A recent Lonestar Leaguer article warned of the potential reality of "blended threats" toward financial institutions becoming a serious problem. These threats involve a variety of mechanisms that criminals are employing to gain access to money and other important data, from phishing, malware and social engineering to a variety of other physical and technical avenues.
A recent Lonestar Leaguer article warned of the potential reality of “blended threats” toward financial institutions becoming a serious problem. These threats involve a variety of mechanisms that criminals are employing to gain access to money and other important data, from phishing, malware and social engineering to a variety of other physical and technical avenues.
Last week, federal authorities announced they had busted criminals involved in a massive global bank heist – a $45 million ATM cash-out scheme, in which ATMs across the world were attacked by two precision operations that involved close coordination among people from more than 24 countries.
According to authorities, the criminals consisted of sophisticated computer experts who worked with street criminals to pull off the heist. The computer hackers successfully breached banks’ payments processors, allowing them to steal ATM and debit card numbers that they used to create fake debit cards (also called “white” cards). The street criminals then withdrew millions in funds from multiple ATMs in a matter of hours.
During both operations, the computer criminals managed to gain access to the systems of companies that create Visa and MasterCard prepaid debit cards. Experts say these companies are less secure, therefore more attractive to cybercriminals. The hackers were able to raise the withdrawal limits on these cards and then gave the account numbers to the “cashing crew” criminals, who in turn encoded the account information onto magnetic-stripe cards and made a total of 38,904 ATM transactions worldwide.
The heist, although quickly foiled and brought to justice, severely undermined the strength of financial institutions’ secure networks. Where as criminals once held up banks at gunpoint, they are now pulling off elaborate, highly successful attacks from their home keyboards.
So how can credit unions and other financial institutions avoid falling victim to such a monumental attack? Experts say that it’s not always the technology that’s to blame, but rather an organizational control issue. Payments processors and other third parties need to have stringent restrictions on account-limit changes, and financial institutions need to be far better prepared for a security breach.
As was mentioned in the Lonestar Leaguer article from earlier this week, credit unions departments need to improve their data visibility and work among each other to identify and fill in any gaps in their systems. Ultimately, a breakdown in communication and organization will increase your organization’s vulnerability to an attack.
Wondering how your credit union’s security and internal processes measure up against the hackers? It may be time for a technology and network vulnerability risk assessment. Contact Deana Brown of Technology Compliance & Consulting Services at 1-800-442-5762, Ext. 6464 or email@example.com.