Current News

Sprinting Toward Faster Payments: Update on Task Force Activity
A Faster Payments Task Force update (posted April 10, 2017)

Convened in May 2015, the Faster Payments Task Force is part of a strategy to achieving “a ubiquitous, safe, faster electronic solution(s) for making a broad variety of business and personal payments supported by a flexible and cost-effective means for payment clearing and settlement groups to settle their positions rapidly and with finality.” This desired outcome was proposed by the Federal Reserve’s Strategies for Improving the U.S. Payment System.

In just under two years, the Faster Payments Task Force made considerable advancement in their pursuit to identify effective approaches for implementing safe, ubiquitous, faster payments in the United States. Bankers’ Bank of the West is proud to be a member of this unprecedented collaborative effort, involving over 300 diverse organizations. The varied viewpoints and expertise that make up the task force contribute to work products representative of all payment stakeholders. One such work product, recently released, is The U.S. Path to Faster Payments, Final Report Part One: The Faster Payments Task Force Approach. A precursor to the cumulative final report representing all the task force effort, recommendations and next steps, part one lays the foundation for “Why faster payments?” and the path to getting there. It highlights the task force process of collectively working together and gaining consensus on the work products to-date.

As we sprint towards realization of our desired outcome, join us in reflecting on some of our work products and the plans for 2017. In addition to the final report part one, a progress report outlining work to-date across all strategies was also released.

Progress to Date

  • Developed the Faster Payments Effectiveness Criteria, which were foundational to assessing faster payments solutions and can serve as a guide to industry innovation. The 36 criteria are categorized into six groupings, Ubiquity, Efficiency, Safety and Security, Speed, Legal, and Governance, and represent the collective views of payment stakeholders.
  • Fielded and commissioned an independent assessment of 22 faster payments solution proposals against the Effectiveness Criteria, 19 of which voluntarily progressed through a review by the 500+ participants of the Faster and Secure task forces. Sixteen have opted to be included in the Final Report Part Two publication.
  • Analyzed potential challenges to successful faster payments implementation, focusing on provider interoperability, rules and standards, governance, adoption, safety and security.
  • Published part one of a two-part final report that provides a high-level overview of the task force’s background and processes, the payments landscape and the benefits of faster payments: The U.S. Path to Faster Payments, Final Report Part One: The Faster Payments Task Force Approach.

Plans for 2017

  • Publish part two of the final report, the U.S. Path to Faster Payments, in mid-2017. Part two will include an in-depth report covering the assessment of faster payments solution proposals, challenges and opportunities for achieving faster payments in the United States, and the task force’s recommendations and suggestions for industry action. Essentially, part two will lay out the path, as the task force sees it, to implementing faster payments, getting us one step closer to achieving our desire outcome.
  • While publication of The U.S. Path to Faster Payments will indeed get us closer to a ubiquitous, safe, faster payment solution for the U.S., there will still be work to complete in order to fully realize that outcome. Actively solving foundational issues such as adoption, interoperability, public trust, and the development of the ecosystem will require continued momentum. The task force will work towards next steps for industry collaboration in full pursuit of our desired outcome.

All this work and more can be found on FedPaymentsImprovement.org. To continue learning about our work efforts follow us on Twitter (@fedpayimprove) and/or join the FedPayments Improvement Community or the task force by visiting FedPaymentsImprovement.org.

Existence of fileless malware confirmed: What can be done?

Anne Benigsen, CISSP, Bankers’ Bank of the West (posted February 17, 2017)

There is always something looming on the horizon when it comes to information and cybersecurity. This could be the year of a highly advanced threat known as fileless malware, which was used recently to steal more than $1 billion through banks. Many industry experts believe two hacker groups, Carbanak and GCMAN, were responsible for those thefts.

The buzz began with the 2015 discovery by Kaspersky, the cybersecurity developer, of an infection of its network that was caused by a new type of malware derived from Stuxnet, a nation-state-sponsored worm. What made the malware remarkable was that it created no permanent files and left no traces on any hard drive. Instead, it resided solely in the memory (RAM) of the computer. So after the computer was shut off, there was no evidence.

Now hackers are starting to use variants of fileless malware to get a foothold into a system, and then use regular Windows tools for financial gain—by, among other things, installing legitimate products that can be used for nefarious purposes.

Kaspersky Lab discovered this variant recently and, after doing an international study, found it on 140 enterprise networks, including financial institutions in the United States. It’s reasonable to assume many more financial institutions are compromised because most are outside of the enterprise tests performed by Kaspersky.

These protective measures are recommended for financial institutions:

  • Change passwords. That means all passwords—not just into user accounts, but into firewalls, routers, switches, and other appliances.
  • Utilize two factor authentication (2FA) or multifactor authentication for more services and in-house programs or portals.
  • Maintain a high level of proficiency within your in-house or third-party experts.
  • Ensure you have detection and prevention tools that are regularly upgraded and sourced through industry leaders.
  • Make sure your in-house or third-party information and cybersecurity team understands the “indicators of compromise” for this threat.

The threat landscape has gotten more sophisticated, and we must be able understand, detect and remediate new threats, even when we cannot prevent them.

Advisory issued by U.S. Department of the Treasury Financial Crimes Enforcement Network concerns cyber-events and cyber-enabled crime

Posted November 29, 2016

A nine-page advisory issued by FinCEN on October 25, 2016 contains information, analysis and access to additional resources intended to help financial institutions understand both the threats posed by criminals, terrorists and state actors, and the essential role financial institutions play in protecting their customers and the larger financial system from such threats.

The advisory is especially pertinent to bank employees responsible for cybersecurity, network administration, risk management, fraud prevention, BSA/AML management, and AML efforts. To access the document, browse the RESOURCES section (Advisories/Bulletins/Fact Sheets) at www.fincen.gov for FinCEN Advisory FIN-2016-A005.