The Electronic Transactions Association is the leading trade association for the payments industry, representing nearly 550 companies worldwide involved in electronic transaction processing products and services. The purpose of The Electronic Transactions Association (ETA) is to influence, monitor and shape the payments industry by providing leadership through education, advocacy and the exchange of information.
Information Sharing Data Sources
One of the work streams the Secure Payments Task Force focused on was working to improve the awareness and implementation of cybersecurity and fraud information sharing among U.S. payment industry participants. The task force compiled the following list of data sources that highlights broad-reaching intelligence reports, payments fraud trends, best practices and benchmarks, and additional resources that can help your organization address payments fraud risk. For example, financial institutions can leverage timely and actionable reports highlighting payments fraud incidents and cybersecurity threats occurring across the payments industry. Merchants and other business end-users can leverage best practices and benchmarks to help protect them from data breaches and fraud attacks.
The list will be periodically updated based on the availability of new data sources and the payments security threat landscape. Please note that this list is for informational purposes and was not intended as an endorsement by the Secure Payments Task Force or any member thereof.
How can my organization get added to the list?
Organizations with relevant services may submit a request to be added to the list using the Provide Feedback form. Examples of relevant services include: cybersecurity and fraud prevention services that highlight intelligence reports, payments fraud trends, and best practices and/or benchmarks. Upon submitting the request you will receive a confirmation email requesting additional information.
Use the filters below to find data sources that could benefit your organization; more information about the filters can be found here (PDF). A full, printable version of the data sources is also available for download (PDF).
You are not required to enter a value in all filter options. Selecting a filter will narrow the returned results. (Ex. “All” filters will return results that generally apply across all payment types and/or participants)
Note: Results returned for a particular payment type(s) also include those data sources applicable to all payment types (these sources contain information pertinent to the selected payment type(s)).
EMV Connection – Knowledge Center
http://www.emv-connection.com/knowledge-center/
The Knowledge Center is the online resource library for all stakeholders involved in U.S. EMV implementation. The Knowledge Center includes white papers, links, industry best practices and other resources from across the web, all relevant to EMV migration and implementation of other new and emerging payments technologies in the U.S.
EMVCo
EMVCo facilitates worldwide interoperability and acceptance of secure payment transactions.
Supported by dozens of banks, merchants, processors, vendors and other industry stakeholders, EMVCo manages and evolves the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues.
Federal Bureau of Investigation (FBI)
https://www.ic3.gov/alertArchive.aspx
https://www.fbi.gov/resources/library
http://www.iacpcybercenter.org/resource-center/
Internet Crime Report: In an effort to promote public awareness, the Internet Crime Complaint Center (IC3) produces this annual report to aggregate and highlight the data provided by the general public. The quality of the data is directly attributable to the information ingested via the public interface www.ic3.gov. The IC3 attempts to standardize the data by categorizing each complaint based on the information provided. The IC3 staff analyzes the data, striving to identify trends relating to Internet-facilitated crimes and what those trends may represent in the coming year.
Infragard: InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
The FBI also has a number of cyber-related resources available for review.
The Law Enforcement Cyber Center also provides cyber-related resources that may be beneficial.
Federal Deposit Insurance Corporation (FDIC)
https://www.fdic.gov/regulations/resources/brochures/
https://www.fdic.gov/consumers/consumer/news/index.html
The Federal Deposit Insurance Corporation (FDIC) occasionally publishes brochures which financial institutions are welcome to reprint for distribution to their customers and communities. Brochures include “Cybersecurity Guide for Financial Institution Customers” and “Cybersecurity Guide for Businesses.”
FDIC Consumer News provides practical guidance on how to become a smarter, safer user of financial services. Issues and selected articles offer helpful hints, quick tips and common–sense strategies to protect and stretch your hard-earned dollars.
Federal Financial Institutions Examination Council (FFIEC)
https://www.ffiec.gov/cybersecurity.htm
The Federal Financial Institutions Examination Council (FFIEC) members are taking a number of initiatives to raise the awareness of financial institutions and their critical third-party service providers with respect to cybersecurity risks and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats.
Financial and Banking Information Infrastructure Committee (FBIIC)
https://www.fbiic.gov/index.html
Chartered under the President’s Working Group on Financial Markets, the Financial and Banking Information Infrastructure Committee (FBIIC) is charged with improving coordination and communication among financial regulators, promoting public-private partnerships within the financial sector, and enhancing the resiliency of the financial sector overall. Facilitating the sharing of timely, actionable information regarding emergencies with member organizations and across the financial sector is a primary function of FBIIC.
Financial Services Information Sharing and Analysis Center (FS-ISAC)
https://www.fsisac.com/about/committees
The Financial Services Information Sharing and Analysis Center (FS-ISAC ) – a non-profit, member-driven corporation established in 1999 — helps assure the resilience and continuity of the global financial services infrastructure. FS-ISAC helps its 7000 financial institution members across 39 countries to share relevant and timely threat and vulnerability information, conduct coordinated contingency planning exercises, and participate in cyber range exercises. The FS-ISAC manages rapid response communications, conducts education and training programs, runs several notable industry events, and fosters collaborations with and among other key sectors and government agencies.
FS-ISAC constantly gathers, analyzes and shares information between its members, supplementing this with information from financial services providers, commercial security firms, government entities, and other trusted resources. It quickly disseminates alerts, analysis, best practices, and other critical information to help the sector to prepare for, respond to, and mitigate risks and threats. FS-ISAC also publishes best practice papers, incident response playbooks, threat reports, executive briefs, and more.
The FS-ISAC includes dozens of committees and special interest working groups. There are several councils that may be of interest to practitioners in the payments system:
- Payments Processor Information Sharing Council (PPISC). The PPISC brings together stakeholders in the payments field to develop solutions, identify best practices, and facilitate the exchange of information resulting in a more efficient and secure use of electronic payments and related practices. This council has a focus on card payments and includes FS-ISAC members of payment processor organizations only.
- Payments Risk Council (PRC). The PRC shares information on current threats and payment risk mitigation for ACH, wire and check payments. The council is responsible for producing and conducting the CAPS (Cyber-Attack Against the Payment Systems) exercises. This FS-ISAC council is open to payment risk professionals from financial institutions, clearing houses, payment processors and leaders with payment risk responsibility for regional and nation payment associations.
- Community Institutions and Associations Council (CIAC). The CIAC shares general information about fraudulent activities such as dates, geographical area, dollar amounts and other information.
- Compliance and Audit Council (CAC). The CAC shares information on industry best practices, discusses the latest regulatory developments and works to find out how peer organizations are handling the latest compliance, audit, legal, and control issues.
Participation in the PPISC, PRC, CIAC and CAC requires membership in the FS-ISAC. In addition, the FS-ISAC offers a free membership with very limited services called the Critical Notification Only Participation (CNOP), designed for financial institutions who only want to receive the most critical public alerts.
Financial Services Roundtable – BITS
BITS is the technology policy division of the Financial Services Roundtable (FSR) which delivers thought leadership to address current and emerging technology and security challenges facing the nation’s largest financial institutions.
The Fraud Reduction Program reduces fraud losses for member institutions and the industry by identifying fraud trends and examining risks associated with current and evolving areas. Focuses include payment mechanisms and processes, mortgages and home equity lending, remote channels, and various financial services products and technology.
Since 1998, the Fraud Reduction Program has provided financial fraud prevention specialists a place to collaborate, share information, develop best practices, and partner with law enforcement and other organizations fighting financial crime.
Financial Services Sector Coordinating Council (FSSCC)
The mission of the Financial Services Sector Coordinating Council (FSSCC) is to strengthen the resiliency of the financial services sector against attacks and other threats to the nation’s critical infrastructure by proactively identifying threats and promoting protection, driving preparedness, collaborating with the U. S. federal government, and coordinating crisis response for the benefit of the financial services sector, consumers, and the U.S.