GEICO Credit Union Implements Biometric Access Control System

GEICO Federal Credit Union, headquartered in Chevy Chase, Maryland, recently purchased and implemented US Biometrics' AccessQ system for controlling physical access to various entrances with fingerprint biometrics. US Biometrics worked with GEICO to specify and implement the hardware and software system so as to biometrically control strategic entrances within their facility.

About The Products Implemented

> AccessQ biometric devices are a secure, convenient, and cost-effective alternative to badges or swipe cards. They offer levels of authorization for an individual wanting access through an entranceway and connect to the existing local area network which reduces installation costs.

> CentralQ software stores credentials including fingerprint profiles and employee information. It provides a mechanism for scheduling access based on authorization levels and the time of day.

> CentralQ Reporting allows administrators to view who accessed which devices at what time and provides some basic statistics about the system's usage.

For more info, visit:
http://www.centredaily.com/business/technology/story/870360.html

Large CU Execs Lobbying for CUNA-NAFCU Merger

It would be the credit union movement equivalent of the Boston Red Sox and New York Yankees joining forces. Saying that the credit union movement would be better represented with one voice, the CEOs of six large credit unions are urging the boards of CUNA and NAFCU to begin merger talks.

Two CUs report telephone scams

Two credit unions reported scams this week involving telephone calls, fraudulent e-mails and text messages to members and non-members.

St. Vrain Valley CU, Longmont, Colo., said members and non-members of the credit union reported fraudulent telephone calls from scammers attempting to obtain personal financial information. The area codes of 303, 720 and 970 are being targeted, the credit said on its website.

The calls claim to be from St. Vrain, saying recipients' cards have been suspended and inviting them to reactivate after they give out personal information.Polish National CU, Chicopee, Mass., also reported that fraudulent e-mails, text messages and telephone calls were sent to credit union members and non-members. The messages said that their accounts had been suspended due to a billing failure.

If the recipients responded to the e-mail, they were linked to a fake online banking site or given a phone number to call. They were asked to submit their credit card number and personal identification number to reactivate the account, the credit union said on its website.

ATM fraud poised for increase

Studies conducted by US risk management bodies point out that ATM debit card fraud is an ever-growing trend in the current economic climate, particularly since fraud detection software has improved credit card security and debit cards are currently seen as more readily available by fraudsters. To that effect, experts expect ATM skimming – which consists of installing a hidden device inside the machine itself to read and store all personal data which are then transferred onto cloned debit cards – to increase in the coming interval.

In the US, debit card fraud is made even more of a risk due to US federal regulations which limit cardholders’ liability for credit card fraud to UDS 50, while the same limit only applies to debit card frauds which are reported within 48 hours. Moreover, debit card fraud empties the victims’ checking accounts, causing a spiral of troubles such as missed payments and rejected checks.

The study in question points out that while ATM fraud is increasing and ATM fraud schemes are getting more creative, there is a positive consequence of the increase in ATM debit fraud, namely that banks are incurring growing losses as a result and are stepping up their ATM-safety measures. In other words, the banks’ previous outlook regarding debit card fraud as an acceptable business loss is changing, and a number of solutions are being put into place to increase debit cardholders’ protection. Among the measures mentioned by information-technology research and advisory company Gartner, which conducted the study, are replacing ATM PIN keypads with dialing devices or programming ATMs to react when they are being tampered with and automatically shut down.

Members, Customers Want More Non-Traditional Services, Survey Reveals

While members and bank customers are generally satisfied with their financial institutions, most prefer additional services such as financial planning and legal advice, according to a new survey.
Conducted by Coinstar Inc, in partnership with Kelton Research, a strategic services research firm, the survey showed that 67% of respondents said they still like the personal touch. Sixty-six percent said they would much rather stand in line for a teller than at an ATM.

When survey respondents were asked about using non-traditional banking services if offered by their financial institution, many liked the idea of one-stop shopping at their branch. Fifty percent said they would take advantage of financial or related services not traditionally provided by their branch if they were offered. Legal advice and financial planning were among the most desired.

Postal services, computer and printing services and self-service coin counting machines were also among the top non-traditional services requested. Other services of interest to respondents included a snack bar, Wi-Fi access, neck and shoulder massage, and even a supervised play area for children.

ATM fraud sweeps UAE: 42 percent of Dubai Bank clients affected by fraud

Dubai Bank announces that recent ATM fraud has hit over 40 percent of its customers. As a result, Dubai Bank temporarily blocked the international use of its ATM cards.

Such news comes after HSBC, Dubai Islamic Bank, Emirates NBD and National Bank of Abu Dhabi have also warned that some of their customers have been victims of ATM fraud. A HSBC Middle East spokesperson has stated that a significant number of fraudulent transactions have been stopped as a result of customers' changing their PIN numbers. Banks across the UAE have introduced new security measures and have urged customers to change debit and credit card codes after fraudsters used counterfeit cards to withdraw money from accounts.

..

National Bank of Abu Dhabi (NBAD) is to refund any customer who has been a target for fraudsters who have made use of counterfeit cards to take cash from customer accounts within the last three days. Dubai Bank has already taken measures to verify and refund claims.

Are You Addicted to Your BlackBerry?

According to a survey of 6,500 executives, conducted for Sheraton Hotels and reported in the Daily News (9/15/08):

>> 85% of professionals feel compelled to be on call around the clock.

>> 85% occasionally get up in the middle of the night to check their e-mail.

>> 87% bring their BlackBerrys into the bedroom at night, and 84% check their e-mail right before going to sleep.

Barbara Ehrenreich, in her essay “The Cult of Busyness,” said that being busy has become the new status symbol, more than cars, homes, clothes, or money.

And although if I was a road warrior, I think I WOULD carry at least a cell phone and maybe a BlackBerry or wireless laptop, or both ….

I can’t help wandering if carrying all this mobile technology reflects a subtle or even unconscious desire to show off how busy or important we are to others (like not wanting to be the only business person not doing work on the airplane).

What wireless gadgets do YOU carry?

Do they really make you more productive?

Or make you feel more important (come on, admit it!)?

Do they add to or relieve stress?

CO-OP Poised to Make Significant Investment in CU's ATMs Signs

CO-OP Financial Services will invest millions of dollars over the next three years to help credit unions participating in its ATM network by branking their ATMs with a prominent CO-OP logo.
The CUSO has announced that it will pay up to $400 of the cost of adding the backlit signs on plastic displays for the walk-up machines or banner signs for some drive-up machines.

“Given that over 70% of network ATM volume occurs at credit union-owned ATM locations, helping members find the thousands of CO-OP Network surcharge-free ATMs nationwide boldly illustrates that credit unions have more ATMs than any bank,” said CO-OP Financial Services CEO Stan Hollen. “With CO-OP’s ATM signage program, credit unions display their logo side-by-side with CO-OP Network, reinforcing to members that they truly don’t need a bank.

Their credit union is not only better, but more convenient.”CO-OP is recommending that credit unions that accept the help on the signs put the CO-OP logo on the upper right corner of the sign, opposite a significantly larger credit union logo on the upper left.

More text messaging scams surface

More text-message scams aimed at draining consumers' accounts are being reported by credit unions in several states.

Here are reports from the latest wave of credit unions targeted by scams in Minnesota, Washington and Alabama:

>> SPIRE FCU, Falcon Heights, Minn., said consumers checking text messages on their cell phones were warned that their credit union accounts had been locked. They were told that they could fix the problem--by providing their account numbers. Once they give the numbers, the accounts can be drained by the scamsters (Pioneer Press Sept. 9).

>> Gesa CU, Richland, Wash., was the target of another text messaging scam, according to KNDO.com (Sept. 11). On Wednesday, six people in a sister station, KNDU, reported receiving the text messages, which asked them to call a number to protect their Gesa account. The report said police believe the texts are sent from Spain because money the scamsters have taken is sent there. Police noted the culprits are hard to track down because the Internet provider address used isn't from a physical location.

>> A credit union based in Bynum, Ala., was among several financial institutions in the state whose names were used in text messaging scams and e-mail and voicemail message scams (The Anniston Star Sept. 7).

In all cases, the financial institutions warned consumers not to answer the messages and to delete them. Financial institutions would never contact members or customers unsolicited and ask for account and other numbers.

Report Says Fake Fire Marshals Find Easy Pickings at CUs, Banks

Security specialists using network penetration, phishing, fake phone calls and simply walking in dressed like a fire marshal or exterminator were able to walk out of credit union and bank branches with sensitive data nearly every time, according to a new report.

TraceSecurity, a Baton Rouge-based provider of IT risk assessment and security compliance solutions to more than 800 banks and credit unions, said it found that 95% of the sensitive data behind those walls could have been robbed on average in 30 minutes or less, representing personal identities of tens of millions of consumers.

The company (www.tracesecurity.com) is basing its claim on its own experience over the past five years. The report said its results are from a core group of its own customers, ranging up to $2.7 billion in assets and located in 48 different states.

“It takes only one branch location for all customers' sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars–a huge cost for what's usually a small, avoidable error," said Trace Security CTO and co-founder Jim Stickley.

..

Boston Firefighters CU: E-MAIL "PHISHING" SCAM

Boston Firefighters Credit Union was recently the target of a phishing attack. The following is their message posted on their website.
==========================

Phishing is the practice of sending an email that appears to be from a financial institution with the goal of persuading online banking users to share sensitive information that can be used to commit fraud or identity theft.

The criminals that sent out this email copied our logo and imitated the "look and feel" of our messages to try and persuade online banking users that the email was genuine. we did NOT send this message.

If you responded to the message by sharing personal financial information, please contact us immediately by phone @ 617-288-2420. We will give you instructions for changing your password and taking other steps to protect your accounts.

Always remember that we will NEVER ask you to click on an email link to share sensitive financial information. Please notify us whenever you receive a suspicious email or have any other form of unsolicited contact from individuals seeking personal information about your accounts.

Click here to view the current phishing email.

FBI Warns of New Worm Virus

On Sept. 10, the FBI and its partner, the Internet Crime Complaint Center (IC3), warned against a new email campaign being used by the creators of the Storm worm botnet.

The email uses the phrase 'FBI vs. Facebook' in its subject line and contains a link to view an article about the FBI and Facebook, the popular social-networking website. Clicking on the link downloads malicious software onto the victim's computer.

"The spammers spreading this virus are preying on internet users and making their computers an unwitting part of criminal botnet activity," said the FBI in a press release. "We urge citizens to help prevent the spread of botnets by becoming web-savvy."

The FBI is warning users not to respond to spam email and not to open attachments or links provided within such email, and advising them to validate the legitimacy of the email by typing the organization’s website address directly into a browser window, rather than clicking on a provided link.

Don't take your passwords to the grave

Your survivors will have enough on their minds when you die, so take steps now to ensure it won't be a major trauma to access the financial accounts you keep online.

There's no question that online banking, electronic bill payment and personal-finance software make our lives easier. But could we be creating a digital mess for our heirs when we die?

One poster on the Your Money message board shared her family's trauma when her father died without divulging the passwords to his computer or online accounts.

"I am the co-executor of the trust and the most financially savvy of my siblings, so it was up to me to help mom. But what do you do without passwords?" poster Tuppermom asked. "And most companies don't just give you access -- it is a process that can take weeks and months (if they don't just say 'Oh -- he's deceased? OK, we'll close the account' and then NO ONE has access!!)."

Tuppermom's family got lucky when it stumbled upon a folder that contained passwords for some of her father's work-related accounts and one of his online banks. That provided enough clues to find and gain entry to most of his other accounts. The family's lawyers helped them get access to the rest, although the process took time.

The experience was so traumatic that Tuppermom and her family revised their own estate plans to include complete lists of online IDs and passwords for each of their accounts. Concern about identity theft and security, she wrote, shouldn't go so far that family members are left in the dark.

The family "learned that ID protection is not JUST about nobody knowing the passwords," Tuppermom wrote. "It is also about protecting the asset behind the password -- and making sure that if you can't access it, someone you trust can."

Revenge of the Techies

A new survey evidences all too well where the power can fall in enterprise IT relationships: into the not always well-intentioned hands of disgruntled employees.

Or in this case, into the hands of disgruntled exiting employees. The survey, put out by Cyber-Ark Software, a Newton, Mass. based provider of enterprise account security solutions, found that 88 percent of IT administrators, if laid off tomorrow, said they would take valuable and sensitive company information with them. They’d especially target CEO passwords, customer databases, research and development plans, financial reports, merger and acquisition plans and even the company’s list of privileged passwords.

Only 12 percent said they’d take the high road on their way out, leaving the “office supplies,” so to speak, intact.

I’d suspect at this point that most of you are of two minds: The vast majority of you are embarrassed that your profession is ever lumped in with this group, who are the kinds of unsavory characters that have business leaders questioning whether they need in-house IT departments at all, given what trouble they can be.

But the other portion–and hopefully, this is very few of you–might kinda understand where this type of spiteful behavior fits in. How do I know you’re out there? When I approached this topic for the first time last month on the heels of the virtual commandeering of the San Francisco municipal computer network by an unhappy former network engineer, in the Techie Hall of Shame, I received more than one comment and email which said, and I quote, that “a real coder wouldn’t have been caught.” The suggestion is that the failure of those in the Techie Hall of Shame was not, say, abusing their power but not doing it well enough that nobody caught them.

And although comments like these were a minute part of the responses, the fact that they were out there at all suggests that this type of entitlement and potentially rampant abuse of IT power, is alive and well out there.

Callahan Releases 2008 Tech Survey, Guide

The 2008 Technology Guide for Credit Unions is now available from Callahan & Associates (http://www.creditunions.com/).

This year’s two-volume book includes findings from a survey of 205 credit unions representing about 16% of the industry’s total assets and finds that two-thirds of credit unions are planning to spend more on technology next year than this year.

The first volume also looks at core processors, online transactions and e-branches. The second focuses on delivery channel investments, cards, branches and call centers.

For more information, contact Hunter Moss at (202) 223-3920, ext. 162, or hmoss@creditunions.com.

August 2008 News & Views Below

CU SECURITY & TECHNOLOGY News - Providing a brief summary of news and information related to security and technology issues for credit unions - Plus some interesting and fun web sites.(Click on photos to enlarge)