Saturday, May 30, 2009

May News & Views Published Below


CU SECURITY & TECHNOLOGY News - Providing a brief summary of news and information related to security and technology issues for credit unions - Plus some interesting and fun web sites . . . and no monkey business.

Thursday, May 28, 2009

The Web's most dangerous keywords to search for

Which is the most dangerous keyword to search for using public search engines these days? It’s “screensavers” with a maximum risk of 59.1 percent, according to McAfee’s recently released report “The Web’s Most Dangerous Search Terms“.

Upon searching for 2,658 unique popular keywords and phrases across 413,368 unique URLs, McAfee’s research concludes that lyrics and anything that includes ‘free” has the highest risk percentage of exposing users to malware and fraudulent web sites. The research further states that the category with the safest risk profile are health-related search terms. (Click on chart to enlarge)

Here are more findings:

> The categories with the worst maximum risk profile were lyrics keywords (26.3%) and phrases that include the word “free” (21.3%). If a consumer landed at the riskiest search page for a typical lyrics search, one of four results would be risky.

> The categories with the worst average risk profile were also lyrics sites (5.1%) and “free” sites (7.3%).

> The categories with the safest risk profile were health-related search terms and searches concerning the recent economic crisis. The maximum risk on a single page of queries on the economy was 3.5% and only 0.5% risky across all results. Similarly, even the worst page for health queries had just 4.0% risky sites and just 0.4% risk overall.

To view the entire article, visit: http://blogs.zdnet.com/security/?p=3457&tag=nl.e539

Another wave of scams hits several states

From CUNA . . .

MADISON, Wis. (5/28/09)--Phone scams are targeting credit unions in Wisconsin, Vermont and Maryland, and credit unions are reminding members that the credit union would never contact them for account or credit card information.

Forward Financial CU, Niagara, Wis., would never call members asking for personal information because the credit union already has it, said Tammy Young, vice president of operations (UpperMichiganSource.com May 26). Forward Financial was one of two institutions recently targeted by scammers who were calling consumers and asking for personal financial information.
Members who have provided their information to scammers should contact the credit union immediately. Forward Financial can block members' debit or credit card from being used, Young said.

Cumberland, Md., police have received hundreds of reports about a phone scam in which individuals identifying themselves as Chessie FCU employees asked for account information (WCBC Wire May 26). The scammers have called homes, businesses and cell phones in the area.
Williston, Vt., residents have received calls from individuals claiming to represent New England FCU and Heritage Family CU. The callers ask recipients to supply personal account information to reactivate a credit card.

Matt Levandowski, Heritage Family CU executive vice president, said some of his credit union's members had given scammers their account information but their accounts had not been compromised.

Wednesday, May 27, 2009

Augusta Metro FCU Ads Ingersoll Rand's Biometric HandKey Reader

Augusta Metro Fed. Credit Union has implemented Ingersoll Rand Security Technologies' standalone Schlage biometric HandKey reader to provide its members with self-service access to the safe deposit vault. The technology allows members to simply punch in a code on the hand reader, presents his or her hand to the unit and, once verified, the bullet-proof glass door opens.

At the same time, the individual's safe deposit box opens and nobody can enter the vault until that member puts away the deposit box.

Today's Best News Stories

>> According to Mexican officials, the swine flu outbreak has cost Mexico $2.2 Billion. Only $2.2 Billion? Maybe we can put them in charge of GM.

>> Police say a Michigan postal worker has admitted to stealing $20,000 worth of postage stamps and trying to sell them online. The worker will be fired for breaking the Postal Service's strict rules against turning a profit.

>> The Indy 500 approaches. A race driver is like an automobile executive. If anything bad happens to the car, he has to be bailed out.

>> Los Angeles Dodgers superstar Manny Ramirez admitted he took a banned substance Thursday but was careful to point out he didn't take steroids. That's illegal. If convicted of steroids use, he could get four to eight years as governor of California.

>> The price of a stamp is up to 44 cents. It's out of control. If only there was some other way to send written messages . . . If anyone can think of anything just e-mail me.

Survey: Better rates, more ATMs top members' wish list

From CUNA . . .

MADISON, Wis. (5/27/09)--While most members report they are satisfied with their credit unions, better rates and expanded access to automated teller machines (ATMs) top their list of suggested improvements, says a recently released survey report by the Credit Union National Association (CUNA).

Click for larger view
About 45% of members surveyed would like to see their credit union pay higher savings rates than they do now, according to CUNA's 2009-2010 National Member Survey. Lower loan rates (27%) and more ATM locations (22%) rounded out the top suggestions from members.

Higher savings rates are the leading request from members age 45 and older. More ATMs topped the list for 25- to 44-year-old members, and more convenient credit union locations ranked highest with 18- to 24-year-olds.

"The desire for more convenient brick-and-mortar locations among such a technology savvy young group was interesting, and it could indicate that some young adults are doing business with a credit union located near the workplace of one of their parents, but not necessarily near them," said Jon Haller, CUNA director of business-to-business publishing.

The National Member Survey reveals trends involving members' use of financial services and attitudes, and strategies to build loyalty and attract more business. It also provides information and analysis related to members' demographics, satisfaction, interest in new services and delivery channels.

Also, the 2009-2010 Survey of Potential Members--CUNA's companion report to this survey--uncovers new issues, opportunities, and strategies for reaching and attracting new members. It analyzes current trends relating to non-members' financial behaviors and loyalty to their banks, and suggests how to leverage competitive advantages to attract eligible non-members from their current provider.

Tuesday, May 26, 2009

Our Ears May be Our Password

YOU are the victim of identity theft and the fraudster calls your credit union to transfer money into their own account. But instead of asking them for your personal details, the credit union rep simply presses a button that causes the phone to produce a brief series of clicks in the fraudster's ear. A message immediately alerts the bank that the person is not who they are claiming to be, and the call is ended.

For more on this security technology, visit: http://www.newscientist.com/article/mg20227035.200-our-ears-may-have-builtin-passwords.html

An Expectation of Online Privacy

If your data is online, it is not private. Oh, maybe it seems private. Certainly, only you have access to your e-mail. Well, you and your ISP. And the sender's ISP. And any backbone provider who happens to route that mail from the sender to you. And, if you read your personal mail from work, your company. And, if they have taps at the correct points, the NSA and any other sufficiently well-funded government intelligence organization -- domestic and international.

You could encrypt your mail, of course, but few of us do that. Most of us now use webmail. The general problem is that, for the most part, your online data is not under your control. Cloud computing and software as a service exacerbate this problem even more.

Your webmail is less under your control than it would be if you downloaded your mail to your computer. If you use Salesforce.com, you're relying on that company to keep your data private. If you use Google Docs, you're relying on Google. This is why the Electronic Privacy Information Center recently filed a complaint with the Federal Trade Commission: many of us are relying on Google's security, but we don't know what it is.

This is new. Twenty years ago, if someone wanted to look through your correspondence, he had to break into your house. Now, he can just break into your ISP. Ten years ago, your voicemail was on an answering machine in your office; now it's on a computer owned by a telephone company. Your financial accounts are on remote websites protected only by passwords; your credit history is collected, stored, and sold by companies you don't even know exist.

And more data is being generated. Lists of books you buy, as well as the books you look at, are stored in the computers of online booksellers. Your affinity card tells your supermarket what foods you like. What were cash transactions are now credit card transactions. What used to be an anonymous coin tossed into a toll booth is now an EZ Pass record of which highway you were on, and when. What used to be a face-to-face chat is now an e-mail, IM, or SMS conversation -- or maybe a conversation inside Facebook.

Remember when Facebook recently changed its terms of service to take further control over your data? They can do that whenever they want, you know.

We have no choice but to trust these companies with our security and privacy, even though they have little incentive to protect them. Neither ChoicePoint, Lexis Nexis, Bank of America, nor T-Mobile bears the costs of privacy violations or any resultant identity theft.

This loss of control over our data has other effects, too. Our protections against police abuse have been severely watered down. The courts have ruled that the police can search your data without a warrant, as long as others hold that data. If the police want to read the e-mail on your computer, they need a warrant; but they don't need one to read it from the backup tapes at your ISP.

This isn't a technological problem; it's a legal problem. The courts need to recognize that in the information age, virtual privacy and physical privacy don't have the same boundaries. We should be able to control our own data, regardless of where it is stored. We should be able to make decisions about the security and privacy of that data, and have legal recourse should companies fail to honor those decisions. And just as the Supreme Court eventually ruled that tapping a telephone was a Fourth Amendment search, requiring a warrant -- even though it occurred at the phone company switching office and not in the target's home or office -- the Supreme Court must recognize that reading personal e-mail at an ISP is no different.

This essay was originally published on the SearchSecurity.com website, as the second half of a point/counterpoint with Marcus Ranum.

http://searchsecurity.techtarget.com/magazinePrintFriendly/0,296905,sid14_gci1354832,00.html or http://tinyurl.com/pnv8vq

Tuesday, May 19, 2009

City police urge 'no hat/hood/sunglasses' policies

COLUMBUS, Ohio (5/19/09)--City police are urging the credit unions in Westerville, Ohio, to strictly enforce policies that require members to remove their sunglasses, hats or hoods when entering to avoid potential robberies.

Suzanne McCann, vice president of sales and operations at CME FCU in Columbus, Ohio, told The Columbus Dispatch Friday that she witnessed a robbery at the credit union. The robber wore a hat and sunglasses, she said.

CME has a similar "no hats, sunglasses" policy that has been enforced at every branch, the newspaper said. Some credit union members weren't happy with the policy, but McCann said the policy helps keep everyone safe.

Although only a few cities nationwide have "no hats" policies, voluntary participation is increasing, Harry Trombitas, an FBI special agent based in Columbus. Most bank robbers want to avoid conflict, and complying with a request to take a hat or sunglasses off could attract more attention, he said.

There have been 22 Columbus-area robberies this year, five fewer than this time last year, the newspaper said.

Credit unions in several states have adopted "no hat, no hoods, no sunglasses" policies. In 2003, the Delaware Credit Union League provided posters and signs to credit unions that ask member to remove these articles of clothing when they enter the credit union. The same year, the Missouri Credit Union Association adopted a similar policy.

Other states with "no hats, hoods or sunglasses" rules include South Carolina, Massachusetts and Oklahoma (News Now June 3, 2005).

Though the policies have been implemented to increase safety, they have been criticized. Earlier this year, a Muslim woman who was a member of Navy FCU said she was denied service from the credit union for wearing a traditional head scarf as required by her religion. Navy Federal contacted the member and apologized to her.

Friday, May 15, 2009

Sixty gang members nabbed in $500,000 scam vs. Credit Union

SAN DIEGO (5/15/09)--More than 60 members and associates of the San Diego Lincoln Park Street Gang were arrested Tuesday and charged with stealing $500,000 from a credit union by recruiting young credit union members to give up their account information so the account could receive counterfeit check deposits.

The gang then withdrew thousands of dollars from an ATM at a casino and the accomplice account holders, who received a portion of the payout, would file a police report for an unauthorized withdrawal, said California Attorney General Edmund G. Brown Jr. and San Diego District Attorney Bonnie Dumanis in a press release.

In a multi-agency operation termed "Bank Gig," a Tuesday morning pre-dawn sweep by more than 100 law enforcement officers took the suspects into custody. They are being held on 347 felony charges related to conspiracy, grand theft, money laundering, recruiting to commit a felony for a gang, unlawful sale of access card information , burglary and gang enhancement.

After obtaining personal account information and personal identification numbers from members of Navy FCU, gang members would deposit counterfeit checks into the members' accounts, then withdraw thousands from an ATM machine at Barona Casino near San Diego.

"The size, scope and sophistication of this operation show us that criminal street gangs in San Diego are expanding their criminal enterprise into white collar crime," said Dumanis.

The investigation began when the credit union in 2005 reported to the U.S. Secret Service a significant increase in fraud reports from young members reporting their account information and PINs had been stolen.

Thursday, May 14, 2009

Dumb & Dumber: Credit union treats member like small change

Due to a lack of timely intervention at the Okemos Branch, the MSU Federal Credit Union (Lansing) experienced a casualty Saturday. Joyce Banish, the credit union's vice president of university and community public relations, acknowledged Monday that "better judgment" would have been the proper treatment.

Kimberly Schulz, a member of the credit union, waits tables. Some of her tips come in the form of change. It's her habit to take the change to the credit union once a week or so, drop it in the coin counter, get a receipt, then deposit the total in her account.

Schulz walked into the branch Saturday and discovered that the machine was out of service. So she informed a woman at the front desk that she wished to deposit the money - all $15 dollar's worth - directly into her savings account. The woman told her that wouldn't be possible. In an e-mail to me Schulz described the encounter this way:

"I asked why and she said she had no way of counting it ... I showed her the small amount of change I had, but she said (the credit union) wouldn't take it."

Let me reiterate some key facts here: Schulz is a MEMBER. She was trying to DEPOSIT the money. The credit union's change counter was NONFUNCTIONAL. Schulz's change TOTALLED $15 (and, by the way, was mainly in quarters).

Schulz approached a teller and offered to arrange the change into one-dollar stacks. And no one, she said, was waiting in line behind her. But the teller refused to accept the money.

In her e-mail Schulz wrote: "I was flabbergasted. I understand their policy to normally not take (uncounted) change, since they have a change-counting machine right in their office. But when the machine is not working, you would think Customer Service 101 would kick in ..."
Exactly.

Responding my inquiry, Banish said the branch takes in a lot of change and that, with the coin machine down, the "no change" policy was aimed primarily at people with large bags of uncounted change.

Stopping to count it, she pointed out, could cause service delays for other customers.
Banish also said Schulz could have used a change counter at another branch.

But she conceded, in the end that "better judgement would have been to count (Schulz's change)."

Don't let this happen in your credit union.

Interesting Credit Union Names

Many credit unions with common words in their name:

> 1-in-6 credit unions have the word ‘Employee’ in their name
> Over 600 credit unions have ‘School,’ ‘Teachers’ or ‘Educators’ in their name
> 183 have ‘Postal’ in their name
> 157 credit unions have ‘Municipal’ in their name
> 110 credit unions have ‘Health’ in their name
> 108 credit unions have ‘Fire’ in their name
> 73 credit unions have ‘Police’ in their name

For more on this subject, visit:
http://thefinancialbrand.com/2008/07/01/most-common-words-in-credit-union-names/

Thursday, May 7, 2009

Meetings Are Important

Meetings Mean Business Petitionhttp://www.keepamericameeting.com/

Please sign this important petition.

Here is my posting:"Meetings directly or indirectly support one in eight Americans with important impact globally. One third of all hotel rooms are booked as a result of meetings. 20% of all airline flights are for those flying to and from meetings. The multiplier effects of meeting attendees spending their money at events, trade shows and conventions is huge! Meetings are also major educators of adults in the industrialized world.

We need to notify our legislators that meetings are not junkets -- they are vital for our economy."

Monday, May 4, 2009

Another Massive Data Breach

CBS News has learned of another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access.

The United States Postal Inspection Service is investigating a data breach at both companies that resulted in sensitive information being used in a crime. Those individuals have been notified. Sources tell CBS News that the data breach is linked to a Nigerian Scam artist who used the information to incur fraudulent charges on victims’ credit cards.

The letters caution customers to review their credit reports for any inaccuracies, to report any errors or suspicious activity to creditors as soon as possible, and to contact the United States Postal Service if they believe their personal information may have been compromised.