Register
Log Out Show Menu
MenuSearch
X

70% of Smaller Financial Institutions See Surge In Trending Fraud Attacks

Posted: Mar 21, 2024 | Author: StickleyonSecurity & Millennium Corporate Credit Union
Cyberattacks  fraud  fraud prevention 
From getting fuel for your car to getting cash at an ATM, fraudsters are exploiting the everyday things we do. Fraud attacks like these happen every day, all day, and smaller financial institutions are feeling the burn. In fact, over 70% of credit unions are seeing a surge in fraud levels. Below are just some of the fraudulent attacks that are trending and what can be done to help prevent them. 

ACCOUNT TAKEOVERS

These attacks end with the complete overtaking of a customer's account. They typically start via email phishing, smishing (texts), and vishing (voice). Once an account is taken over, the customer is locked out, and the attacker is free to exploit the PII and payment cards held therein.

Tips:

  • Let account holders know that your organization will never ask for sensitive information like passwords, account numbers, or two-factor authentication codes and to never share information like that with anyone.
  • Educate them on red flags of phishing, like bad grammar and spelling, urgency to act, and generic greetings.
  • Never follow links unless they absolutely trust the source.
  • Tell account holders if a call, email, or text raises any concerns to rely on their instincts and quickly end it.
  • Using a trusted phone number, let the financial institution know about it.

ENUMERATION

This top trending threat involves attackers using compromised BIN (bank identification numbers), the first four numbers on a payment card identifying the card issuer. They use compromised BIN numbers to guess the remaining numbers on a card, expiration date, or CVV2. In doing so, the attacker submits a large number of transaction attempts. The signs of enumeration are an increase in authorization attempts where any numbers on a card will be wrong and declined or invalid.

Tips:

  • Monitor and review transaction indicators for BIN enumeration attacks, including increases in authorization attempts with repeated CVV2, expiration date, and other numbers on the card.
  • Report enumeration attempts to authorities.

eCOMMERCE SKIMMING

This is when a merchant site is compromised with malicious code on checkout. This allows attackers to collect PII and data including all information on a payment card like card number, expiration date, PIN, and CVV2.

Tips:

  • Keep the payment platform updated and maintained. Remind account holders to keep their own software updated, and not trust or click on unknown links.
  • Suggest they use trusted acceptance technology like Google Pay, Apple Pay, and others.

ATM FRAUD

This is not new, and attacks have evolved over time. Now, attackers place skimmers on ATM machines, causing the EMV chip reader to malfunction, so they must rely on the card's magnetic strip. This allows fraudsters to skim card and pin numbers.

Tips:

  • Keep ATM machines and software updated and maintained.
  • Set limits for fallback transactions for times the EMV chip reader isn't functioning properly.

AUTOMATED FUEL DISPENSER FRAUD (AFD)

This occurs when attackers use the gas station's $1 payment card status-check authorization settings to purchase beyond the amount of funds available. This costs the financial institution or other card issuers money.

Tips:

  • Keep attackers from unauthorized AFD transactions over the card's account limit by stipulating hold amounts replicating actual transactions.



Subscribe

Sign up to the receive Cornerstone Resources blog notifications.

Need Solutions?

Cornerstone Resources offers a wide variety of products and services tailored to credit union interests.