FEDERAL WAY, Wash. (7/26/12)--A large credit union's efforts to combat fraud puts it on the forefront of law enforcement cases but also gains national media attention, and that sometimes leaves a mistaken impression in the public's perception, says the Northwest Credit Union Association (NWCUA).
Case in point: In June, Tukwila, Wash.-based BECU was reported prominently in local and national media outlets when a Dutch man was charged with stealing 44,000 credit card numbers. Only some of the numbers belonged to BECU's members. But local media reported it in headlines such as "Dutch man charged with stealing BECU credit cards," which was oversimplified and not quite accurate, said NWCUA (Anthem July 17).
Only a handful of stolen card numbers in that case were connected to BECU, John Snodgrass, security risk manager at the nearly $10 billion asset credit union, told NWCUA. BECU's name showed up in the police report because of its proactive, hands-on approach to identifying and preventing fraud and identity theft. BECU's name is unfairly connected to fraud cases in instances where it is part of the solution but not at fault in the breach itself, Snodgrass said.
The credit union spends considerable time analyzing cases. If there are at least two cases that arrive with like charges, "we start looking for a common point of compromise at that point," Snodgrass told the association. The credit union takes the approach "that if we can identify it up front, then we can identify the window of exposure, and once we know the window of exposure, we can have our monitoring system start to look for these kinds of frauds and catch them early as opposed to five, six, seven charges down the line," he said.
As a result, the credit union works a lot with law enforcement on a number of levels, including the Secret Service's Electronic Crimes Task Force. "Our relationships have built up to the point now with law enforcement that they will take our cases," he told NWCUA. "They know that we've done our research, and they will investigate it, I would say 99% of the time."
BECU then sends the task force a list of victims and suspected breach points. "As a result, we tend to be on the forefront on a lot of these things, which is why our name is listed so prominently in some of these case filings."
Snodgrass noted that three major skimmers (people who insert devices on ATMs and gas pumps that collect information such as personal identification numbers keyed in to the devices) were arrested recently partly due to BECU's security team.
The devices weren't just on BECU machines, they were on other financial institutions' devices as well, said Todd Pietszch, a spokesperson at BECU. Because BECU was the one working with law enforcement, its name appeared in police reports and became public information.