Auto Finance News
  • Home
  • News
  • Features
  • Events
    • Auto Finance Summit East
    • Equipment Finance Connect
    • Auto Finance Summit
    • PowerSports Finance Summit
  • Webinar
    • Harnessing AI & Machine Learning to Address Vehicle Affordability Issues
    • Webinar Library
  • Podcast
  • Powersports
  • Big Wheels Data

No products in the cart.

Subscribe
  • Capital & Funding
  • Compliance
  • Risk
  • Technology
  • Best Practices
  • Compliance Monitor
Log In
No Result
View All Result
Auto Finance News
  • Home
  • News
  • Features
  • Events
    • Auto Finance Summit East
    • Equipment Finance Connect
    • Auto Finance Summit
    • PowerSports Finance Summit
  • Webinar
    • Harnessing AI & Machine Learning to Address Vehicle Affordability Issues
    • Webinar Library
  • Podcast
  • Powersports
  • Big Wheels Data
BIG Wheels
Log In
No Result
View All Result
Auto Finance News
No Result
View All Result

Stay atop of emerging threats to fight cybercrime

Katherine Romano SchnackbyKatherine Romano Schnack
October 3, 2022
in Compliance
Reading Time: 6 mins read

It is a relentless battle to protect your data from hackers, fraudsters and even nation-states that commit cyberattacks against the financial services sector.  

Legal requirements for data security come from a variety of places, including the Gramm-Leach-Bliley Act’s Safeguards Rule, examination requirements, payment network rules and contract requirements. We have seen data security enforcement actions by the Federal Trade Commission (FTC) for many years.  

Recently, the Consumer Financial Protection Bureau (CFPB) signaled its increased scrutiny of data security in an August circular, which states that the CFPB considers lax data security a potential unfair act or practice violation of the Consumer Financial Protection Act (CFPA). An unfair act or practice under the CFPA is one that is likely to cause substantial injury and that is not reasonably avoidable or outweighed by countervailing benefits to consumers or competition. The CFPB alleged an unfairness violation related to inadequate data security, most notably in the Equifax data breach case. The CFPB’s circular signaled an increased enforcement focus going forward.  

Information sharing between law enforcement and the financial services industry is a critical weapon in the fight against cybercrime and is evidence of your commitment to meet the CFPB’s and other legal data security standards. Staying on top of emerging threats can dramatically mitigate the losses from a cyberattack.  

The following federal government agencies are heavily involved in the fight against cybercrime in the financial sector, offering resources for financial services providers to protect against common cyberattacks including business email compromise, ransomware and synthetic identity fraud. 

© Can Stock Photo / maxkabakov

FBI Internet Crime Complaint Center (IC3) 

The federal law enforcement agencies have Cyber Fraud Task Force working groups that share information and hold quarterly meetings with the industry. You can join one by contacting your local FBI Field Office. The FBI’s Internet Crime Complaint Center (IC3) receives complaints of cybercrimes, tracks emerging threats, and alerts law enforcement and industry of suspected criminal internet activity. The IC3’s 2021 Internet Crime Report, accessible on the IC3 home page, reports that it received 847,376 internet crime complaints in 2021. Top types of cybercrime included ransomware and business email compromise. 

In a typical business email compromise scam, the cybercriminal compromises a legitimate business email account and requests that an employee make a payment for what appears to be a business purpose such as payment to a vendor. Instead, the payment goes to the cybercriminal’s account.    

Cybercriminals have capitalized on the pandemic’s growth of virtual meeting platforms to hack emails and impersonate business executives through the use of deep fakes, or simply claim technical problems to explain sound discrepancies and avoid using the camera in video meetings. The cybercriminal typically uses social engineering to review website and information on social media to gain information about employees and their roles. Cyberattacks may include malware or other intrusion vectors to commit unauthorized transactions.  

Business email compromise losses in 2021 alone totaled nearly $2.4 billion. IC3’s Financial Fraud Kill Chain, an information-sharing tool between law enforcement and financial institutions, successfully stopped fraudulent transfers in process and froze $329 million in fraudulent funds. 

Out of 14 critical infrastructure sectors, financial services had the second-highest number of ransomware victims in 2021. IC3 received 3,729 ransomware-related complaints in 2021, with losses of more than $49 million. Ransomware encrypts data on a computer or network and locks out the rightful owner of the data. Cybercriminals promise to return access to the data only when a ransom is paid. Attack methods include phishing emails, Remote Desktop Protocol (RDP) and software vulnerabilities. While the FBI advises against paying a ransom, many ransomware victims have found themselves with no other option.  

Federal Reserve Synthetic Identity Fraud Resources 

The Federal Reserve has devoted a significant number of resources to fighting synthetic identity fraud. In addition to educational materials about synthetic identity fraud and how it is committed, the Fed has a Synthetic Identity Fraud Mitigation Toolkit with modules on specific ways to battle synthetic identity fraud, including tips for detection and the use of technology. Again, information-sharing with law enforcement and fellow financial services providers is stressed as a valuable way to learn about synthetic identity fraud activity affecting your area and to protect your organization.  

United States Secret Service  

Many know of the U.S. Secret Service by its protective mission, but another mission of the Secret Service is fighting cybercrime. In addition to providing guidance on how to protect your organization from a cyberattack, the Secret Service also participates in cybercrime investigations. You can sign up to receive cybercrime alerts directly from the Secret Service. 

Cybersecurity & Infrastructure Security Agency 

The Cybersecurity & Infrastructure Security Agency (CISA) continuously posts alerts on emerging and current cyberthreats, including attacks by nation-states. For example, the Shields Up initiative alerts the industry to increased cyberattacks from Russia tied to its invasion of Ukraine. In addition to information about threats, CISA provides guidance for organizations and their leaders on steps to take to protect their organizations from cyberattacks.  

The battle against cybercrime can be overwhelming, but you do not have to fight it alone. Information–sharing between law enforcement and financial services providers may keep your organization from becoming another cybercrime statistic. 

Katherine Romano Schnack is of counsel for law firm McGlinchey, where she advises financial institutions, fintechs, and processors on the complex liability, fraud, and compliance considerations at play, including the overlapping schemes of regulations and card network rules. 

Auto Finance Summit, the premier industry event for auto lending and leasing, returns October 26-28 at the Wynn Las Vegas. To learn more about the 2022 event and register, visit www.AutoFinanceSummit.com.  

Tags: CFPBcomplianceCompliance Insidercybersecurityfraud
Previous Post

GM tops rival automakers in car sales as supply crunch eases

Next Post

Listen: Dialing up fraud

Related Posts

TJ Villanueva, vice president and associate counsel at GM Financial, speaks at Auto Finance Summit East 2025.
Best Practices

3 words of compliance advice from GM Financial counsel 

May 21, 2025
(Courtesy/Auto Finance News)
Compliance

GM Financial, Husch Blackwell talk CFPB shift

May 15, 2025

sponsored by InformedIQ

Subscribe to Our Newsletters

PowerSports Finance

Next Post
© Can Stock Photo / shmeljov

Listen: Dialing up fraud

ABOUT US

HELP CENTER

ADVERTISE

PRIVACY TERMS

ADA COMPLIANCE

CODE OF JOURNALISM ETHICS

Manage Cookie Consent

EXECUTIVES OF THE YEAR

AUTO FINANCE EXCELLENCE AWARDS

MAGAZINE ARCHIVE

INDUSTRY GLOSSARY

facebook linkedin twitter podcast podcast
© 2025 Royal Media
No Result
View All Result
  • Home
  • News
    • All News
    • Capital & Funding
    • EVs
    • Technology
    • Management
    • Powersports Finance News
    • Risk Management
    • Sales & Marketing
  • Events
    • Auto Finance Summit East
    • Equipment Finance Connect
    • Auto Finance Summit
    • PowerSports Finance Summit
  • Features
    • Latest Issue
    • Features
    • New Tracks
    • Car Culture
    • Staffing Shuffles
    • Under The Hood
    • Spotlight
    • Issue Archive
  • Webinar
  • Podcast
  • Big Wheels Data
  • SUBSCRIBE
  • Log In / Account

No Result
View All Result
  • Home
  • News
    • All News
    • Capital & Funding
    • EVs
    • Technology
    • Management
    • Powersports Finance News
    • Risk Management
    • Sales & Marketing
  • Events
    • Auto Finance Summit East
    • Equipment Finance Connect
    • Auto Finance Summit
    • PowerSports Finance Summit
  • Features
    • Latest Issue
    • Features
    • New Tracks
    • Car Culture
    • Staffing Shuffles
    • Under The Hood
    • Spotlight
    • Issue Archive
  • Webinar
  • Podcast
  • Big Wheels Data
  • SUBSCRIBE
  • Log In / Account

THIS WEBSITE USES COOKIES

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “I CONSENT”, you consent to the use of ALL the cookies.

Cookie settingsI CONSENT

Review our Cookie Policies
.
Manage Cookie Consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
34f6831605sessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
a64cedc0bfsessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
CookieConsentPolicy1 yearUsed to apply end-user cookie consent preferences set by our client-side utility.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
crmcsrsessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
JSESSIONIDsessionThe JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKENsessionCloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
LSKey-c$CookieConsentPolicy1 yearUsed to apply end-user cookie consent preferences set by our client-side utility.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmpsessionZoho sets this cookie for the login function on the website.
663a60c55dsessionThis cookie is related to Zoho (Customer Service) Chatbox
e188bc05fesessionThis cookie is set in relation to Zoho Campaigns
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT2 yearsYouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid2 yearsVimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
__Host-GAPS2 yearsThis cookie allows the website to identify a user and provide enhanced functionality and personalisation.
_dc_gtm_UA-1038974-31 minuteUsed to help identify the visitors by either age, gender, or interests by DoubleClick - Google Tag Manager.
_fbp3 monthsThis cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr3 monthsFacebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE5 months 27 daysA cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSCsessionYSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devicesneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-idneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextIdneverThis cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requestsneverThis cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
caf_ipaddrsessionNo description available.
citysessionNo description available.
countrysessionNo description available.
gnt_eidsessionNo description available.
gnt_eu6 hoursNo description
iamcsrsessionZoho (Customer Support) sets this cookie and is used for tracking visitors (for performance purposes)
systemsessionNo description available.
traffic_targetsessionNo description available.
Save & Accept
Powered by CookieYes Logo