The Office of the Comptroller of the Currency comptroller Thomas J. Curry (pictured) said financial institutions need better preparation for new payment system cyber-risks at the Emerging Payments Forum, hosted by BITS, the technology policy division of the Financial Services Roundtable.
Curry said financial institutions need to be better prepared to address the cyber-risks associated with rolling out new payments systems.
“The same technologies many of you in this room have employed to provide new and efficient delivery channels for your customers are also being used aggressively by hackers and criminal elements, which brings me to the all-important question of cybersecurity,” Curry told executives at the forum. “Cybercriminals will also probe emerging payments systems for vulnerabilities that they can exploit to engage in money laundering, which has broad national security implications.”
Curry also emphasized, “I believe banks have an advantage over many of their non-bank competitors in the cybersecurity and anti-money laundering arenas in part because of the regulatory regime that they operate in and the industry's collective interest in protecting the security of the payments system.”
In addition to ensuring that banks adhere to various regulatory standards and policy guidance, Curry said regulators provide an additional set of highly trained eyes during the process of determining what risks financial institutions face and how well they manage those risks. He also said regulators provide technical expertise that is particularly important to community banks.
Banking institutions must be well-informed about the risks tied to emerging retail and wholesale payments methods, such as mobile payments and digital currencies. He called for more regulatory oversight of non-bank payments players, such as ApplePay and Google Wallet, with which banking institutions have already built payments-related relationships.
“Regulation adds significant value in the areas that we're discussing today,” he said. “Efforts are well under way to bring e-commerce and emerging payments systems deployed by non-bank players under greater regulatory scrutiny.”
Curry also said banks and credit unions must take steps to ensure cybersecurity throughout the payments chain, including at merchants. Banks represent “the industry's collective interest in protecting the security of the payments system,” he added.
By employing authority granted by the Dodd-Frank Wall Street Reform and Consumer Protection Act, banking regulators can do more to oversee e-commerce and emerging payments players to ensure a more level playing field and protections for customers of non-banks, Curry said.
The FFIEC is recommending use of the self-assessment tool, one of six key cybersecurity recommendations it announced in March that it planned to include in updates and supplements to the Information Technology Examination Handbook.
“Banks have been the source of so many of the innovative products and technologies of recent years,” he added. “Banks of all sizes are playing important roles as pioneers and partners in the development and adaptation of emerging payments technologies. Banks are engaged in organizations such as BITS and the Bank Innovators Council, through which they share brainpower and financial resources. Some banks are setting up innovation incubators, where they have the freedom to pursue, implement and field-test new technologies.”
Coincidental to the remarks was the latest breach report from the San Diego-based Identity Theft Resource Center that shows a significant jump of nearly 58% in the number of breaches in the banking/credit/financial sector over the same period last year. Next comes a 42.1% hike in the Educational sector and a 23.1% increase in the business sector. In contrast are the dramatic decreases in the number of breaches in the government/military and healthcare/medical sectors, down 45.2% and 27.1%, respectively.
Banking represents only 9.1% of the total of 103,340,565 breached records recorded by the ITRC. That still accounts for 403,531 records.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
