CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group Top Fraud Trends in 2011 Is Your Credit Union Prepared to Prevent Today’s Top Fraud Threats? Utah Credit Union Association Volunteers Conference October 22, 2011

2 What’s on the Agenda Today! What are you experiencing or hearing? What are the criminals up to in 2011? What can we do to help minimize the fraud risk exposure? Open for questions

3 Fraud Landscape in 2011 Fraud is not going away! Criminals are organized worldwide Not a matter of “IF”, but “WHEN” you are attacked Identify, assess and measure critical risk Utilize effective controls to manage critical risk

4 What are you experiencing or hearing? Card exposure –Skimming vs breaches Wire attempts –Phone, fax or Insider dealings –Compromise of data/funds System intrusions –Hacking into a electronic device

5 What’s up with the Card Exposure? Data breaches –hackers getting into the systems to capture card information Phishing ( /phone/text) –member’s giving up their information Kiting – business card with a consumer card

6 What’s up with the Card Exposure? Skimming –capturing the magnetic stripe from the legitimate cardholder’s card Card-Not-Present – criminal capturing enough card information to perform a transaction over the phone or on the internet PIN fraud - Goal is cash!

7 Card Prevention Measures Fraud management system CVC, CVC, CV, CID Expiration date matching Daily dollar limits CVV2/CVC2/ Other tools available – must deploy…….. Review losses to see how the criminals are getting in is key!

8 What’s up with Wire Fraud? Finding an easy target Request wire over the phone/fax/ Call forwarding member’s phone number(s) Phishing for member information Large wire request (excess of $10,000.)

9 Action Steps to help Combat Wire Fraud Consider only face-to-face wire request Lower outgoing $ amount for wire request not requested in person Create a wire transfer agreement form with each member requesting a wire – signed by both the member and authorized cu employee. –Create a password/passcode with the member as one layer of verification in the agreement form –Create challenge questions with the member in the agreement form –Capture cell, home and work numbers to call back to validate with the member

10 System Intrusions The hunt for the hackers hijacking the net How to protect yourself Scans the internet for vulnerable server or host computers Breaks into the weak computers – stashes a “slave” software program and awaits instructions to begin the attack 2011 is the year of cyber vandals….. –Difficult to nab –Assaults from anywhere in the world –Uses multiple computers to cover their tracks

11 Action Steps to help Combat System Intrusions Use antivirus software and update it often Use a hard to guess password – contains a mix of numbers and letters – longer the password the harder to compromise Use different passwords for different websites and applications to keep hackers guessing Install firewall software to screen traffic Don’t open attachments unless you know the source Utilize a dedicated computer for the incoming/outgoing of funds by the credit union

12 ACH – Account Takeovers Hacker gets into the home banking/bill payment system Initiates an outgoing ACH-Credit from the cu’s account or a business member’s account ACH-Credit is sent to another Financial Institution (Receiving Depository Financial Institution) Member comes into the receiving financial institution and withdrawals the funds (this may involve 25+ RDFI’s) Member wires the funds from Western Union per the instructions and keeps a % of the funds

13 Action Steps to help Combat ACH-Credit Fraud Confirm all of the proper firewalls and system intrusion software is in place and working effectively to prevent entry Utilize multi-factor and additional sign-on layers for your members If the cu is not acting as an ODFI and not initiating ACH-credits-block this type of capability Set transaction and file dollar limits Utilize an ACH agreement form outlining the commercially reasonable security measures to be used prior to initiating the outgoing ACH- credit

14 Emerging Risk Exposures Exposure Cross-channel threats Prevention Cross-channel fraud detection –Monitor activity Online banking Bill payment Mobile payments Cards ACH Wires Loan payments Deposits –ATM –Over the counter –Remote deposit capture –Manage at a “member level”

15 Rethink Approach to Managing Fraud Risk New products New services New channels Opens the opportunity for members But also opens the opportunity for fraud –Fraud rings exploit any vulnerabilities they can find!

16 Enterprise Fraud Strategy Spot fraud early Requires solid organizational infrastructure to support efforts Coordinates fraud detection and interdiction efforts across the entire enterprise Identify all sources –Tomorrow’s threats as well as today’s

17 Enterprise Fraud Management – The Vision Establish a framework for enterprise wide deployment of fraud resources: –Gather and cross-match fraud-relevant data from all product lines, organizational units and geographic regions of the enterprise –Analyze the data……connect the dots……spot large-scale fraud attacks early in their life cycle

18 Enterprise Fraud Management – The Vision –Prioritize alerts based on the level of risk that they pose to the entire enterprise –Plan and execute focused countermeasures to combat large-scale attacks –Develop and support highly skilled and motivated fraud teams to carry out task quickly and efficiently

19 Thank you for working together in 2011 to manage risk! Questions? Ann Davidson CUNA Mutual Group Senior Consultant, Risk Management

20