Phone: 412-802-8000 | Fax: 412-802-8510|

CyFin Program

/CyFin Program
CyFin Program 2018-05-18T09:02:56+00:00


The Cyber Financial (CyFin) Program was established in 2007 to disrupt cyber threats to the financial services industry, specifically spam-driven securities fraud and money laundering. We continue to collaborate with the brokerage sector in addition to the banking, insurance, and payments sectors and the travel services industry. We focus on threats which use technical means, such as botnets, malware, phishing and social engineering, to achieve economic and/or strategic gain. These incidents often involve account intrusions, ATM and point-of-sale (POS) intrusions, fraud, human trafficking, identity theft, illicit travel, money laundering and, at times, attacks on financial infrastructure and terrorist financing. Our team of experienced intelligence analysts uses diverse skills, such as complex link analysis and strategic foreign languages, to disseminate intelligence on these threats. This intelligence has enabled industries to prevent billions of dollars in economic loss, and it has assisted law enforcement in the disruption of major cyber threats.


Our team does so through the following initiatives.

  • ATM and POS. We have several initiatives to identify, mitigate, and disrupt threats to ATMs and POSs.
    • The Common Point-of-Purchase (CPP) Initiative alerts acquirers, issuers, payment networks and law enforcement to POSs from which payment card data is stolen (i.e. CPP) in order to detect intrusions earlier, inform industry and law enforcement of the causes and scales of these intrusions, and prevent economic loss.
    • The Skimming Initiative alerts financial institutions, merchants, and local, state and federal law enforcement to incidents which involve the use of shimmers and skimmers at ATMs and POSs, in which they have a common interest.
  • Banking, Brokerage, and Insurance. We collaborate with banks, brokerage firms, and insurance companies to identify, mitigate, and disrupt account intrusions, bank fraud, identity theft, securities fraud, and money laundering. We have several initiatives which focus on specific large issues, all of which involve money laundering.
    • The Brokerage Initiative focuses on the use of botnets, malware, phishing, and social engineering to commit securities fraud.
    • The Business Email Compromise (BEC) Initiative focuses on the use of compromised and spoofed business email accounts to convince employees to transfer funds from their employers to illegitimate parties.
    • The Synthetic Identity Fraud Initiative focuses on the use of false and stolen identities (i.e. synthetic identities) to secure credit.
    • The Real-Time Payments Initiative focuses on the use of real-time payments in fraud and money laundering.
  • Cyber Threat Groups. We collaborate with financial institutions and law enforcement to identify, mitigate, and disrupt major cyber threat groups. These groups seek to steal funds for economic gain and/or seek to attack the financial infrastructure of the US and other countries for strategic gain.¬†We have a specific focus on threats which originate from Central and Eastern Europe (CEE), Asia Pacific (APAC), and West Africa.
  • Human Trafficking. We collaborate with airlines, financial institutions, merchants, and law enforcement to identify, mitigate, and disrupt cyber-enabled human trafficking.
  • Travel Fraud. We collaborate with airlines and other travel services, financial institutions, and law enforcement to identify, mitigate, and disrupt the online sale, distribution, and use of tickets which were bought with stolen payment card data or stolen rewards.