022, according to the warning.
The agency issued a public warning last September about a rise in cyberfraud schemes that start on dating sites or social media, building intimacy before “persuading individuals to send money to allegedly invest or trade cryptocurrency.”
Such schemes are also known as “pig-butchering,” from the Chinese “Shāzhūpán,” — referring to the long game of feeding victims elaborate scripts before trying to take them for as much as possible. A recent report from Vice News highlighted how such operations have professionalized in parts of Southeast Asia in recent years.
The schemes now rely on human trafficking and local people caught in dire economic circumstances due to the decline of tourism during the pandemic to run call center-style operations, Vice reported. The operations lure victims to hoax cryptocurrency apps at scale, at times draining their life savings.
FDIC Investigating Whether Crypto-Firm Falsely Claimed Investments Were Insured
Courtesy of CUToday.info
While credit unions and the National Credit Union Share Insurance Fund have yet to face the issue, the FDIC is investigating whether a crypto brokerage and lender misled consumers by implying its deposit accounts were federally insured. Some customers of Voyager Digital, which has entered bankruptcy, have been surprised to learn their investments are not safe and may be lost.
The plunging prices of cryptocurrency have led to losses at the company. As a result, Voyager froze all activity, including withdrawals on $350 million in customer deposits that are stored at Metropolitan Commercial Bank, a small New York bank, according to the Wall Street Journal, which added Voyager told customers they would be able to access those dollars after “a reconciliation and fraud prevention process is completed.”
‘Guaranteed a Full Reimbursement’
According to the report, some customers online said they were only just learning their deposits weren’t insured by the Federal Deposit Insurance Corp. in the way they thought.
“In the rare event your USD funds are compromised due to the company or our banking partner’s failure, you are guaranteed a full reimbursement (up to $250,000),” Voyager told customers in 2019, according to the Journal.
As recently as last week, the company’s website said, “Your USD is held by our banking partner, Metropolitan Commercial Bank, which is FDIC insured, so the cash you hold with Voyager is protected.”
Only Bank Accounts Insured
The individual customer accounts are eligible for insurance, but only in the case of a failure of the bank, not Voyager, Metropolitan Commercial Bank stated, according to the Journal.
Voyager has what is known as a For Benefit of Customers account at Metropolitan Commercial Bank. The FDIC said it is now looking into Voyager’s marketing, the Journal added. As CUToday.info has reported, those credit unions that are offering crypto-brokerage services to members have been emphasizing that the investments are not NCUSIF insured.
$1.1B in Crypto Deposits
According to the Journal, Metropolitan Commercial Bank is one of a small group of banks willing to work with crypto firms. It held about $1.1 billion in deposits tied to crypto, 19% of its total, according to disclosures. It doesn’t hold any crypto assets and doesn’t make loans backed by crypto, the Journal reported, adding that Metropolitan holds the deposits as cash and doesn’t use them for other investments or loans, according to Keefe, Bruyette & Woods analyst Christopher O’Connell.
Threat-landscape of Financial Attacks
Courtesy of Vicente Díaz, VirusTotal.com Blog
Financial institutions have been a traditional target for all kinds of attacks. We wanted to understand what kind of malware families have been used against them in recent cases and track their evolution. It is not easy, though, having details on artifacts used in such attacks.
Our approach was cross-checking OSINT data related to attacks targeting financial institutions with VirusTotal intelligence to shed some light on how these threats are evolving during 2022. We want to share some of the most interesting findings as well as providing some ideas on how you can use VirusTotal to track these attacks by yourself.
You can also check our recorded webinar here.
Top malware families
Starting from the collection of OSINT-obtained malware families used in attacks against financial institutions, we checked every family’s prevalence in VirusTotal based on the number of submissions in 2022. Submissions are an interesting metric to understand how spread a malware family is:
It is worth noting that some of these “malware families” might be legitimate artifacts used by attackers, typically for lateral movement as part of their TTPs or preferred toolset.
Indeed, Remcos (also known as RemcosRAT) is a commercial product offered as a legitimate Remote Control utility which has been part of attackers’ toolsets since (at least) 2017. Some other top 15 malware families are deployed as part of the Golden Chicken malware as a service (MaaS): TerraRecon, Terra Loader, Terra Preter, TerraStealer, TerraTV and more_eggs. These have been used by multiple threat actors, mainly in targeted attacks against the financial sector. However, this can also be biased based on the OSINT publications used for this analysis.
Back to RemcosRAT, it can be frequently seen deployed in combination with an exploit [1,2,3]. To monitor fresh RemcosRAT samples linked with exploits, you can use the following query in VirusTotal Intelligence:
engines:remcosrat fs:2022-01-01+ type:peexe tag:exploit
When presented with a collection of samples after a search like the previous one, it is interesting to use the Commonalities Tool to find how many of these samples share characteristics such as vhash, contacted urls, domains and ip addresses. They also drop similar files and all samples use only 4 different compilation timestamps. Most likely, all of them are either part of the same campaign or part of a toolset/infrastructure heavily reused in different attacks.
Read the entire article for more samples here.
Articles for July 15, 2022 Issue:
- $8 Million Stolen in Large-Scale Uniswap Airdrop Phishing Attack
- ‘No Choice But To Go Nuclear’: Bank of Canada Issues a Supersized Rate Hike
- U.S. Bank Profits to Tumble on Higher Bad Loan Reserves
- OPINION: Here’s The Alternative To U.S. Dollar Dominance — and It’s Not a Rival Currency, Gold or Bitcoin
$8 Million Stolen in Large-Scale Uniswap Airdrop Phishing Attack
Courtesy of Bill Toulas, BleepingComputer.com
July 13, 2022 — Uniswap, a popular decentralized cryptocurrency exchange, lost close to $8 million worth of Ethereum in a sophisticated phishing attack yesterday.
While the protocol hasn’t been compromised by exploiting a vulnerability as initially suspected, the cyberattack has impacted many investors in digital assets. The threat actors used the lure of free UNI tokens (airdrops) to trick victims into granting a transactions that gave hackers full access to wallets.
The trap was a masked “setApprovalForAll” function that assigns or revokes full approval rights to the operator, essentially allowing the attacker to redeem all Uniswap v3 LP tokens for ETH in the victim wallet.
In total, the threat actors siphoned 7,574 ETH to a wallet address under their control and quickly moved 7,500 to the Tornado Cash service for mixing (laundering).
Spoofing Uniswap
The phishing actors created an ERC20 token and airdropped it to 73,399 users who held UNI tokens, spending 8.5 ETH in TX fees for the high volume of the transactions.
The goal was to re-direct the recipients to a scam website on the domain “uniswaplp[.]com,” which impersonates the official Uniswap domain “uniswap.org.” The operator appeared as “Uniswap V3: Positions NFT” to the victims, thus tricking them into allowing the approval rights.
To understand more on how the scammers spoofed the sender’s address, check out this detailed post by blockchain security expert Harry Denley. In short, the attackers polluted the emit function of the contract with false data tricking the block explorer into displaying Uniswap as the sender, researchers at Check Point explain.
How to protect yourself
When receiving an airdrop, make sure to validate everything before clicking any buttons, starting with the domain name of the website you’ve landed on.
Before responding to promotional events or giveaways, users of digital assets should also check the platform’s official website and social media channels that the offer is genuine.
Verifying the source of an airdrop is also a good way to avoid falling victim to scammers seeing to take control of transactions with a single click.
‘No Choice But To Go Nuclear’: Bank of Canada Issues a Supersized Rate Hike
Borrowers across the country should expect their wallets to take a hit after four rate increases in five months.
Courtesy of Sigrid Wise, Financial Post
July 13, 2022 —With inflation running hot as a “four-alarm fire” — as the Bank of Montreal’s chief economist Douglas Porter so eloquently put it in a note to clients — the Bank of Canada is redoubling its efforts with a much more aggressive interest rate hike.
While the overnight rate is the central bank’s best tool for fighting inflation, it typically uses it with finesse, in 0.25 percent increments. But since this fire calls for a lot more water, BoC governor Tiff Macklem announced on July 13 that the bank would increase its target overnight interest rate by a full one percent.
That brings the overnight rate to 2.50 percent.
An increase of this size hasn’t happened since 1998. And while it’s going to have immediate implications for Canadian consumers, experts say it’s a necessary step for putting out the raging flames of inflation — even if it extinguishes the economy in the process.
May’s figure was even higher than anticipated, which means Macklem’s main concern will be preventing high inflation from becoming entrenched.
It’s a difficult balancing act. The bank chose to keep rates close to zero for the first two years of the pandemic to help boost the economy, but creeping inflation forced it to act. In March, it raised rates by 0.25 percent, and then by 0.50 percent in both April and June.
How does this affect the economy?
Typically, analysts would worry these supersized hikes could push the country into a recession. Moshe Lander, an economist with Montreal’s Concordia University, says a hike of this size is not only a “depressing move” but could also “take some of the starch out of the Canadian economy in the process.”
Although Lander has reservations about such a big move, he can’t deny that inflation remains stubbornly high despite the bank’s best efforts these last few months.
Canadian consumers will soon feel the heat
That reality has been hitting Canadians where it hurts — their wallets — for months now. Unfortunately, while this month’s extra-large increase may finally help cool inflation, many Canadians will find their finances taking a hit elsewhere, especially with their debts. When the central bank raises its rates, the country’s lenders tend to follow suit.
Canadians are among the most indebted of all the world’s advanced economies. And while household wealth has surged through the pandemic, a report from RBC Economics shows close to 60 percent of that is simply due to rising real estate values.
The same report shows household debt sitting at record levels — again thanks to the “heated housing market,” which has “driven more mortgage borrowing.” Canadian borrowers are on the hook for an additional $300 billion compared to pre-pandemic debt levels.
Homeowners beware
Anyone with a variable-rate loan should expect their rates to rise almost immediately. The Financial Consumer Agency of Canada offers some helpful examples of how this works.
Take someone who has a mortgage of $278,748 with a current interest rate of 3.1 percent, and 23 years left in their repayment period. Their monthly mortgage payment is currently $1,411, but even a 0.50 percent rate hike would bring it up to $1,483. For every 0.50 percent increase, their mortgage costs them an extra $72 in interest every month.
U.S. Bank Profits to Tumble on Higher Bad Loan Reserves
Courtesy of David Henry, Reuters
Summary
- Big lenders to begin reporting Q2 results on Thursday
- Biggest four banks could record $3.5 bln of provisions for reserves-analysts
- Investors seeking clues on recession outlook

Photo courtesy of Reuters
July 11, 2022 — Second quarter profits at big U.S. banks are expected to fall sharply from a year earlier on increased loan loss reserves, as the pandemic recovery gives way to a possible recession.
Analysts expect JPMorgan Chase & Co will report a 25% drop in profit on Thursday, while Citigroup Inc and Wells Fargo & Co will show 38% and 42% profit declines, respectively on Friday, according to Refinitiv I/B/E/S data.
Bank of America Corp, which like its peers has big consumer and business lending franchises, is expected to show a 29% drop in profit when it reports on July 18.
The plunge in profit stems from lenders adding to their reserves for expected loan losses, a reversal from a year earlier when they benefited from reducing those cushions as anticipated pandemic losses failed to materialize and the economy strengthened. read more
“Its going to be a shaky quarter for the sector,” said Jason Ware, chief investment officer for Albion Financial Group, which owns shares of JPMorgan and Morgan Stanley (MS.N).
Investors will want to hear executives’ insights into the health of the economy and if borrowers are “more shaky now,” Ware said. Banks must factor the economic outlook into loan loss reserves under an accounting standard which took effect in January 2020.
While data on Friday showed the U.S. economy added more jobs than expected in June, it could still be on the verge of a recession. Gross domestic product contracted in the first quarter, with tepid consumer spending and manufacturing readings in the last two weeks. read more
TIME TO BUILD UP
Last month, JPMorgan CEO Jamie Dimon warned of an economic “hurricane,” while Morgan Stanley CEO James Gorman has said there is a 50% chance of a recession. read more
“The banks are going to have to build up their reserves,” said Gerard Cassidy, a bank analyst at RBC Capital Markets.
JPMorgan, Citi, Wells Fargo and Bank of America, the country’s largest four lenders, could record $3.5 billion of loss provisions compared with $6.2 billion of benefits last year when they released reserves, Cassidy estimated.
Courtesy of Steve Goldstein, MarketWatch
July 13, 2022 — There’s a basic problem with the global financial system — it’s too focused on the U.S. dollar. Yes, the U.S. is the world’s largest economy, but the dollar represents 60% of global foreign exchange reserves and 40% of international trade, despite U.S. GDP representing just a fifth of world output and being a counterparty for roughly 10% of global trade.
And over the years, the U.S. has increasingly weaponized the dollar’s hegemony in the financial system, most recently by freezing Russian reserve assets at the beginning of the Russia-Ukraine war. And while not every country is necessarily planning such a belligerent action, not everyone is happy with the U.S. calling the shots.
That’s led to talk that perhaps some other currency, or currencies, could replace the dollar’s role as the reserve currency, or maybe gold or even bitcoin could do the trick, but there’s problems with each of those alternatives, from convertibility in the case of China, to cyclicality in the case of the euro. The fact the U.S. dollar DXY, 0.65% is trading around a 20-year high suggests the market doesn’t treat any rival as a particularly compelling alternative.
A new report from Barclays suggests a different route — central banks could decide to hold fewer reserves altogether.
It wouldn’t be an easy shift. After emerging market crises during the 1980s and 1990s, countries built up foreign reserves to safeguard their independence, so as not to require International Monetary Fund rescues with inevitable strings attached. The leading foreign-reserve holders have built up war chests that are three times the roughly three to four months worth of imports that the IMF recommends. Most of these countries also get the benefit that their currencies are undervalued, boosting exports.
The Barclays analysts say the alternative is a world with fewer, or no, reserves. That wouldn’t be easy, either. Some countries would adopt protectionist policies, barriers to convertibility and the like. They would also discourage the build-up of foreign currency liabilities, like dollar-denominated corporate debt, and perhaps encourage the build-up of regional trading hubs.
“Less openness to trade implies suboptimal resource allocation and lower productivity growth. A need to maintain a competitive currency and incentivize local issuance may need to go hand-in-hand with deflationary fiscal policies and low levels of rates,” say Themistoklis Fiotakis, Marek Raczko and Sheryl Dong, all U.K.-based debt analysts at Barclays.
China would face the end of export-driven growth and subdued domestic demand, possibly lifting the value of the yuan. And yields on U.S. debt would inevitably rise. The Barclays analysts say the reserves accumulation has pushed the 10-year Treasury yield TMUBMUSD10Y, 2.962% lower by about 300 basis points since 1990.
Articles for July 8, 2022 Issue:
- Red flag: Consumers Are Using Buy Now, Pay Later to Cover Everyday Expenses
- Marriott Has Been Hit by Another Data Breach: Hackers are Thought to Have Exfiltrated Around 20GB Of Data, Including Customer Credit Card Details
- Dangerous New Malware Dances Past More Than 50 Antivirus Services
- Related Reading: Kaspersky Reveals Phishing Emails That Employees Find Most Confusing
- Billions In Bitcoin Trapped on Lending Platforms Like Celsius May Turn Into a Tax Write-Off For Investors
Red flag: Consumers Are Using Buy Now, Pay Later to Cover Everyday Expenses
Courtesy of Alicia Wallace, CNN Business
July 6, 2022 — Buy Now, Pay Later installment plans have become popular among consumers seeking to spread out the cost of big-ticket purchases. But now, rising prices have some cash-strapped shoppers reaching for these alternative payment methods for everyday purchases, such as their daily coffee, gas station fill-up or grocery run, as well.
That’s a concern for economists and consumer advocates, who say the surge in the use of these services, coupled with a lack of transparency and little regulatory oversight, leaves them wondering just how much debt Americans are actually getting into.
While other household debt, such as credit card spending and auto loans, is gathered and tracked by the Federal Reserve, Buy Now, Pay Later (BNPL) data is not included because the financing is typically provided by non-bank sources and not yet reported in a comprehensive manner to credit bureaus.
That means there’s no publicly available database of BNPL-related consumer debt levels, transaction volume, delinquency rates, and fees and interest charges.”There’s no question there’s a big hole in our understanding of people’s financial situations, if you don’t include Buy Now, Pay Later,” said Matt Schulz, chief credit analyst for LendingTree. “And that’s a problem for credit scoring companies, credit bureaus and for lenders.”
Red flags
From Affirm and Apple to PayPal and Zip, BNPL transactions are currently estimated to be at least $100 billion annually — a figure that analysts say could skyrocket to between $1 trillion to $4 trillion within a few years.
These types of services split a purchase into four or more installment payments to be paid over a period of few weeks or months. Customers can open a new account for each transaction or they can keep one account for their purchases as long as they have made their payments on time. BNPL accounts are typically offered with zero or minimal interest, and often come without a hard credit check.
To make money, the BNPL providers charge merchants between 1.5% to 7% of the transaction price, according to Kansas City Federal Reserve research. For some retailers, the costs are worth it, according to research from RBC Capital Markets, which showed online BNPL offerings boosted average ticket sales by 30% to 50% and increase the share of customers who ultimately made a purchase.
Despite its rapid growth, BNPL has raised red flags for economists, regulators and attorneys general. They’ve cautioned that because the services are not regulated as credit products, it has resulted in a Wild West-style market with varying terms and conditions and few checks and balances.
One significant downside is the risk of getting into debt fairly easily without realizing it, said Terri R. Bradford, a research specialist in payment systems for the Kansas City Federal Reserve.
Marriott Has Been Hit by Another Data Breach: Hackers are Thought to Have Exfiltrated Around 20GB Of Data, Including Customer Credit Card Details
Courtesy of Corin Faife, TheVerge.com
July 6, 2022 — The Marriott International hotel chain has confirmed that it has been hit by yet another data breach that exposed staff and customer information – an unfortunate security incident for a company that was affected by a number of major hacks in recent years.
In the latest incident, first reported by DataBreaches.net, hackers are reported to have stolen around 20GB of data, including confidential business documents and customer payment information, from the BWI Airport Marriott in Baltimore, Maryland. Redacted sample documents published by DataBreaches appear to show credit card authorization forms, which would give an attacker all of the details needed to make fraudulent purchases with a victim’s card.
Melissa Froehlich Flood, a spokesperson for the Marriott, told The Verge that the company was “aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer.” Before going public with the hack, the threat actor had tried to extort the hotel chain but no money was paid, Froehlich Flood said.
The threat actor did not gain access to Marriott’s core network and accessed information that “primarily contained non-sensitive internal business files,” the spokesperson said. But, nonetheless, Marriott is preparing to notify between 300 and 400 individuals about the data breach. Law enforcement agencies have also been notified, she said.
Based on current reports, the latest incident is far less severe than previous hacks that have targeted the hotel chain. In 2018, Marriott revealed that it had been hit by an enormous database breach that affected up to 500 million guests of the Starwood hotel network, which was acquired by Marriott in 2016. Two years later, another data breach in 2020 exposed the personal information of 5.2 million guests.
Listen to or read the entire article here.
Dangerous New Malware Dances Past More Than 50 Antivirus Services
Courtesy of Sead Fadilpašić, TechRadar.com
July 6, 2022 — Researchers have discovered a new malware sample capable of hiding from more than 50 antivirus(opens in new tab) products available on the market right now.
The malware was discovered by cybersecurity researchers from Unit 42, the threat intelligence team at Palo Alto Networks. The team first spotted the strain in May, when it discovered that it was built using the Brute Ratel (BRC4) tool. BRC4’s developers claim to have even reverse-engineered popular antivirus products, to make sure their tool avoids detection.
Related Reading: Kaspersky Reveals Phishing Emails That Employees Find Most Confusing
The quality of the design and the speed at which it was distributed between the victims’ endpoints has convinced the researchers that a state-sponsored actor is behind the campaign.
BRC4’s developers claim to have even reverse-engineered popular antivirus products, to make sure their tool avoids detection.
The quality of the design and the speed at which it was distributed between the victims’ endpoints has convinced the researchers that a state-sponsored actor is behind the campaign.
Russian methods
While the tool itself is dangerous, the researchers were more interested in its distribution path, which indicates a state-sponsored actor is in play. The malware is being distributed in the form of a fake CV document. The CV is an ISO file that, once mounted onto a virtual drive, displays something resembling a Microsoft Word document.
While the researchers still can’t pinpoint exactly who the threat actor behind BRC4 is, they suspect Russian-based APT29 (AKA Cozy Bear), which has used weaponized ISOs in the past.
Another hint suggesting that a state-sponsored actor is in play is the speed at which BRC4 was leveraged. The ISO was created the same day the latest version of BRC4 was published.
Billions In Bitcoin Trapped on Lending Platforms Like Celsius May Turn Into a Tax Write-Off For Investors
Courtesy of MacKenzie Sigalos, CNBC — July 6, 2022
- Crypto lending platforms like Celsius, Anchor, and Voyager Digital rose to prominence for offering sky-high returns of up to 20% annually on customer deposits.
- Much of that crypto cash is now trapped, as plunging token prices force platforms to temporarily suspend or limit withdrawals.
- Shehan Chandrasekera, a certified public accountant, says the U.S. tax code may eventually provide some relief to these investors by way of the nonbusiness bad debt write-off.
Crypto lending platforms like Celsius, Anchor, and Voyager Digital rose to prominence for offering almost unbelievable returns of up to 20% annually on customer deposits. Now much of that crypto cash is trapped, as plunging token prices force platforms to temporarily suspend or limit withdrawals.
In the wake of its own solvency crisis, Celsius — which is still advertising up to 18.63% annual yield on its website — has had customer funds on ice for more than three weeks and has yet to announce tangible guidance on next steps.
So who is going to be left holding the bag if these platforms go belly up?
Unlike the traditional banking system, which typically insures customer deposits, there aren’t formal consumer protections in place to safeguard user funds when things go wrong on decentralized finance platforms. ‘High risk, high reward’ is the general motto of the DeFi ecosystem. For those who lost their life savings to these crypto lending platforms, there is little recourse for recouping their losses.
But Shehan Chandrasekera, a certified public accountant, tells CNBC the U.S. tax code may provide some relief to these investors by way of an obscure deduction.
“If your funds become totally worthless and irrecoverable, you may be eligible to write them off as a nonbusiness bad debt on your taxes,” said Chandrasekera, lead tax strategist at CoinTracker.io, a digital currency tax software company that helps clients track their crypto across virtual wallet addresses and manage their tax obligations.
“It’s not going to cover up your entire economic loss, but it’s going to give you some type of tax benefit, because at least you get to write off that initial investment that you put in,” Chandrasekera.
How you might qualify
You can think of a nonbusiness bad debt as a type of loss resulting from a debt extended to another party, which has been rendered totally worthless and irrecoverable.
CPA Lewis Taub stresses that there must be a complete loss of all that was lent to the platform in order for the debt to be considered deductible. Partial losses don’t count. The freezing of accounts, or limited withdrawals by crypto platforms, does not constitute a total loss.
At this stage, many of the crypto platforms are still calling the freezes “temporary” as they figure out how to shore up some liquidity, whether through restructuring or securing additional lines of credit.
Chandrasekera says that a debt falls into this category of “totally uncollectible” only after all attempts at collection have failed. So technically, none of the crypto funds on deposit at these platforms are completely worthless.
“It’s also deemed worthless if the borrower files for bankruptcy and the debt is discharged,” Chandrasekera explained in a tweet thread detailing how filers could claim the deduction.
However, Taub says that even if a platform declares bankruptcy, the holders may still get something in bankruptcy court, so it’s still not a total loss. Voyager Digital, for example, filed for Chapter 11 bankruptcy Tuesday evening, but it’s not yet clear whether users will be able to recover some of their losses through this process.
Articles for July 1, 2022 Issue:
- FTC Sues Walmart, Alleging It Let Scammers Access Money Transfer Service
- CISA Warns Orgs to Switch to Exchange Online Modern Auth Until October
- Grayscale Sues SEC After Rejection of Bid to Turn the Largest Bitcoin Fund Into an ETF
- OCC Report Examines Overall Mortgage Performance
FTC Sues Walmart, Alleging It Let Scammers Access Money Transfer Service
Courtesy of Yiwen Lu, Washington Post
June 29, 2022 — The Federal Trade Commission is suing Walmart, alleging the company should have done more to keep scammers from using its money transfer services to carry out schemes that cost consumers tens of millions of dollars.
In the complaint filed Tuesday, the FTC said Walmart failed to intervene in scammer activities in its money transfer services. “The company did not properly train its employees, failed to warn customers, and used procedures that allowed fraudsters to cash out at its stores,” the commission said in a news release.
The retail giant dismissed the lawsuit as “factually flawed and legally baseless.”
The FTC alleged that Walmart violated the agency’s Telemarketing Sales Rule (TSR) amendments, which prohibited traditional “cash-to-cash” payments provided through services including MoneyGram, the Western Union and RIA — three companies that Walmart partnered with in its money transfer services. The rules took effect in January 2016.
The agency is asking the court to order the return of fraudulently obtained money to victims and impose civil penalties on Walmart for violating its rules. Walmart offers domestic and international money transfer services in its stores. Customers can transfer money from one store location to another, or to one of its partner agents’ locations in more than 200 countries and territories. The service through RIA allowed customers to transfer as much as $2,500.
According to the FTC, scams involved soliciting money from customers under the guise of selling products in phone calls or prevalent schemes like impersonating an IRS agent. From 2013 to 2018, data from Walmart’s partners showed that fraudulent transfers sent or received at company stores totaled more than $197 million, with upward of $1.3 billion possibly connected to such schemes.
The FTC said that Walmart told its employees to “complete the transactions” even when fraud was suspected. Scam artists, the agency said, can pick up large cash payments at Walmart with a fake ID. The agency also called Walmart’s anti-fraud policy “poorly enforced.”
In a news release Tuesday, Walmart said that employees are required to complete anti-fraud training every year, where they are taught to recognize red flags and not process transactions in which fraud is suspected. Walmart spokesman Randy Hargrove said that FTC’s claim about improper employee trainings was “largely based on a typo on one page of a training document from years ago.”
In another statement, the company said the FTC was attempting “to blame Walmart for fraud that the agency already attributed to another company while that company was under the federal government’s direct supervision.”
CISA Warns Orgs to Switch to Exchange Online Modern Auth Until October
Courtesy of Sergiu Gatlan, BleepingComputer.com
June 29, 2022 — CISA has urged government agencies and private sector organizations using Microsoft’s Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication (MFA) support to Modern Authentication alternatives.
Basic Auth (proxy authentication) is an HTTP-based auth scheme used by apps to send credentials in plain text to servers, endpoints, or online services.The alternative, Modern Auth (Active Directory Authentication Library and OAuth 2.0 token-based authentication), uses OAuth access tokens with a limited lifetime that cannot be re-used to authenticate on other resources besides those they were issued for.
Apps using Basic Auth allow attackers to guess credentials in password spray attacks or capture them in man-in-the-middle attacks over TLS. To make things worse, when using basic auth, multifactor authentication (MFA) is quite complicated to enable, and, as a result, it often isn’t used at all.
Modern Auth switch urgently needed
Federal Civilian Executive Branch (FCEB) agencies were also advised to block Basic auth after migrating to Modern Auth, which, according to Microsoft, will make it harder for threat actors to pull off successful password spray and credential stuffing attacks.
According to CISA’s guidance, this can be done either by creating an authentication policy for all Exchange Online mailboxes from M365 Admin Center’s Modern Auth Page (details here) or a Conditional Access policy in Azure Active Directory (AAD) using the AAD Admin Center (instructions here).”Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028,” CISA said on Tuesday. “Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA.”
Grayscale Sues SEC After Rejection of Bid to Turn the Largest Bitcoin Fund Into an ETF
Courtesy of Ryan Browne, CNBC
Key Points:
- The SEC on Wednesday rejected Grayscale’s application to turn its GBTC vehicle into an ETF.
- Grayscale filed a petition challenging the decision with the U.S. Court of Appeals for the District of Columbia Circuit.
- Crypto bulls had pinned their hopes on the SEC approving the first U.S. spot bitcoin ETF.
June 29, 2022 — Grayscale, which manages the world’s largest bitcoin fund, said it would sue the U.S. Securities and Exchange Commission after regulators turned down its bid to convert the investment vehicle into an exchange-traded fund.
The SEC on Wednesday rejected Grayscale’s application for a spot bitcoin exchange-traded fund, citing a failure by the investment manager to answer questions about concerns around market manipulation. The watchdog is concerned investors would lack sufficient protections under the Grayscale proposal.
Grayscale filed to make its Bitcoin Trust, known as GBTC, an ETF back in October 2021, but the ruling faced multiple delays. Grayscale had piled pressure on the watchdog to sidewith it, including by giving people a way of quickly emailing in to express their support.
Soon after the SEC’s rejection, Grayscale filed a petition challenging the decision with the U.S. Court of Appeals for District of Columbia Circuit. The litigation is being led by Grayscale’s senior legal strategist Donald B. Verrilli Jr., a former U.S. solicitor general, and a team of attorneys at law firm Davis Polk & Wardwell.
Verrilli said the SEC is “failing to apply consistent treatment to similar investment vehicles, and is therefore acting arbitrarily and capriciously in violation of the Administrative Procedure Act and Securities Exchange Act of 1934.” The SEC was not immediately available for comment outside of normal U.S. working hours.
Grayscale argues the SEC’s position is inconsistent in light of previous decisions to greenlight other bitcoin-based ETFs, including those based on futures markets and one that allows investors to short — or bet against — the cryptocurrency.
Crypto bulls had pinned their hopes on the SEC approving the first U.S. spot bitcoin ETF, a move that would potentially open the cryptocurrency up to more institutional investment. The move to deny Grayscale’s bitcoin ETF application adds to a slew of negative news around crypto lately. Earlier this week, embattled crypto hedge fund Three Arrows Capital collapsed into liquidation.
Bitcoin was trading at $20,085 late Wednesday, down 1% in the last 24 hours. Cryptocurrencies have lost a combined $2 trillion in over-market value since the peak of the bubble in November 2021.
OCC Report Examines Overall Mortgage Performance
Courtesy of Douglas Clark, Financial Regulation News
June 29, 2022 — A recently released Office of the Comptroller of the Currency (OCC) report found that the performance of the federal banking system first-lien mortgages improved during the first quarter of 2022.
The OCC Mortgage Metrics Report, First Quarter 2022 determined 96.9 percent of mortgages included in the analysis were current and performing at the end of the quarter, in comparison to 94.2 percent the prior year.
Additionally, seriously delinquent mortgages were at 1.8 percent in the first quarter of 2022, compared to 2.3 percent in the prior quarter and 4.6 percent a year ago. The OCC defines seriously delinquent mortgages as those that are 60 or more days past due and all mortgages held by bankrupt borrowers whose payments are 30 or more days past due.
There were 19,524 new foreclosures initiated by servicers during the first quarter of this year, with new foreclosure volume in the first quarter of 2022 being comparable to pre-COVID-19 pandemic foreclosure volumes and reflects the expiration of federal foreclosure moratoria.
According to the assessment, the 42,427 modifications completed by servicers in the first quarter of 2022 represented a decrease of 10.7 percent from the previous quarter – with 80.8 percent of the modifications reducing borrowers’ monthly payments.
The report also showed that first-lien mortgages made up 22 percent of all residential mortgage debt outstanding in the United States or approximately 12.2 million loans totaling $2.6 trillion in principal balances.
Articles for June 24, 2022 Issue:
- CBA Urges House Financial Services Not to Advance Overdraft Bill
- Buy Now Pay Later Provider Zip Plans Fee Hikes to Offset Inflation, Interest Rates
- Should CUs Do Short-Term Credit Differently?
- Merchants Mull Payments Orchestration as Downtime, Outages, Disrupt Business
- Cryptoverse: Crypto Lenders Face a DeFi Drubbing
CBA Urges House Financial Services Not to Advance Overdraft Bill
Courtesy of Dave Kovaleski, Financial Regulation News
June 15, 2022 — The Consumer Bankers Association (CBA) voiced its opposition to a bill that addresses bank overdraft services and fees for customers.
In a new letter sent to the House Committee on Financial Services, CBA President and CEO Richard Hunt said Americans rely on bank products like overdrafts to cover emergency expenses. The Overdraft Protection Act of 2021 (HR 4277) seeks to prohibit a financial institution from engaging in unfair or deceptive acts in connection with overdraft coverage.
“Without access to viable, bank-offered short-term liquidity products like overdraft, consumers will be left with little recourse but to use less-supervised, less-regulated, non-depository institutions to meet their needs – an undesirable position to place vulnerable consumers,” Hunt wrote to the members of the committee.
He highlighted recent overdraft innovations designed to expand choice, strengthen transparency, and reduce consumer costs. These innovations include real-time payment updates, race periods, posting alerts, and no-fee overdrafts.
“These bank-led innovations, in conjunction with existing clear disclosures, will add continued benefit to consumers who depend on overdraft services to cover short-term gaps in finances by continuing to provide a viable service that will come at minimal or no cost. Bank regulators agree further restrictions to short-term liquidity options, such as overdraft services, would drive many families to more expensive options outside the highly regulated banking industry,” Hunt wrote.
Hunt urged the committee to reject this bill as proposed.
Buy Now Pay Later Provider Zip Plans Fee Hikes to Offset Inflation, Interest Rates
Courtesy of PYMNTS.com
June 22, 2022 — Australian buy now, pay later (BNPL) company Zip is planning merchant and consumer fee hikes to help it ride out a tough market environment of soaring inflation, rising interest rates and tighter regulations, according to a Thursday (June 22) press release.
“We acknowledge that while we are not immune to market volatility, there remains significant opportunity for Zip and buy now, pay later products in a heightened inflationary environment,” Zip said in the release.
The business has a “solid pipeline of enterprise merchants coming onto the platform,” and core market customer growth and transaction volumes are “consistent,” the release stated. Plans to acquire BNPL rival Sezzle will go for a shareholder vote before the end of 2022.
Related Reading: BNPL Firm Zip Co Pledges More Conservative Lending
Zip said in the release, which it issued in response to “ongoing commentary on the industry and changes in the external trading environment” that the company can offset the “effects of rising interest rates.”
Several proposals are in the works, including “weighted average margin benefits from the refinancing of legacy receivables” and increased customer repayment velocity in addition to consumer fee hikes and merchant repricing, according to the release.
Related Reading: Study Shows 10% of Millennials Use BNPL Monthly
“We have been clear that in response to current market conditions, our strategic priorities are to focus on our core business, both products and regions, and accelerate the group’s path to profitability,” said Zip Co-Founder and Global CEO Larry Diamond in the release. “In an environment where wage growth is falling behind heightened inflationary pressures, affordability becomes an even more important priority for consumers as they budget each month.”
“We believe our business model will stand up exceptionally well in such an environment as we continue to provide significant value and benefit to our customers and importantly our merchant partners seeking to drive continued growth,” Diamond added in the release. “We are well-funded and positioned to execute on the significant market opportunity as we execute and take control of our future.”
Should CUs Do Short-Term Credit Differently?
Courtesy of CUToday.info
June 21, 2022 — Payday lenders, despite their bad reputation among consumer groups and in Washington, will continue to steal credit union business unless CUs decide to make some changes, and that includes no longer “seeing the work of the devil,” asserts one economist.
Those changes involve overdraft pricing and limits, and also staffing, said Michael Moebs, economist and CEO at Moebs $ervices, which has just completed a new study on payday loans.
“Should banks, and especially credit unions, be doing short-term credit different? Most definitely,” said Moebs. “All depositories, especially credit unions, need to change their ways. Overdrafting has become a way of life. Payday lenders recognized this over 10 years ago. This is why charging based on end-of-day balance with a term of 14 days, coupled with the lowest price in town, is beating the depositories.”
Moebs said payday lenders view the consumer not as people who have made errors, but simply as people needing a loan.
“Banks and CUs still view a negative checking balance by a transaction as unauthorized, unsecured credit, which should be punished,” he said. “Many a preacher has disparaged payday loans and overdrafts as the work of the devil. Yet, over 80 million Americans have used one or the other, or both, and often more than once. ”
On the lower-dollar end of the