A concerning cyber fraud trend is on the rise. Cyber criminals are using stolen personal information (PI) obtained from unrelated data breaches to create fake financial account originations and gain access to credit union members’ financial services.

There are a few ways cyber criminals are gaining access to PI and using it to their advantage:

  • Canadian PI data accounts have recently been exploited recently as a result of data breaches at companies like Indigo, 23andMe, UPS Canada, and PayPal. Typically, these accounts originate in the same province; however, are not located near a physical branch (out of your local area).
  • Challenge questions have begun to be leveraged in social engineering activities and questions are increasingly answered correctly. Criminals often use social media to find publicly available PI to build a comprehensive profile for identity theft, which often helps them answer these questions correctly.

What credit unions can do to mitigate PI fraud threats

Reviewing processes and controls are a good way to make sure your organization is prepared to manage fraud threats.

Here are a few questions you can ask yourself to begin your process and control evaluation:

  • Does your credit union allow account creation under a membership (e.g. a member can open a savings account or an additional chequing account)? If a fraudster opens additional accounts under their new membership, will those also have the same restrictions?
  • Does your credit union review failed membership origination attempts?
  • Does your credit union review spikes in new membership accounts?
  • Are all services properly restricted under these origination membership accounts like Deposit Anywhere, e-Transfers, Bill Payments, Point of Sale (POS), etc?
  • How do you validate new memberships that are created by an origination service? How quickly do you validate them?
  • What other controls and training do you have in place to mitigate risk?

Learn more about what you can do after you’ve reviewed your processes to prevent fraudulent activity and the warning signs to look out for. Note that this resource is available only to existing Central 1 clients. If you’d like to learn more about Central 1’s fraud and cyber security products, reach out to us at cyberfraud_support@central1.com.

If you’re a Central 1 client, remember to report all major cyber fraud at cyberfraud_support@central1.com.

Twitter Icon Facebook Icon LinkedIn Icon Email Share Icon

Stay on top of "what's happening" with THE HUB

Other Blog Posts

May 02, 2024

Rising cross-border payments: a new revenue opportunity for credit unions

Mar 28, 2024

Fraud Prevention Month: Tandia Credit Union’s unique approach to fraud prevention education

Mar 20, 2024

Fraud Prevention Month: Establishing a fraud task force for financial institutions