Today’s criminals target the weakest parts of an institution’s security. Where can credit unions better protect themselves?
Security for customers and employees is a top priority at any institution, and credit unions have set the bar high in deploying the latest prevention and protection methods. Standard practices such as insurance and fraud detection services limit the financial damage such crimes inflict, but credit unions must defend multiple fronts to maintain their information security as well as their funds.
As the economy gains a strong footing once more, the rate of physical crimes at financial institutions reported to the FBI has increased annually (1,310 in 3Q10 from 1,184 in 3Q09). Credit unions bucked this trend with a decrease in crime from 2009 levels, but their smaller size has not completely shielded the industry from risk. Roughly one credit union was still the victim of a robbery for every 12 commercial banks robbed during the third quarter.
One way to minimize risk? Nontraditional branch structures such as remote teller units have an advantage; only 24 in-store and three remote/other facilities were robbed compared to more than 1,200 branch offices.
Levels of cyber crime committed through phishing, Trojans, rogue programs, and crimeware has skyrocketed in recent years, with perpetrators often acting from overseas locations. “Cyber crime is organized crime” says Banktech in Three Ways to Deter Cyber Crime. “Internet fraudsters have created an end-to-end supply chain to advance malware attacks and the online vector used to efficiently deploy them.”
To counter these efforts, financial institutions must update technologies and analyze weaknesses as often as the criminals who seek to exploit them. Such criminals use “trojans and other malware, like man-in-the-browser attacks that are difficult to detect, hijack the transaction inside of a browser session, and subsequently attack the application and database on the server." A majority of the top 100 banks in the United States have experienced these types of attacks before, but credit unions are also likely targets.
E Tu, Brute?
The largest U.S. banking security breach in history, according to computerworld.com, is also an extreme example of the most common threat many financial institutions face: internal risk from employees.
In the aforementioned case, “suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work.
“The information was then allegedly sold to more than 40 collection agencies and law firms. Suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand.”