Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

I read with interest that news in Finextra and elsewhere that the banks have been given the go-ahead to sue Target for $30m for the reissue costs associated with the data compromise in 2013. This puzzles me, as I then want to know how the figure of $1200 per card is calculated.

The cost of re-issue will be less than a tenth of that per card. How they can justify that size of loss based upon a reissue alone is not conceivable.

To continue reading visit here.

Bank Fraud Charges Against Former President of Rural Bank of Subangdaku Inc.

Another case of bank fraud surfaced this time in Phillipines. The Bangko Sentral ng Pilipinas has filed criminal charges against Radaza, the ex president of the mentioned bank, for allegedly taking part in creating fictitious loans amounting to P2.6 billion when she was the president of the defunct Rural Bank of Subangdaku Inc.

To read full coverage, please read here.


Is EMV ‘A Colossal Waste of Time’ for Retailers?

Source: Is EMV ‘A Colossal Waste of Time’ for Retailers?

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Source: Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

Source: Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

Enterprise Risk Management (ERM)

enterprise risk management

Risks in enterprises can cover a multitude of things and present themselves in many different ways. They can be simple and easy to address, or they can get left and at some point become catastrophic.

Risks can cover a multitude of things and present themselves in many different ways. They can be simple and easy to address, or they can get left and at some point become catastrophic. They can also be known and accepted, or just unknown, misunderstood or arise suddenly to surprise your organisation. Accordingly, it is imperative to understand and to assess the risks as they change, which is fundamentally the root-cause of much legislation across the globe.  Today, it has become very much a cliché that ‘change is the only constant in business’, which makes for the need for continuous risk review, understanding and implementation of new protections and measurements. This is why we see in the media (and the reason why we work with a lot of our clients) details of sudden failures that usually stem from an absence of an understanding of the risks associated with a businesses.  This is also why internal and external shareholders alike are often emphasising scrutiny and expectations of their risk management functions.

What is Enterprise Risk Management?

A lot is talked about ‘Enterprise Risk Management’ (ERM) as a framework to measure, understand, assess and report upon wider business risks and uncertainties; and we also offer such ‘formalised’ services, but at the end of the day, this is a ‘new name’ for a very old concept of better understanding our risks, taking a break from 100% selling and growing a business, starting to consider, manage, and understand the risk in most business decisions; but also then in understand and implement the right solutions. ‘Enterprise risk management consulting services’ or whatever you want to call them, not only refocus a business upon better decision-making but make sure that there is a continuing consideration of the risks and a maintenance of an intelligent culture within a business.

How ‘Enterprise Risk Management’ can help a company?

Again, let’s not get too hung-up on the terminology. The principles are about striking a balance between getting and keeping new business, and making sure that the risks that could destroy a business, or make it less profitable are mitigated.  So it is about ‘applying a framework’ to identify, assess, communicate and address the risks. A risk-management framework can consist of many things, but these should form the core of any such framework:

a)      Risk Governance, Management, and Culture development – i.e. the direction, policy and strategy.

b)      Risk Prevention – by spending the time to put in protections.

c)       Risk Assessment – i.e. looking at the risks

d)      Risk Quantification and aggregation – to evaluate the priorities.

e)      Risk Monitoring – to keep these in-mind and managed.

f)       And Risk Reporting

Smaller businesses do not have such great challenges, as decisions every day are made (often by individuals) upon how to do things. Within larger businesses, it is hard for the CEO or the board-level people to make the right risk-based decisions when their businesses are so widely spread-out, and with so much else to do to please customers, shareholders, markets and (often) the public. Applying the latest ‘ethereal’  model to assess and manage risks, often imposed by legislation, is often the way that the biggest of companies go; and they do this without having a fundamental understanding or without properly thinking about what is actually needed as a bespoke solution for THEIR business.

Advise – What can you do?

a)     Don’t adopt a single framework and try and squeeze it into your organisation and expect it to work. The design will depend upon your organisation’s culture and will want to ‘marry-up with’ your business development requirements – i.e. it has to be right for your business.

b)     Build an understanding and consideration of the risks of new projects and doing business within your culture. We believe that all businesses (internally) should be transparent in including the risks in all decision making and take a broader view on understanding the risk vs. Business trade-offs. We never find that there is a need with the organisations that we work with, to change the existing organisation structure and management; but to improve communication of the risk-adjusted exposures-measurement and decision-making.

c)     Conduct risk management reviews within your business and identify ways that the risk management functions can improve business growth rather than accepting that risk management is a business inhibitor. People buy and work with companies that are safe and have considered the risks properly. In addition, fraudsters and exploiters attack those with the lowest protections and risk management.

Author Bill Trueman is Director and CEO of UKFraud and RiskSkill and member of AIRFA.

Source Article: http://www.ukfraud.co.uk/articles/enterprise-risk-management.html

Will The PSR(Payment Services Regulator) Changes Work?

fraud and risk management specialist

The Payment Services Regulator may make major UK infrastructural changes and legal changes to ‘open up’ the payments industry and access to it in the UK in order to encourage innovation. They have the powers to do many things, but care is certain needed. Caution is most certainly needed.

a) Only yesterday, I received an email telling me that they are not well staffed and resourced; and from my discussion and the stakeholder meetings so far, it appears that they have very little payments industry experience in the team. The objectives of the PSR need to be clear and not driven by a few disgruntled small banks wanting free access to many established infrastructures that are maintained and paid for by all of us.

b) There seems to be a format for these types of regulators who adopt an ‘economic’ regulator agenda. This format of addressing these things has opened up the telecoms networks to new operators, and the water pipe infrastructure in the water business (and Gas and electricity), and the PSR CEO comes straight from one of these. But payments are not the same, and without payment industry knowledge there is a danger that the PRS will regulate in the same way. Some creativity is required by the PSR – to ensure it does not simply act in ‘the same way’.

c) The biggest danger is that because payment systems are global and becoming more global, and as the UK is a leading global payments hub, that action by the PSR will make the UK market something different – uncompetitive, and isolated – so care must be taken NOT to do this.

d) The main restrictions on the payments ‘gateways’ are not competitive or restrictive as they were with water, electricity, gas and telecoms. The payments infrastructure is open to anyone who wants to ‘play’. The bigger restrictions are quite rightly about the governance and controls over money laundering – which requires very tough controls and restrictions to be imposed, managed, and governed. Again, The PSR needs to step carefully.

Author Bill Trueman, is an independent Payments, Fraud & Risk Specialist and Managing Director of UK Fraud and Riskskill

Originally Published at http://www.prlog.org/12411859-will-the-psrpayment-services-regulator-changes-work.html



Get every new post delivered to your Inbox.