AI adoption, JPMorgan Chase misstep: Most-read tech stories of 2023

December 15, 2023 1:47 PM

In this year's roundup of top banking tech news for 2023: Ally Bank's path into the world of generative artificial intelligence, the fallout from JPMorgan Chase's deal with a college financial-planning website, banks across the U.S. increasingly fell victim to cyber attacks and more.

Al Drago/Bloomberg

FDIC order against Cross River Bank is a warning on fintech alliances

Article by Penny Crosman

The FDIC has slapped Cross River Bank in Teaneck, New Jersey, with a consent order saying it engaged in unsafe or unsound banking practices related to fair lending regulations. The order was issued in March but made public on April 28.

Cross River is a banking-as-a-service provider that makes loans through fintech lenders such as Affirm, Upstart, Rocket Loans and the former Kabbage.

The bank did not admit or deny any charges of unsafe or unsound banking practices or violations of law or regulation.

Click here to read the full story.

Adobe Stock

Zelle outage at JPMorgan Chase is red flag for banks

Article by Charles Gorrivan

An outage at JPMorgan Chase disrupted Zelle transactions on July 25, inciting user complaints that spilled over into the following day. The fallout for Zelle and its banks could last much longer.

It was the second Zelle glitch in six months that involved a bank tied to Early Warning Services, the P2P app's owner. The JPMorgan Chase interruption follows an outage at Bank of America that disrupted Zelle payments in January. Both banks are among the seven co-owners of Early Warning.

Glitches often occur when digital payments flow through older core banking platforms. That problem could grow as more transactions occur on networks integrated with The Clearing House's RTP network and the Federal Reserve's real-time-payment processing system FedNow.

"Instant is great when it works. But when it's broken, we find out about it right away," said Peter Tapling, a payments consultant and former Early Warning executive. "That intersection of brand-new modern systems, and clunky old bank systems is going to become more evident."

Click here to read the full story.

The latest ransomware attacks on banks and government agencies do not represent a systemic risk, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Aaron M. Sprecher/Bloomberg

10 banks alleged victims of ransomware attacks on file transfer software

Article by Carter Pape

Companies and government agencies have been added in recent days to the list of institutions victimized by a supply chain cyberattack by a ransomware gang that exploited a weakness in file transfer software popular with enterprises. To date, the sector with the largest share of victims has been financial services — specifically banks and credit unions.

On May 27, ransomware gang Cl0p started exploiting a zero-day vulnerability in Progress Software's product MoveIt to steal data from at least 91 organizations, including state and federal agencies and at least 10 U.S. banks and credit unions. Data compromised in the leaks included names, addresses, birthdates, Social Security numbers and more.

Progress notified customers about the vulnerability on May 31 and released a patch for it two days later. The company has since identified and remediated two other vulnerabilities in its products. All three are SQL injection vulnerabilities, which according to the cybersecurity nonprofit OWASP Foundation is the third most common type of vulnerability in web applications.

Click here to read the full story.

The card network has agreed to pay USAA licensing fees for the use of mobile deposit capture technology. USAA says it plans to keep trying to get other banks to do the same.

USAA wins patent agreement with Discover, vows to keep going after banks

Article by Penny Crosman

Think what you will about USAA's decade-long patent war on the rest of the financial industry, you can't deny the company has perseverance.

In late August, Discover Financial Services signed a licensing agreement with USAA that lets the card network use more than 130 USAA patents for remote deposit capture technology. Terms of the agreement were not disclosed. Discover declined a request for an interview or comment.

USAA signaled that it's going to keep going after banks that allow customers to deposit checks by taking pictures of them with their phones. It has already filed lawsuits against Wells Fargo, PNC Financial Services Group and Truist Financial.

Click here to read the full story.

Andrew Harrer/Bloomberg

Did the OCC hire a con artist to oversee fintech?

Article by Penny Crosman

The Office of the Comptroller of the Currency announced in March that it had set up a new division to oversee fintechs and banking as a service, which it called the Office of Financial Technology. To run the unit, it hired Prashant Bhardwaj, whom the OCC said had "nearly 30 years of experience serving in a variety of roles across the financial sector," to the position of Deputy Comptroller and Chief Financial Technology Officer, effective the following month.

But an investigation conducted by The Information reporter Michael Roddan has found that Bhardwaj's resume contained many easily discoverable lies.

Through a Freedom of Information Act request to the OCC, Roddan found that Bhardwaj had listed C-level technology roles at several large banks on his CV. He also found that Bhardwaj hadn't worked at any of them.

Click here to read the full story.

MichaelVi - stock.adobe.com

SoFi's bank charter drives positive outlook, but layoffs hit tech unit

Article by Catherine Leffert

SoFi Technologies said the benefits of its bank charter outweighed home loan and student loan challenges and helped its fourth-quarter performance while it also announced layoffs in its technology unit.

The San Francisco-based neobank's earnings beat analyst expectations, as the company announced product development, new-member growth and balance sheet growth.

SoFi's deposits have grown to $7.3 billion from $1 billion over the last year, and the company has been able to use those deposits to fund loans, unlike other fintechs without bank charters. Its lending net interest income exceeded noninterest revenue for the first time in its history.

Click here to read the full story.

Many of the banks that had data compromised did not use MoveIt file-transfer software themselves, but were affected through a tech partner.

Adobe Stock

Flagstar latest of 60 banks affected by MoveIt breaches

Article by Carter Pape

The fallout from a security vulnerability in commonly used file transfer software continues for the financial industry. Since July, an additional 35 banks have reported breaches of customers' personal data stemming from the vulnerability, bringing the total number of affected banks to 60.

The latest example is Fiserv and Flagstar Bank, which together suffered one of the largest data breaches stemming from the vulnerability. The bank notified 837,390 customers this month that a breach at Fiserv, which the bank uses for "payment processing and mobile banking," had compromised their data. It was the smallest of the three breaches the bank's customers had suffered in the past three years.

A spokeswoman for Flagstar Bank said the bank, after learning about the breach from Fiserv, "took immediate action" to ensure Fiserv launched an investigation into which bank customers were affected by the data breach and that Fiserv "remediated all technical vulnerabilities and patched systems in accordance with the MoveIt software provider's guidelines."

Click here to read the full story.

Sathish Muthukrishnan, the chief information, data and digital officer at Ally Bank..jpg

"[Generative AI] has the potential to unleash productivity for us," said Sathish Muthukrishnan, the chief information, data and digital officer at Ally Bank (pictured at Ally's Technology Partner Awards).

Ally Bank's foray into generative AI: 'We don't want to stand still'

Article by Miriam Cross

Ally Financial dove headfirst into generative artificial intelligence after ChatGPT made its splash at the end of 2022.

The Detroit bank formed a working group around generative AI in early 2023. It met with both Microsoft and Amazon in Seattle in February and hashed out a contract with Microsoft to use its enterprise-grade generative AI software in April. The team started building Ally.ai, a proprietary cloud-based platform that developers will use for AI-related projects, in June, and launched a pilot for its first use case at the end of that month. The pilot moved to production on July 31.

"We do not want to stand still," said Sathish Muthukrishnan, the chief information, data and digital officer at Ally Bank.

Click here to read the full story.

PNC and JPMorgan Chase are fighting lawsuits that put blame on them for recent fraud losses. In one case, a Ray-Ban glasses manufacturer lost $272 million; in the other, a family-owned jeweler lost all of the money it had in its bank accounts.

Lawsuits against JPMorgan, PNC test banks' liability in wire fraud cases

Article by Carter Pape

Two lawsuits will test just how responsible big banks are for recent fraud losses and whether their monitoring practices are enough to shield them from accountability when customers lose money to insider threats and phished credentials.

In one case, Joyce's Jewelry, a jeweler in Uniontown, Pennsylvania, alleged in the U.S. District Court in Pittsburgh that PNC allowed hackers to empty the business's accounts because it lacked adequate measures to prevent the fraud.

Hackers successfully phished for one employee's credentials and used them to wire away all $1.6 million the company had in its four accounts. However, PNC promised to require tokens from two Joyce's employees to complete such transactions, according to Joyce's, which is one reason why the company claims PNC bears responsibility.

According to a spokeswoman for PNC, the bank "maintains a comprehensive set of security controls" to protect customers. Those measures "include direct communication to customers about the importance of keeping their credentials confidential and preventing bad actors from gaining access to their online accounts." The bank also recovers funds on customers' behalf when possible.

Click here to read the full story.

The acquisition of Frank was "a huge mistake," JPMorgan CEO Jamie Dimon said in a fourth-quarter earnings call. (Pictured during a Bloomberg Television interview in London on May 4, 2022.)

Chris Ratcliffe/Bloomberg

'A huge mistake': Lessons from the JPMorgan-Frank fintech deal

Article by Miriam Cross

Millions of fake students. An $18,000 payout for concocting synthetic identities. Emails that brushed off the possibility of "orange jumpsuits" and revealed frantic cover-ups.

Bank-fintech acquisitions that fizzle rarely have details as salacious as the saga of JPMorgan Chase and Frank. Earlier in January, news broke about a lawsuit that JPMorgan Chase filed on Dec. 22 alleging that it was defrauded by the founder of Frank, a college financial-planning website that it acquired in September 2021. The bank paid $175 million to acquire Frank on the premise that it had 4.25 million customers with accounts. In reality, the vast majority were fabricated, according to the complaint, and there were fewer than 300,000 true users. Charlie Javice, the founder of Frank, filed her own lawsuit against Chase the next day, countering that Chase launched "groundless investigations" into her conduct to deny the compensation it owed her, including a $20 million retention award.

Other bank-fintech deals have collapsed over the past year, such as UBS's bid to merge with the automated wealth management firm Wealthfront and Patriot National Bancorp's deal for the neobank American Challenger Development Corp. But none have made the headlines or incited as much curiosity as the Chase-Frank story.

Click here to read the full story.