A concerning cyber fraud trend is on the rise. Cyber criminals are using stolen personal information (PI) obtained from unrelated data breaches to create fake financial account originations and gain access to credit union members’ financial services.
There are a few ways cyber criminals are gaining access to PI and using it to their advantage:
- Canadian PI data accounts have recently been exploited recently as a result of data breaches at companies like Indigo, 23andMe, UPS Canada, and PayPal. Typically, these accounts originate in the same province; however, are not located near a physical branch (out of your local area).
- Challenge questions have begun to be leveraged in social engineering activities and questions are increasingly answered correctly. Criminals often use social media to find publicly available PI to build a comprehensive profile for identity theft, which often helps them answer these questions correctly.
What credit unions can do to mitigate PI fraud threats
Reviewing processes and controls are a good way to make sure your organization is prepared to manage fraud threats.
Here are a few questions you can ask yourself to begin your process and control evaluation:
- Does your credit union allow account creation under a membership (e.g. a member can open a savings account or an additional chequing account)? If a fraudster opens additional accounts under their new membership, will those also have the same restrictions?
- Does your credit union review failed membership origination attempts?
- Does your credit union review spikes in new membership accounts?
- Are all services properly restricted under these origination membership accounts like Deposit Anywhere, e-Transfers, Bill Payments, Point of Sale (POS), etc?
- How do you validate new memberships that are created by an origination service? How quickly do you validate them?
- What other controls and training do you have in place to mitigate risk?
Learn more about what you can do after you’ve reviewed your processes to prevent fraudulent activity and the warning signs to look out for. Note that this resource is available only to existing Central 1 clients. If you’d like to learn more about Central 1’s fraud and cyber security products, reach out to us at cyberfraud_support@central1.com.
If you’re a Central 1 client, remember to report all major cyber fraud at cyberfraud_support@central1.com.