ABA, FS-ISAC, FFIEC Offer Resources on Shellshock Bug September 29, 2014
As businesses and customers respond to the Bash Shellshock bug -- a security vulnerability affecting Unix-based operating systems, such as Linux and Mac OS X -- ABA, the Financial Services Information Analysis and Sharing Center and the Federal Financial Institutions Examination Council offered resources for bankers and their customers.
In a statement, FS-ISAC labeled it a “significant threat to systems and networks” and urged banks and their partners to “identify and remediate vulnerable systems using a prioritized, risk-based approach.” FS-ISAC also warned about “cross-sector exposure” due to the pervasiveness of Unix-based systems.
ABA on Friday issued an FAQ for bankers to use in explaining Shellshock, emphasizing that bank customers are always protected from unauthorized transactions and reminding customers to update their passwords regularly to keep themselves safe online.
The full FS-ISAC statement and sample memos for use by bank risk officers are available exclusively for ABA members at aba.com/cybersecurity. ABA encourages banks to become members of FS-ISAC in order to share and receive up-to-date information about emerging cyber threats. View ABA’s FAQ page here. View the FFIEC advisory information here.
Pentagon to Tighten Loan Rules for Service Members September 29, 2014
The Defense Department is today proposing tightening restrictions on lending to service members. The DoD said that current restrictions in the Military Lending Act -- principally targeting tax refund anticipation loans, payday loans and car title loans -- leave too many loopholes, although ABA and other banking trade groups have warned that the DoD’s approach could increase costs and limit choices for service members and their families.
The proposed rule would extend the terms of the MLA to all types of credit that is subject to the Truth in Lending Act, with particular implications for credit cards, lines of credit, installment loans and deposit advances offered to service members. The rule would not cover home mortgages and money purchase loans for cars.
The DoD proposed allowing creditors to exclude “bona fide fees that are reasonable and customary” from the MLA’s 36 percent APR cap. It also proposed to allow creditors to verify a loan applicant’s military status through the DoD’s online database, rather than relying on the borrower’s representation.
“When it comes to providing financial services to the military, the banking industry’s record is a strong and positive one,” said ABA EVP Wayne Abernathy. “We have worked with DoD over the past decade to ensure that implementing the MLA does not put military families at a disadvantage or harm their ability to access financial services provided by banks.”
ABA will evaluate and comment on the proposed rule. Comments are due by Nov. 28. Read the proposed rule here. Read ABA’s previous comments.
ABA Carefully Watching Walmart Checking Entry September 25, 2014
Walmart yesterday announced a new checking account product solely available in its stores. The product, called “GoBank,” is being offered through prepaid card provider Green Dot Corporation’s FDIC-insured bank, Green Dot Bank.
Walmart said that GoBank is aimed at the underbanked and unbanked, with “almost any” individual over 18 able to set up an account. GoBank will charge $8.95 per month but waive the fee with a monthly direct deposit of at least $500. Walmart also said the product would charge no fees for overdrafts or bounced checks.
ABA has repeatedly opposed Walmart and other unregulated nonbanks entering the banking business, and ABA President and CEO Frank Keating once again expressed caution about the nation’s largest retailer providing traditional banking services.
“While our industry is always seeking new ways of reaching the unbanked, we are watching Walmart very carefully,” Keating said. “Is a bank or Walmart offering these services? Do consumer protection laws, data security mandates and regulatory oversight apply? It seems to us that regulators should be looking very closely at these questions.” Read more.
Kansas City Fed Chief Calls for Community Bank Reg Relief September 25, 2014
The Dodd-Frank Act, Basel III and other regulatory efforts aimed at the largest financial institutions have “impinged” on community banks, Federal Reserve Bank of Kansas City President Esther George said at a research conference on Tuesday. She singled out consumer compliance regulation as an example where “the pendulum has swung too far.”
George noted that “for banks that depend on relationship lending with customized terms and conditions, the regulations and the focus on identifying specific undesirable products seems to run counter to the requisite subjectivity that underlies the strengths of community bank lending.” She expressed concern about “a prosecutorial tone” in exams that forces “bank customers to prove they aren’t crooks and bankers to prove to regulators that they aren’t deceptive and unfair.”
The increasing complexity and prescriptiveness of rules also harm community banks through outsized compliance costs, even though they tend to have higher capital levels to begin with, George said. Meanwhile, she continued, “the substitution of rigid rules for examiner judgment has altered the supervisory process without adding value and has instead created higher costs of compliance.” Read the speech.
Bankers Can Tweet Lawmakers with New ABA Tool September 15, 2014
ABA today launched its new Twitter map -- an interactive tool to help bankers connect with their members of Congress through Twitter. The map generates ready-to-send advocacy tweets that are specific to each banker’s state, lawmakers and key issues.
Bankers can use the Twitter map to send messages on regulatory burden, data security, the Farm Credit System and credit unions. It is available through Amplify, ABA's free advocacy platform on which all bankers can create an account.
"These issues have taken on critical importance to bankers and taxpayers across the country," said ABA EVP James Ballentine. "This map provides bankers with a quick and easy way to educate members of Congress on the issues their constituents are facing." Access the map (please note you must sign up or sign in to Amplify to view).
Apple Unveils ‘Apple Pay’ Virtual Wallet September 10, 2014
Apple yesterday unveiled its new iPhone 6 and a new virtual wallet app called Apple Pay that will allow iPhone 6 users to make purchases at points of sale with their phones. Apple Pay is leveraged on the 800 million credit cards Apple reportedly has on file in its iTunes store.
To pay, an Apple Pay customer will hold a phone near an encrypted-transmission sensor and press the fingerprint recognition device in the phone’s home button. The payment will be automatically processed from a card stored in the user’s Apple account. The store clerk will not see any card information. To protect users, no card information will be stored on the phone, Apple said; instead, the phone will relay a device number and a dynamic security code.
Apple said it has lined up numerous retailers to accept Apple Pay, including Macys, Walgreens, McDonald’s, Subway and Duane Reed. It has also partnered with Visa, MasterCard and American Express and with the six largest card-issuing U.S. banks. Apple Pay is expected to be available in October.
As payment options such as Apple Pay and other virtual wallets evolve, ABA will continue to emphasize the importance of consumer protection across all electronic payments, high standards to ensure the integrity of the payments system and a level playing field for all payments system participants.
ABA Survey Finds Target Breach Costly to Banks September 8, 2014
The Target consumer data breach last year was costly for banks of all sizes -- and especially for community banks -- according to an ABA survey of more than 500 banks. More than 8 percent of debit cards and nearly 4 percent of credit cards were implicated in the breach, and banks reissued nearly every card so implicated, representing tens of millions of cards reissued in response to a single breach.
Community banks experienced disproportionately higher costs in reissuing cards. Banks with under $1 billion in assets spent just over $11 per debit card and $12.75 per credit card, including mailing, card production and staff time. The largest banks -- those with over $50 billion -- spent under $3 per card. “These costs are deeply troubling for all banks, especially for community banks,” said ABA President and CEO Frank Keating. “As each new retailer breach occurs, these costs will be repeated over and over. Enough is enough.”
Banks also bear the costs of retailer breaches through low reimbursement rates. Although the survey did not cover reimbursement specifically for the Target breach, only one third of banks reported receiving any reimbursement for fraud losses and reissue costs in the previous five years. Of those that did receive reimbursement, 83 percent said they received less than 10 cents on the dollar -- and 46 percent reported receiving not even a penny on the dollar.
“We have engaged for the past year in discussions with the card associations on increasing bank reimbursement levels for data breach costs,” Keating said. “These findings make it clear that banks bear too much of the cost of retailers’ data breaches. We will continue to push to get these reimbursement levels up.” View the survey results. To report more experiences with breaches and reimbursement, email email@example.com.
Read more Bank Industry News