Cybersecurity is a concern that cuts across all industries and economic sectors. But the potential for online fraud is especially worrisome in the financial services sector, where financial institutions are considered to be prime targets for fraud and cyber attacks.
Credit unions are particularly vulnerable to cybercrime, due to the fact that they typically use off-the-shelf services to operate their mobile or Internet banking. They often don’t have individually optimized systems equipped to manage unauthorized system access and illegal fund transfers from member accounts.
As the fraud landscape for credit unions continues to evolve, it has become mission-critical for credit unions to understand the nature of the cybersecurity threats they are up against, and to develop response strategies that maximize security without sacrificing customer convenience.
The Threat Environment for Credit Unions
In the financial services sector, hackers usually focus their energies on securing stolen credentials to access customer accounts, generating fake accounts to access credit and/or illegally transfer funds from existing customer accounts.
First generation, single-layer security measures are now widely considered to be ineffective in preventing cyber fraud, however. Instead, Federal Financial Institutions Examination Council banking guidelines mandate the implementation of a multi-layered security strategy that centers on two key areas: Device identification and malware protection.
Device identification measures are designed to authenticate users and devices, distinguishing legitimate system users (i.e. members and employees) from cybercriminals. Although this was once achieved through cookies and IP address intelligence, FFIEC guidelines now call for more advanced device identification technologies, recognizing the fact that fraudsters are becoming more sophisticated.
Malware threats are also a major concern and are pervasive across the financial services industry. In today’s threat environment, credit unions and other financial sector organizations are besieged by Trojans – a type of malware that masquerades as applications.
A February 2011 survey conducted by Gartner revealed that financial institutions believe malware to be the primary concern in the current threat landscape – a concern that has no doubt been exacerbated by the fact that in 2011, the financial industry experienced a dramatic increase in sophisticated MitB Trojan activities supporting fraudulent transactions with stolen identities.
Managing the Threat Landscape
For credit unions, robust cybersecurity means effectively balancing a range of organizational, technical and member-facing variables. Although top-notch security measures are important, fraud prevention solutions must be implemented in a manner that conforms to budget parameters and the delivery of seamless online banking experiences.
The best cybersecurity initiatives emphasize a multi-layer security approach that spans the entire customer acquisition and transaction lifecycle. Deployed security solutions should feature complex, next-generation device identification technology as well as malware protection capable of preventing MitB attacks and emerging malware-based threats.
In the past, credit unions have been forced to rely on multiple products and vendors to achieve adequate fraud prevention (device identification) and malware protection. But the consolidation of firms in the fraud prevention and cyber security management industry is resulting in the creation of integrated, single-source solutions. These solutions treat fraud prevention and malware protection as a single problem, delivering intelligence sharing capabilities and real-time responses to potential threats.
In addition to providing a more unified approach to cybersecurity, integrated solutions also provide credit unions with cost efficiencies and ease-of-use benefits – mitigating some of the primary obstacles that have prevented credit unions from launching more aggressive cybersecurity agendas.
Going forward, the threat of cyber attacks is expected to multiply exponentially. The Aite Group estimates that as many as 25 million unique strains of malware were released in 2011; the annual production of malware is expected to mushroom to 87 million by the end of 2015.
With both reputations and real dollars hanging in the balance, it’s imperative for credit unions to prioritize the implementation of multi-layered cybersecurity programs as a way to protect their organizations and create highly effective online banking experiences for their members.