Western Corporate Federal Credit Union has published an instructional document to help credit unions protect themselves from fraudulent electronic financial transactions.
"The Information Security and Risk Mitigation Guide" provides information on implementing security controls on ACH applications and workstations. It also offers ways to reduce technology intrusion risk, regardless of software application.
The guide comes on the heels of a Sept. 9 NCUA letter to credit unions, 09-FRAUD-02, that addresses ACH fraud. In it, the regulator alerted credit unions that compromised log in credentials were resulting in increased fraudulent EFTs.
"Web-based EFT origination applications are being targeted by malicious software, including Trojan horse programs, key loggers, and others to circumvent online authentication methods," said NCUA Director of Examination and Insurance Melinda Love, author of the letter. "These types of malicious code can infect computers when visiting a website or opening an e-mail attachment and are difficult to detect because they lie dormant until the online banking session is initiated."
Love recommended credit unions implement information security best practices and comprehensive technology solutions to mitigate such risk.
The explosive growth in EFTs has almost paved the way for fraud, said Robert Brown, WesCorp director of internet security. Brown and his team led the effort to develop the 28-page guide.
"All it takes is the wrong click that installs a piece of malicious software stealing your user names and passwords, and the bad guy very quickly has control of your electronic funds," Brown said. "Our guide provides an easy-to-understand and cost-effective way for credit unions to identify the top threats and risks to their systems and some of the controls they can put into place to mitigate those threats, reducing the risks of being comprised and losing money to fraud, specifically around ACH and electronic funds transfers."
Though the manual is intended for WesCorp members who use the San Dimas, Calif.-based corporate's ACH system, it will also be made available to all credit unions nationwide, upon request.