After Equifax breach, US watchdog says agencies aren’t properly verifying identities

A federal watchdog says the government should stop relying on the credit agencies to verify the identifies of those using government services.

In a report out this week, the the Government Accountability Office said several government departments still rely on the credit agencies — Equifax, Experian and TransUnion — to check if a person is who they say they are before they can access their services online.

Agencies like the U.S. Postal Service, the Social Security Administration, Veterans Affairs, and the Centers for Medicare and Medicaid Services ask several questions of a new user and match their answers to information held in an individual’s credit file. The logic is that these credit files have information only the person signing up for services can know.

But following the Equifax breach in 2017 those answers are no longer safe, the watchdog said.

The Equifax breach resulted in the theft of 148 million consumers. Much of the consumer financial data had been collected without the explicit permission of those whose data it held. An investigation later found the breach was “entirely preventable” had the credit agency employed basic security measures.

“The risk that an attacker could obtain and use an individual’s personal information to answer knowledge-based verification questions and impersonate that individual led the National Institute of Standards and Technology (NIST) to issue guidance in 2017 that effectively prohibits agencies from using knowledge-based verification for sensitive applications,” wrote the watchdog.

In response, the named agencies said the cost of new verification systems are too high and may exclude certain demographics from the population.

Only Veterans Affairs implemented a new system but still relies on knowledge-based verification in some cases.

The other downside is that if you have no credit, you simply don’t show up in these systems. You need a credit card … Read the rest

Card readers at electric vehicle charging stations will weaken security, researchers say

Electric vehicle charging stations could become one of the next big targets for fraudsters — thanks to proposals in several state that researchers say would weaken their security.

Most electric vehicle (EV) charging stations rely solely on a credit card linked to an app or through contactless payments with RFID-enabled credit cards or through a driver’s smartphone. Contactless payments are one of the most secure ways to pay, cutting out the credit card entirely and reducing the chance that a card will be cloned or have its data skimmed. For charging stations — often in the middle of nowhere and unmonitored — relying on contactless payments can reduce device tampering and credit card fraud.

But several states are proposing EV charging stations install magnetic stripe credit card readers, which the researchers are prone to abuse by fraudsters.

Arizona, California, Nevada, Vermont, and several states across New England are said to be considering installing credit card readers at publicly funded EV charging stations.

“While these proposals may be well-intentioned, they could expose drivers to new security risks while providing cyber criminals with easy access to attractive targets,” wrote security researchers April Wright and Jayson Street, in a paper out Monday by the Digital Citizens Alliance, a nonprofit consumer group.

Instead, they say EV charging stations and other point-of-sale machines should continue to rely on contactless payment methods and lawmakers “should engage with the security community to better understand fraud risks associated with credit card readers.”

“These proposals would effectively reverse the industry’s careful considerations regarding EV charger payment options,” said the researchers.

Much of the issues fall on the continued reliance of magnetic stripe cards, which remains one of the most common payment methods in the U.S.

Where other nations, including the U.K. and most of Europe, have adopted chip-and-PIN as … Read the rest

Student loan refinancing startup Splash Financial raises $4.3 million

Splash Financial, a Cleveland-based startup that has partnered with the Pentagon Federal Credit Union to refinance student loans, has raised $4.3 million in a round of venture financing.

The round was led by CUNA Mutual Group, a PenFed partner, and Northwestern Mutual Future Ventures, the corporate investment arm of Northwestern Mutual.

As student loan debt skyrockets, more financial services companies are looking for ways to cash in on the growing national problem.

Splash Financial provides an easy, online way for PenFed to originate loans that folks can use to consolidate their student loan payments.

Terms Splash Financial offers aren’t terrible, according to NerdWallet. Through Splash Financial, borrowers can get loans with fixed interest rates ranging between 3.87% and 7.03% and variable interest rate loans ranging between 3.05% and 7.79%.

“Through this funding round, Splash has gained not only new investors but also strong partners in CUNA Mutual Group and Northwestern Mutual,” said Steven Muszynski, founder and chief executive of  Splash Financial, in a statement.

The company said it would use the money to bring on additional banks and credit unions as lending partners and expand its national footprint.

It’s worth noting that while CUNA is a PenFed partner, Northwestern Mutual does not appear to be. As insurers look for ways to market other home, life, and health insurance products to younger generations that are not buying, student loans are a opportunity, these companies said.

“We believe in the power of financial innovation to change lives, shape futures, and build a better tomorrow,” said Brian Kaas, president and managing director, CMFG Ventures. “Student loan refinancing is an important area of opportunity for financial institutions, so we’re glad to invest in this innovative loan refinancing platform. It’ll help millions of college students tackle student loan debt and connect them … Read the rest

Fintech platform Synapse raises $33M to build ‘the AWS of banking’

Synapse, a San Francisco-based startup that operates a platform enabling banks and fintech companies to easily develop financial services, has closed a $33 million Series B to develop new products and go after international expansion.

The investment was led by Andreessen Horowitz, with participation from existing backers Trinity Ventures and Core Innovation Capital . Synapse — which recently rebranded (slightly) from “SynapseFi” — announced a $17 million Series A back in September 2018, so this deal takes it to $50 million raised to date.

The startup was founded in 2014 by Bryan Keltner and India-born CEO Sankaet Pathak, who came to the U.S. to study but grew frustrated at the difficulty of opening a bank account without U.S. social security history. Inspired by his struggles, Synapse, which operated under the radar prior to that Series A deal, is focused on democratizing financial services.

Its approach to doing that is a platform-based one that makes it easy for banks and other financial companies to work with developers. The current system for working with financial institutions is frankly a mess; it involves myriad different standards, interfaces, code bases and other compatibility issues that cause confusion and consume time. Through developer- and bank-facing APIs, Synapse aims to make it easier for companies to connect with banks, and, in turn, for banks to automate and extend their back-end operations.

Pathak previously told us the philosophy is a “Lego brick” approach to building services. Its modules and services include payment, deposit, lending, ID verification/KYC, card issuance and investment services.

“We want to make it super easy for developers to build and scale financial products and we want to do that across the spectrum of financial products,” he told TechCrunch in an interview this week.

Synapse CEO Sankaet Pathak

“We don’t think Bank of America, … Read the rest

Zoom outperforms in first-ever earnings report

2019 is a great year for Zoom (Nasdaq: ZM). The company outperformed analyst expectations with the release of its first earnings report on Thursday.

The profitable video communications business, which went public this April in one of the year’s most successful initial public offerings, posted revenues of $122 million for the three months ended April 30, 2019, representing a year-over-year increase of 109%.

The Zoom stock is rising in after-hours trading following the news. Zoom closed up 2% Thursday at just over $79 per share. The stock has been trading at more than double its initial offering price in the two months following its IPO.

“In our first quarter as a public company, strong execution and expanding adoption of Zoom’s video-first unified communications platform drove total revenue growth of 103% year-over-year,” Zoom founder and chief executive officer Eric Yuan said in a statement. “Delivering happiness to our customers is our number one priority. If we keep them happy, we believe we will succeed today and in the future.”

Zoom, once a relatively under-the-radar tech unicorn, continues to defy expectations. The company priced its IPO back in April at a meager $36 per share only to pop 81% at its Nasdaq debut.

In its first earnings report, the company beat expectations once again. Analysts had expected revenue of $111.4 million with adjusted earnings per share of just under 1 cent, compared to Zoom’s confirmed earnings of 3 cents per share.

For the full year, San Jose-based Zoom expects total revenue of between $535 million and $540 million and non-GAAP income (loss) from operations of between $0 and $3 million.

Source link Read the rest