Big rise in Australian card fraud

October 9, 2015
/   Insights

Cases of card not present (CNP) fraud are continuing to rise across all corners of the globe, as EMV forces criminals away from traditional fraud channels.

EMV is Here: Tips & Tricks You Need to Know

October 7, 2015
/   Insights

The EMV (Europay, MasterCard, Visa) shift went into effect on October 1, 2015 and a majority of large retailers and merchants have upgraded POS terminals to accept EMV chip cards. Despite this new mandate,...

FI Highlight: BankMobile

October 2, 2015
/   Spotlight

Financial institutions that aren’t developing and catering to the wants and needs of younger demographics are missing out on huge opportunities for growth. Luvleen Sidhu, Chief Strategy and Marketing Officer at BankMobile, spoke with...

EMV Liability Shift: Are You Ready?

September 28, 2015

The talking is nearly over for the US payments industry as October 1st sees the all-important EMV liability shift. Chip cards are being issued to consumers and merchants are upgrading their point of sale...

The 5 Most Dangerous Mobile Banking Habits

September 14, 2015
/   Voices

Mobile banking grows more ubiquitous every year. 52 percent of smartphone owners with a bank account use mobile banking, according to the Federal Reserve, and more than half of users log in at least...

The Case for CSR

September 7, 2015

The demise of a New York City law shouldn’t stop good works

FI Highlight: Nusenda Credit Union

September 1, 2015
/   Spotlight

While it is important for banks and credit unions to consider the needs of consumers, it’s also important for FIs to take employee needs into consideration as well. Michelle Dearholt, SVP of Human Resources at Nusenda...

Is a .bank Domain Right for Your Bank?

August 28, 2015
/   Voices

With the general availability of the .bank registry under way, more than 5,500 applications from over 2,200 banks have already taken place, according to fTLD Registry Services.

Can Smartphones Solve ATM Skimming

/   Insights

ATM skimming remains a big business for organized crime rings. According to a recent article in, card skimming accounted for more than $2 billion in losses. One new approach that banks are exploring...

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

The Top 10 Trends in the Digital Banking Industry

December 18, 2013
/   Spotlight

2014 is rapidly approaching and as the year wraps, the Digital Insight team has pulled together the top 10 trends in the digital banking industry based on data and trends from studying financial institutions....

Making Banking Fun: Gamification in Financial Services

August 5, 2013
/   Insights

Recently, the team sat in on American Banker’s webinar, “Gamification in Financial Services: Five Proven Ways to Get an Edge,” which shared how leading brands in financial services have applied gamification to reach...

Small Business: Perception vs. Reality

November 21, 2012
/   Insights

In the most recent election cycle, like most others before it, the one sector of the economy that got the most attention was small business.  This is the future, we were told by every...

Technology M&As: The Beats Go On

May 29, 2014
/   Insights

The ongoing fascination with Apple’s $3 billion purchase of Beats Electronics is entirely understandable, because it’s a cool story. However, it also says a lot about what’s going on between finance and tech.

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below. Virtual Banking Worlds Provide Tangible Lessons American...

What We’re Reading: Thanksgiving Edition

November 22, 2012
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom. Mobile Thursday? Plans for Thanksgiving...

Ransomware: The very word is unpleasant, turning up the seamy underbelly to hardware and software. But it is a real thing, and it’s gotten immensely popular. And now, it’s crashing our party.

Of course, ransomware is still basically malware in that it restricts access to the system it infects. However, it goes further than rival strains by specifically demanding a ransom in order go away. Like other viruses its specific origins are dubious, but there’s no question that this bit of capitalist skullduggery initially gained traction in Russia. True to form, it didn’t stay there long—according to anti-virus vendor McAfee, it doubled in scope in one year to 250,000 unique samples in the first quarter of 2013.

Those with memories of Soviet-era paranoia and Cold War hysteria might remember that there were constant fears of Russian spies sabotaging the U.S. infrastructure. One supposed threat was that those sneaky Russkies would infiltrate the banking system and undermine it, bringing the economy to a screeching halt. Well, it’s a few decades later, and the latest ransomware may not be quite such a problem, but there’s a whiff of those old fears anyway.

So, meet Svpeng. Kaspersky Labs first shed a light on this nasty piece of work last year, when it was still in mother Russia. But in June, a particular breed arrived here in search of Android devices. More specifically, it takes direct aim at mobile banking apps running on those devices and uses them to shut down the phone or tablet. The ransomware then emerges to ask for money to unlock it.

All this is bad enough, but there’s another milestone of sorts here. By some accounts, this is the first major virus to systematically target mobile banking apps. And given that there are more than 100 million mobile banking users in the country, that’s potentially very bad news.

While these are early days and there will surely be other variants, here’s how the scenario currently plays out. Svpeng gets into the device through a coordinated social media campaign, then seeks out apps from a list of blue-chip vendors, such as American Express, Citigroup, Bank of America, Wells Fargo and JPMorgan Chase. And once it’s in there it’s almost impossible to scrub.

The ransomware takes the form of a fake FBI letter that asks for $200 in the form of to be paid through Green Dot MoneyPak cards. (It helpfully suggests outlets where those cards can be bought.) So far the malware doesn’t seem to be stealing bank credentials, but that’s what it did in Russia, so it will likely happen here soon enough.

That fact that malware has become so targeted and proficient is not a surprise, but it’s unfortunate nonetheless. The bigger worry may be that the financial services providers developing and distributing those for the public to use can’t really do much about it—they can perhaps exert some control over customers’ interactions with those apps, and that’s about it.

We’ve known all along that the unbelievable growth of mobile banking would give rise to a new generation of cyber criminals, and it’s happening now. There will be more such attacks not less, and we can’t put the genie back in the bottle, any more than we can take control of our customers’ phones.

There’s no magic bullet here. What we can do, over and over again, is urge our customers to practice greater caution in downloads and communication with strangers. Most consumers still fail to exercise basic security procedures, and a little goes a long way. Otherwise, we’ll all end up paying the ransom.


Insights’s perspective on industry news and trends



Must-read news and insights from financial industry leaders



Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Brad Strothkamp

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.