Tuesday, February 24, 2009

ATM thieves drain $60,000 from machine, camera helps catch them

Arlington police are investigating a string of thefts in which a group of people apparently tricked a cash machine out of $60,000 over several months.

The thefts occurred at one Boeing Employees Credit Union machine in the Smokey Point area of Snohomish County, said BECU spokesman Todd Pietzsch.

Pietzsch said the thieves were able to trick the machine's software program in a way that caused it not to recognize that it had dispensed money, and it would then dispense money again, "so they were actually getting twice as much as they should have."

Banks, Credit Card Firms Wait For The Other Shoe To Drop Amid Reports Of Another Payment Processor Breach

Hack of a second U.S.-based payment processing firm exposes accounts used in Internet, phone transactions, according to credit union alerts

Brace yourself for another payment-processor breach: A second U.S.-based payment acquirer/processor has been hit with a network hack that exposed consumers' credit card accounts.
As of this posting, the victim firm's identity had not been revealed. According to several credit unions, Visa recently alerted them that another payment processor had discovered a data breach. Among the credit unions issuing alerts about the breach on their Websites are The Tuscaloosa VA Federal Credit Union and the Pennsylvania Credit Union Association. The Open Security Foundation has a notice posted on its DataLossDB site.

The latest breach follows that of Heartland Payment Systems, which went public on Jan. 20 about discovering malware on its processing system; some security experts have called it the largest security breach ever. Heartland processes 100 million payment card transactions per month for 175,000 merchants.

While details on the latest hack are still emerging, there is one known difference between it and Heartland's: This latest breach exposed so-called card-not-present transactions -- online and call-based transactions -- and not magnetic-stripe track data. Primary account numbers and expiration dates were stolen from the firm's settlement system, according to the Tuscaloosa VA Federal Credit Union.

Tuesday, February 17, 2009

Give Every Member a Branch of Your Credit Union

Branchless banking’ allows an individual to have a remote bank account that is accessed and managed through their mobile phone or other technologies. This could mean those with no chance of using traditional banks – because they are either too poor or the nearest bank is miles away - will be given the opportunity to save money, gain access to credit and receive money sent from family members in other countries.

The potential market for technology and mobile phone companies is huge, and by piggy-backing on existing technologies and infrastructures, the transaction cost can be much cheaper than traditional banks. For example a study in India showed it costs $1 per transaction in a bank, 40-50 cents per transaction from a cash machine and only 10 cents when a smart card is used.

(For the rest of the story, visit: http://www.dfid.gov.uk/news/files/SoS-FAST.asp

Tuesday, February 10, 2009

Cherry Valley woman sentenced for taking $1 million from credit union

A 40-year-old woman was sentenced to nearly four years in prison for embezzling more than $1 million from the Rock Valley Federal Credit Union.

Lisa Farel was given three years and seven months in prison, as well as five years of supervised release. In October of last year she pleaded guilty to taking more than $1 million from the credit union over a 15-year period starting in 1993. Farel was manager of the credit and debit card portfolio department during that time.

After being charged, she admitted to manipulating 73 credit card accounts after pretending to close them.

Number of ID fraud victims up 22%

The number of identity fraud victims in 2008 increased 22% to 9.9 million adults in the U.S., according to the 2009 Identity Fraud Survey Report, issued Monday by Javelin Strategy & Research.

However, the total annual fraud amount rose only slightly--7%--to $8 billion during the past year, the survey said (Business Wire Feb. 9).

Javelin, based in Pleasanton, Calif., is an independent provider of quantitative and qualitative research focused on financial services topics.

Other key survey findings:

>> Overall identity fraud incidents increased in the U.S. The number of identity fraud incidents in 2008 rose by 22% over 2007, which brings the number back up to levels not seen since 2004. Javelin said the rise was due to economic misfortune. Historically, higher rates of fraud occur when the economy worsens. Identity fraud remains substantially lower overall when compared to the 2004 level of $60 billion.

>> Cost to consumers is down. The mean consumer cost of identity fraud decreased 31% to $496-- its lowest level since 2005--from $718 per incident. The lower cost per incident is attributable to faster detection of fraud, lower fraud amounts, and quicker resolution times thanks to industry efforts and consumer education, Javelin said.

>> Fraudsters are moving much more quickly. In cases where identity fraud was reported, 71% of the fraud incidents began occurring less than one week from when the data was stolen, up from 33% in 2005. The dramatic increase points to more sophisticated attacks by fraudsters and an increasing number of "attacks of opportunity" in which people or businesses leave data exposed.

>> Gender disparity. Women were 26% more likely to be victims of identity fraud than men in 2008. Women are making more purchases in stores, and more women than men experienced breaches last year.

>> Low-tech methods still most popular. Lost or stolen wallets, checkbooks and credit and debit cards were still the most likely avenues of fraudsters' attacks. These avenues totaled 43% of all incidents in which the method of access was known. By protecting their information, consumers can significantly lower their risks, Javelin said.

Friday, February 6, 2009

CU Stages Robbery Drill

LOMPOC, Calif. — Credit unions staging mock robberies have fallen out of favor with some authorities in recent years, but the $660 million CoastHills Federal Credit Union still uses the practice and credits it with preventing a recent potential robbery.

In the mock “take over” style robberies, real time drills in two CoastHills branches, run by local police authorities, mimicked the circumstance where a robber brandishes a weapon and otherwise takes control of the branch for the duration of the robbery. In the case of the drills, the mock robberies were limited to 30 minutes.

Video tapes are made of the mock robberies and then examined later for use as teaching tools as credit union staff are trained in their responses to a robbery, the credit union said.

Even though the majority of robberies are not the “take over” type, the credit union pointed out the numbers of robberies in its immediate area has been rising, along with robbery numbers across the country.

Wednesday, February 4, 2009

Credit Union Says They Identified Passwords for 80% of Staff

People and passwords—in the long run, they just don't work very effectively together. At least that's what Phil Fowler, vice president of IT at Telesis Community Credit Union, a Chatsworth, Calif.-based financial services provider that manages $1.2 billion in assets, found out. His team ran a network password cracker as part of an enterprise security audit last year to see if employees were adhering to Telesis' password policies. They weren't.

"Within 30 seconds, we had identified probably 80% of people's passwords," says Fowler, whose group immediately asked employees to create strong passwords that adhered to the security requirements. A few days later, the team ran the password cracker again: This time, they cracked 70%. (Click on photos to enlarge)

"We couldn't get [employees] to maintain strong passwords, and those that did forgot them, so the help desk would have to reset them," says Fowler. Telesis decided to secure network and application access with a biometric system that eliminated the need for user IDs and passwords, opting for the DigitalPersona fingerprint system from DigitalPersona Inc. in Redwood City , Calif.

Telesis rolled out fingerprint-based network and systems access technology in its headquarters and credit-union branches. Once Telesis has thoroughly tested the system, the company will deploy it in the offices of Business Partners LLC, its business loan services partner. Users no longer need to remember IDs and passwords because DigitalPersona authenticates enrolled personnel via fingerprint scanners, tying the fingerprints to 256-character passwords that it randomly generates every 45 days.