Industry News

Looking for an article from a previous week? Visit the NASCUS Digital Article Repository. Further information can be found in the Digital Library, under News & Analysis in the top navigation.

 

Articles for September 30, 2022 Issue:

The DeFi Financial Crime Arms Race: By Taking A Fresh Approach to Stamping Out Financial Crime We Can Build a Safer Future for DeFi. 

Courtesy of Michael Karbouris, CoinDesk

Sept. 27, 2022 — Decentralized finance (DeFi) is a vibrant and innovative ecosystem that has the potential to improve efficiency and transparency in financial markets and serve as a driving force in redefining the future of finance. Built on public permissionless blockchains, DeFi’s mission is to give anyone with an internet connection the ability to tap into financial services, which in turn promotes equal opportunity and financial democratization around the world.

However, given its open nature, DeFi is undergoing the same arms race that has plagued every nascent but innovative technology and industry: fighting criminals who want to take advantage of it.


Related reading: FIs Seek Expert Insights on How Best to Tame Crypto


DeFi is no stranger to financial crime. In 2021, money laundering in crypto accounted for more than $8 billion, with almost $1 billion of this being sent to DeFi protocols. While these headline numbers are concerning, let’s put them in context. It’s estimated that somewhere between 100 and 250 times that number in fiat currency is laundered each year in traditional financial markets – most of it opaque, much of it undetected, and even less acted upon by law enforcement.

The fact that we can estimate with a much higher degree of accuracy how much money is being laundered in DeFi highlights a truth that is sometimes overlooked: DeFi is largely transparent, and a transparent market should in theory be easier to police. The ability to monitor almost every transaction is something that is still near impossible to carry out in traditional fiat markets. And yes, while privacy-oriented protocols in DeFi will likely only get more popular, the beauty of zero-knowledge proof technology is that it allows opt-in transparency while maintaining privacy through pseudo-anonymity.

When it comes to DeFi, ultimately we all want an ecosystem with integrity, one that breeds confidence for the growing crypto community. But simply looking to traditional finance (TradFi) as a model on how to achieve this is not optimal. Rather than trying to fit existing regulations tailored for TradFi markets, we should be understanding DeFi’s idiosyncrasies, focusing on the types of financial crimes that are unique to the DeFi ecosystem and that truly hurt the end user, and aligning methods of detection and prevention with crypto’s core values of decentralization and trustlessness.

The various shades of DeFi-specific financial crime

The whole point of laundering money is to make illicit income, usually generated through criminal activity, appear legal. When it comes to crypto, criminal activities such as theft and fraud can look vastly different to how they appear in traditional financial markets. This is a result of the public nature of the technology, lack of intermediaries and the pseudo-anonymity afforded by permissionless blockchains.

Click here to read the entire article.

 

Fintech Firms Suffer Data Breach Due To Critical Zoho Flaw

Courtesy of Jurgita Lapienytė, CyberNews 

Sept. 27, 2022 — A technology platform servicing financial technology companies fell victim to a cyberattack that exposed sensitive end-user data. Most likely, threat actors behind the breach exploited a critical vulnerability in Zoho’s ManageEngine product.

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical remote code execution (RCE) vulnerability in the Indian company’s ManageEngine program, warning it has been exploited in the wild.

Rated 9.8 out of 10 on the The Common Vulnerability Scoring System (CVSS), the bug was patched by Zoho on June 24.


Related reading: 21 Hackers Made Over $1M on HackerOne

Related event: Registration Open for NCUA Webinar on Defending Against Ransomware Attacks


“This remote code execution vulnerability could allow attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360, and Access Manager Plus. Authentication is not required to exploit this vulnerability in Password Manager Pro and PAM360 products,” Zoho said in June, urging users to upgrade immediately.

Zoho has at least 80 million customers worldwide, including big companies like Netflix, Amazon, Fortinet, Facebook, KPMG, Renault, HP, and Tesla, among others.

CISA issued a warning “based on evidence of active exploitation.” The Cybernews Research team found one instance where threat actors most likely exploited the critical flaw to breach an organization.

The hack

A threat actor hacked into the BankingLab software-as-a-service (SaaS) banking platform, servicing fintech companies, and is giving away access to its clients’ servers and customers for free. It is believed that BankingLab had been relying on ManageEngine to protect its network.

On September 24, a new user on a popular hacker forum posted the following message: “Recently, we have obtained all server permissions of BankingLab and obtained all customer data, including the transaction flow of each customer’s user [and] identity information. Now I will share the data and master key of the PAM360 password management system inside BankingLab with you, which contains the sshkey of internal services [and] various system and server passwords. Please enjoy.”

BankingLab provides a “full stack of digital banking services” to financial technology (aka “fintech”) companies, including modules for customer account management, payment processing, issuing cards, and providing loans and deposits. Its clients include Vialet, Simplex, Bankera, and Perlas Finance.

“We help entrepreneurs with our technology, guiding you from business ideas to successful licensed financial institutions,” the company claims.

BankingLab is a brand owned by Baltic Amber Solutions (BAS), which is headquartered in Vilnius, Lithuania. In an interview with a local news outlet in 2021, BAS head and co-founder Narimantas Bloznelis said: “We want to build a platform corresponding to all fintech solution needs, and to become a financial services Amazon.”

The Cybernews research team has investigated the leak posted by the threat actor, and it turns out to be an SQL database dump and master key of the PAM360 password management system inside bankinglab.com. Short for “structured query language”, SQL is commonly used in programming and managing data and can be exploited as an attack vector by cybercriminals.

Click here to read the entire article.

Bank to Pay $13M in Mortgage Redlining Case, as Feds Target Discriminatory Loan Practices 

Coutesy of Charles Toutant, Law.com

Redlining is getting more attention now after getting less attention during the previous administration, said Matthew Adams, a white-collar defense lawyer at Fox Rothschild who handles redlining cases. “I think it fits with the current administration’s focus on civil rights abuses,” Adams said.

What You Need to Know

  • Lakeland Bank agrees to pay $13 million to settle allegations that it avoided issuing home mortgages in Black and Hispanic neighborhoods around Newark.
  • The Justice Department is accelerating its investigation and prosecution of redlining.
  • Lakeland Bank denies any wrongdoing in the case but says it wanted to avoid the distraction of prolonged litigation.

Sept. 28, 2022 — A New Jersey-based bank agreed to pay $13 million to resolve allegations that it engaged in discriminatory lending practices in Newark and nearby areas, the Department of Justice announced.

Lakeland Bank engaged in redlining by avoiding the issuance of loans in Black and Hispanic neighborhoods of Essex, Somerset and Union counties, the Justice Department said. The Lakeland case is part of an amped-up effort to target mortgage redlining under Attorney General Merrick Garland, the Justice Department said.

From at least 2015 to 2021, all Lakeland branches were located in majority-white neighborhoods, and its loan officers did not serve the needs of Black and Hispanic neighborhoods in Newark and nearby, the complaint alleged. The CEO of Lakeland said his bank would settle with the Justice Department even though he denied the allegations.

“While we strongly disagree with any suggestion we have acted improperly, Lakeland Bank has fully cooperated throughout this process and remains confident that we have been fully compliant with all fair lending laws,” said Thomas Shara, president and CEO of Lakeland Bank. “This resolution avoids the distraction of protracted litigation and allows us to focus our time, expertise, and resources towards achieving a shared goal of meeting the credit needs of all residents within our communities, including those who historically have been underserved.”

John Gorman of Luse Gorman in Washington represents Lakeland Bank in the redlining case. He declined to comment on the case.

Just one day before the charges were announced, Lakeland, headquartered in Oak Ridge, New Jersey, said it would merge with Iselin, New Jersey-based Provident Bank. A Provident spokesman said that bank was aware of the redlining charges, and the announcement would not derail the merger.

Last month the Justice Department said it would collaborate with the Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency to aggressively prosecute redlining, which violates the Fair Housing Act and the Equal Credit Opportunity Act.

The department said it was expanding its analyses of potential redlining to both depository and nondepository institutions, which are lenders that do not provide typical banking services but engage in mortgage lending.

More redlining prosecutions are likely in the future, said Matthew Adams, a white-collar defense lawyer at Fox Rothschild in Morristown. Redlining is getting more attention now after sitting on the back burner during the Trump administration, Adams said.

“I think it fits with the current administration’s focus on civil rights abuses,” Adams said. The nondepository institutions that are suddenly under scrutiny for redlining are the same institutions that are under the spotlight for violations related to COVID-19 stimulus funds, he said. “By their nature, being nondepository institutions, they have been subject to perhaps less scrutiny,” he said.

“Financial institutions that refuse to provide mortgage lending services to communities of color not only contribute to the persistent racial wealth gap that exists in this country, but also violate federal law,” Garland said in a statement. “The agreement with Lakeland announced today represents the Justice Department’s continued commitment to addressing modern-day redlining, and to ensuring that all Americans have equal opportunity to obtain credit, no matter their race or national origin.”

“Redlining creates an unequal playing field that unfairly prevents many persons of color from achieving the dream of home ownership, and this type of systemic and intentional discrimination cannot and will not be tolerated,” U.S. Attorney Philip Sellinger said. “It is wholly unacceptable that redlining persists into the 21st century, and this case demonstrates our commitment to combating redlining and hold banks and others accountable when they engage in unlawful discrimination. Through this agreement, we are taking a major step forward by removing unlawful and discriminatory barriers in residential mortgage lending.”

Lakeland agreed to invest $12 million in a loan subsidy fund for residents of Black and Hispanic neighborhoods in the Newark area, as well as $750,000 for outreach and consumer education, and $400,000 for development of community partnerships to provide services to increase access to residential mortgage credit.

The bank also agreed to open two branches in neighborhoods of color, including one in Newark. It also agreed to have four loan officers dedicated to serving the Newark area and to employ a community development officer who will oversee expansion of lending in communities of color.

ICYMI: An Iowa Credit Union Sues Apple for Antitrust Violations

Courtesy of Malathi Nayak, law.com

Apple is accused of using its market power to fend off competition from rival payment apps and charging card issuers fees to boost its bottom line.

Apple Inc. was hit with an antitrust lawsuit over Apple Pay, accused of using its market power in the mobile device industry to fend off competition from rival payment apps and charging card issuers fees to boost its bottom line.

The proposed class-action complaint by Affinity Credit Union marks the latest antitrust battle for the iPhone maker, after facing increased scrutiny in recent years over its App Store policies from government regulators. European regulators, after a nearly two-year investigation, also found on a preliminary basis that Apple abused its dominant position with Apple Pay in the market for tap-to-pay apps or mobile wallets.

IPhone users must use Apple Pay if they want to buy something by tapping the phone against a terminal in a store. Other iPhone payment services such as PayPal and Square, as well as financial institutions such as Chase, Citi and American Express, can’t launch tap-to-pay iPhone apps with their own features and interface.

By excluding competition, Apple can charge “payment card issuers fees that no other mobile wallet ventures to impose,” Affinity Credit Union, the Des Moines, Iowa-based payment card credit union that issues payment cards, said in the lawsuit, filed Monday in federal court in San Jose, California.

Apple charges issuers 0.15% on credit card transactions and 0.05% on debit cards. Google Pay and Samsung Pay, operating on the Android system, don’t charge card issuers any fees. The Apple Pay fees “generated a reported $1 billion for Apple in 2019, and this revenue stream — earned from card issuers — is predicted to quadruple by 2023,” Affinity Credit Union said in the lawsuit.

“If Apple faced competition, it could not sustain these substantial fees,” Affinity Credit Union said.

The credit union claims Apple is violating the Sherman Act, designed to protect competition, by tying its mobile devices and mobile wallet together and by exclusing all competitors.

Click here to read more.

 

DOJ Asks Congress for Tools to Limit NFT Money-Laundering Risk

Courtesy of PYMNTS.com

Sept. 22, 2022 —Down at the very bottom of the crypto crime report the Justice Department issued last week was a request that could make it a lot harder to buy and sell NFTs.

Citing examples of criminals using the sale of the popular nonfungible tokens that hold art, video, music and collectibles to launder funds, the Justice Department asked Congress to define some of all NFTs as “value that substitutes for currency” under the Bank Secrecy Act (BSA).

Doing so, it said in “The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets,” would “make clear that its key [anti-money-laundering (AML) and countering the financing of terror (CFT)] provisions — including the obligations to have customer identification programs and report suspicious transactions to regulators — apply to NFT platforms, including online auction houses and digital art galleries.”


Related Reading: DOJ Seeks to Double Jail Time for Money Transmission Crimes

Related Reading: How Did NFTs Become SEC’s Newest Crypto Target?


The impetus, the department said, is the “explosive growth in the demand and corresponding markets for NFTs, perhaps most notably in the area of digital art.”

Substantial Risk

This “presents substantial money-laundering risks,” it said, citing a February Treasury Department study on money laundering in the broader art market.

“NFTs can be used to conduct self-laundering, a sequence in which criminals purchase an NFT with illicit funds and then resell to a purchaser who pays for it with clean funds unconnected to a prior crime,” that report noted.

It also found that in most cases, “digital assets that are unique, rather than interchangeable, and that are used in practice as collectibles rather than as payment or investment instruments … are generally not considered to be virtual assets under [international regulations].”

The “nonfungible” part of NFT means that each is unique and cannot substitute for any other, as opposed to cryptocurrencies like bitcoin which all have the same uses and value.

NFT marketplaces “may take the view that this definition [of a ‘value that substitutes for currency’] does not apply to their activities — and that they are thus not subject to the BSA’s anti money-laundering and anti-terrorism laws, the department said.

Justice is asking Congress to amend the BSA “to make clear that its key AML/CFT provisions — including the obligations to have customer identification programs and report suspicious transactions to regulators — apply to NFT platforms, including online auction houses and digital art galleries.”

Already There

Redefining NFTs as “value that substitutes for currency” would allow the Treasury Department’s Financial Crimes Enforcement Unit (FinCEN) to “potentially seek to regulate such activity under its money transmission regime,” a trio of lawyers at Skadden, Arps, Slate, Meagher & Flom wrote in an April blog post.

That, according to Jamie Boucher, Eytan Fisch and Javier Urbina, would require NFT marketplaces to register as money services businesses (MSB) with FinCEN.

Some types of NFTs — notably those used to fractionalize tangible assets like physical artworks and real estate, but also other valuable art or collectible tokens — are likely securities, the Securities and Exchange Commission (SEC) has said.

In FinCEN’s view, the trio noted, those can be repurposed to fit the definition of “value that substitutes for currency” and thus may already require MSB licenses.

EU Finalizes Legal Text for Landmark Crypto Regulations Under MiCA

Courtesy of Jack Schickler, Sandali Handagama, CoinDesk

Click to access video discussion.

Sept. 22, 2022 —The European Union has finalized the full text of its landmark Markets in Crypto Assets (MiCA) legislation. Officially, the text is still open to comments, but sources briefed on the talks have told CoinDesk that it is, in practice, finalized.

A leaked draft of the bill dated Sept. 20 and verified by CoinDesk urges EU enforcers to take a “substance over form” approach to the law, meaning its provisions could even apply to some assets categorized as non-fungible tokens (NFT).

MiCA, once passed into law, will require issuers of crypto assets to publish white papers containing technical roadmaps, for platforms to register with the authorities, require stablecoin issuers to hold capital and be prudently managed.

The new draft also features changes that could indicate how the EU might treat algorithmic stablecoins, which were notably excluded from MiCA’s scope when it was first introduced in 2020. Algorithmic stablecoins – similar to the recently collapsed terraUSD (UST), which used another cryptocurrency and a bit of code to balance its price and supply – should fall within the scope of regulation “irrespective of how the issuer intends to design the crypto asset, including the mechanism to maintain a stable value.”

“Offerers or persons seeking admission to trading of algorithmic crypto assets that do not aim at stabilizing the value of the crypto assets by referencing one or several assets should in any event comply with Title II of this Regulation,” a Recital in the draft said, referring to the section of the law that lays out requirements for crypto asset issuers.

A Recital is a text that introduces an EU law and sets out its motivation. Though not – unlike the substantive articles of the regulation – legally binding, a recital can be used by supervisors and courts when interpreting the scope of the legislation.

An older draft also sought to limit the issuance of stablecoins backed by asset reserves that were denominated in a “non-EU currency” to introduce “a minimum denomination or to limit the amount issued,” which the industry feared would block popular U.S. dollar-pegged stablecoins like USDC out of the EU market. The new draft proposes this rule should be modified to apply to all issuers of asset-backed stablecoins, regardless of the currency of denomination.

Are NFTs in or out?
NFTs are typically designed to have a unique digital identifier that cannot be copied, interchanged or subdivided, but the rise of fractionalized assets – where a set of fungible tokens are issued to represent one NFT – have been drawing some attention from regulators as they could resemble traditional securities.

While the leaked draft – thrashed out in a series of technical meetings following a June 30 deal – shows MiCA doesn’t apply to NFTs that are genuinely unique and incapable of being traded with each other, “the issuance of crypto-assets as non-fungible tokens in a large series or collection should be considered as an indicator of their fungibility,” the final compromise text says in a Recital, even if the issuer gave it a unique identifier.

The details of the provision have caused concern within the industry. The exact drafting used could determine whether in practice the regulation covers the bulk of the NFT market – such as similar, but distinct Bored Apes, implying issuers and trading platforms would be caught by its strictures.

When considering whether to regulate a particular asset, national and EU regulators “should adopt a substance over form approach under which the features of the asset in question should determine the qualification, not its designation by the users,” the text added.

How the Fed’s Rate Increase Will Hit Americans’ Monthly Budgets

Courtesy of By Julia Carpenter, Wall Street Journal

Sept. 21, 2022 —The Federal Reserve raised rates another 0.75 percentage point Wednesday, as part of its continuing effort to stamp out stubbornly high inflation. Americans are only beginning to feel the full impact of these moves.

By raising rates, the Fed seeks to cool the economy and rein in inflation, which continued to run higher than expected in August. Higher interest rates raise the cost of carrying credit-card balances and taking out mortgages, car loans and other debt, but consumers may not immediately feel the effects. Even outsize increases like the central bank’s recent hikes reach wallets and the broader economy somewhat gradually over weeks and months, economists say.


Related Reading: The Fed Forecasts Hiking Rates as High as 4.6% Before Ending Inflation Fight


“There’s no easy answer for when it starts to pinch,” said Caroline Fohlin, an economist at Emory University. “It’s acting like a vice, just tightening more and more.”

To put the rate increases in context, it helps to look at the actual effect higher rates are having on Americans’ monthly expenses for credit cards and other debt since the Fed began this effort six months ago.

Rising rates will increase your credit card bills
The average annual percentage rate on a credit card increased from around 16.17% in early March to more than 18% in September, because of rate increases, according to Bankrate. Since the average household carries a $8,942 balance, according to WalletHub, that works out to roughly an extra $14 in interest each month.

These numbers may appear small, said Nina O’Neal, partner and investment adviser with AIM Advisors, but the relatively quick rate of increases can creep up.

Higher mortgage rates make homes less affordable
The change in the cost of borrowing to buy a house has been more pronounced in what has already been a pricey housing market. Before the Fed’s move, the average fixed rate on a 30-year mortgage recently rose to 6.02%, from 4.16% the week of March 17, and additional rate increases would likely push mortgage rates even higher.

Rising rates can translate to hundreds of dollars more in a monthly mortgage payment. The median home price reached $403,800 in July, according to data from the National Association of Realtors. Someone putting a 20% down payment on such a home and taking out a 30-year mortgage with a 6% rate will now pay around $2,400 a month. If they made the same purchase six months ago, their monthly payments would be nearly $250 less.

Click here to read the entire article.

 

The Data Point: Paycheck-to-Paycheck Living Now Stands at 59% of All US Consumers

Courtesy of PYMNTS.com

Sept. 2, 2022 —With inflation deflating the dollar and prices through the roof, more Americans report they are living paycheck-to-paycheck, though the stats vary month to month.

For the latest study in the series “New Reality Check: The Paycheck-To-Paycheck Report: Emergency Spending Edition,” a PYMNTS and LendingClub collaboration, we surveyed over 4,000 U.S. consumers, finding that nearly 3 in 5 U.S. consumers were living paycheck to paycheck in July 2022 — a 5 percentage-point increase from July 2021.

As the study states, “Living paycheck to paycheck is becoming the norm, and as many consumers now live paycheck to paycheck without issues paying bills as those who do not live paycheck to paycheck. The affluent are not immune to these trends, either, as the share of high-income consumers living paycheck to paycheck has increased in the past year.”

Related Report: New Reality Check — The Paycheck-To-Paycheck Report: Emergency Spending Edition

  • Paycheck-to-paycheck living now stands at 59% of all U.S. consumers.

While the 59% of consumers living paycheck to paycheck in July was a slight improvement over the June figure of 61%, the year-over-year trajectory combined with the ongoing inflationary crush is a combination keeping more Americans in the “making ends meet” category.

Per the study, the share of consumers living paycheck to paycheck across income levels has fluctuated, but “it has also trended upward, especially for those in higher income brackets. For instance, 74% of consumers annually earning less than $50,000 were living paycheck to paycheck in July 2022, a decrease from 76% in July 2021.

“All other consumers became more likely to be living paycheck to paycheck: 63% of those annually earning $50,000 to $100,000 were living paycheck to paycheck in July 2022, up from 55% in July 2021, as were 43% of those earning more than $100,000 per year, a 9 percentage-point increase from 34% in July 2021.”

 

Articles for September 16, 2022 Issue:


Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

Courtesy of Brian Krebs, KrebsonSecurity.com

Sept. 14, 2022 — A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here’s a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.

The insert skimmer pictured is approximately .68 millimeters tall. This leaves more than enough space to accommodate most payment cards (~.54 mm) without interrupting the machine’s ability to grab and return the customer’s card. For comparison, this flexible skimmer is about half the height of a U.S. dime (1.35 mm).

These skimmers do not attempt to siphon chip-card data or transactions, but rather are after the cardholder data still stored in plain text on the magnetic stripe on the back of most payment cards issued to Americans.

Here’s what the other side of that insert skimmer looks like.

The thieves who designed this skimmer were after the magnetic stripe data and the customer’s 4-digit personal identification number (PIN). With those two pieces of data, the crooks can then clone payment cards and use them to siphon money from victim accounts at other ATMs.

To steal PINs, the fraudsters in this case embedded pinhole cameras in a false panel made to fit snugly over the cash machine enclosure on one side of the PIN pad.

Click here to see the entire range of images on ATM skimmers

The financial institution that shared the images above said it has seen success in stopping most of these insert skimmer attacks by incorporating a solution that NCR sells called an “insert kit,” which stops current skimmer designs from locating and locking into the card reader. NCR also is conducting field trials on a “smart detect kit” that adds a standard USB camera to view the internal card reader area, and uses image recognition software to identify any fraudulent device inside the reader.


Related Reading:

Crooks Go Deep With Deep Insert Skimmers

Dumping Data from Deep Insert Skimmers


Skimming devices will continue to mature in miniaturization and stealth as long as payment cards continue to hold cardholder data in plain text on a magnetic stripe. It may seem silly that we’ve spent years rolling out more tamper- and clone-proof chip-based payment cards, only to undermine this advance in the name of backwards compatibility. However, there are a great many smaller businesses in the United States that still rely on being able to swipe the customer’s card.

Many newer ATM models, including the NCR SelfServ referenced throughout this post, now include contactless capability, meaning customers no longer need to insert their ATM card anywhere: They can instead just tap their smart card against the wireless indicator to the left of the card acceptance slot (and right below the “Use Mobile Device Here” sign on the ATM).

For simple ease-of-use reasons, this contactless feature is now increasingly prevalent at drive-thru ATMs. If your payment card supports contactless technology, you will notice a wireless signal icon printed somewhere on the card — most likely on the back. ATMs with contactless capabilities also feature this same wireless icon.

Once you become aware of ATM skimmers, it’s difficult to use a cash machine without also tugging on parts of it to make sure nothing comes off. But the truth is you probably have a better chance of getting physically mugged after withdrawing cash than you do encountering a skimmer in real life.

So keep your wits about you when you’re at the ATM, and avoid dodgy-looking and standalone cash machines in low-lit areas, if possible. When possible, stick to ATMs that are physically installed at a bank. And be especially vigilant when withdrawing cash on the weekends; thieves tend to install skimming devices on Saturdays after business hours — when they know the bank won’t be open again for more than 24 hours.

Lastly but most importantlycovering the PIN pad with your hand defeats one key component of most skimmer scams: The spy camera that thieves typically hide somewhere on or near the compromised ATM to capture customers entering their PINs.

Shockingly, few people bother to take this simple, effective step. Or at least, that’s what KrebsOnSecurity found in this skimmer tale from 2012, wherein we obtained hours worth of video seized from two ATM skimming operations and saw customer after customer walk up, insert their cards and punch in their digits — all in the clear.

 

BSA Violation: Former CUSO Owner Admits to $1 Billion Scheme Targeting a New York Credit Union

Courtesy of By Peter Strozniak, CUTimes.com 

Sept. 14, 2022 —A New York man admitted in federal court Tuesday he was part of a scheme that channeled $1 billion in high-risk transactions, including millions of dollars of bulk cash transactions from a Mexican bank, to New York State Employees Federal Credit Union.

Hanan Ofer, 69, pleaded guilty to failing to maintain an effective anti-money laundering program in violation of the Bank Secrecy Act, according to a prepared statement from the U.S. Attorney’s office for the Eastern District in Brooklyn, N.Y.

From 2014 to 2016, Ofer and Gyanendra Asre of Greenwich, Conn., devised and carried out a scheme after they opened and operated a CUSO to bring lucrative and high-risk international financial business to what prosecutors called “a small, unsophisticated credit union.” The NYSEFCU-CUSO was a money services business registered with FinCEN.

Nevertheless, the U.S. Attorney also said in its prepared statement that Ofer was experienced in international banking, trained in anti-money laundering compliance and procedures, and represented to NYSEFCU that he and the CUSO would conduct appropriate anti-money laundering oversight mandated by the Bank Secrecy Act.

Asre, whose criminal case is pending, pleaded not guilty to eight counts of failing to maintain an anti-money laundering program at the credit union, failing to maintain an effective AML program at the credit union’s CUSO, failing to file suspicious activity reports and operating an unlicensed money transmitting business.

Asre was NYSEFCU’s compliance officer from March 2015 to June 2016 and also was a member of the credit union’s supervisory committee from November 2014 to April 2016. He was a 25% owner of the NYSEFCU-CUSO. Ofer was employed as a manager of logistics at an unidentified U.S. financial institution and owned 25% of the NYSEFCU-CUSO.

In their prepared statement, prosecutors said Ofer failed to implement an effective anti-money laundering program at the NYSEFCU-CUSO and other entities, which caused the credit union to process high-risk transactions, including from Mexican banks, without appropriate oversight and without ever filing a single suspicious activity report required by law. Asre and Ofer also owned and operated DDH Group LLC, an unlicensed money transmitting and money services business that conducted some of these high-risk transactions, federal prosecutors said.

According to the indictment, from November 2014 to June 2016, the CUSO received more than $100 million in bulk cash deposits of U.S. currency into a federal reserve account that originated from an unidentified Mexican bank. Those funds were then wired to the Mexican bank’s accounts at an unidentified U.S. financial institution, according to the indictment that was unsealed in April 2021 in U.S. District Court for the Eastern District of New York in Brooklyn.

Ofer faces up to 10 years in prison, prosecutors said. His sentencing hearing has not been scheduled.

In October 2017, the $1.8 million, 1,183-member NYSEFCU was liquidated by the NCUA, which declined to comment on whether the alleged $1 billion in high-risk transactions contributed to its decision to close the credit union.

NYSEFCU’s financial performance reports showed that in the three years before Asre and Ofer were providing their services (2012-2014), the credit union was making $11,000 to $13,000 in fee income. In 2015 and 2016, the credit union’s fee income substantially increased to $87,000 and $79,000, respectively.

 


Zelle: ‘We’re Doing Over $1 Million a Minute’ In Transactions, Early Warning Services CEO Says

Early Warning Services CEO Al Ko joins Yahoo Finance Live to discuss Zelle notching over $5 billion in payments over the last five years, nearly 1,700 banks using the Zelle transfer service, growth for Zelle, and the future of fintech.

Click here to watch the video interview.

Sept. 8, 2022 — Video Transcript
YF: Money sharing app Zelle is marking five years in the fintech space and more than 5 billion transactions on the platform since its launch in 2017. Joining me to mark the milestone to discuss the future of fintech space, we’ve got the CEO Al Ko here with me in studio. Al, it’s good to see you in person. What is it, 500 or 5 billion transactions here that we’re looking at right now. That’s a pretty significant milestone when you consider that Zelle was kind of a latecomer when it comes to peer-to-peer transactions.

AL KO: That’s right. A lot of the top peer-to-peer applications have been around for over a decade. Zelle just celebrated its fifth birthday. And we’ve been very fortunate to have amazing distribution and amazing products. So we’re doing over $1,000,000 a minute, if you believe it. Over $1.6 billion a day. And so that’s what adds up to a run rate of over half a trillion dollars in the last 12 months.

YF: Yeah. I was just saying this morning how often I use Zelle to sort of pay out family members or whatnot. But, increasingly, I found that a lot of businesses are doing transactions on Zelle as well. So when you look over the last five years, how has that market expanded for you?

AL KO: Yeah. So if you go back to the origins, it started out as a peer-to-peer solution. And that’s what it was designed for, integrated into a consumer checking account. Fast forward to today. We’ve got 750 banks and credit unions live. That covers about 80% of the population. And here’s the surprise. And I was once a product manager. Even though it’s P2P, a lot of businesses were using it. And the average Zelle transaction is $275. And so think of your dog walker, your hairstylist, paying rent. Those are very common use cases for Zelle.

YF: And how much of that is the advantage that Zelle doesn’t necessarily charge a fee? When you think about something like Venmo, there is a fee that’s attached. The Cash App as well. How much of that has been a big driver for you?

AL KO: Well, the key advantages of Zelle, first, it’s already integrated to your bank account. So you don’t have to download anything else. It’s got the safety and security associated with your bank. The money moves within seconds. And then, of course, it’s free. So it’s all of those. But people really like that it’s tied to their bank and their checking account.

YF: How do you get from 5 billion to 10 billion? Where do you see the market potential moving forward?

AL KO: Well, we expect to continue to see a lot of growth in business and small business in particular, particularly in those service-based businesses where Zelle is better than the alternative, cash and check.

YF: When you look at the fintech space broadly, you’ve got a pretty good pulse, especially on how small businesses are right now. There’s a lot of concern about whether, in fact, we’re headed to a recession, how big the slowdown is going to be. What are you seeing from where you stand?

AL KO: What’s interesting is, from our data at least, we’re not seeing a big slowdown. So, of course, we’re subject to the overall economy. For example, during the omicron surge, we definitely saw a little bit of a pullback. But right now, we’re seeing consumers be robust. So we’re not seeing any kind of slowdown right now.

YF: There’s been a lot of changes in the space. We talk so much about the huge growth that we saw in buy now, pay later players, especially during the pandemic. It feels like there’s a bit of a reckoning happening, not just when we look at the stock moves and the pullback, the layoffs that we’ve heard, but also a lot of consumers saying, look, now it’s time to pay up. And this has not necessarily been a good solution. How do you view that part of the fintech space?

Click here to read the entire article or watch the video interview. 


The Fed Could Crash the Housing Market

Courtesy of Nicole Goodkind, CNN Business

Sept. 14, 2022 —Investors are getting spooked that the Federal Reserve’s aggressive interest rate hikes could damage the US economy (just look at Tuesday’s selloff). One area of growing concern: housing. Interest rate hikes can lead to higher mortgage rates, which could cause people to think twice about buying a home.

So far, sales are slipping, while prices are holding steady. But some economists warn continued historic rate hikes by the Fed could risk crashing the housing market, underscoring the difficult task ahead for the central bank.


Related Reading: Are We Seeing a Mortgage Rate Lockdown?


What’s happening: According to Tuesday’s Consumer Price Index report, housing costs rose 0.7% in August and are up 6.2% year-over-year, the largest increase since 1991.

That increase was largely responsible for August’s higher-than-expected pace of inflation. Combined with a tight labor market, those high prices give the Fed reason to continue to go hard at its policy meeting next week and beyond, Marvin Loh, senior strategist at State Street, told me.

The Fed needs to see housing costs ease by about half a percentage point to reach its ultimate inflation goal, Loh added. The job won’t be easy. Housing prices can remain stubbornly high, even as the Fed works to counteract them.

Housing prices are “the type of sticky inflation that will not ease anytime soon,” Joseph Brusuelas, chief economist at RSM US, told me. “It’s why the Fed will need to demonstrate a show of resolve by increasing the policy rate by 75 basis points at its September meeting despite the encouraging declines in transportation and energy.”

The risks: Some economists are noting weakness in the housing market starting to peek through. Home sales declined in July for the sixth month in a row. Housing starts, a measure of new home construction, also plunged that month as the cost of building supplies remained high and prospective buyers were priced out of the market.

So should the Fed keep up its historic hikes? The central bank must walk a careful line — a housing slowdown has preceded nine out of the past 12 recessions, and investors haven’t forgotten America’s catastrophic housing crisis in 2008.

Keep in mind: Although there are some reasons to suggest the CPI report on housing lags what’s actually going on in the market, and that housing prices could already be on their way down, we’re nowhere near a market collapse.

Still, Federal Reserve officials will face a tough decision in the coming months. Do they use the housing market’s resilience as a mandate to push forward with aggressive rate hikes and risk a crash?


Americans should prepare for a heating bill shock this winter

Gas prices are easing in the US. But winter is coming and the CEO of Chevron, one of the world’s largest energy companies, is warning that relief at the pump could soon be offset by sweat-inducing heating bills. Chevron Chairman and CEO Mike Wirth said in an interview with CNN’s Poppy Harlow “there’s certainly a risk that costs will go up” for American consumers. Wirth is not predicting a rise of the magnitude seen in Europe, where natural gas prices have skyrocketed as Russia has limited exports, reports my colleague Paul R. La Monica.

But in an interview that aired Tuesday, Wirth warned that US prices could be “significantly higher” this winter.

Oil prices are stillup more than 15% so far this year. That has helped boost sales, earnings and the stock prices of companies like Chevron. Shares of the oil producer are up 36% year-to-date, while the broader S&P 500 is 17.5% lower. Wirth acknowledged that his company is making large profits while Americans struggle.

“I recognize that high energy prices are difficult for consumers. That’s why we’ve talked about increasing production, trying to increase supply to markets in a commodity business,” he said. “You go through these cycles. Two years ago, we were losing billions of dollars a quarter. Now we’re making strong profits.”

Bearish investors flock to cash

In more doom and gloom on Wall Street, pessimistic fund managers are selling stocks and piling into cash, according to a Bank of America survey published Tuesday.

“Investors’ perception of the outlook for the global economy remains bleak in September,” Michael Hartnett, Bank of America’s chief investment strategist, wrote in the report, which surveyed 212 fund managerswith more than half a trillion dollars of assets under management in September.

About 72% of respondents expected a weaker economy in the next 12 months, up 5 percentage points from August. The share of investors saying recession is likely also increased in September to 68%, the highest since May 2020.

Unsurprisingly, Wall Street is bracing for corporate profits to soften and equities to continue to crash, the survey showed. The cash levels investors are holding jumped from 5.7% last month to 6.1%, their highestlevel since the September 11 attacks in 2001.

Click here to read the entire article or watch the video interview. 


CISA Orders Agencies To Patch Windows, iOS Bugs Used In Attacks

Courtesy of Sergiu Gatlan, BleepingComputer.com

Sept. 14, 2022 — CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs. Apple also patched the arbitrary code execution vulnerability on Monday and confirmed that it was exploited in attacks as a zero-day bug in the iOS and macOS kernel.

A binding operational directive issued in November 2021 says that all Federal Civilian Executive Branch Agencies agencies have to secure their networks against bugs added to CISA’sCISA’s catalog of Known Exploited Vulnerabilities.

CISA has given Federal Civilian Executive Branch Agencies agencies three weeks, until October 10th, to address these two security flaws and block attacks that could target their systems.


Related Reading: ‘This Is a Problem We Can Tackle’ — Former White House CIO Wants To Help Credit Unions Outmaneuver Cybercriminals.


“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” CISA warned today.

Since BOD 22-01 was issued, CISA has added over 800 security flaws to the catalog of bugs exploited in the wild, requiring federal agencies to address them on a tighter schedule to block attacks and potential security breaches.

 


Articles for September 9, 2022 Issue:


FTC Alleges: Credit Karma Hurt People’s Credit Scores Using Dark Patterns

The popular credit monitoring company tricked people with false “pre-approved” credit card offers Credit Karma found got them to click ads more often.

Courtesy of Maxwell Strachan, Vice

September 1, 2022 — The Federal Trade Commission is accusing a company of tricking users into signing up for credit cards with so-called dark patterns.

Credit Karma, which offers people a free way to check their credit scores, told people that they had “90% odds” and had been “pre-approved” for credit cards that they actually did not qualify to receive, the Federal Trade Commission says in a new complaint. The federal agency alleges that between February 2018 and April 2021, almost one-third of people who were told they would qualify did not, causing them to “unnecessarily” receive a hard inquiry on their credit reports that often hurt their scores.

The FTC is requiring the personal finance company to pay out $3 million to the people they allegedly deceived and no longer falsely tell people they have been pre-approved for credit cards.

“Credit Karma’s false claims of ‘pre-approval’ cost consumers time and subjected them to unnecessary credit checks,” said Samuel Levine, the director of the agency’s bureau of consumer protection, in a statement. “The FTC will continue its crackdown on digital dark patterns that harm consumers and pollute online commerce.”

Dark patterns are user interfaces that deceive users in non-intuitive ways. According to the complaint, Credit Karma ran A/B testing experiments that showed that people were more likely to click on ads that said they had been pre-approved than they were on ones that said they had “excellent” odds of approval, which the FTC said constituted a dark pattern.

Credit Karma said in a statement on Thursday that the company altered its business so that it no longer tells people they have been pre-approved as of April 2021.

“We fundamentally disagree with the FTC’s allegations about marketing terms that aren’t even in use anymore, but ultimately we reached this agreement to avoid disruption to our mission and maintain our focus on helping our members find the financial products that are right for them,” Credit Karma chief legal officer Susannah Wright said in a statement.

Credit Karma lets people monitor their credit online without affecting their score. Part of the way it makes money is by using the data it receives to allow credit card companies and others to send targeted advertisements to people through the site. When someone buys a product, the third-party companies pay Credit Karma.

“We suggest offers based on your credit, Approval Odds, and money we make from our partners,” the company says on its website. In another area, the company elaborates: “For instance when you take an offer –– like for a credit card or loan –– through Credit Karma, we usually make some money from one of our partners, like the bank that issues the card or the lender who funds your loan.”

Credit Karma knew people were getting denied after the company told them they had been pre-approved, according to the complaint. As evidence, the FTC cited customer service training materials that said one common issue people complained about was “I was declined for a pre-approved credit card offer …. How is that possible?!?!?!”

 

Fannie Mae: High Home Prices, Mortgage Rates Weighing on Housing Sentiment

Year-over-Year Jump in Interest Rates Amplifying Perceptions of Unaffordability for Buyers and ‘Lock-in Effect’ for Sellers

September 7, 2022 — The Fannie Mae (FNMA/OTCQB) Home Purchase Sentiment Index®(HPSI) decreased 0.8 points in August to 62.0, its sixth consecutive monthly decline, as high home prices and elevated mortgage rates continue to weigh on consumer sentiment, particularly home-selling sentiment. Despite the relatively small aggregate change, the HPSI experienced significant volatility among four of its six components, including those measuring consumer perceptions of homebuying and home-selling conditions, as well as expectations regarding the future direction of home prices and mortgage rates.

Month over month, consumers reported that home-selling conditions have worsened – although that component remains strongly positive on net. Consumers also reported that homebuying conditions have improved, but 73% continue to report that it’s a “bad time to buy.” For the first time since the start of the pandemic, consumers are neutral, on net, about the future path of home prices, with an increasing share this month reporting that prices will decline. Meanwhile, a greater share reported the expectation that mortgage rates will decline, even though a majority continue to believe that mortgage rates will go up over the next 12 months. Year over year, the full index is down 13.7 points.

Home Purchase Sentiment Index – Component Highlights
Fannie Mae’s Home Purchase Sentiment Index (HPSI) decreased in August by 0.8 points to 62.0.The HPSI is down 13.7 points compared to the same time last year. Read the full research reportfor additional information.

  • Good/Bad Time to Buy: The percentage of respondents who say it is a good time to buy a home increased from 17% to 22%, while the percentage who say it is a bad time to buy decreased from 76% to 73%. As a result, the net share of those who say it is a good time to buy increased 8 percentage points month over month.
  • Good/Bad Time to Sell: The percentage of respondents who say it is a good time to sell a home decreased from 67% to 59%, while the percentage who say it’s a bad time to sell increased from 27% to 35%. As a result, the net share of those who say it is a good time to sell decreased 16 percentage points month over month.
  • Home Price Expectations: The percentage of respondents who say home prices will go up in the next 12 months decreased from 39% to 33%, while the percentage who say home prices will go down increased from 30% to 33%. The share who think home prices will stay the same increased from 26% to 28%. As a result, the net share of Americans who say home prices will go up decreased 9 percentage points month over month.
  • Mortgage Rate Expectations: The percentage of respondents who say mortgage rates will go down in the next 12 months increased from 6% to 11%, while the percentage who expect mortgage rates to go up decreased from 67% to 61%. The share who think mortgage rates will stay the same increased from 21% to 25%. As a result, the net share of Americans who say mortgage rates will go down over the next 12 months increased 11 percentage points month over month.
  • Job Loss Concern: The percentage of respondents who say they are not concerned about losing their job in the next 12 months increased from 78% to 79%, while the percentage who say they are concerned decreased from 22% to 21%. As a result, the net share of Americans who say they are not concerned about losing their job increased 2 percentage points month over month.
  • Household Income: The percentage of respondents who say their household income is significantly higher than it was 12 months ago increased from 24% to 25%, while the percentage who say their household income is significantly lower increased from 13% to 15%. The percentage who say their household income is about the same decreased from 61% to 59%. As a result, the net share of those who say their household income is significantly higher than it was 12 months ago decreased 1 percentage point month over month.

About Fannie Mae’s Home Purchase Sentiment Index
The Home Purchase Sentiment Index® (HPSI) distills information about consumers’ home purchase sentiment from Fannie Mae’s National Housing Survey® (NHS) into a single number. The HPSI reflects consumers’ current views and forward-looking expectations of housing market conditions and complements existing data sources to inform housing-related analysis and decision making. The HPSI is constructed from answers to six NHS questions that solicit consumers’ evaluations of housing market conditions and address topics that are related to their home purchase decisions. The questions ask consumers whether they think that it is a good or bad time to buy or to sell a house, what direction they expect home prices and mortgage interest rates to move, how concerned they are about losing their jobs, and whether their incomes are higher than they were a year earlier.

About Fannie Mae’s National Housing Survey

Click here to read the entire article.

 

Harvard Researcher: More Americans Tapping Buy Now, Pay Later Services For Groceries ‘Shows the Height of Personal Desperation’

Courtesy of Jessica Dicxkler, CNBC

KEY POINTS

  • With food prices at historic highs, more consumers are turning to buy now, pay later services for their weekly essentials.
  • “Once people start stretching out grocery payments it shows the height of personal desperation,” says Marshall Lux, a fellow at the Harvard Kennedy School.

 September 7, 2022 —As prices rise, Americans are increasingly finding new ways to make ends meet. But with some necessary purchases, such as groceries, there are fewer options that don’t involve taking on debt.

That makes the option to pay later — through companies such as Klarna, Zip, Zilch, Affirm and Afterpay — look increasingly attractive. About two-thirds of consumers have worried in the past month about affording groceries due to the rise of inflation, a recent LendingTree survey found.

At the same time, Zip said it notched 95% growth in U.S. grocery purchases, according to The New York Times. Klarna reported that more than half of the top 100 items its app users are now buying are grocery or household items.

“The fact that there’s a large number of Americans that simply can’t afford to buy food highlights the desperation that this economic climate creates,” said Marshall Lux, a fellow at the Mossavar-Rahmani Center for Business and Government at the Harvard Kennedy School.

“Once people start stretching out grocery payments it shows the height of personal desperation,” Lux added.

Although inflation, overall, began to ease last month along with gasoline prices, food costs climbed 1.1% in July, bringing the year-over-year gain to 10.9%, according to the latest Consumer Price Index figures.

The food-at-home index, a measure of price changes at the grocery store, notched the largest 12-month increase since 1979.

 

Note: As of July 2022. Not seasonally adjusted. Chart: Gabriel Cortes / CNBC Source: U.S. Bureau of Labor Statistics

 

Using BNPL could mean people ‘overextend themselves’ “For someone who has the ability to pay, this is an interest-free loan,” Lux said.

However, BNPL’s rapid growth is driven primarily by younger consumers, with two-thirds of BNPL borrowers considered subprime, Lux noted, which makes them especially vulnerable to economic shocks or a possible recession.

“In the best-case scenario, this will enable people to hang on or, in the worst case, overextend themselves,” he said.

Further, the more BNPL accounts open at once, the more prone consumers become to overspending, missed or late payments and poor credit history, other research shows.

Generally, if you miss a payment there could be late fees, deferred interest or other penalties, depending on the lender. (CNBC’s Select has a full roundup of fees, annual percentage rates, whether a credit check is performed, and if the provider reports to the credit scoring companies, in which case a late payment could also ding your credit score.)

 

Fed Vice Chair Brainard Calls for Crypto-Specific Regulations, Notes Stablecoin Risks

While crypto “has all the same risks that we’re very familiar with from traditional finance,” its quirks need tailored solutions, Lael Brainard said.

Courtesy of Helene Braun, CoinDesk

September 7, 2022Federal Reserve Vice Chair Lael Brainard said the cryptocurrency market bears similar risks to traditional finance, but will need new regulations for situations not covered by existing laws.

“We have seen that the crypto financial system has all the same risks that we’re very familiar with from traditional finance,” she said in a speech at the Clearing House and Bank Policy Institute 2022 annual conference on Wednesday. But given the unique characteristics of crypto, there’s a need for “creating clear regulatory guardrails.”

Brainard is leading the central bank’s exploration of a digital U.S. dollar, and her role as the No. 2 person at the Fed makes her opinions on crypto quite significant. Brainard’s latest remarks echoed her previous statements that the sector needs to meet the same safety standard as traditional finance in order to prevent it from becoming a threat to the broader financial system.


Related Reading:
Banks Fire Back at Warren Over OCC Crypto Guidance: Two bank trade groups asked acting Comptroller Michael Hsu to deny Sen. Elizabeth Warren’s request that the banking agency abandon Trump-era guidance on cryptocurrency.

OCC Acting Director Hsu’s Updated Crypto Comments “Safeguarding Trust in Banking: An Update” (9/7/22): Under my direction, the OCC has adopted a “careful and cautious” approach. The agency put into place this approach through the issuance of Interpretive Letter 1179, which establishes guardrails by clarifying that national banks and FSAs should not engage in certain crypto activities unless they demonstrate that the activities can be performed in a safe, sound, and fair manner.

 Vermont’s Financial Regulator Alleges Celsius and Its CEO Made ‘False and Misleading Claims’: According to the regulator, Celsius “lacked sufficient assets to repay its obligations” despite suggesting it had enough funds in its reserves to mitigate the risk of insolvency.


The Fed vice chair also reiterated the risk of stablecoins in her speech. She predicted there will be a lot more of such tokens created by the private sector in the future, calling into question if the central bank should issue its own central bank digital currency (CBDC.)

“Stablecoins is one of those areas that I think has the most potential for risk if not properly regulated and of course those risks can easily spill into the main core financial system because of the runnable nature of stablecoins,” she said.

Back in May, some $60 billion in value evaporated almost overnight after the collapse of algorithmic stablecoin terraUSD (UST). Meanwhile, some worry that asset-backed stablecoins such as USDT or USDC may not be able to sustain significant amounts of withdrawals.

In November 2021, a committee known as the President’s Working Group on Financial Markets – whose members include Fed Chair Jerome Powell and Treasury Secretary Janet Yellen – issued recommendations on stablecoins. Brainard characterized its report as “very strong” and she said that she agrees with its recommendations that stablecoins should be subject to bank-like regulation, and that “credential guardrails and the liquidity backstop are the best way to situate stablecoins.”

Articles for September 2, 2022 Issue:

Rep. Presses Federal Agencies, Crypto Companies on Fraud Prevention

Aug. 31, 2022 — The chair of the House Subcommittee on Economic and Consumer Policy has sent letters to four federal agencies and five digital asset exchanges requesting information about the steps they are taking to combat cryptocurrency-related fraud and scams.

Rep. Raja Krishnamoorthi, D-Ill. said in the letters Tuesday that cryptocurrencies have become “scammers’ favored means of payment as well as their preferred bait for unsuspecting victims,” citing Federal Trade Commission data that says the annual amount of cryptocurrency lost to fraud is on pace to surpass $1 billion in 2022.

“As stories of skyrocketing prices and overnight riches have attracted both professional and amateur investors to cryptocurrencies, scammers have cashed in,” Krishnamoorthi said in the letters. The letters were sent to the U.S. Department of Treasury, the U.S. Securities and Exchange Commission, the Commodity Futures Trading Commission, and the FTC. The crypto exchanges that got similar letters are Binance.US, Coinbase, FTX, Kraken and KuCoin.


Related Reading: Federal Reserve Board Washington D.C.; The Financial Stability Implications of Digital Assets


Krishnamoorthi requested information he said could help Congress understand what the government and the exchanges are doing to protect consumers, and could inform potential legislative solutions to make the crypto space safer for consumers.

He called attention to a “lack of a central authority” to flag suspicious transactions, the “irreversibility of transactions,” as well as the “limited understanding” investors have of crypto’s underlying blockchain technology as cause for concern about growing fraud.

Consumers are “often unaware of the current patchwork of resources available to inform their investing decisions,” and insurance companies are reluctant to provide coverage to consumers given the lack of regulation of digital assets, he added.  Krishnamoorthi also directed separate criticisms at the government agencies and the exchanges.

In the letters to the agencies, he argued “the federal government has been slow to curb cryptocurrency scams and fraud” and that “existing federal regulations do not comprehensively or clearly cover cryptocurrencies under all circumstances.” Meanwhile, he said some exchanges allow digital assets to be listed with “little or no vetting,” leaving potential vulnerabilities undiscovered even though they could “easily be identified” through audits.

“Many exchanges have also failed to implement appropriate monitoring of accounts, which can flag illicit activity, notify investors, and prevent transactions with addresses linked to scammers,” he added. Krishnamoorthi set a Sept. 12 deadline for the federal agencies and the crypto exchanges to provide documents and information dating back to Jan. 1, 2009.

For the agencies, he asked for “all policies, guidance, or other official documents” related to efforts to prevent crypto-related scams and fraud, to investigate such fraud, and to work with other agencies to regulate crypto. He also asks for the agencies’ thoughts on how such processes and frameworks could be improved to minimize the risks.

“Congress may need to pass legislation to help bring stability to the digital asset industry and protect consumers from investment fraud and abuse, but more information is needed to understand what the relevant federal agencies are already doing,” Krishnamoorthi said.

In the letters to the exchanges, he asked for “all documents” regarding their efforts to combat crypto-related scams and fraud, what processes and tools are in place to inform consumers about the risks and to investigate potential fraud, and if they provide insurance to consumers that covers fraud.

He also asked the exchanges what they believe the federal government could do to assist crypto exchanges in combating fraud and scams.

Click here to read more in this article from Bankrate.

Survey: Bank Overdraft Fees Tumble to 13-Year Low While ATM Fees Are Back on The Rise

Courtesy of Karen Bennerr and Matthew Goldberg, Bankrate.com

Aug. 31, 2022 — Banks have been reducing or eliminating overdraft fees at an unprecedented rate over the past year or so, as they face heavy public pressure to curb what one consumer watchdog has referred to as “junk fees.” In fact, the average overdraft fee of $29.80 is down 11 percent from last year’s record high, according to Bankrate’s 2022 checking account and ATM fee study. However, an overwhelming majority of accounts surveyed (96 percent) still charge a fee for overdrafts.

Unlike overdraft fees, not all bank fees are on the decline. Bankrate’s study found the average combined cost of an out-of-network ATM transaction to be $4.66, the highest amount since 2019. The average ATM surcharge levied on non-customers hit a record high of $3.14 per transaction.

The study also found that 46 percent of noninterest checking accounts are free — meaning they don’t charge monthly service fees — which is down slightly from 2021. Unlike top-yielding savings accounts, checking accounts that bear interest continue to pay record-low yields, the survey found, despite several Federal Reserve interest rate hikes in 2022.

For the study, Bankrate surveyed 10 banks and thrifts in each of 25 large U.S. markets. Information was gathered regarding checking accounts that bear interest and those that don’t, as well as ATM fee policies. Here are the highlights of the study.


Key findings:

  • The average overdraft fee declined to a 13-year low of $29.80, which is down 11 percent over last year’s record high of $33.58. The average nonsufficient funds (NSF) fee decreased to $26.58, the lowest since $25.81 in 2004. While these averages have gone down and some accounts have entirely eliminated such fees, 96 and 87 percent of accounts surveyed still charge overdraft fees and NSF fees, respectively.
  • The combined total of the average out-of-network ATM fee assessed by one’s own bank and the average surcharge levied by the ATM owner increased to $4.66, the highest since 2019. The surcharge on non-customers ($3.14) reached a new high, up 1.9 percent from $3.08 last year.
  • Among the metropolitan areas covered in the survey, the city with the highest average total combined ATM fees is Atlanta, where you’ll pay around $5.38 for using an out-of-network ATM. Meanwhile, you’ll find the lowest combined average fees in Los Angeles at $4.21.
  • The number of free checking accounts has decreased slightly in 2022 to 46 percent (down from 48 percent last year), although 99 percent of noninterest checking accounts are either free or can become free when certain requirements are met. These may include maintaining a set minimum balance or having your paycheck directly deposited.
  • The average yield on interest checking accounts remains at a record low, and the most common payout is 0.01 percent annual percentage yield (APY). And while the average monthly service fee of $16.19 is down slightly from last year, it’s the second highest ever tallied.

Overdraft fees: Lowest in over a decade

Overdraft and NSF fees on the decline

An overdraft fee may be charged by a bank when you withdraw more money from your account than the amount you have in it and the bank pays that overdraft. The average overdraft fee in 2022 is $29.80, which is down 11 percent over last year’s record-high average of $33.58 — the lowest since 2009 when the fee averaged $29.58.

Like overdraft fees, the average NSF fee decreased as well in 2022 — dropping to $26.58, which reflects a 21-percent decrease from last year’s record high of $33.58. It’s also the lowest average NSF fee since 2004 when the average was $25.81.

Banks charge an NSF fee when there isn’t enough money in an account to cover a transaction, and the bank does not honor the transaction. Ways to avoid these fees include linking a savings account to your checking account in order to cover any shortfall, as well as keeping tabs on your account balance before initiating transactions.

Average overdraft fee
The average overdraft fee decreased to $29.80 in 2022 from $33.58 in 2021.

Overdraft fees may be down on average, but still prevalent

The trend among banks to reduce or eliminate overdraft and NSF fees comes at a time when proposed federal legislation would limit their ability to charge such fees. The Consumer Financial Protection Bureau (CFPB) has also called for an end to these fees, releasing a report that revealed 20 banks each earned between $50 million and $1.4 billion in overdraft and NSF fee revenue in 2021.

While average overdraft and NSF fees are lower than they’ve been in more than a decade, they’re not completely going away just yet. Fees for overdrafts and nonsufficient funds are still charged by 96 percent and 87 percent of accounts surveyed, respectively.

Click here to read more in this article from Bankrate.

Metaverse Scammers Have a Bridge to Sell You. This Alabama Regulator Is Fighting Back

The state’s securities commission is warning people about the dangers of buying virtual real estate.

Courtesy of Elizabeth Napolitano, CoinDesk.com

September 1, 2022 — Crypto investors have pumped hundreds of millions of dollars into buying up virtual land – and thieves are taking note. According to Joseph Borg, a financial regulator in Alabama, metaverse real estate scammers pose a danger to investors in his home state.

“There are offers for [metaverse] real estate [scams] where they’ll tell you, ‘Get in now while it’s hot before the price goes up,’ and everybody buys it and you’re left out,’” said Borg, the longtime director of the Alabama Securities Commission. “I put that right up there next to the one that’s selling real estate on the moon.”

Indeed, the crypto-verse has a potpourri of “metaverses” from Yuga Labs’ Bored Ape-themed Otherside realm (over $800 million in lifetime land sales) to Decentraland ($330 million), The Sandbox ($295 million) and more. One dashboard on crypto data site Dune counts the top 32 virtual worlds.


Related Reading:


That’s not to say these land sales are inherently fraudulent. Speculators aside, some investors see value in buying a piece of digital real estate and then building their virtual worlds atop their plot. Decentraland is full of otherworldly architecture and virtual shtick.

But some of those builders are allegedly fraudulent. In May, Borg’s ASC and four other state-level financial regulators ordered a metaverse casino with alleged Russian connections to cease sales of non-fungible tokens (NFTs). The regulators claimed the casino, called the Flamingo Casino Club, was a front for scammers.

Actually locking up the alleged scammers is another matter.

In order to stick it to the scammers, regulators must first identify them, Borg told CoinDesk. But doing so can be tough in the metaverse, where fraudsters can cloak themselves in the veil of internet anonymity, which these days means masquerading in sometimes zany ways, Borg said.

“Saying [we’re going to] issue an order against the guy who looks like a duck with a hat on in the metaverse doesn’t do us any good,” Borg said. “We got to track down a computer, trace it and figure out where their money’s going and how they’re operating.”

In the absence of identifiable persons of interest, and left with little legal recourse as a result, the ASC has issued an advisory cautioning people about the dangers of investing in potential metaverse scams.

That doesn’t mean the commission, which has muscled crypto’s bad actors before, has given up on tracking criminals, however. Borg said ASC is still gunning to put a lid on metaverse real estate scams and hopes to issue orders against those involved in the scams once they can be identified.

And while those efforts are underway, the commission is taking steps to educate would-be investors about how the metaverse really works.

“It’s ‘get into the real estate market now because everybody’s going to want a piece,’” Borg said. “But, of course, you can create as much [real estate] as you want, because you can have a multitude of metaverses, but people don’t understand that yet.”

The Flamingo Club Casino case, and many like it, Borg says, demonstrates how the metaverse can be not only a land of opportunity, but also a land of large losses, especially for the uninformed investor.

“Bad actors are now leveraging interest in [metaverse] opportunities and products,” Borg said in a press release Wednesday. “Virtual reality can leave you virtually broke.”

The review, FHLBank System at 100: Focusing on the Future, will include a series of listening sessions and regional roundtable discussions

Aug. 31, 2022 — The Federal Housing Finance Agency (FHFA) today announced it will conduct a comprehensive review of the Federal Home Loan Bank (FHLBank) System beginning in the fall of 2022.

“FHFA plays a vital role in supporting affordable, equitable, and sustainable access to mortgage credit,” said FHFA Director Sandra L. Thompson. “FHFA’s regulated entities function as a reliable source of liquidity and funding for housing finance and community investment. As the Federal Home Loan Banks approach their centennial, FHFA will conduct a comprehensive review to ensure they remain positioned to meet the needs of today and tomorrow.”


Related Reading: Federal Housing Finance Agency Report: U.S. House Prices Rise 17.7 Percent over the Last Year; Up 4.0 Percent from the First Quarter


The FHLBanks have been a critical source of liquidity for their members for the past 90 years, especially during times of market stress, such as the Great Recession and the outset of the COVID-19 pandemic. The FHLBanks also support low-income housing and community development directly by offering a variety of programs to their members, including the Affordable Housing Program, the Community Investment Program, and the Community Investment Cash Advance Program.

As part of the review process, FHFA will host two public listening sessions and a series of regional roundtable discussions to consider and evaluate the mission, membership eligibility requirements, and operational efficiencies of the FHLBanks. FHFA will hear from stakeholders on the FHLBanks’ role or potential role in addressing housing finance, community and economic development, affordability, and other related issues.

FHFA invites interested parties to speak or attend the kick-off event for FHLBank System at 100: Focusing on the Future, a listening session on Thursday, September 29, 2022. The session will be held in person at the Constitution Center in Washington, DC, with the option to participate virtually.

FHFA is specifically interested in receiving feedback in six key areas:

  1. The FHLBanks’ general mission and purpose in a changing marketplace;
  2. FHLBank organization, operational efficiency, and effectiveness;
  3. FHLBanks’ role in promoting affordable, sustainable, equitable, and resilient housing and community investment;
  4. Addressing the unique needs of rural and financially vulnerable communities;
  5. Member products, services, and collateral requirements; and
  6. Membership eligibility and requirements.

Register​​​ ​to attend or speak at the September 29 listening session (12:30 – 4:00 PM). Participants will be able to select in-person or virtual attendance. FHFA is also accepting wri​​tten comments through October 21, 2022, via FHFA’s website ​or mailed to: Federal Housing Finance Agency, 400 7th Street, SW, Washington, DC 20024.

Federal Housing Finance Agency Report: U.S. House Prices Rise 17.7 Percent over the Last Year; Up 4.0 Percent from the First Quarter

 

Articles for August 26, 2022 Issue:

Cyber News: Traditional Check Fraud Gets a Digital Makeover

Courtesy of Glenn Fratangelo, NiceActimize.com

August 23, 2022 —What happens when trust is shaken in a fundamental societal institution, like the postal service system?

An emerging method of committing financial fraud is stealing checks, and the circumstances surrounding these scams are often bizarre and highly public. Checks are appropriated from the familiar blue United States Postal Service (USPS) collection boxes and rewritten, repurposed, and cashed by thieves. One victim had their check stolen twice from the same collection box, even after taking measures to get a new bank account and checks.[1]

With so much attention given to the constant uptick in digital scams, it’s easy to push concerns over physical financial assets, like checks, to the side. But criminals exploit any avenue to commit fraud—even vandalizing protected federal government property to get a payout.

Check fraud is a conduit to numerous other crimes, such as wire fraud, identity theft, synthetic identity fraud (SIF), peer-to-peer payments (P2P) fraud, account takeover (ATO), and mail fraud. As the risk of check fraud rises, so should the precautions and measures to prevent this trending crime.

Check Fraud Scams Go Digital

By now, I should be desensitized to the machinations of these criminals thanks to constant exposure to this industry. But their confidence and audacity still surprise me.

Take the infamous Telegram user, “Liam Neeson” who brazenly posted numerous stolen items for sale on social media.[2] Under the handle of this A-list actor, this criminal advertised stolen checks for sale to 1,200 subscribers. Charitable donations, DMV fees, uncashed checks, and utility payments pilfered from mailboxes in North Carolina were all presented as photos with the intent of selling to a criminal community. 

The digital era introduced some unsavory variants to traditional check fraud scams. Social media platforms provide criminals with the public portal and visibility to boast about their crimes and incentivize their peers, as they occasionally seek validation or hope to inspire their teammates. These criminals also rely on the dark web to sell stolen checks and related paraphernalia, like stolen mailbox keys, to other criminals within their vast networks.


Related Reading: New ransomware HavanaCrypt poses as Google software update
A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn’t seem to be dropping a traditional ransom note.


Gain access to personal mail

Stolen mailbox keys, or arrow keys, are commonly featured for sale on the dark web or platforms like Telegram (where they’ve been known to sell for upwards of $7,000) because they’re one of the main methods available to illegally access personal mail. A report from USPS revealed that complaints of mail theft rose 161% between March 2020 and February 2021.[3]

Mail theft and subsequent check fraud via this technique has captured attention at the highest level; Congresswoman Eleanor Holmes Norton has made inquiries of the United States Postal Service (USPS) regarding this issue.[4] The USPS responded that it is aware and taking action to prevent this crime but they’re under-resourced, which makes it far more challenging to fully investigate these attacks. Ultimately, it falls on everyone to do what they can to prevent check fraud, as postal workers are being attacked.

Leverage Peer-2-Peer Platforms

Yet another example of the digital twist on this crime is the use of P2P platforms, like Cash App, to augment check fraud.[5] Criminals are targeting people through tactics like fake job offers. Victims are instructed to deposit substantial checks into their bank account as an advance for job-related items, like computers or supplies, and then told to send the deposited funds to a different person through a P2P app. Ultimately, the victim realizes the check was fake, leaving them responsible for the losses. In this scenario, criminals capitalize on Regulation CC, which enables customers to immediately use at least a portion of deposited funds prior to the check clearing. With knowledge of regulatory requirements along with a bank’s corresponding funds availability policies, they use this information to obtain a portion of deposited funds prior to the check bouncing.[6]

Read the entire article here.

Housing Market: Fannie Mae Sees Dark Days Ahead for the Housing Market

Economic and Strategic Research Group expects total home sales to decrease 16.2% in 2022

Courtesy of James Kleimann, HousingWire.com

August 23, 2022 — It will get worse for the housing market – and mortgage industry – before it gets better. That’s the takeaway from a group of economists at Fannie Mae who slashed their forecast for 2022 home sales this week.

“Housing remains clearly on the downtrend — and has been for several months now — due to the combined effects of outsized home price increases and the significant and rapid run-up in mortgage rates,” Fannie Mae’s Chief Economist Doug Duncan said in a statement.

Fannie Mae’s Economic and Strategic Research Group expects total home sales to decrease 16.2% in 2022, a further downward revision from July’s projected drop of 15.6%. The latest forecast also projects total mortgage origination activity at $2.47 trillion in 2022, down from $4.47 trillion in 2021. The mortgage market is projected to slip even further in 2023, dropping to $2.29 trillion.

A brutal housing market has already tested the business models of mortgage lenders, and it will be a while before conditions improve. In the second quarter of 2022, nonbank mortgage lenders on average lost $82 per loan, according to the Mortgage Bankers Association. Combining both production and servicing operations, only 57% of companies in the MBA report were profitable in the second quarter.


Related reading: Federal Housing Finance Agency (FHFA) Announces Intent to Establish a Federal Advisory Committee on Affordable, Equitable, and Sustainable Housing:
The Committee’s activities will focus on FHFA’s regulated entities – Fannie Mae, Freddie Mac, and the Federal Home Loan Banks – and their respective roles in providing a reliable source of liquidity and funding to support housing finance in the single-family and multifamily housing markets.


On average, IMBs generated $705 million in origination volume in the second quarter, down from $808 million in the previous quarter. Total production revenue for IMBs, which includes fee income, net secondary marking income and warehouse spread, decreased to 335 bps in the second quarter, down from 350 bps a quarter prior. On a per-loan basis, production revenues declined to $10,855 per loan in the second quarter, down slightly from $10,861 per loan in the first quarter.

Many lenders have been cutting hundreds or thousands of staffers amid the dip in origination volume. Fannie Mae forecasters said that despite mortgage rates settling in the low 5% range over the past month, recent incoming data has led them to revising the home sales forecast, notably because of a drop in new home sales.

New homes sold at an annualized pace of 590,000 units in June, the lowest sales pace since April 2020. ESR Group researchers now expect new home sales to finish the year at 632,000 units, down from 668,000 in last month’s forecast. New home sales are now projected to fall 18% from last year, while existing home sales are expected to fall by 16% in 2022 to 5.143 million.

Fannie Mae’s ESR group also said it expected real gross domestic product growth for the full year 2022 and 2023 to remain flat from last month at 0.0% and negative 0.4%, respectively.

“The continued expectation that real GDP growth will be negative beginning in 2023 is due to the combined effects of tighter monetary policy weighing on business and residential investment and still-elevated inflation weighing on consumer spending,” Fannie Mae wrote in the report. The ESR group wrote that it expects inflation to tick down gradually, ending 2022 at 7.2% and 1.8% by the end of 2023.

Crypto News: FTX’s Money Isn’t Insured, FDIC Says; FTX is Accused of Making ‘False Representations’ About FDIC Insurance

Courtesy of Emma Roth, TheVerge.com

August 23, 2022The Federal Deposit Insurance Corporation (FDIC) slapped the Sam Bankman-Fried-owned cryptocurrency exchange FTX with a cease-and-desist order over “false and misleading statements” that suggest its assets are FDIC-insured. The FDIC doesn’t cover stocks or crypto, and only safeguards funds held in insured bank accounts.

In a letter to the exchange, the FDIC points to a now-deleted tweet from FTX president Brett Harrison, which states “direct deposits from employers to FTX US are stored in individually FDIC-insured bank accounts in the users’ names.” The referenced tweet also says that “stocks are held in FDIC-insured and SIPC [Security Investor Protection Corporation]-insured brokerage accounts.” The FDIC claims this falsely represents that FTX and the funds invested by users are FDIC-insured when they’re really not.

While not flagged in the FDIC’s letter, users have also pointed out another potentially misleading tweet from Harrison that says “cash associated with brokerage accounts is managed into FDIC-insured accounts” at FTX’s “partner bank.”

Harrison has since issued a response to the FDIC’s letter, explaining that FTX “really didn’t mean to mislead anyone,” and claims FTX “didn’t suggest that FTX US itself, or that crypto/non-fiat assets, benefit from FDIC insurance.” FTX CEO and founder Bankman-Fried provided further clarification as well, stating that while “FTX does not have FDIC insurance,” the banks it does business with do. Bankman-Fried adds that it may “explore potential ways that individual accounts using direct deposit… could, in the future, be used to further protect customers,” and that FTX “would be excited to work with the FDIC on that.”

As noted by the FDIC, the Federal Deposit Insurance Act (FDI Act) prohibits companies from ”implying that their products are FDIC–insured by using ‘FDIC’ in the company’s name, advertisements, or other documents.” The FDIC is giving FTX 15 days to provide confirmation that it has removed or corrected any alleged misrepresentations. In addition to FTX, the FDIC doled out cease-and-desist warnings to four other companies, including Cryptonews.com, Cryptosec.info, SmartAsset.com, and FDICCrypto.com. The FDIC declined to comment beyond the contents of its letter, and FTX didn’t immediately respond to The Verge’s request for comment.

Like Robinhood, FTX has started offering both traditional stock and crypto trading options. In May, crypto billionaire Bankman-Fried disclosed a 7.6 percent stake in Robinhood, and he’s reportedly looking into purchasing the trading platform.

Even with the so-called crypto winter driving several crypto companies to bankruptcy, FTX and Bankman-Fried’s crypto trading firm Alameda Research have somehow managed to stay afloat. Bankman-Fried has extended lines of credit to numerous struggling crypto firms to help them weather the uncertain economy, and told Reuters he has “a few billion” more for future bailouts. According to documents obtained by CNBC, FTX brought in $1.02 billion in revenue in 2021 and $270 million in the first quarter of 2022.

Fraud News: Zelle Scam Targets Kansas Man for a Fake $2,500 Refund Through Bank Account; Digital Payment Scams Getting Attention from Federal Lawmakers

Courtesy of Matt Flener, KMBC 9 News

August 22, 2022—Taylor Witt is hoping for a refund from U.S. Bank or Zelle after he said he fell for a very sophisticated scam. Witt emailed KMBC 9 Investigates for help after he said someone stole $2,500 from his U.S. Bank account through a fake Zelle refund scam.

Witt said the scammer called him from a number impersonating his bank’s fraud department. The scammer told him that his bank account was hit by a fraudulent Zelle transaction, convincing Witt to go through a fake refund process with Zelle.

Reluctant at first, he said the scammer convinced him to look at the back of his debit card to compare the telephone number to the caller ID on his cell phone, and the numbers then matched. Witt said that he has tried to get U.S. Bank to refund the money, but so far, the bank has not budged.

“It was just very devastating,” he said. “It just didn’t register with me that the person warning me of the fraud was the one trying to take the money.”  Witt has seen news stories across the country of people falling for digital payment scams, along with a push by lawmakers to get banks to refund people’s money.

A U.S. Bank spokesman said he was looking into Witt’s account. U.S. Bank does provide tips on how to avoid being the victim of digital payment scams. Zelle did not immediately respond to an email from KMBC 9 Investigates. A spokeswoman for the parent company of Zelle, Early Warning, said the payment platform acts as a messaging service in transactions.

“Because we don’t hold the funds we’re not able to to give back the money to the consumer,” said Meghan Fintland, spokeswoman for Early Warning. “They have to do that through their bank.” Zelle also offers a list of tips to make sure people don’t get scammed.

Nikolas Reese with the Better Business Bureau of Greater Kansas City said that it is important to only send money to people you know. “Unless you know that person in your personal life that would not use a digital wallet service to send money to them,” Reese said. Witt is now hoping for a refund. “It’s very sophisticated in their approach,” he said. And he has a warning for others, “The moment you hit that button, that money is out of your account.”

 

Articles for August 12, 2022 Issue:

Bank Policy Institute: Complex, Sweeping CRA Proposal Would Undercut Law’s Mission of Serving Communities

Courtesy of Tara Payne, Bank Policy Institute

August 5, 2022 — BPI today commented on the banking agencies’ joint Community Reinvestment Act proposal. BPI strongly supports the CRA and its core mission of supporting communities, including low- and moderate-income and underserved areas, and parts of the proposal would helpfully provide some certainty about what activities qualify for CRA credit, particularly with respect to banks’ partnerships with Minority Depository Institutions; however, the proposal in other respects would stray far beyond the agencies’ statutory mandate to the point of credit allocation, and would undermine the law’s core mission by allowing CRA ratings to be driven subjectively by behavior unrelated to community development.

What BPI is saying:

“The proposal presents the worst of two worlds:  its hundreds of pages of requirements dictate how banks are to allocate credit, yet at the end of the day the agencies reserve the right to downgrade a bank’s rating regardless of its compliance with the agencies’ dictates, based on any of a wide range of factors unrelated to community development.”
— Paige Pidano Paridon, BPI senior vice president and senior associate general counsel

Background: The Community Reinvestment Act, enacted in 1977, requires the federal banking regulators to evaluate banks on how they meet the credit needs of their communities, including low- and moderate-income neighborhoods. On May 5, 2022, the agencies issued a joint proposal to modernize the rule. This effort follows a previous rulemaking effort by the OCC, which was abandoned in July 2021, and advance notice of proposed rulemaking issued by the Federal Reserve in 2020.

Key issues:

  • Calibration: The proposal’s Retail Lending Test would be calibrated so stringently that it could render the CRA a tool for credit allocation, rather than for ensuring credit availability. This result would conflict with the purposes of the law. Further, this test would compare banks’ performance to benchmarks that they would never know in advance, raising due process and Administrative Procedure Act concerns.
  • Geographical bounds: The CRA requires that regulators evaluate banks’ lending in places where banks have domestic branches, not where they provide loans. In the context of digital banking and innovation, banks may provide loans to customers outside where they have branches. Under the proposal, such lending could be penalized by prompting a stringent distribution analysis in that new geographical area.
  • Price controls: Some elements of the proposal could serve as a de facto requirement to offer specific deposit services, products and features – and could effectively impose price controls by capping deposit account fees. This would contradict the statutory mandate to encourage banks to meet the credit needs of their communities and would go beyond the agencies’ statutory authority.
  • Complexity: The proposal’s multiple new tests, subtests and factors would subject several separate parts of a bank’s operation to evaluation. More straightforward alternatives could achieve similar goals.
  • Mission creep: The proposal would authorize the agencies to downgrade a bank’s rating based on any consumer compliance violation, beyond the reach of the statute and with no standard for how significant a violation would have to be to merit a downgrade.  As such, the CRA would be inappropriately converted into a redundant consumer compliance enforcement regime, and lose its focus on community development.

The proposal’s other problems include a rigid, one-size-fits-all approach to large bank evaluations and an extremely short compliance period.

Click here to read the entire article.

 

Senators Propose Legislation to Address Digital Asset Reporting Requirements

August 3, 2022 — U.S. Senators Pat Toomey (R-Pa,) Mark Warner (D-Va.), Cynthia Lummis (R-Wyo.), Kyrsten Sinema (D-Ariz.), and Rob Portman (R-Ohio) today introduced legislation to clarify the digital asset reporting requirements signed into law as part of last year’s Infrastructure Investment and Jobs Act.

Last August, the senators announced an agreement with the Department of the Treasury (Treasury) on an amendment to the infrastructure package that would have clarified the definition of “broker” with respect to who must report to the government information about a digital asset transaction. The amendment specifically excluded from reporting requirements services like mining and wallet providers who do not take custody of other individuals’ cryptocurrency, nor are able to comply with the reporting requirements of a broker. While the amendment had strong bipartisan support, including from the Biden administration, the Senate was never afforded the opportunity to vote on and pass this amendment last August due to a procedural hurdle. The legislation introduced today is the exact same text introduced as a bipartisan amendment nearly one year ago.


To read the full text of the bill, click here.


In addition to maintaining strong bipartisan support in the Senate, this legislation is widely supported by the digital asset industry.

“Coin Center supports any effort to improve the status quo created by the ill-advised crypto tax provisions in the Infrastructure Investment and Jobs Act,” said Jerry Brito, Executive Director of Coin Center. “We applaud Sen. Toomey for leading a bipartisan effort to address some of these issues and appreciate the support of Senators Warner, Sinema, Lummis and Portman.”


Related reading: Chairwoman Waters, Representatives Beatty, Green, Foster and Lynch Send Letter to Digital Assets Industry Requesting Diversity and Inclusion Data
The House Financial Services Committee sent a letter to the nation’s 20 largest crypto, Web3, and digital assets companies, as well as prominent venture capital firms with investments in crypto, urging them to provide data around their diversity and inclusion practices.


“We thank Senators Toomey, Sinema, Portman, Lummis, and Warner for their bipartisan leadership in this nuanced space,” said Sheila Warren, Chief Executive Officer of the Crypto Council for Innovation.“Clarifying how people can use and report on digital assets is important for the industry. We look forward to supporting the continued growth of innovation in the U.S. and working with policymakers on this issue.”

“The Chamber of Digital Commerce commends Senator Toomey and co-sponsors for listening to the concerns of the digital asset community and continuing to advocate for regulatory clarity,” saidCody Carbone, Director of Policy, Chamber of Digital Commerce. “The infrastructure bill included burdensome reporting requirements for nearly every participant within the ecosystem and this bipartisan bill will ensure digital asset reporting requirements match the technology’s operation. We urge that this legislation is swiftly passed into law and look forward to working with all interested parties on policy that provides additional certainty for the digital asset space.”

Click here to read the entire press release. 

 

Cisco Hacked by Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen

Courtesy of Sergiu Gatlan, BleepingComputer.com

August 10, 2022 — Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee’s account.

“Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors,” a Cisco spokesperson told BleepingComputer. “Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.

“On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community.”

Stolen employee credentials used to breach Cisco’s network The Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser.

The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. MFA fatigue is an attack tactic where threat actors send a constant stream of multi-factor authentication requests to annoy a target in the hopes that they will finally accept one to stop them from being generated.

The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company’s corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.

“They moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers,” Cisco Talos said.

After gaining domain admin, they used enumeration tools like ntdsutil, adfind, and secretsdump to collect more information and installed a series of payloads onto compromised systems, including a backdoor malware.

Ultimately, Cisco detected and evicted the attackers from its environment, but they continued trying to regain access over the following weeks.

“After obtaining initial access, the threat actor conducted a variety of activities to maintain access, minimize forensic artifacts, and increase their level of access to systems within the environment,” Cisco Talos added.

Click here to read the entire article.

 

Investors Watch for Cracks In U.S. Consumer Loan Market

Courtesy of Kate Duguid, Financial Times

August 10, 2022 — Investors are watching closely for hairline cracks in the US consumer loan market as lower-income borrowers feel the squeeze of high prices and rising interest rates. US household debt levels have skyrocketed this year as Americans borrow more to pay for increasingly expensive homes and cars.

It’s not just big-ticket items: rising rents as well as higher prices at the petrol pump and in the grocery store have pushed consumers to rely more on credit cards. Research from the Federal Reserve Bank of New York shows that US households held a record-breaking $16tn in debt as of the second quarter of this year, an increase of roughly $2tn since before the pandemic.

For now, overall delinquencies — debts past their due date — remain historically low at around 2.7 percent, and big lenders including banks have not yet registered a significant uptick in losses on consumer loans. Unemployment has been steady at pre-pandemic lows, and Americans have continued to feel the benefit of early pandemic stimulus.

But while overall delinquencies did not rise in the second quarter and are still 2 percentage points lower than they were pre-pandemic, the composition has changed. A growing share is now in the early stages of delinquency, according to the New YorkFed data, which could signal developing problems. These are particularly notable in credit card and car loans, where delinquencies are picking up in lower-income areas and among subprime borrowers.

Analysts and economists warn that these problems could proliferate as the US FederalReserve rapidly lifts interest rates to rein in price growth that continues to run at 40-year highs.

The central bank’s tightening has not yet hit the US labor market, with the unemployment rate at a half-century low , but economists expect it to do so eventually companies scale back hiring. Tighter monetary policy is also expected to make new credit harder to access, all while borrowers face higher debt payments on credit cards and other variable-interest loans.

Click here to read the entire article.

 

Bank of America Customer Loses Thousands After Being Tricked By Zelle Scammers With Personal Info

Courtesy of Michael Finney and Renee Koury, ABC 7 News

Image courtesy of TechJunkie.com

July 28, 2022  — In a widespread scam, bank imposters are tricking people into sending them money with Zelle, the popular quick payment app. The scam has been going on across the country for more than a year.

Now more are coming forward – among the latest is a San Francisco man who says the imposters knew all of his banking information, which led him into the trap. He said the shock was more than he could handle.

“I had a panic attack,” said the victim, San Francisco resident Eduardo Carrascosa. “I just couldn’t believe, I just couldn’t believe it… $3,500 is a lot of money.” That’s how much he lost, in an instant, back in June. Carrascosa says it happened while he was busy at work, managing shipping at a time when companies are trying to unclog the supply chain. “I got a call from ‘Bank of America,'” he said, using air quotes as he said the bank name. At the time, he thought it really was his bank.


RELATED READING:


The irony here: the imposters told him scammers had changed his Zelle account to send themselves money. In fact, that is exactly what the imposters themselves were doing. Thousands of dollars, gone in an instant. A woman on the phone said someone was transferring $3,500 out of his bank account. Was he the one authorizing it?

“No, that’s not me, go ahead and cancel it,” Carrascosa said he replied. “Let me get back to my work.” But the woman said he had to quickly reverse the transaction, or he’d lose his money. “So I started to, you know, red flags,” Carrascosa recalls. “So, I googled the number that was calling me.”

Carrascosa was suspicious, but a Google search showed the caller ID on his phone was a real B of A phone number. Then, a man came on the phone, supposedly the woman’s supervisor. Carrascosa said he kept quizzing the man, trying to determine if he really was a banker.

“I thought I was outsmarting them,” Carrascosa recalls. “I usually don’t make customer service reps answer all those questions but I was suspicious.”

He said the man answered all the questions correctly. “He knew my debit card number, my checking account number, cellphone number, address.” However, the man did answer vaguely when asked how long Carrascosa was a bank customer. “He said he’d been there 10 years.”

FDIC Urges Banks to Police Misleading Crypto Claims on Deposit Insurance

Courtesy of Pete Schroeder, Reuters

July 29, 2022 — A U.S. banking regulator is urging banks dealing with cryptocurrency companies that they need to make sure customers know which of their funds will be insured by the government in case of collapse, and which have no safety net.

The Federal Deposit Insurance Corporation (FDIC) said Friday it is concerned consumers may be confused about how safe their money may be when placed in crypto assets, particularly in cases where firms offer a mix of uninsured crypto products alongside insured bank deposit products.

In a new advisory, the FDIC said banks need to make sure any crypto firms they partner with do not overstate the reach of deposit insurance. The push comes as broad turmoil in the crypto market has led to the collapse of some high-profile firms, including one regulators publicly chastised yesterday for overstating deposit insurance coverage.

“Inaccurate representations about deposit insurance by non-banks, including crypto companies, may confuse the non-bank’s customers and cause those customers to mistakenly believe they are protected against any type of loss,” the FDIC advisory stated.

On Thursday, the FDIC and Federal Reserve issued a cease and desist order against now-bankrupt crypto firm Voyager Digital, charging the company misled customers to believe funds invested in the brokerage would be guaranteed by the government. read more

Specifically, the FDIC said banks need to make clear to the public that deposit insurance only covers insured banks in case of collapse, and that protection does not extend to the failure of any nonbank partners, which can include crypto custodians, exchanges, and wallet providers.

FTC Fines Opendoor $62M for ‘Misleading Claims’ About Home-Buying Service

Courtesy of PYMNTS.com

August 2, 2022 — The Federal Trade Commission on Monday (Aug. 1) fined online home buying firm Opendoor Labs $62 million, saying it must stop cheating potential home sellers by tricking them into thinking that they could make more money selling their homes to Opendoor, according to an FTC press release.

Opendoor allegedly pitched potential sellers using misleading and deceptive information, and most customers who sold to Opendoor made thousands less than they would have using a more traditional approach, the press release says.

“Opendoor promised to revolutionize the real estate market but built its business using old-fashioned deception about how much consumers could earn from selling their homes on the platform,” FTC Bureau of Consumer Protection Director Samuel Levine said in the press release. “There is nothing innovative about cheating consumers.”


Related: Real Estate Platform Opendoor Launches Mortgage Finance App


Opendoor, which buys homes directly from buyers, claimed to use cutting-edge technology to create “market-value” offers and reducing transaction costs compared with traditional home sales process, including charts showing that consumers would almost always make more money through the Opendoor service.

Opendoor also violated the law by misrepresenting its use of projected market value prices when making offers to buy homes, saying it made money from fees rather than from buying low and selling high and incorrectly reporting savings related to repair costs and selling their homes, according to the FTC release.

In a statement released Monday, Opendoor said, “While we strongly disagree with the FTC’s allegations, our decision to settle with the Commission will allow us to resolve the matter and focus on helping consumers buy, sell and move with simplicity, certainty and speed.”

The company added, “Importantly, the allegations raised by the FTC are related to activity that occurred between 2017 and 2019 and target marketing messages the company modified years ago. We are pleased to put this matter behind us and look forward to continuing to provide consumers with a modern real estate experience.”

In June, Opendoor launched a financing app that the company claims lets consumers get pre-approved for a mortgage in under two minutes. The app is part of the company’s suite of products, which include Buy with Opendoor, Opendoor Backed Offers, and Opendoor Complete.

The company said its technology identifies loan options based on the customer’s needs and criteria, including mortgage rate, guidelines and terms and the down payment required.

Opendoor said the app processes more than 10,000 data points in seconds to determine the maximum home purchase price a buyer can afford based on their qualifications and the minimum down payment for available loan options.

PayPal: BNPL Volumes Surge 226% Year on Year 

Courtesy of PYMNTS.com

August 2, 2022 — PayPal’s most recent earnings results spotlight the continued digital shift, as active user counts eclipsed pre-pandemic levels. And buy now, pay later (BNPL) volumes surged by triple-digit percentages. PayPal’s active accounts at the end of the second quarter stood at 429 million, up 6% year-over-year, and the tally includes 35 million merchant accounts.

Total payment volumes grew by 13% on an FX-neutral basis to $339.8 billion. Excluding eBay, the company’s revenues were up 14%.

Transactions Per Active Account Surge, Too 

The company said that transactions per active account grew 12% to 48.7 payment transactions. PayPal’s core daily active accounts at the end of the quarter had gained more than 40% relative to the pre-pandemic period, the company said in its supplemental filings.

Venmo volume increased 6% to $61 billion, marked by 90 million active accounts. Overall P2P volume, which includes PayPal, Venmo and Zoom, was up 3% to $93 billion (on top of 41% growth in the same period last year). Venmo commerce volume grew by 250% year over year.  P2P transactions represented 27% of TPV in the quarter.

During the conference call with analysts, CEO Dan Schulman said that the “inherent network effect” remains in place and that the company is “doubling down on checkout, our PayPal and Venmo digital wallets and our Braintree platform.” He noted on the call that 80% of the company’s volume was driven by 30% of PayPal’s active accounts in the quarter. With a nod toward continued fine-tuning of the payments experience, the company is testing its new mobile SDK software development kid, which will remove friction, he said.

“We are also enhancing our checkout user experience to better serve our nearly 400 million consumer accounts by surfacing the most relevant funding instrument based on past purchase behavior, merchant category and purchase price, among other attributes,” he said on the call. Schulman added that “we’ll continue to expect to grow significant faster than the rate of eCommerce going forward, both on branded and branded [offerings] and on checkout.”

BNPL activity has been ramping, he said, marked by $4.9 billion in volume, up 226% year over year — and used by 22 million consumers, and offered by more than 200,000 merchants.

Schulman said, too, that engagement has been on an upswing with digital wallets, and management noted on the call that wallet users are twice as likely to choose PayPal at checkout.  The company, he said, is working on “a debit card reboot” which will be a metal form factor with rewards built in — and which opens up the total addressable market by 20 million to 30 million users.

CFO John Rainey, who is being replaced by Blake Jorgensen, formerly of Electronic Arts, effective Aug. 3, noted that credit losses in the most recent quarter were $68 million, only a few basis points. During the question and answer session, management noted that Elliott Investment Management has taken a $2 billion stake in the company and said that discussions with the activist investor have been focused on operational improvements and long-term strategy.

Equifax Sent Wrong Borrower Credit Scores to Lenders

Courtesy of CUToday.info

August 3, 2022 — Equifax has confirmed it sent the erroneous credit scores to lenders of all asset sizes on people applying for auto loans, mortgages and credit cards and more during mid-March through early April of this year.

Equifax

The confirmation did not break out separately how many credit unions may have been affected.

Equifax said the scores were sometimes off by 20 points or more in either direction, according to people familiar with the situation who spoke with the Wall Street Journal. The incorrect information was sufficient to alter the interest rates consumers were offered or to result in their applications being rejected altogether, the report stated.

The company began disclosing the errors to lenders in May, the sources indicated.

Equifax said it has since fixed the error, which the company described as a “technology coding issue.” The glitch didn’t alter the information in consumers’ credit reports, according to the company.

CEO Responds

“We have determined that there was no shift in the vast majority of scores during the three-week timeframe of the issue,” Sid Singh, president of Equifax’s U.S. Information Solutions, said in a statement. “For those consumers that did experience a score shift, initial analysis indicates that only a small number of them may have received a different credit decision.”

According to the Journal, which cited people familiar with the matter, the error affected many lenders across multiple consumer loan products, not just mortgages,

The percentage of incorrect scores provided to lenders varied, sources told the Journal. At one big bank, for example, 18% of applicants during the three-week period had incorrect scores, with an average swing of eight points, one of the people said.

Several-Thousand Affected at 1 Lender

“Equifax told one large auto lender that about 10% of applicants during the three-week period had inaccurate scores, according to a person familiar with the matter,” the Journal reported. “Of those, several thousand saw a change of 25 points or more on their credit score, the person said. In a small number of cases, applicants went from having no credit score at all to a score in the 700s—or vice versa, the person said. The most widely used credit scores range between 300 to 850; the higher the credit score, the more likely an applicant will get approved and at a lower interest rate.”

Equifax’s Singh said in the statement the company has been working closely with lenders and providing them with updated scores

 

Average Data Breach Costs Hit a Record $4.4 Million, Report Says

Courtesy of Bree Fowler, CNET

According to a new report from IBM Security, the average cost of a data breach rose to $4.4 million this year.

Why it matters

More than half of the companies surveyed for the report admitted to passing on those higher costs to customers in the form of higher prices. Data breach costs keep going up, and consumers are likely paying for them.

The average data breach cost rose to an all-time high of $4.4 million this year, according to the IBM Security report released Wednesday. That marked a 2.6% increase from a year ago and a 13% jump since 2020.

More than half of the organizations surveyed acknowledged they had passed on those costs to their customers in the form of higher prices for their products and services, IBM said.

The annual report is based on an analysis of data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM, was conducted by the Ponemon Institute.

The cost estimates are based on both immediate and longer-term expenses. While some costs like the payment of ransoms and those related to investigating and containing the breach tend to be accounted for right away, others such as regulatory fines and lost sales can show up years later. On average, those polled said they accrued just under half of the costs related to a given breach more than a year after it occurred.

Case in point, T-Mobile said Friday it would pay $500 million to settle a class action lawsuit filed by customers over a data breach revealed nearly a year ago that exposed the personal information of an estimated 76.6 million people.


Pending judicial approval that could come before the end of the year, T-Mobile will pay $350 million to settle the customers’ claims and an additional $150 million to upgrade its data protection. The breach, disclosed in August, exposed information such as customer names, Social Security numbers, phone numbers, addresses and dates of birth.

Many of the highest-cost breaches analyzed in the IBM study involved critical infrastructure within the financial services, industrial, technology, energy, transportation, communication, healthcare, education and public-sector industries.

Those breaches had an average cost of $4.8 million, about $1 million more than the average cost paid by organizations outside of critical infrastructure, IBM said.

Part of that stems from the particularly high costs of health care industry breaches. Healthcare, which is considered to be critical infrastructure, had the highest average per-breach cost of $10.1 million, up from $9.2 million in 2021.

Critical infrastructure has become an increasingly tempting target for both nation-state attackers and cybercrime gangs in recent years. Last year, ransomware attacks against Colonial Pipeline and meat processor JBS USA shut down both companies for days, even though they both paid the equivalent of millions of dollars in ransom to get their data unlocked.

Read the entire article here. 

 

Millions of Android Devices Infected with Wallet-Draining Malware

Courtesy of Sead Fadilpašić, TechRadar.com

That Android wallpaper app is actually signing you up for premium services

Researchers have discovered another batch of seemingly innocent Android apps that are actually designed to push malware onto the endpoints(opens in new tab), and rake up expenses to the unsuspecting victims.

The latest batch included wallpaper apps, keyboards, photo editors, video editors, and an occasional cache cleaner or system maintenance apps, was discovered by the Dr. Web antivirus(opens in new tab) team, and have more than 10 million downloads between them. Overall, 28 apps were found on the Google Play Store, having somehow managed to bypass Google’s strict security policies.


Listen to or read the entire article here.

Related Reading: Click here for a complete list of malicious Android apps.

Related Reading: This Android malware is so dangerous, even Google is worried


Android Apps Hacked

As for the damages, the practice is more or less the same. Once installed, most apps will try to hide, changing their appearance in the app drawer to that of a system app. That way, they hope the users would be discouraged from uninstalling them. Then, the apps would push ads, and try to sign up the victim to various premium services, to rake up additional expenses.

None of this would have been possible if users wouldn’t give the apps the necessary permissions. Even though the apps are simple in design (and actually do what they’re advertised to do), they often ask the users for advanced permissions, such as the permission to be excluded from the battery saver feature, so that they can remain operational in the background even when terminated by the user – which itself is a major red flag.

Most of the apps have already been removed from the Play Store, but three remain. Still, even if all of the apps were removed, they have still been downloaded millions of times, and until all victims remove them from their devices, they’ll continue to be a threat.

 


Tom Ernsperger, EVP/Chief Lending Officer, One Nevada Credit Union
“To some extent, yes. Particularly here in the Las Vegas market, where housing price appreciation has been among the national leaders for some time. Remarkable home price increases combined with quickly rising rates have already priced a number of potential borrowers out of the market.

“While I don’t see it being nearly as volatile as during the last recession, I think we’ll see home sellers coming off their asking prices to facilitate sales. We’ve already seen a bit of this.”


Marty Burke, Vice President/Mortgage Development Officer, Franklin Mint FCU

“I don’t believe we’re in a housing bubble nor are we headed for one. From 2008-2011, home prices decreased by over 30% and caused homeowners to become upside down, owing more than the home’s value. 

“In this market, house appreciation will slow to low single-digit appreciation by year’s end, but values will tend to stabilize and not decline. As rates rise, home-buying demand will slow. We’ll see more inventory available for buyers still seeking the opportunity of homeownership.”


Wendy Dawson, Vice President of Mortgage Lending, Coastal FCU

“Wow, that’s the magical question. No one can know for certain how the market will change over the next few days, weeks, or months, and economic news will continue to impact the housing market one way or another.

“I do feel confident and fortunate that Coastal operates in a footprint (NC, SC, and VA) with enormous demand for housing that is likely to continue. The last estimate I read warned that the national housing inventory is well below what’s needed, potentially as much as 3 million homes below demand. This underpins the entire market and should be considered when discussing the current state of the market.

“Especially as the market shifts, we’ll do our best to make sure our products continue to be tailored to the needs of our members and our markets. This, combined with our conservative and sustainable approach to growth, will continue to help us achieve our goals.”


Doc Dougherty, Chief Lending Officer, Together Credit Union

“There are good arguments on both sides, but I wouldn’t call it a bubble. A housing bubble requires both a rush of speculators entering markets and overvalued homes. From what I review and follow, values have increased swiftly over the past few years. However, unlike the bubble of 2008 -09, this recent housing boom is not underpinned by the crazy speculation that we saw back then, and underwriting practices have improved dramatically.

“In some U.S. markets, we’ll likely see 10% to 15% declines if we end up in another recession. Fortunately, those of us living in the Midwest don’t experience the crazy market swings that occur more often in the Northwest and Southwest.”


Andrew Clarkson, Vice President for national mortgage production, United FCU

“I don’t believe so. The current economic stress isn’t originating from the housing market. Jobs and incomes remain in strong positions. Inflation and supply chain issues continue to be the primary stressors of this economy.”

“The housing market will eventually react to rising rates. We’ve seen an increase in price reductions and that trend may very well be normal over the next several months as interest rates climb. But, according to national real estate associations, there’s still a housing-supply shortage so a housing bubble seems unlikely.”