An effective currency needs to be widely accepted, easy to use, and stable in value. By now most of us have recognized that cryptocurrencies fail at all three things, despite lofty ideals revolving around decentralization, transparency, and trust. But that doesn’t mean that all digital currencies or payment systems are doomed to failure. [Roni] has been working on an off-grid digital payment node called Meshtbank, which works on a much smaller scale and could be a way to let a much smaller community set up a basic banking system.
The node uses Meshtastic as its backbone, letting the payment system use the same long-range low-power system that has gotten popular in recent years for enabling simple but reliable off-grid communications for a local area. With Meshtbank running on one of the nodes in the network, accounts can be created, balances reported, and digital currency exchanged using the Meshtastic messaging protocols. The ledger is also recorded, allowing transaction histories to be viewed as well.
A system like this could have great value anywhere barter-style systems exist, or could be used for community credits, festival credits, or any place that needs to track off-grid local transactions. As a thought experiment or proof of concept it shows that this is at least possible. It does have a few weaknesses though — Meshtastic isn’t as secure as modern banking might require, and the system also requires trust in an administrator. But it is one of the more unique uses we’ve seen for this communications protocol, right up there with a Meshtastic-enabled possum trap.
Banks have always been technology pioneers, yet many are now prisoners of their own legacy. Despite spending more on IT than any other major industry and funneling over $2.8 trillion into digital transformation since 2011, too many retail banks still can’t deliver the seamless digital experiences customers expect.
My company, Baringa, recently surveyed 4,000 customers and 400 banking executives across the UK and US, revealing a widening disconnect between customer expectations and what banks can deliver.
More than one in three customers (35%) have switched banks in the past five years, most in search of better digital experiences, not better rates. And 68% of banking executives admit that their existing technology architecture actively hinders their ability to meet customer needs.
Mobile is now the dominant channel, with 45% of customers using it as their primary means of banking. Yet, it’s also the most requested area for improvement, with 44% wanting a better mobile experience. Customers want personalized, intuitive and secure interactions but instead, they encounter friction.
The result? Diminishing loyalty in an age when switching bank accounts is as simple as a few taps on a screen.
The problem isn’t a lack of investment. Yes, the cost is high, but effective treatment strategies are available to manage this condition. It’s the age and complexity of the systems beneath the surface that is the true problem. Our survey found that 63% of banks still rely on code written before the year 2000, while 67% say their entire technology stack would fail if the oldest systems stopped working. Even more worryingly, 77% report that only “one or two people” in their organization still have the skills to maintain this code and most are nearing retirement.
In other words, critical national infrastructure in banking runs on software designed before the internet age. This outdated technology creates three compounding problems:
The result is a vicious cycle. Every dollar spent patching and upgrading outdated systems is a dollar diverted from the modernization that could restore customer loyalty.
There is a path forward, but it demands decisive action. From our work across global banking and markets, we consistently see these issues and we believe these can be addressed over the long term with the following three strategies.
Banks need to start with truly understanding why (customer needs) and how their customers want to interact (experience) with their services, then define how they are going to differentiate. Technology alone will not win back loyalty. Sometimes, the greatest return comes from improving service, trust or personalization rather than layering on more tech.
Research from Forrester shows that banks leading in personalized digital experiences achieve up to 25% higher retention and a 20% uplift in cross-sell success. Conversely, institutions that rush infrastructure spend without redefining customer value risk building faster versions of the same old experience.
For many banks, the technological foundations are simply too old to adapt. If two-thirds of institutions say their operations would cease if legacy systems failed, the cost of inaction now exceeds the cost of replacement.
The answer lies in defining a technology strategy around a digital spine. A modular architecture that allows agility, integration and personalization at scale and is centered around three design principles:
This build-buy-integrate approach allows banks to modernize strategically and maintain control where it matters, while reducing cost and delivery risk elsewhere.
It’s also how challenger banks are winning. Monzo, for instance, built its business on this philosophy, focusing on customer differentiation through a lightweight, API-driven core. As its ex-CEO, TS Anil, recently noted, Monzo has become “a scaling, profitable digital bank with a world-class user experience that customers don’t just like, but love.”
Finally, transformation can no longer be treated as a one-off program. Modernization must become a continuous capability, not a project with an end date. For banks to break free of legacy constraints, the following considerations are essential:
Banks stand at a crossroads. 68% of executives acknowledge that legacy technology is holding them back. Every quarter spent maintaining outdated systems compounds risk, cost and customer attrition.
But those that act now and redefine their customer proposition, rebuild their digital spine and embed continuous change, will turn technology from a constraint into a competitive edge.
The future belongs to banks that leave legacy behind and build loyalty by design.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
In a recent report, Republicans on the House Financial Services Committee unveiled alarming findings related to Operation Chokepoint 2.0, revealing that at least 30 crypto firms have been debanked over the past years.
The investigation, which began in the 118th Congress, sought to uncover coordinated efforts by the Biden Administration to hinder digital asset businesses and individuals from accessing essential financial services.
The report details how regulators under the Biden Administration employed “vague rules” and excessive discretion to discourage banks from serving clients in the digital asset space.
The Republicans further asserted that these regulators pressured financial institutions to distance themselves from digital asset clients through informal guidance, enforcement actions, and a lack of clear regulations, removing them from the financial system.
Chairman Hill commented on the implications of this approach, stating, “Targeting Americans over their political views erodes trust in the financial system and undermines the core freedoms our nation was founded on.”
However, Hill voiced confidence in repairing the damage done by the Biden administration, citing the current era of advancement for digital assets under President Trump, who has already signed one crypto bill—the GENIUS Act—and may soon sign the CLARITY Act.
The report also highlighted that “informal communications,” such as interagency statements and interpretive letters, have specifically been used to discourage banks and other financial entities from working with digital asset firms.
Key points raised in the report by Republicans include a failure by the Biden Administration to create a clear crypto regulatory regime, which has enabled federal financial regulators to effectively stifle innovation and limit activity within the sector.
Rather than fostering a supportive environment for digital asset projects, Republicans claim that the administration’s approach leaned toward enforcement-based regulation, which further complicated matters for crypto firms.
The report underscored the characterization of the digital asset ecosystem by the Biden Administration as prone to volatility and risk, particularly citing concerns over compliance with anti-money laundering (AML). However, Republicans argued that these concerns do not justify the aggressive tactics employed against the industry.
The report also highlighted the roles of key regulators such as the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
These entities, according to the report, failed to establish a coherent regulatory framework for digital assets and have resorted to enforcement actions against companies engaged in this market.
Subcommittee Chair Meuser remarked, “This report documents how Obama-era practices were revived and expanded under President Biden—through pause letters, informal pressure campaigns, and regulation by enforcement that forced U.S. companies offshore.”
He called attention to the leadership of individuals like President Trump, Secretary Bessent, Vice Chair Bowman, Comptroller Gould, and Acting Chair Hill, who are credited with restoring fairness and clarity in bank supervision.
While the industry has seen major shifts under President Trump’s administration, Meuser stressed the need for Congress to codify protections against similar actions in the future, to prevent any resurgence of Operation Chokepoint.
Featured image from DALL-E, chart from TradingView.com
A House Republican lawmaker is "cautiously optimistic" President Donald Trump will move forward with marijuana rescheduling before the November 2026 midterms.
Rumors swirl around President Trump’s marijuana rescheduling plans is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs
Compliance is no longer the brake on digital transformation. It is the steering system that determines how fast and how far innovation can go. In sectors such as healthcare, insurance, manufacturing, and banking, regulation defines how fast and how far innovation can progress. When compliance becomes an architectural principle rather than a procedural constraint, it transforms from a cost center to a competitive edge.
But in the past decade, leading enterprise transformation across these industries, I’ve learned that compliance isn’t the enemy of innovation. It’s the foundation of digital confidence. When handled strategically, compliance can evolve from a passive checklist into an active driver of resilience, trust and growth.
The enterprises that thrive in today’s regulated world share a common trait: they design their technology, data and culture to make compliance an enabler, not a barrier.
Across regulated industries, the paradox is striking. Regulations grow more complex each year, yet the demand for agility and innovation grows just as fast.
Each industry has its own acronym soup of regulation, but the underlying challenge is the same: enterprises must prove what they know, how they know it and how responsibly they use it. For CIOs, this means leading ecosystems that are innovative, interoperable and fully auditable simultaneously.
In one large healthcare transformation I led, the audit process for claims and provider data reconciliation took more than a month and consumed hundreds of manual hours. By embedding audit trails directly into workflow engines and metadata layers, we reduced preparation time by 70% and achieved complete transparency for regulators and internal reviewers.
This experience reinforced a key lesson: compliance should be built into the architecture, not appended after deployment.
I’ve seen similar results in other sectors.
These examples prove a point: compliance, when operationalized, becomes a differentiator. It transforms oversight into foresight.
Technology rarely fails because of a lack of innovation. It fails when organizations lack the governance maturity to scale innovation responsibly.
Too often, compliance is viewed as a bottleneck. It’s a scalability accelerator when embedded early.
According to Gartner, organizations with mature data-governance practices are three times more likely to achieve measurable business outcomes from AI programs. McKinsey’s analysis shows that AI deployments in regulated sectors with built-in compliance design achieve 20–30% faster adoption and reduce audit findings by half.
The shift begins when leaders see compliance not as external policing but as internal assurance. A well-designed governance framework turns regulation into predictability. Predictability, in turn, builds trust, and trust is what enables adoption at scale.
In one cross-industry transformation roundtable I facilitated, a manufacturing CIO said something that stayed with me: “Compliance doesn’t slow us down. It prevents us from having to stop.” That insight captures the new reality. In regulated industries, digital maturity is measured not by how quickly you deploy AI, but by how confidently you can defend and explain it.
When governance and compliance converge, they unlock a feedback loop of trust. Consider a payer-provider network that unified its claims, care and compliance data into a single “truth layer.” Not only did this integration reduce audit exceptions by 45%, but it also improved member-satisfaction scores because interactions became transparent and consistent.
The pattern is consistent: when compliance data feeds into operational decision-making, it creates a growth multiplier. Transparency isn’t just a legal requirement; it’s a market advantage. When governance and compliance share data pipelines instead of separate dashboards, they move from passive monitoring to active performance management, transforming risk control into business acceleration.
No transformation from compliance to confidence happens without leadership alignment. The CIO sits at the intersection of technology, policy and culture and therefore carries the greatest influence over whether compliance is reactive or proactive.
Here are four imperatives every CIO in a regulated enterprise should champion:
Governance is not documentation. Its design. CIOs must ensure that auditability, traceability and explainability are engineered into systems from day one.
For example, instead of creating external audit logs, modern architectures can use blockchain-based or immutable metadata records to self-document every change. In my experience, systems built this way reduce compliance reporting time by 40–50% while improving internal confidence in data quality.
Many enterprises still treat compliance as a department instead of a discipline. The CIO must align data governance, risk management and IT controls into one cohesive framework.
Cross-functional governance councils that include compliance officers, business heads and data owners help make compliance a shared accountability not an afterthought.
Technology maturity alone is not enough. The workforce must trust the system. When employees understand how AI or analytics systems make decisions, they become more confident using them.
In one insurance contact center, we trained representatives on how the AI recommendation engine worked. Within two months, adoption rose 37% and call-resolution accuracy improved significantly. Transparency builds human alignment.
AI ethics is no longer philosophical; it’s operational. The CIO must ensure algorithms are tested for fairness, bias and explainability before deployment. Tools like Google’s What-If Tool and IBM’s AI Fairness 360 provide practical methods for continuous assurance.
As regulatory frameworks like the EU AI Act and US Algorithmic Accountability Act evolve, ethical compliance will define enterprise reputation. CIOs who prepare early will not just pass audits they’ll earn stakeholder trust.
Measuring Progress: CIOs should define success not only by audit completion rates but by trust readiness metrics, for example, governance-maturity scores, audit-cycle speed or AI-model explainability indexes. These indicators convert compliance from a legal requirement into a performance KPI, signaling to boards and regulators that trust is being operationalized.
Ultimately, the modern CIO’s role extends far beyond systems integration. It’s about trust integration connecting people, policy and platforms under a single banner of accountability.
Confidence is not the absence of regulation; it’s mastery of it. A confident enterprise doesn’t fear audits because its systems are inherently explainable. It doesn’t delay innovation because its teams understand how to govern data responsibly. It doesn’t treat compliance as a paperwork exercise; it sees it as a performance framework. Consider what “confidence” looks like across industries:
Confidence grows when leadership builds systems that are transparent by design, not by request.
This shift is gaining policy traction worldwide. The EU AI Act requires enterprises to maintain verifiable documentation on AI systems’ training data, bias tests and human oversight. Similarly, the proposed U.S. Algorithmic Accountability Act pushes organizations to conduct regular impact assessments. Together, these frameworks formalize what leading CIOs already practice: governance as a continuous, auditable process rather than a reactive audit cycle.
According to Deloitte’s 2025 outlook, 70% of CEOs in regulated industries now see “digital trust” as a direct growth lever. Companies that combine compliance automation with clear governance frameworks experience 20% higher stakeholder trust ratings and outperform peers on market reputation. In practical terms, moving from compliance to confidence means:
The result is not just regulatory alignment, it’s operational resilience and reputational strength.
As AI reshapes every sector, regulation will continue to evolve faster than technology stacks. Enterprises that succeed will be those that internalize compliance as part of their DNA.
In healthcare, this means using AI responsibly to support clinical and administrative workflows. In insurance, it means linking predictive analytics to transparent customer journeys. In manufacturing, it means aligning IoT and sustainability reporting under one trusted data fabric. In banking, it means moving from algorithmic opacity to algorithmic accountability. The future will belong to organizations that govern as they innovate.
CIOs are at the epicenter of this shift. CIOs are now the custodians of digital trust, responsible not only for running systems but for ensuring that every line of code and every algorithm earns confidence from regulators, customers and employees. The real competitive edge in a regulated world isn’t speed or scale. It’s trust engineered through transparency and sustained by governance-driven leadership.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
The accord covers two major legislative texts: the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3).
The post EU Reaches Landmark Deal to Curb Online Payment Fraud appeared first on TechRepublic.
The accord covers two major legislative texts: the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3).
The post EU Reaches Landmark Deal to Curb Online Payment Fraud appeared first on TechRepublic.
The U.S. Supreme Court will discuss next month whether to hear a challenge to federal marijuana prohibition.
As marijuana rescheduling stalls, industry turns to Supreme Court is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs
The rollout allows individuals to consolidate account information from multiple banks into a single application.
The post Open Banking Launches in Switzerland appeared first on TechRepublic.
The rollout allows individuals to consolidate account information from multiple banks into a single application.
The post Open Banking Launches in Switzerland appeared first on TechRepublic.
Bitcoin Magazine
Strike CEO Jack Mallers Debanked by JPMorgan as Bank Faces Epstein Tensions
Strike CEO Jack Mallers said JPMorgan Chase abruptly closed his personal bank accounts last month without providing a clear explanation, sparking fresh debate over the banking industry’s treatment of crypto executives.
“Last month, J.P. Morgan Chase threw me out of the bank. It was bizarre. My dad has been a private client there for 30+ years,” Mallers wrote on social media platform X. When he pressed the bank for details, he said the only response was, “We aren’t allowed to tell you.”
Mallers shared a letter from JPMorgan Chase, which cited unspecified “concerning activity” on his accounts. The letter, which Mallers jokingly said he had framed, noted the bank’s obligations under the Bank Secrecy Act and warned that Chase “may not be able to open new accounts” for him in the future.
The revelation has reignited industry concerns over “Operation Chokepoint 2.0,” an alleged Biden-era initiative that sought to pressure banks into limiting services to crypto businesses and executives. The program’s existence has long been disputed, but critics say debanking remains a threat to the sector.
In August, President Donald Trump signed an executive order prohibiting financial institutions from closing accounts solely because of crypto-related activity. Trump’s Working Group on Digital Asset Markets said the administration had “ended Operation Choke Point 2.0 once and for all by working to end regulatory efforts that deny banking services to the digital assets industry.”
Despite this, industry figures quickly questioned whether debanking had truly stopped. Bo Hines, a former adviser on digital assets in the Trump administration and current strategic advisor to Tether, mocked Chase on X: “Hey Chase… you guys know Operation Choke Point is over, right? Just checking.”
Tether CEO Paolo Ardoino also commented on Mallers’ post, writing that the account closure might be “for the best.” In a separate post, Ardoino framed the situation as a testament to Bitcoin’s resilience: “Bitcoin will resist the test of time. Those organizations that try to undermine it will fail and become dust. Simply because they can’t stop people’s choice to be free.”
Senator Cynthia Lummis chimed in on the incident, “Operation Chokepoint 2.0 regrettably lives on. Policies like JP Morgan’s undermine confidence in traditional banks and send the digital asset industry overseas,” Lummis said on X. “It’s past time we put Operation Chokepoint 2.0 to rest to make America the digital asset capital of the world.”
Mallers, who has a history of publicly calling out JPMorgan’s CEO Jamie Dimon, used the moment to promote Bitcoin. He posted on X: “Seek truth. Stand with integrity. Fight for freedom. Protect Bitcoin at all costs.” Mallers also leads Twenty One, a public company backed by Tether and Bitfinex, which aims to rival Michael Saylor’s Strategy in acquiring bitcoin.
The incident has drawn further scrutiny amid ongoing controversy over JPMorgan’s past dealings. Mallers referenced a post by Senator Ron Wyden highlighting that JPMorgan executives were allegedly aware of $1 billion in suspicious transactions linked to Jeffrey Epstein.
While the bank has not elaborated on the “concerning activity” cited in Mallers’ case, the closure highlights the broader tension between crypto executives and traditional financial institutions. Industry observers say such actions continue to fuel fears of politically motivated or opaque “debanking,” even as regulators emphasize compliance and risk management obligations.
Senator Ron Wyden criticized JPMorgan Chase for evading accountability over its relationship with Jeffrey Epstein, rejecting the bank’s attempt to blame a single former employee.
Wyden highlighted that multiple executives, including Mary Erdoes and Jes Staley, ignored internal warnings and delayed filing Suspicious Activity Reports (SARs) for six years after terminating Epstein in 2013, potentially violating federal law.
The bank’s response lacked evidence countering reports that top leadership enabled Epstein’s crimes. Wyden issued a letter demanding extensive internal documents, communications, and transaction records to investigate who knew what, why Epstein remained a client, and the delay in regulatory reporting, signaling a call for federal scrutiny.
Last month, JPMorgan research suggested that Bitcoin may be undervalued relative to gold, with potential to reach $165,000 if the “debasement trade” continues gaining momentum. Analysts note that recent gold price gains make Bitcoin more attractive, especially as the Bitcoin-to-gold volatility ratio drops below 2.0.
Based on volatility-adjusted comparisons, JPMorgan estimated Bitcoin’s $2.3 trillion market cap would need a roughly 42% increase to match gold’s $6 trillion in bars, coins, and ETFs.
This post Strike CEO Jack Mallers Debanked by JPMorgan as Bank Faces Epstein Tensions first appeared on Bitcoin Magazine and is written by Micah Zimmerman.
The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040.
At Kaspersky, we track how this surge in online shopping activity is mirrored by cyber threats. In 2025, we observed attacks which targeted not only e‑commerce platform users but online shoppers in general, including those using digital marketplaces, payment services and apps for everyday purchases. This year, we additionally analyzed how cybercriminals exploited gaming platforms during Black Friday, as the gaming industry has become an integral part of the global sales calendar. Threat actors have been ramping up their efforts during peak sales events like Black Friday, exploiting high demand and reduced user vigilance to steal personal data, funds, or spread malware.
This report continues our annual series of analyses published on Securelist in 2021, 2022, 2023, and 2024, which examine the evolving landscape of shopping‑related cyber threats.
To track how the shopping threat landscape continues to evolve, we conduct an annual assessment of the most common malicious techniques, which span financial malware, phishing pages that mimic major retailers, banks, and payment services, as well as spam campaigns that funnel users toward fraudulent sites. In 2025, we also placed a dedicated focus on gaming-related threats, analyzing how cybercriminals leverage players’ interest. The threat data we rely on is sourced from the Kaspersky Security Network (KSN), which processes anonymized cybersecurity data shared consensually by Kaspersky users. This report draws on data collected from January through October 2025.
Phishing and scams remain among the most common threats for online shoppers, particularly during high-traffic retail periods when users are more likely to act quickly and rely on familiar brand cues. Cybercriminals frequently recreate the appearance of legitimate stores, payment pages, and banking services, making their fraudulent sites and emails difficult to distinguish from real ones. With customers navigating multiple offers and payment options, they may overlook URL or sender details, increasing the likelihood of credential theft and financial losses.
From January through to October 2025, Kaspersky products successfully blocked 6,394,854 attempts to access phishing links which targeted users of online stores, payment systems, and banks. Breaking down these attempts, 48.21% had targeted online shoppers (for comparison, this segment accounted for 37.5% in 2024), 26.10% targeted banking users (compared to 44.41% in 2024), and 25.69% mimicked payment systems (18.09% last year). Compared to previous years, there has been a noticeable shift in focus, with attacks against online store users now representing a larger share, reflecting cybercriminals’ continued emphasis on exploiting high-demand retail periods, while attacks on banking users have decreased in relative proportion. This may be related to online banking protection hardening worldwide.
In 2025, Kaspersky products detected and blocked 606,369 phishing attempts involving the misuse of Amazon’s brand. Cybercriminals continued to rely on Amazon-themed pages to deceive users and obtain personal or financial information.
Other major e-commerce brands were also impersonated. Attempts to visit phishing pages mimicking Alibaba brands, such as AliExpress, were detected 54,500 times, while eBay-themed pages appeared in 38,383 alerts. The Latin American marketplace Mercado Libre was used as a lure in 8,039 cases, and Walmart-related phishing pages were detected 8,156 times.
In 2025, phishing campaigns also extensively mimicked other online platforms. Netflix-themed pages were detected 801,148 times, while Spotify-related attempts reached 576,873. This pattern likely reflects attackers’ continued focus on high-traffic digital entertainment services with in-service payments enabled, which can be monetized via stolen accounts.
In 2025, Black Friday-related scams continued to circulate across multiple channels, with fraudulent email campaigns remaining one of the key distribution methods. As retailers increase their seasonal outreach, cybercriminals take advantage of the high volume of promotional communications by sending look-alike messages that direct users to scam and phishing pages. In the first two weeks of November, 146,535 spam messages connected to seasonal sales were detected by Kaspersky, including 2,572 messages referencing Singles day sales.
Scammers frequently attempt to mimic well-known platforms to increase the credibility of their messages. In one of the recurring campaigns, a pattern seen year after year, cybercriminals replicated Amazon’s branding and visual style, promoting supposedly exclusive early-access discounts of up to 70%. In this particular case, the attackers made almost no changes to the text used in their 2024 campaign, again prompting users to follow a link leading to a fraudulent page. Such pages are usually designed to steal their personal or payment information or to trick the user into buying non-existent goods.
Beyond the general excitement around seasonal discounts, scammers also try to exploit consumers’ interest in newly released Apple devices. To attract attention, they use the same images of the latest gadgets across various mailing campaigns, just changing the names of legitimate retailers that allegedly sell the brand.
 |
 |
As subscription-based streaming platforms also take part in global sales periods, cybercriminals attempt to take advantage of this interest as well. For example, we observed a phishing website where scammers promoted an offer for a “12-month subscription bundle” covering several popular services at once, asking users to enter their bank card details. To enhance credibility, the scammers also include fabricated indicators of numerous successful purchases from other “users,” making the offer appear legitimate.
In addition to imitating globally recognized platforms, scammers also set up fake pages that pretend to be local services in specific countries. This tactic enables more targeted campaigns that blend into the local online landscape, increasing the chances that users will perceive the fraudulent pages as legitimate and engage with them.
Non-existent Norwegian online store and popular Labubu toys sale
Banking Trojans, or “bankers,” are another tool for cybercriminals exploiting busy shopping seasons like Black Friday in 2025. They are designed to steal sensitive data from online banking and payment systems. In this section, we’ll focus on PC bankers. Once on a victim’s device, they monitor the browser and, when the user visits a targeted site, can use techniques like web injection or form-grabbing to capture login credentials, credit card information, and other personal data. Some trojans also watch the clipboard for crypto wallet addresses and replace them with those controlled by the malicious actors.
As online shopping peaks during major sales events, attackers increasingly target e-commerce platforms alongside banks. Trojans may inject fake forms into legitimate websites, tricking users into revealing sensitive data during checkout and increasing the risk of identity theft and financial fraud. In 2025, Kaspersky detected over 1,088,293* banking Trojan attacks. Among notable banker-related cases analysed by Kaspersky throughout the year, campaigns involving the new Maverick banking Trojan distributed via WhatsApp, as well as the Efimer Trojan which spread through malicious emails and compromised WordPress sites can be mentioned, both illustrating how diverse and adaptive banking Trojan delivery methods are.
*These statistics include globally active banking malware, and malware for ATMs and point-of-sale (PoS) systems. We excluded data on Trojan-banker families that no longer use banking Trojan functionality in their attacks, such as Emotet.
Apparently, even the criminal underground follows its own version of a holiday sales season. Once data is stolen, it often ends up on dark-web forums, where cybercriminals actively search for buyers. This pattern is far from new, and the range of offers has remained largely unchanged over the past two years.
Threat actors consistently seize the opportunity to attract “new customers,” advertising deep discounts tied to high-profile global sales events. It is worth noting that year after year we see the same established services announce their upcoming promotions in the lead-up to Black Friday, almost as if operating on a retail calendar of their own.
We also noted that dark web forum participants themselves eagerly await these seasonal markdowns, hoping to obtain databases at the most favorable rates and expressing their wishes in forum posts. In the months before Black Friday, posts began appearing on carding-themed forums advertising stolen payment-card data at promotional prices.
The gaming industry faces a high concentration of scams and other cyberthreats due to its vast global audience and constant demand for digital goods, updates, and in-game advantages. Players often engage quickly with new offers, making them more susceptible to deceptive links or malicious files. At the same time, the fact that gamers often download games, mods, skins etc. from third-party marketplaces, community platforms, and unofficial sources creates additional entry points for attackers.
The number of attempted attacks on platforms beloved by gamers increased dramatically in 2025, reaching 20,188,897 cases, a sharp rise compared to previous years.
The nearly sevenfold increase in 2025 is most likely linked to the Discord block by some countries introduced at the end of 2024. Eventually users rely on alternative tools, proxies and modified clients. This change significantly expanded the attack surface, making users more vulnerable to fake installers, and malicious updates disguised as workarounds for the restriction.
It can also be seen in the top five most targeted gaming platforms of 2025:
| Platform | The number of attempted attacks |
| Discord | 18,556,566 |
| Steam | 1,547,110 |
| Xbox | 43,560 |
| Uplay | 28,366 |
| Battle.net | 5,538 |
In previous years, Steam consistently ranked as the platform with the highest number of attempted attacks. Its extensive game library, active modding ecosystem, and long-standing role in the gaming community made it a prime target for cybercriminals distributing malicious files disguised as mods, cheats, or cracked versions. In 2025, however, the landscape changed significantly. The gap between Steam and Discord expanded to an unprecedented degree as Steam-related figures remained within their typical fluctuation range of the past five years, while the number of attempted Discord-disguised attacks surged more than 14 times compared to 2024, reshaping the hierarchy of targeted gaming platforms.
Attempts to attack users through malicious or unwanted files disguised as Steam and Discord throughout the reported period (download)
From January to October, 2025, cybercriminals used a variety of cyberthreats disguised as popular related to gamers platforms, modifications or circumvention options. RiskTool dominated the threat landscape with 17,845,099 detections, far more than any other category. Although not inherently malicious, these tools can hide files, mask processes, or disable programs, making them useful for stealthy, persistent abuse, including covert crypto-mining. Downloaders ranked second with 1,318,743 detections. These appear harmless but may fetch additional malware among other downloaded files. Downloaders are typically installed when users download unofficial patches, cracked clients, or mods. Trojans followed with 384,680 detections, often disguised as cheats or mod installers. Once executed, they can steal credentials, intercept tokens, or enable remote access, leading to account takeovers and the loss of in-game assets.
| Threat | Gaming-related detections |
| RiskTool | 17,845,099 |
| Downloader | 1,318,743 |
| Trojan | 384,680 |
| Adware | 184,257 |
| Exploit | 152,354 |
In addition to tracking malicious and unwanted files disguised as gamers’ platforms, Kaspersky experts also analysed phishing pages which impersonated these services. Between January and October 2025, Kaspersky products detected 2,054,336 phishing attempts targeting users through fake login pages, giveaway offers, “discounted” subscriptions and other scams which impersonated popular platforms like Steam, PlayStation, Xbox and gaming stores.
Example of Black Friday scam using a popular shooter as a lure
The page shown in the screenshot is a typical Black Friday-themed scam that targets gamers, designed to imitate an official Valorant promotion. The “Valorant Points up to 80% off” banner, polished layout, and fake countdown timer create urgency and make the offer appear credible at first glance. Users who proceed are redirected to a fake login form requesting Riot account credentials or bank card details. Once submitted, this information enables attackers to take over accounts, steal in-game assets, or carry out fraudulent transactions.
Minor text errors reveal the page’s fraudulent nature. The phrase “You should not have a size limit of 5$ dollars in your account” is grammatically incorrect and clearly suspicious.
Another phishing page relies on a fabricated “Winter Gift Marathon” that claims to offer a free $20 Steam gift card. The seasonal framing, combined with a misleading counter (“251,110 of 300,000 cards received”), creates an artificial sense of legitimacy and urgency intended to prompt quick user interaction.
The central component of the scheme is the “Sign in” button, which redirects users to a spoofed Steam login form designed to collect their credentials. Once obtained, attackers can gain full access to the account, including payment methods, inventory items, and marketplace assets, and may be able to compromise additional services if the same password is used elsewhere.
 |
 |
Scams themed around the PlayStation 5 Pro and Xbox Series X appear to be generated from a phishing kit, a reusable template that scammers adapt for different brands. Despite referencing two consoles, both pages follow the same structure which features a bold claim offering a chance to “win” a high-value device, a large product image on the left, and a minimalistic form on the right requesting the user’s email address.
A yellow banner promotes an “exclusive offer” with “limited availability,” pressuring users to respond quickly. After submitting an email, victims are typically redirected to additional personal and payment data-collection forms. They also may later be targeted with follow-up phishing emails, spam, or malicious links.
In 2025, the ongoing expansion of global e-commerce continued to be reflected in the cyberthreat landscape, with phishing, scam activity, and financial malware targeting online shoppers worldwide. Peak sales periods once again created favorable conditions for fraud, resulting in sustained activity involving spoofed retailer pages, fraudulent email campaigns, and seasonal spam.
Threat actors also targeted users of digital entertainment and subscription services. The gaming sector experienced a marked increase in malicious activity, driven by shifts in platform accessibility and the widespread use of third-party tools. The significant rise in malicious detections associated with Discord underscored how rapidly attackers adjust to changes in user behavior.
Overall, 2025 demonstrated that cybercriminals continue to leverage predictable user behavior patterns and major sales events to maximize the impact of their operations. Consumers should remain especially vigilant during peak shopping periods and use stronger security practices, such as two-factor authentication, secure payment methods, and cautious browsing. A comprehensive security solution that blocks malware, detects phishing pages, and protects financial data can further reduce the risk of falling victim to online threats.
Bitcoin Magazine
U.S. Regulator Allows Banks to Hold Crypto for Blockchain Fees
The U.S. Office of the Comptroller of the Currency (OCC) has given national banks the green light to hold crypto on their balance sheets for the purpose of paying blockchain network fees.
The guidance, issued in interpretive letter No. 1186 today, also allows banks to keep crypto on hand to test internal or third-party crypto platforms.
Blockchain networks require native tokens to process transactions. These fees, often called “gas fees,” are unavoidable.
The OCC said banks can hold the tokens they reasonably anticipate needing. This could include paying fees as part of crypto custody services or facilitating client transactions. The goal is to reduce reliance on third-party providers and lower operational risks.
“Paying network fees is a necessary part of doing business on blockchain networks,” the OCC said. “Holding crypto for this purpose is permissible when it supports otherwise lawful banking activities.”
The guidance emphasizes that these activities are “incidental to the business of banking.” That phrase has weight in regulatory language. It means banks can do it legally, as long as the activity helps them serve customers or operate efficiently.
The OCC even drew parallels to historical banking practices, like holding foreign currency, banknotes, or shares in payment systems to facilitate transactions.
In other words, banks have always needed to hold certain assets to do business. Crypto is just the latest form.
Banks are expected to manage risks carefully. They must track operational, market, liquidity, cybersecurity, and legal risks. The amount of crypto held should remain minimal relative to the bank’s capital.
The letter comes under the leadership of Comptroller Jonathan Gould, a Trump appointee confirmed in July 2025. Under his tenure, the OCC has become more crypto-friendly. Earlier guidance allowed banks to act as nodes on blockchain networks, offer crypto custody services, and work with stablecoins.
Meanwhile, broader rules for stablecoin issuers under the GENIUS Act are still being drafted. But the OCC’s move signals that U.S. regulators are willing to let banks participate in crypto safely and efficiently.
As more banks explore digital assets, this guidance could accelerate adoption. It bridges traditional finance and blockchain, giving banks a clearer path to integrate crypto into everyday operations.
Earlier this year, the OCC issued guidance (Interpretive Letter 1184) allowing national banks and federal savings associations to offer cryptocurrency custody and trading services.
Essentially, banks can buy and sell digital assets on behalf of customers, outsource crypto activities to third parties, and provide related services like recordkeeping, tax reporting, and compliance.
This post U.S. Regulator Allows Banks to Hold Crypto for Blockchain Fees first appeared on Bitcoin Magazine and is written by Micah Zimmerman.
Cannabis operators around the country are staging a tax revolt. Past history suggests it may not work out the way they hope.
Will the cannabis tax revolt succeed? is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs
Financial services are experiencing what economists call a “leapfrog moment” — when outdated infrastructure gets bypassed entirely in favor of newer, more effective solutions. This is happening right now, in developed economies where traditional banking systems struggle to serve businesses that operate beyond their original frameworks.
Consider what happened in China during the 2010s. As Ronit Ghose documents in his recent analysis of global financial evolution (Future Money: Fintech, AI and Web3, 2024), the country moved from a predominantly cash-based society to a cashless one in less than a decade. Entrepreneurs built solutions around the existing system’s limitations. Alipay emerged to solve trust problems in e-commerce. WeChat Pay grew from messaging needs. The result was financial infrastructure that actually matched how people worked and transacted.
The contrast with Western markets is striking. While China was building integrated financial ecosystems, European and American institutions were adding compliance layers to systems designed for a different era. The result is increasing friction for legitimate business activities that don’t fit traditional banking categories.
Recent regulatory developments are accelerating this fragmentation. The Financial Action Task Force (FATF) Travel Rule now requires cryptocurrency service providers to collect and share sender and receiver information for transactions above certain thresholds. This rule is being implemented globally, with different jurisdictions interpreting requirements differently.
In Europe, the Markets in Crypto-Assets (MiCA) regulation became fully operational on December 30, 2024, with the European Securities and Markets Authority (ESMA) guiding implementation through 2025. MiCA introduces comprehensive licensing requirements for crypto service providers and mandates strict consumer protection measures. While these regulations aim to provide clarity, they also create new compliance costs that many smaller providers cannot absorb.
The European Union’s new Anti-Money Laundering Authority is establishing operations in Frankfurt, having already signed formal cooperation agreements with the European Central Bank. This is a major expansion of financial surveillance capabilities across EU member states.
At the same time, central banks worldwide are developing Central Bank Digital Currencies (CBDCs) that promise unprecedented transaction monitoring capabilities. Federal Reserve Vice Chair Michael Barr has emphasized in several occasions that these digital currencies could fundamentally alter how monetary policy is implemented and how financial privacy is managed.
These regulatory changes create practical problems for businesses operating internationally or dealing with digital assets. A consulting firm receiving payments from multiple countries now navigates different reporting requirements in each jurisdiction. A freelancer accepting cryptocurrency payments must comply with Travel Rule requirements that vary by country and transaction size.
The compliance burden disproportionately affects smaller businesses and independent professionals who lack dedicated legal departments. While large corporations can absorb the costs of multi-jurisdictional compliance, not the same can be said about freelancers and small businesses.
This regulatory complexity is driving demand for financial infrastructure that can handle modern business operations without requiring users to become compliance experts. As Ghose observes in his analysis of financial system evolution, successful solutions emerge when they solve specific problems that existing systems cannot address efficiently.
Traditional banks operate on the assumption that customers fit into predefined categories: personal banking, business banking, wealth management. But if we look at the economic activity today, it often spans multiple categories simultaneously. A content creator might receive subscription revenue, advertising payments, and cryptocurrency donations — each requiring different processing methods and compliance approaches.
The real-time payments market is responding to some of these needs. According to recent market analysis, real-time payment volumes are expected to grow at a compound annual growth rate of 23.6% through 2030, driven primarily by demand for instant settlement and reduced transaction costs. However, real-time payment systems typically handle traditional currencies only, leaving a gap for businesses dealing with digital assets.
This fragmentation forces users to maintain relationships with multiple service providers: traditional banks for basic services, cryptocurrency exchanges for digital assets, specialized services for international transfers, and separate platforms for currency conversion. Each relationship involves separate compliance processes, different security requirements, and incompatible systems.
Most businesses know that payment delays kill deals. When customers expect instant confirmation but wait days for processing, conversion rates drop up to 20%. Projective Group found that 78% of businesses plan to invest in real-time payments to fix this problem.
The numbers reflect where things are heading. Grand View Research tracks the global real-time payments market growing from $17.6 billion to $123.3 billion by 2030.
This explains why decentralized finance technologies are gaining traction beyond crypto enthusiasts. DeFi protocols bypass traditional payment intermediaries, eliminating approval layers that cause delays. Cross-border payments that take days through traditional banking happen in minutes through DeFi infrastructure, without the currency conversion fees at each stage.
The next generation of financial platforms addresses these integration challenges by building comprehensive systems from the ground up rather than retrofitting legacy infrastructure. These platforms recognize that modern business finance involves multiple currencies, digital assets, and international operations as standard requirements, not special cases.
Ccoin Finance represents such evolution in offshore banking infrastructure. Rather than requiring the traditional approach, maintaining six-figure minimum balances, and navigating months of paperwork — the platform provides immediate access to offshore banking capabilities through online verification.
The key innovation is handling both traditional currencies and digital assets within the same infrastructure. Within a single account users can receive cryptocurrency payments, hold multiple fiat currencies, and spend through standard card networks without the artificial separations that traditional banks impose. Virtual Visa cards are available immediately after KYC approval, with physical cards and additional features available as needed.
This integrated approach extends across 92 jurisdictions, providing global access without maintaining separate banking relationships in each country.
The platform connects with the broader SourceLess ecosystem, including blockchain-based domains and digital identity management, creating comprehensive financial infrastructure that aligns with privacy and sovereignty goals.
For day-to-day operations this practical approach makes the whole difference. Instead of explaining every cryptocurrency payment or international transfer to compliance departments, users work with personalized service that understands modern business requirements. Multi-currency support allows holding funds in received currencies rather than forcing immediate conversion at unfavorable rates.
The goal is to simplify getting paid, paying others, travelling and spending — whether that involves traditional currencies or digital assets, domestic transactions or international operations. Modern financial infrastructure must adapt to support business activities rather than create obstacles at every transaction, regardless of how those activities have evolved beyond traditional banking categories.
Learn more, compare plans, and get started: ccoin.finance
Financial Systems That Can Keep Up With Modern Business was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.
Login