AUBURN HILLS, Mich. — USA Credit Union has allied with a Canadian partner to help the 64,000-member CU deal with cyberthreats from around the world.
The $589 million CU is one of the first users of StrikePhish, a turnkey solution launched by BD-BrandProtect, a Toronto-based provider of phishing, fraud, copyright infringement and Web traffic diversion services.
The StrikePhish solution is specifically designed for credit unions and community banks, an increasingly popular target for phishing attacks and other forms of cyberfraud.
It’s also intended to help financial institutions meet the federal red flag rules that call for the development and implementation of identity theft prevention and mitigation programs by all holders of consumer accounts by Nov. 1.
USA CU has just gone live with StrikePhish, a solution that basically “lies on top of all the other security protections we have in place,” said Dan Schneider, senior manager of IT at the suburban Detroit institution (www.usacuonline.org).
“The privacy and protection of member data is a paramount concern here, of course, and so is reputation risk. StrikePhish is another way of addressing that,” Schneider said.
“It’s not necessarily integrated with everything else, but it works in conjunction to make sure that any attacks that we might get are detected and shut down,” Schneider said.
To accomplish that, BD-BrandProtect works with more than 2,000 Internet service providers (ISPs) that account for more than 85% of the traffic flowing across the Web.
“The public domain is our domain and that’s the beauty of our solution,” said Kevin Joy, vice president at the Canadian firm. “We have the capability to monitor the Internet for a whole host of threats without encumbering the client with a whole lot of time for setup.
“It’s really just a function of setting the criteria for the client and working in the public domain to establish where the threats are and shut them down.”
StrikePhish is based on BD-BrandProtect’s enterprise-level phishing solution and includes five basic elements:
A rapid response service to deal with phishing attacks.
24/7 response to abuse mail received by members and customers.
Incident response guidelines.
Weekly checking of inbound, internal and outbound links.
Value-added consumer communications, such as templates for alerts and responses to members about phishing attempts.
At the heart of the operation is what Joy called a “link-walker, a Web spider that crawls and maps the Internet”–including 300 million Web sites, 7 billion pages and 70 billion links that are gathered into “one of the world’s largest SQL databases, which really then becomes a learning system, if you will.”
It’s all used to create a “honeypot that allows us to attract suspicious e-mails and look through the database on a regular basis to see what activities might be risky for our clients,” Joy said.
He said the company (www.bdbrandprotect.com) currently serves about 100 customers, ranging from credit unions and community banks to global professional services, “all interested in controlling how their brand is represented online.”
Schneider at USA CU said the service also will help his organization represent itself well to the members, by providing such value-added services as the ability to go to the Web site and report phishing attempts and ask questions about suspicious online activity.
He also cited the ability to check all the credit union’s Internet links for breaks as another bonus, as well as member education features and around-the-clock alert functions.
Joy said, “I know of cases where monitoring at other institutions is something they have to do 24/7 themselves. Smaller organizations can’t do that, especially with the increasing sophistication of these attacks. Our goal is to really act as extension of our client’s team.”