Paul Schulte, Advisor, Banking and Financial Services
August 22nd, 2019
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
![]() | ![]() | ![]() |
![]() ![]() |
CBC News | | Dec 2, 2019
As Quebec police continue to investigate the massive Desjardins security breach, one family who banks with the credit union is wondering whether their personal information may have made it into the hands of a Toronto woman that police have described as a "professional" and "prolific" fraudster.
Five members of one family near Kapuskasing, Ont., about 800 kilometres north of Toronto, have filed numerous police reports after someone took out thousands of dollars in loans, credit cards and purchased a car — all using the identity of a 26-year-old female family member.
"She's going to be stuck with this the rest of her life. She's going to have to monitor her credit for the rest of her life. She's even thought of changing her name. It's life-changing," said the woman's mother, speaking about the bills racked up in her daughter's name.
"We were wondering who can do that? What do they look like? How do they pass for her?"
The family has asked to not be identified, due to the privacy breaches they've already suffered and the fact no arrests have been made. They provided CBC News with dozens of documents outlining the apparent identity theft.
The whole family banks with Desjardins and were notified in June that each of their personal information had been stolen as part of a data breach affecting all 4.2 million members of the Quebec-based credit union — considered to be one of the largest corporate data thefts in Canadian history.
That same month, a series of loans and purchases were made by someone using the daughter's identity.
The family reached out to CBC News after our investigation last month revealed that a Toronto woman named Deborah Oguntoyinbo is facing more than 50 fraud-related charges, allegedly involving the stolen identities of some 20 women.
She was previously living in a 22nd-floor condo unit at 50 Forest Manor Rd. in Toronto.
The northern Ontario family says they've learned that whoever stole their daughter's identity fraudulently purchased auto insurance in her name using the same Toronto condo address.
CBC has also since uncovered information that shows Oguntoyinbo rented the condo using an identity stolen from yet another woman.
Oguntoyinbo has been convicted of more than a dozen fraud-related charges and is currently facing more than 50 additional charges in Toronto, as well as in the nearby York, Peel and Halton regions.
It's alleged she's stolen the identities of some 20 women, draining their bank accounts and leasing homes and cars in their names. In many cases, the alleged victims' credit ratings have been destroyed.
Montreal Gazette | Frédéric Tomesco | Nov 1, 2019
All of Mouvement Desjardins’s individual members — 4.2 million people — have had their personal information compromised as a result of the actions of a single employee, who has since been fired, chief executive officer Guy Cormier said Friday. That’s about 56 per cent more than the total Desjardins first disclosed June 20.
With the Sûreté du Québec having shared its findings with Desjardins on Thursday, “it was important for me to inform our members as quickly as possible,” Cormier said Friday morning at a hastily called news conference in Montreal.
“Today it feels like I’m repeating a movie,” he said. “This is not a new breach.”
Autorité des marchés financiers, the province’s financial markets regulator, said it was informed of the latest developments at the end of the day Thursday.
“This is a very serious situation that the AMF has kept a careful watch on from the outset,” the regulator said Friday in a statement. AMF “is staying in close contact with Desjardins in order to obtain all the necessary information regarding this new development.”
Quebec Finance Minister Eric Girard went one step further, calling the incident “extremely serious.”
The provincial government “understands the concerns of the citizens, and we are acting,” he told reporters Friday afternoon in Quebec City. Still, he acknowledged, “we don’t know at this stage what proportion of the stolen data was sold.”
Girard, one of three ministers in the provincial government who are looking after the Desjardins file, said he’s preparing a bill of law to better regulate credit-rating agencies. Justice Minister Sonia LeBel, meanwhile, is working to improve the protection of personal data.
Cormier declined to give details on the police investigation, citing the sensitivity of the matter. As of now, only one suspect who worked at Desjardins is being linked to the breach, he said, without identifying the individual.
Reached by the Montreal Gazette, a spokesperson for the SQ declined to provide details of the investigation Friday.
Passwords, security questions and personal identification numbers weren’t compromised, Desjardins stressed at the time. It blamed the breach on an “unauthorized and illegal use of internal data” by the former employee.
BCSC | Nov 4, 2019
Vancouver – The British Columbia Securities Commission (BCSC) has taken action to protect customers of Einstein Exchange, a crypto-asset trading platform based in Vancouver.
On November 1, the BCSC applied to the Supreme Court of British Columbia for an order appointing an interim receiver to preserve and protect any assets of Einstein Exchange. The Court granted the application and appointed Grant Thornton Limited as interim receiver. Grant Thornton subsequently entered and secured the premises of Einstein Exchange on November 1.
Customers seeking information about the status of their accounts, Einstein Exchange and the receivership should email Einstein.Receivership@ca.gt.com or go to https://www.grantthornton.ca/service/advisory/creditor-updates/#Einstein-Exchange-Inc.
The materials filed in court noted that the BCSC had received numerous complaints about customers being unable to access their assets on Einstein Exchange, and on October 31 had been told by a lawyer representing the trading platform that it planned to shut down within 30 to 60 days due to a lack of profit.
The BCSC has not authorized any crypto-asset trading platforms to operate as an exchange. The BCSC, along with other Canadian securities regulators, continues to urge Canadians to exercise caution when buying or selling any crypto-assets due to various risks, including the loss of some or all of their investment.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
![]() | ![]() | ![]() |
![]() ![]() |
AMF | Sylvain Théberge | Oct 30, 2019
MONTRÉAL, Oct. 30, 2019 /CNW Telbec/ - The Autorité des marchés financiers (the "AMF") today published its Enforcement Report relating to the regulation of the Québec financial sector for fiscal year 2018-2019.
This year's report, which is presented in a new, more visually dynamic and easy-to-read format, provides an overview of the past year's activities and results. It bears witness to the efforts made, particularly in developing technological tools, to achieve efficiencies and roll out an innovative and credible preventive and deterrent enforcement program.
"Our report reaffirms the importance of our teams' efforts in enforcing the laws relating to the regulation of Québec's financial sector in order to protect financial consumers at a time when the financial sector is changing in fundamental ways and presenting new challenges," said Louis Morisset, AMF President and CEO.
In addition to providing a statistical portrait of the AMF's enforcement activities of the past year, the report covers, among other things, targeted campaigns designed to protect the public against fraud, particularly in the crypto-asset sector. It also outlines measures taken by the AMF to more effectively detect non-compliance and presents some national and international initiatives that the AMF is involved in.
"Although the fast pace of fintech development is providing consumers with new options, it is also spawning new ways to engage in unethical, abusive and fraudulent practices that cross borders," said Jean-François Fortin, Executive Director, AMF Enforcement. "That is why we are focused on developing ever-more effective and efficient technological tools and collaborating with our regulatory partners so we can share our expertise and draw on best practices."
The Autorité des marchés financiers is the regulatory and oversight body for Québec's financial sector.
View: Original release
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
![]() | ![]() | ![]() |
![]() ![]() |
CNBC | Scott Steinberg | Oct 13, 2019
In an age of ongoing digital transformation, cybercrime has quickly become today’s fastest-growing form of criminal activity. Equally worrying for modern executives, it’s also set to cost businesses $5.2 trillion worldwide within five years, according to Accenture.
With 43% of online attacks now aimed at small businesses, a favorite target of high-tech villains, yet only 14% prepared to defend themselves, owners increasingly need to start making high-tech security a top priority, according to network security leaders.
“Modern IT infrastructures are more complex and sophisticated than ever, and the amount of virtual ground that we’ve got to safeguard has also grown exponentially,” explains Jesse Rothstein, CTO of online security provider ExtraHop. “From mobile to desktop interactions, cybercriminals can launch thousands of digital attacks designed to compromise your operations at every turn, only one of which ever needs to connect to cause serious disruption.”
As a result, he says, it’s guaranteed that virtually every modern organization’s high-tech perimeters will eventually be breached. This being the case, for small business owners, it’s no longer a matter of considering if security threats will arise, but rather thinking in terms of when.
Worse, the consequences of cyberattacks continue to grow, with digital incidents now costing small businesses $200,000 on average, according to insurance carrier Hiscox, and 60% going out of business within six months of being victimized. The frequency with which these attacks are happening is also increasing, with more than half of all small businesses having suffered a breach within the last year and 4 in 10 having experienced multiple incidents, reveals Hiscox.
At the same time, though, according to Keeper Security’s 2019 SMB Cyberthreat Study, 66% of senior decision-makers at small businesses still believe they’re unlikely to be targeted by online criminals. Similarly, 6 in 10 have no digital defense plan in place whatsoever, underscoring the need for heightened industry awareness and education across the board.
“Attackers are getting smarter, attacks are occurring faster, and incidents are becoming more complex,” cautions Justin Fier, director of cyberintelligence and analytics at cyberdefense firm Darktrace. “The latest cyberattacks speedily exploit vulnerabilities in computer networks — which [can be infected] like human immune systems, changing thousands of times per second — and can overtake even major networks in an hour and a half.”
—What’s more, given that digital threats tend to go an average of 101 days before being detected by business operators, the damage to an organization from such compromises can quickly add up.
Consider the case of humanitarian aid trip organizer Volunteer Voyages, a single-owner small business which suffered $14,000 in fraudulent charges after an online thief pilfered its debit card information, which the bank refused to reimburse. Or that of popular online food delivery startup DoorDash, which suffered a major data breach this past September, with hackers having accessed sensitive user data for over 4.9 million customers, resulting in tens of thousands in expenses. Likewise, government contractor Miracle Systems, which provides IT and engineering services to over 20 federal agencies, recently suffered losses of $500,000 to $1 million due to an internal server breach.
However, considerable as they are, these charges do not factor in additional damage to intangible assets such as brand reputation and customer goodwill. Case in point: Miracle and its clients were later shocked to discover that their data was openly being advertised for sale by hackers on international cybercrime forums for a starting price of $60,000.
Ironically though, even with 480 new high-tech threats now introduced every minute, according to anti-virus provider McAfee, human error still remains one of the greatest threats to organizations’ well-being. With just 3 in 10 employees currently receiving annual cyber security training, it’s all too easy for enterprising con artists or e-mail scammers to circumvent even the most cutting-edge digital safeguards.
Noting this, the over 30.2 million small businesses in America now at risk of digital disruption are advised to adopt a comprehensive mix of both high- and low-tech strategies for combating cyber threats, including:
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
![]() | ![]() | ![]() |
![]() ![]() |
ComplianceX | The Compliance Exchange | Aug 8, 2019
Once upon a time, any financial institution entrusted with your money and sensitive information would be housed in an imposing building made of granite. Its vault, often visible from the lobby, was formidable. And its managers would always be prudent, conservative types. Think Fidelity Fiduciary Bank, the fictional institution in the Mary Poppins movies, whose chairman in the original film sang: “Invest your tuppence wisely in the bank, safe and sound, soon that tuppence, safely invested in the bank, will compound.”
The idea was to convey a sense of security so that people would feel good about depositing their hard-earned cash and storing their prized possessions in safe deposit boxes. It spilled over to investors who saw bank stocks as prudent, though hardly spectacular, investments.
Nowadays, though, banks can’t do enough to shed the dowdy images, perhaps none more so than Virginia-based Capital One Financial Corp. During an earnings report this year, CEO Richard Fairbank all but said that he did not view his bank as, well, a bank:
“What we’re doing at Capital One is building a technology company that does banking, instead of a bank that just uses technology.”
Which brings us to the company’s announcement that a lone hacker — allegedly a troubled 33-year-old woman in Seattle — had managed to penetrate its firewall to acquire sensitive data on more than 100 million card customers and applicants.
The sad truth is that many modern banks don’t much care about people’s private information. The same apparently goes for companies that work with banks. On the same day the Capital One breach was reported, credit rating agency Equifax agreed to pay $700 million to settle a 2017 data breach.
Institutions might say they do care, but what really matters is how fast they can digitize everything about their company and migrate it to the cloud. By doing this they increase their profit margins and rates of growth, and become Wall Street darlings.
It’s not hard to see the financial pressure on banks. Since the Great Recession, their stock performance has been so-so, while tech companies have done extremely well. Anything that they could do to function more like tech companies that do finance, rather than vise versa, could make them hot properties.
Tech companies, however, are bad examples to follow. They collect data on people’s habits that allow advertisers, political operatives, hostile foreign powers and others to glean valuable insights. And banks hold even more sensitive information than do most tech outfits.
It’s one thing to be lax and self-interested with people’s web surfing histories or social media contacts. It’s quite another to be cavalier with account information, Social Security numbers and credit scores. These can be sold to people interested in taking out fraudulent loans, making fraudulent purchases and engaging in other forms of identity theft.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
![]() | ![]() | ![]() |
![]() ![]() |
Coindesk | Nikhilesh De | May 7, 2019
Hackers stole more than 7,000 bitcoin from crypto exchange Binance, the world’s largest by volume, the startup reported Tuesday.
Binance announced that a “large scale security breach” was discovered earlier on May 7, finding that malicious actors were able to access user API keys, two-factor authentication codes and “potentially other info,” the exchange’s CEO, Changpeng Zhao, said in a letter. As a result, they were able to withdraw roughly $41 million in bitcoin from the exchange, according to a transaction published in the security notice.
The disclosure comes hours after Zhao tweeted that the exchange was undertaking “some unscheduled server maintenance,” writing that “funds are #safu.” After the disclosure announcement, Zhao tweeted that the exchange would “provide a more detailed update shortly.”
The exchange may not yet have identified all impacted accounts, he said. And according to Binance’s statement, the breach only impacted Binance’s hot wallet, which contains roughly 2 percent of the exchange’s total bitcoin holdings.
“All of our other wallets are secure and unharmed,” he said, adding:
“The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
The withdrawal triggered internal alarms after it was executed, and Zhao said the exchange froze withdrawals following the discovery. While deposits and withdrawals will remain suspended for the next week, trading will be re-enabled, though he cautioned that “the hackers may still control certain user accounts.”
Binance will conduct “a thorough security review” encompassing its systems and data during the next week.
The exchange will use its Secure Asset Fund for Users (SAFU fund) to cover the loss, which won’t impact users, according to the notice.
The fund consists of 10 percent of all trading fees absorbed by the exchange, and was initially launched to protect Binance’s users “in extreme cases,” according to a previous notice. It is stored in its own cold wallet.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support,” Zhao said Tuesday.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
![]() | ![]() | ![]() |
![]() ![]() |