MSN Money: Banks Have No Idea Who’s Creditworthy Anymore. “Lenders that are having a tough time spotting risky loan applicants are approving fewer borrowers for credit cards, auto loans and other consumer debt. They are also hunting for new data sets that could indicate who is in financial trouble and how much they need to set aside to cover soured loans. The Federal Reserve last week said the biggest U.S. banks could be saddled with as much as $700 billion in loan losses in a prolonged downturn.”
banks
Exclusive: ECB prepares ‘bad bank’ plan for wave of coronavirus toxic debt (Reuters)
Reuters: Exclusive: ECB prepares ‘bad bank’ plan for wave of coronavirus toxic debt. “European Central Bank officials are drawing up a scheme to cope with potentially hundreds of billions of euros of unpaid loans in the wake of the coronavirus outbreak, two people familiar with the matter told Reuters.”
Exclusive: India may need to pump $20 billion into coronavirus-hit state banks – sources (Reuters)
Reuters: Exclusive: India may need to pump $20 billion into coronavirus-hit state banks – sources. “India may need to inject up to 1.5 trillion rupees ($19.81 billion) into its state-owned lenders as their pile of soured assets is expected to double during the coronavirus pandemic, three government and banking sources told Reuters.”
Washington Post: How a family-owned Nebraska bank became a leader on coronavirus loans
Washington Post: How a family-owned Nebraska bank became a leader on coronavirus loans. “Union Bank & Trust is nowhere near the top of the banking leagues. Last year the family-owned institution, with 900 employees, was the nation’s 202nd largest bank by assets, according to the Federal Reserve. Yet 72 hours into the emergency lending program, it ranked second in the nation for number of loans approved, according to the Small Business Administration.”
Phys .org: A COVID-19 crisis looms in the mortgage industry, experts warn
Phys .org: A COVID-19 crisis looms in the mortgage industry, experts warn. “More than two years ago, [Nancy] Wallace and [Richard] Stanton again began raising the alarm that the mortgage landscape that emerged from the last crisis is dominated by ‘nonbank’ lenders who operate with little of their own capital or access to emergency cash. It was another disaster waiting to happen, they warned, and called for increased oversight. No one predicted a shock the size and speed of the coronavirus pandemic, but it’s now upon us, and Wallace fears the worst.”
CNET: Database exposes names of risky potential bank customers
CNET: Database exposes names of risky potential bank customers. “If your name’s on this list, banks will treat you with extreme caution. The database is supposed to be private, but it was found online, accessible to anyone with a web browser, a security researcher said Friday.”
Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions
Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions. “A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.”
Black Hats & White Collars: SEC EDGAR Database Hackers Revealed (Splunk)
Splunk: Black Hats & White Collars: SEC EDGAR Database Hackers Revealed. “Over the past year, I’ve been presenting research at security conferences regarding the increasingly cozy relationship between black hat hackers and white collar criminals. One of the cases I researched was a group of hackers targeting PR firms for non-public insider information that could be monetized by trading stock based on the results of a company’s earnings and other factors. This past week it was revealed that this same group of criminal hackers and traders had become much more brazen and were also involved in the hacking of SEC’s EDGAR system targeting similar information.”
The Hindu: A new bank scam using Google Maps loophole
The Hindu: A new bank scam using Google Maps loophole. “Scamsters seem to have stumbled upon a gold mine in the form of a loophole in the Google Maps interface. Taking advantage of the fact that on Google Maps, an establishment’s contact details can be edited by anyone, a group of Thane-based con artists have been putting up their own contact numbers and getting customers who call them into revealing sensitive account details.”
Facebook: We’re not asking for financial data, we’re just partnering with banks (Ars Technica)
Ars Technica: Facebook: We’re not asking for financial data, we’re just partnering with banks. “Facebook is pushing back against a report in Monday’s Wall Street Journal that the company is asking major banks to provide private financial data. The social media giant has reportedly had talks with JPMorgan Chase, Wells Fargo, Citigroup, and US Bancorp to discuss proposed features including fraud alerts and checking account balances via Messenger.” I had a comment here but my keyboard melted.
Krebs on Security: Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months
Krebs on Security: Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months. “TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.”
SecurityIntelligence: Penetration Tests Discover All Banks Are Susceptible to Web App Bugs
SecurityIntelligence: Penetration Tests Discover All Banks Are Susceptible to Web App Bugs. “A series of penetration tests found that every bank is guilty of web application vulnerabilities and insufficient network security measures. According to a recent report from Positive Technologies, Bank Attacks 2018, 100 percent of banks suffered from these vulnerabilities and inadequacies. The report also found server configuration flaws in all banks — while just over half were found to have improperly managed their user accounts and passwords.”
BuzzFeed: Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers
BuzzFeed: Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers. “The Commonwealth Bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services privacy breaches ever to occur in Australia. BuzzFeed News can reveal that the nation’s largest bank lost the banking statements for customers from 2004 to 2014 after a subcontractor lost several tape drives containing the financial information in 2016.”
Several New Information Sources Added to FRASER (Banking, Finance)
A RB user who wishes to remain anonymous tipped me to several new sources at FRASER. FRASER stands for Federal Reserve Archival System for Economic Research and it was started at the Federal Reserve Bank of St. Louis. FRASER has an FAQ here. The first link is to a list of changes/additions to the system; notable resources which you might interesting include “Merchants’ Magazine, a monthly commerce magazine that was published from 1839-1870, discussing ‘every subject that can be interesting or useful to the merchant.'”, “Additional issues of the Annual Reports of the Federal Reserve Bank of Minneapolis”, and “Additional circulars of the Federal Reserve Bank of St. Louis, spanning 1940-1972”.
Krebs on Security: Chase ‘Glitch’ Exposed Customer Accounts
Krebs on Security: Chase ‘Glitch’ Exposed Customer Accounts. “Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal ‘glitch’ Wednesday evening that did not involve any kind of hacking attempt or cyber attack.”
