Phone: 412-802-8000 | Fax: 412-802-8510|

CyFin Program

/CyFin Program
CyFin Program 2018-10-12T12:04:04+00:00


The Cyber Financial (CyFin) Program was established in 2007 to disrupt cyber threats to the financial services industry, specifically spam-driven securities fraud and money laundering. We continue to collaborate with the brokerage sector in addition to the banking, insurance, and payments sectors and the travel services industry. We focus on threats which use technical means, such as botnets, malware, phishing and social engineering, to achieve economic and/or strategic gain. These incidents often involve account intrusions, ATM and point-of-sale (POS) intrusions, fraud, human trafficking, identity theft, illicit travel, money laundering and, at times, attacks on financial infrastructure and terrorist financing. Our team of experienced intelligence analysts uses diverse skills, such as complex link analysis and strategic foreign languages, to disseminate intelligence on these threats. This intelligence has enabled industries to prevent billions of dollars in economic loss, and it has assisted law enforcement in the disruption of major cyber threats.


The ATM and Point-of-Sale (POS) initiative enables financial institutions, merchants, and law enforcement to mitigate, prevent, and disrupt the theft of card data. We have an effort in which issuers share information on locations from which card data is stolen so that acquirers, issuers, networks, merchants, and law enforcement can detect and remediate breaches much earlier and reduce economic loss. This information has enabled financial institutions, merchants, and law enforcement to confirm some of the largest breaches. The NCFTA issues intelligence reports on a weekly and annual basis. We also collect and analyze information from financial institutions and local, state, and federal law enforcement on incidents which involve the use of skimmers and enable them to collaborate on cases which involve the same suspects.

The Banking, Brokerage, and Insurance Initiative enables financial institutions to mitigate, prevent, and disrupt account intrusions, bank fraud, identity theft, securities fraud, and money laundering. In 2007, we established the Program to address spam-driven securities fraud and money laundering. We continue to do so and have efforts to specifically address the intrusion and misuse of business email accounts (i.e. business email compromise), the use of false and stolen identities to bust out credit (i.e. synthetic identity fraud), real-time payments. We use critical foreign languages and complex link analysis to build intelligence on robust services which launder funds for organized cybercrime groups in Asia Pacific (APAC), Central and Eastern Europe (CEE), and West Africa. We also address criminal and state-affiliated threats to the infrastructure of the financial services industry. The NCFTA issues intelligence reports and hosts webinars and working groups to focus on these topics on a regular basis.

The Human Trafficking Initiative enables airlines, financial institutions, and law enforcement to mitigate, prevent, and disrupt transactions and travel related to human trafficking. The NCFTA issues intelligence reports on an ad hoc and quarterly basis.

The Travel Fraud Initiative enables airlines, other travel services, and law enforcement to mitigate, prevent, and disrupt actors who use stolen cards or points to buy tickets to travel. The NCFTA has collaborated with the European Cybercrime Centre (EC3) and Europol in the Global Airline Action Day to do so on a global scale. The NCFTA also has a channel through which such intelligence is shared on a daily basis.