WASHINGTON (2/26/14)--"We're never going to see the end of cyberintrusion ... there is too much rich data out there," said John Buzzard, FICO fraud banking product manager. You can, however, eliminate counterfeit products down the line once data is stolen, he noted.
Buzzard and other panelists on Tuesday advised credit unions on how to cope with an evolving data security environment during the Credit Union National Association's 2014 Governmental Affairs Conference.
The session was hosted by CUNA Senior Legislative Representative Jeremy Dalpiaz and featured comments from William Nelson, president/CEO, Financial Services Information Sharing and Analysis Center; and John Wallace, vice president of commercial products, CUNA Mutual Group.
Nelson said cybercrime is a global problem, with a complete service-based economy supporting their activities. There are also hacktivists such as wikileaks, Anonymous, Lulzsec, and state-sponsored hackers from China, Iran and other nations, he said. Hackers can trick search engines into displaying infected content and can use phishing or spearphishing tools to attack vendors, administrators and staff who may have access to financial information and other information.
The panelists cited on example of how pervasive the hacking culture has become: there is a multi-million dollar bounty payment waiting for the first person to break triple-DES encryption.
Nelson said hackers will often stop an attack if it takes too long or gets too complicated, so having multiple layers of security can force them to move on before they do damage.
His organization, FS-ISAC, has helped fight hacking attempts by developing "circles of trust" among those in the payments system.
Members will report incidents, others will respond, and alerts will be issued to members of the circle, he said.
Future data security threats include:
Strikes with customized, flexible and adaptable malware intrusions;
Sales and purchases of cards based on bank identification numbers; and
Attacks on payment cards that develop in two phases within the same breach, such as stealing consumer data, and executing PIN fraud.
Potential losses for credit unions include lost revenues, costs to notify members, lawsuits, regulatory scrutiny, operational costs and repetitional issues. Buzzard said credit unions more than ever are stepping out with strong messages about how their members are impacted by data breaches. The human cost of reissuing plastic is exponentially higher than estimates, and could be as high as $15 to $20 per card, he said.
To combat fraud, CUNA Mutual's Wallace said credit unions can examine and upgrade fund transfer controls and online banking security, continue with strong fraud detection, and educate their members.
Other steps credit unions can take to protect themselves from data security breaches include assessing their own data security risks and vulnerabilities, whether the risks are presented by ATMs, computer systems, third-party vendors or other sources, the panelists added.
Credit unions should also be careful to take care of their members and be transparent. Staying connected to evolving data security developments, and simply being prepared, are other steps they can take, the panelists said.