There is a growing fear the internet's deep recesses could holddetailed information that threatens credit union organizations andmembers. Dark web monitoring and fraud detection could alleviatesome of those concerns.

Fraud is on the rise. The Nilson Report indicated card fraudwill grow from $21.84 billion in 2015 to $31.67 billion in 2020.FICO data also confirmed card-skimming losses climbed a massive546% between 2014 and 2015, and another 70% between 2015 and2016.

Then there is the breach fallout. Individuals with payment carddata exposed in a data breach are three times more likely to becomevictims of identity fraud, according to Javelin Strategy &Research. A recent IBM/Ponemon study revealed the global averagecost of a data breach is $3.62 million; and the average cost foreach lost or stolen record containing sensitive and condentialinformation is about $140.

For credit unions, the risks could be worse. “Credit unions facegreater existential risks from fraud and information securityincidents than do larger financial institutions,” Tyler Carbone,chief product officer for the Baltimore-based dark web intelligencecompany Terbium Labs, said. That is because when an incident does occur, the potentialdamage represents a much greater percentage of their balancesheet.

Some credit unions are turning to next-generation informationsecurity solutions such as Terbium Labs' Matchlight, acomprehensive, dark web data monitoring system to mitigate thehazards.

Recently, Terbium Labs announced that the $2.8 billion, VernonHills, Ill.-based Baxter Credit Union – a full-service financialinstitution providing SEG and community banking to members in all50 states and Puerto Rico – selected Matchlight for continuous darkweb data monitoring, fraud detection and information security-riskassessment.

“Fraud evolves constantly, and you can't afford a 'set it andforget it' mindset with your information security solutions,”Martin Hetzel, senior information security analyst at BCU, said.“To help protect the personal information of more than 200,000members, we needed a proactive solution, one with the scale, speedand precision to quickly identify and rapidly counter informationtheft and fraud.”

Given the task to consider dark web threat intelligence in theFebruary/March 2017 timeframe, Hetzel and Stacy Hogan, BCU fraudmanager, explained their credit union's cybersecurity and fraudteams evaluated, researched and investigated services. BCU decidedMatchlight was the best fit for the organization because of theplatform's ease of use and data presentation. In addition, Terbiumprovided a dedicated analyst on the Terbium side.

“From a fraud perspective, we were excited to look into thespace as we have a large network of other credit unions that wedeal with from the fraud aspect,” Hogan pointed out.

Carbone noted BCU wanted a solution that would provide them withvisibility in two keys areas:

• The information security use case. If they had a breach andneeded to know if BCU data was out there, they could begin theremediation process as quickly as possible.

• The fraud use case. Because payment cardfraud is intensifying, the credit union needs to determineimmediately if their cards are for sale on the dark web.

Matchlight addresses both the fraud and information security usecases. “Our focus is helping companies find their data if itappears out in the dark web and that tends to be for fraud usecases and as well as for information security use cases,” Carboneemphasized, “which is why the BCU partnership was such a good fitbecause they came in looking for help on both sides of thethreat.”

On the information security side, BCU generates one-wayrepresentations of the data they don't want to appear on theinternet, like employee and member names, and they send only thosedata fingerprints to Matchlight.

On the fraud side, instead of looking at specific paymentinformation of individuals, BCU searches for the sale of theirpayment card data so they could combat fraud such as changing howtheir algorithms work or addressing specific cards in need ofdeactivation.

According to Terbium, traditional threat intelligence relies onexpensive, human analysis that makes it hard to know whether dataor claims are real or fake and can miss important indicators thatmay be in hidden or undiscovered parts of the dark web. Matchlightenables organizations to automate and continuously monitor the darkweb for compromised or stolen data in near real time. It doesn'trely on outside alerts, feeds or human analysis. It focuses onclients' actual data.

Carbone described Matchlight's data fingerprinting technology ascreating a one-way digital signature of any type of data, enablingBCU to automatically search for its sensitive information withoutrevealing the nature of the data to anyone – not even Terbium.

Carbone detailed two key elements on how Terbium Labs approachesshielding this sensitive information. The first is privacyprotection using data fingerprinting technology. “Companies can putdata under monitoring with us without needing to reveal what thatdata is.” The data fingerprinting is a one-way randomrepresentation of the data. This allows credit unions to monitorsensitive payment card or member data. The other element, a fullyautomated web crawler, provides the systematic browsing of the darkweb quickly and in a scalable fashion. “We can bring this kind ofmuch needed dark web intelligence to companies that are otherwisenot in any position to hire large teams of analysts to read thedark web by hand.”

Designed to be as easy to use as possible, Matchlight clientscan generate these fingerprints either locally in their browserusing the web interface or utilize a software development kit foruse offline. “In either case the original data never leaves theclients system,” Carbone said.

Additionally, customer specific reports help BCU security andfraud teams to continuously evaluate the organization's riskprofile, including the data's location, its potential risk overtime and how to remediate any exposure.

Carbone suggested credit unions like BCU need a solution likeMatchlight to shorten data breach detection times that lead toincident response delays. “Terbium is shifting the balance ofpower, giving credit unions the tools to identify and rapidlycounter information theft and fraud quickly, privately andaffordably.”

This is important because what typically happens in a databreach is the threat actors gain access to a compromised system forsome period and during that time can access many records (such ascustomer and payment card data). That information couldsubsequently appear for sale over the dark web, usually before anorganization realizes it has a breach problem. Carbone warned, “Thetypical average time [for breach cognizance] is still over 200days.” Given that delay, a fair amount of leaked data could end upfor sale. Matchlight tries to bring this breach awareness time lagway down by alerting organizations immediately and allowing them torespond quickly.

“For every one of these high-profile data breaches that makesthe news, there are many smaller ones that are too low-profile forthe news to cover them but for the companies involved it stillrepresents significant existential threat to their business,”Carbone emphasized.

Hetzel concurred, “Terbium's Matchlight gives us theintelligence, privacy and automation to continuously monitor ourmost critical data – all at an affordable price point.” He added,“From a security standpoint, it is more proactive, knowing threatintelligence is down there to see if someone is actively talkingabout BCU rather than waiting for something to happen.”

The BCU information security analyst explained, “One of thethings that is overall lacking in the credit union space is thoseconsistent threat intelligence feeds. Not to say that maybe theydon't have threat intelligence out there, but are they looking atall channels of threat intel feeds? That's where [Matchlight] fitsinto our initiative. It's proactive intelligence.”