# Fintech and Payment Card Risks - Secondary - depending on member decisions - Magecart/web skimming - Stealer logs - Not having MFA on banking app or web - Other XSS - Software Supply Chain - OSS - 3rd party - libs - Physical - Skimmers - Physical Card Theft - Check Washing - Mailbox - Primary - Mobile and web apps - 3rd parties - Vendors - Vendor risk - BEC - Phishing - Ransomware - BCDR - backups - Tabletop exercises - Workforce education - Data extortion - member data - Malicious insiders - Access to databases - Privacy - Data governance - Dark web - Data selling - Payment card info selling