Fraud Risks Facing Credit Unions. ALLIED SOLUTIONS LLC SERVICE CENTER 210 East Main Street, Suite 200, Niles, MI Fax:

Transcription

1 Fraud Risks Facing Credit Unions

2 Today s Session Global risks Share how the bad guys are getting in Focus on Cyber and Card Risk Discuss what the credit union can do to prevent the risk Open discussion

3 What is Risk? Risk is anything that affects the credit union organization s ability to meet its objectives and preserve its reputation.

4 What is your credit union experiencing or hearing as it relates to risk exposures and fraud?

5 What are we hearing! Cyber liability risk for the credit union Cybercrime created by the card hackers Account takeover exposure Electronic payment fraud Cards, Wires and ACH

6 Cyber Threats Ahead Today s cyber threat is sophisticated by the cyber criminals. Your credit union may be impacted by both the internal risk and external risk of your credit union members. Credit unions pro active action will help to be ahead of the threats!

7 Global Risk Cybercrime Internal exposure into the credit unions system External exposure impacting the credit union member s risk Payment Card Point of sale attacks System intrusions Skimming Online (internet) exposure

8 Cyber Criminals New attack methods Taking advantage of vulnerabilities Capturing information Involves internal attack on the credit union financial information External attack of the credit union members financial information.

9 Cyber Security Internal Best Practices Institute cyber security efforts across all of the credit unions operations Utilize layers of protection Enhance corporate network security Deepen intrusion detection and penetration testing

10 Cyber Crime Risk Exposures ATM cash out schemes Cash withdrawals from multiple ATMs in multiple locations within a short period of time Why is this happening? Linked to sloppy network security Gaps in Payment Card Industry Security Standards Lack of robust access controls

11 Card Fraud Continues Data breaches of merchants/third parties Fraudsters purchasing gift cards Re encoding the magnetic stripe on gift cards from the cardholders magnetic stripe data Bad guy uses the legitimate cardholders card/number until the card is declined or no money is left in the account or cardholder or fraud monitoring identifies unusual activity.

12 POS Malware Breach Attacks on third party vendors Capturing card data at the time of the swipe Sells card data for both Card present and; Card not present risk

13 Loss Mitigation/Prevention Advise cardholder s to implement: Daily $ limit (24 hour timeframe) Frequently monitor statements online Sign up for text alerts when a card transaction is made on the card/card number Push the card associations to have a merchant category code for gift/prepaid cards

14 Best Practices Curbing magnetic stripe card fraud requires: EMV and; Tokenization and; End to end encryption Address loss prevention measures due to the uptick in card not present fraud There is no one silver bullet to help address card fraud today and into the future!

15 EMV Prediction According to new research from the consultancy Aite Group, card issuers are heeding the warning. Aite predicts that by October 2015, 70 percent of U.S. credit cards and 41 percent of U.S. debit cards will be EMV enabled.

16 U.S. EMV Status

17 Contact Information Ann D. Davidson Vice President of Risk Consulting Allied Solutions, LLC All Rights Reserved. Reproduction and, Distribution is Prohibited.