STATUS: SECURE – The Cyber Threat Briefing
For a decade we taught people to spot the phishing email by its bad grammar and awkward phrasing. AI has erased every one of those tells. The phishing email is now perfect, and the voice on the phone approving a wire transfer sounds exactly like your CFO. In this episode we cover the two threats hitting finance hardest in 2026 — AI-driven voice and deepfake fraud, and the e-skimming payment breaches stealing card data in the browser before it ever reaches a back-end system — then deliver the foundational briefing on the two standards that govern payment security: PCI DSS for cards, and NACHA's brand-new fraud monitoring rules for ACH. The lesson that ties it all together: Heartland Payment Systems was fully PCI DSS compliant when it suffered one of the largest card breaches in history. The standard is the floor, not the finish line. Intel Declassified in this Briefing: * [00:32] AI Has Erased the Phishing Tells: Why generative AI and deepfake voice defeat a decade of "spot the typo" training, and the IBM finding that 16% of breaches now involve AI-driven attacks. * [04:50] Why Your Technical Controls Don't Stop This: How AI fraud bypasses your MFA and firewall entirely by attacking the human authorization step instead of the technology. * [05:40] Payment Breaches Have Moved to the Browser: E-skimming, Magecart, and formjacking — how card data is stolen as the customer types it, outside your back-end, with your logs showing nothing. * [10:45] The Heartland Paradox: How a fully PCI DSS-compliant company suffered one of the largest card breaches in history, and why compliance is the baseline, not security. * [11:30] What PCI DSS Actually Is: Why it's a contractual standard and not a government regulation, who's in scope, the 12 requirements, the four merchant levels, and the QSA / ROC / SAQ / ASV / AOC vocabulary. * [16:51] PCI DSS v4.0.1 — The Grace Period Is Over: All 64 requirements now mandatory, the payment page as an explicit attack surface, expanded MFA, 12-character passwords, and the annual risk analysis. * [20:47] How PCI Is Enforced and What a Breach Costs: The $5,000–$100,000 monthly fines, the $50–$90 per-record breach math, and why a breach can shut a smaller business down for good. * [23:33] NACHA — The New ACH Fraud Rules Live This Week: How Phase 2 eliminated the volume threshold, the new "False Pretenses" category targeting credit-push fraud, and why the receiving bank now shares the monitoring duty. Mission Links: * Verify your Security Posture: https://watchur6.com/secure [https://watchur6.com/secure] * Want to Hire us: https://watchur6.com/contact/ [https://watchur6.com/contact/] * View the Show Notes: https://watchur6.com/podcast/021-ai-voice-fraud-payment-breaches-pci-dss-nacha/ [https://watchur6.com/podcast/021-ai-voice-fraud-payment-breaches-pci-dss-nacha/] * Read the Associated Sitrep: The NACHA 2026 Fraud Monitoring Rules — A Finance Leader's Guide to ACH Credit-Push Compliance: https://watchur6.com/sitrep/compliance-protocols/nacha-2026-fraud-monitoring-rules-ach-compliance/ [https://watchur6.com/sitrep/compliance-protocols/nacha-2026-fraud-monitoring-rules-ach-compliance/]
21 Folgen
Kommentare
0Sei die erste Person, die kommentiert
Melde dich jetzt an und werde Teil der STATUS: SECURE – The Cyber Threat Briefing-Community!