Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

CU System Archive

CU System

Banking Trojans targeted third-party EFT systems

 Permanent link
NEW YORK and MADISON, Wis. (3/28/12)--Cyber thieves have used banking Trojans, such as the infamous Zeus,  to compromise log-in credentials for credit unions  to third-party electronic funds transfer systems, such as automated clearing houses and wire transfer systems, says a risk alert to bond policyholders of CUNA Mutual Group.

On March 19, CUNA Mutual sent the risk alert, saying the cyber thieves had transferred funds to accounts at other financial institutions, both foreign  and domestic, and the losses have been significant, exceeding $1 million in one case, said a report in the New Jersey Credit Union League's newsletter, The Daily Exchange (March 20).

Access was gained at various access points, said the risk alert. In a few cases, the thieves circumvented the dual control requirement that requires a second employee to login to the ACH and/or wire transfer system to approve the transfer.

Among the suggestions made in the risk alert:  use a dedicated computer to access third-party ACH and wire transfer systems, and prohibit it from being used for e-mail and Internet browsing.  If a dedicated computer isn't possible, use a separate operating system and browser written to a USB flash drive and access the ACH or wire transfer system through the flash drive browser.

CUNA Mutual also suggested prohibiting telecommuters from accessing the ACH and/or wire transfer system using their home computers.

In another security development, several banking Trojans have developed a new type of attack specifically designed to postpone discovery as long as possible, said Trusteer, a security company in PCMagazine (Jan. 4).  After the theft, the Trojan manipulates the victim's view of online transactions, hiding the fraudulent activity. Those who haven't gone paperless eventually receive evidence in their mailed statement, but by hiding online evidence the criminals buy more time to siphon off more funds or complete their theft.

Normally a banking Trojan like Zeus or SpyEye will insinuate itself into a victim's browser and take control of the online banking experience using a "man in the browser" attack. Some directly capture the login credentials, some display a false warning page asking the user to enter personal information, and others divert real transactions to criminal payees. By the time the victim notices, it's too late.

Texas league picks 12 young pros for initiative

 Permanent link
FARMERS BRANCH, Texas (3/28/12)--The Texas Credit Union League (TCUL) has selected 12 up-and-coming young credit union professionals to serve on its new initiative--the Texas 12.

The Texas 12 will help catalyze change in the system and spark positive growth in the community, TCUL said (LoneStar Leaguer March 27).

The Texas 12 is an incubator to bring the brightest young minds in Texas credit unions together based on three goals: incite positive change for the future, break down barriers to collaboration, and bring new perspective to the credit union system.

"Young professionals have a great deal to offer our movement, so it's important that we tap into their knowledge and provide them an outlet for getting more engaged in our movement, as well as offer them hands-on opportunities to help shape the future of credit unions," said Dick Ensweiler, TCUL president/CEO.

The individuals chosen for the Texas 12 are:
  • Shelby Ames, Liberty (Texas) County Teachers FCU;
  • Kelsey Balcaitis, A+ FCU, Austin;
  • Doug Bedner, Resource One CU, Dallas;
  • Victoria Cline, Neighborhood CU, Dallas;
  • Brittany Doering, Family 1st of Texas FCU, Fort Worth;
  • Kate Donovan, Texoma Community CU, Wichita Falls;
  • Chad Holz, University FCU, Austin;Lori Martinez, Houston Fire Fighters FCU;
  • Jana Mearns, People's Trust FCU, Houston;
  • Casey Moehring, Kelly Community FCU, Tyler;
  • Nikki Moore, Space City CU, Houston; and
  • Jamaal Dwayne Robinson, New Mt. Zion Baptist Church CU, Dallas.

The first activity for the Texas 12 will be to "crash" TCUL's Annual Meeting & Expo, April 18-20 in Galveston.

ELGA reissues hundreds of cards in retailer breach

 Permanent link
BURTON, Mich. (3/28/12)--A Burton, Mich.-based credit union is one of the financial institutions that received an alert from a Visa processor indicating the debit or credit cards of 450 members had been compromised in a data breach at an unnamed retailer's processing network.

ELGA CU'sstaff immediately blocked the cards as a precaution and spent the weekend contacting members, explaining why the credit union was blocking the compromised cards and arranging for new cards to be reissued ( March 26).

As a result of the phone calls, the credit union identified thousands of dollars in fraudulent activity on members' cards. Frank Wilber, the executive vice president of the credit union, told that once illegal activity was confirmed, the credit union would cover the members' loss.

The credit union estimated the breach has cost it between $14,000 and $15,000, Wilber told (March 27).

Most of the 450 members identified as "possibly compromised" by the Visa alert live in Genesee County. The credit union serves members in six counties.

Wilber told the newspaper that it is a difficult situation for a financial institution and its members. After it blocked all the compromised cards, the credit union got a call from a woman on her honeymoon in Las Vegas who needed to use her card.  The credit union unblocked her card but monitored it all weekend until she returned home.

Grocery closure prompts CU search for new site

 Permanent link
CHEYENNE, Wyo. (3/28/12)--The pending closure of a grocery store in Wellington, Colo., is prompting Warren FCU to search for a new site for its in-store credit union branch that will be gone when the store shutters.

Wellington's Main Street Market is slated to close its doors May 18. Warren FCU already has purchased land in Fort Collins, Colo., with intentions of building a stand-alone branch there, but no timeline has been established for its opening  ( March 26).

Although the credit union would love to open by May 19, due diligence requirements will likely take a while longer, Michael Nagl, Warren FCU's vice president for the Colorado market, told the newspaper.

More information about the Fort Collins branch should be available later this week, Nagle added.

The $400 million asset Cheyenne, Wyo.-based credit union has five other branches in Cheyenne and one in Laramie, Wyo.

Microsoft financial coalition disrupt Zeus botnet

 Permanent link
REDMOND, Wash. (3/28/12)--Botnets using Zeus malware to steal from online banking accounts suffered a lightning bolt hit after Microsoft and a coalition of financial industry players took coordinated, global, legal and technical actions last week to disrupt key Zeus botnet command and control servers responsible for the theft of hundreds of millions of dollars.

The action, against the worst known cybercrime operations, was carried out by Microsoft, the Financial Services--Information Sharing and Analysis Center (FS-ISAC) and NACHA, The Electronic Payments Association, with assistance from Kyrus Tech Inc. and F-secure, said the coalition in a press release Sunday.

Microsoft, FS-ISAC and NACHA filed a civil lawsuit in the U.S. District Court for the Eastern District of New York  against 39 John Does and sought to conduct a coordinated seizure of command and control servers running some of the worst known Zeus botnets.

On Friday, escorted by U.S. Marshalls, Microsoft and the co-plaintiffs seized command and control servicers in two hosting locations--BurstNet of Scranton, Pa., and Continuum Data Centers, Lombard, Ill. (USA Today March 26). They seized and preserved data and virtual evidence from the botnets for the court case and took down two Internet Protocol addresses behind the Zeus command and control structure.

Microsoft is currently monitoring 800 domains secured in the operation, which are helping identify thousands of computers infected by Zeus.

The action is good news for credit unions and other financial institutions plagued with having to reissue debit and credit cards after data breaches by cybercriminal groups, but the problem is far from over.  The actions taken last week caused major disruptions but the Zeus botnets are notorious for their complexity and  adaptability,  and for staying a step ahead of law enforcement. The key value of the actions taken is the information that the actions were able to gather about the criminal operations.

The coalition's action  "disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims," said Richard Boscovich, senior attorney for the Microsoft  Digital Crimes Unit.

Once a computer is infected with Zeus, the malware can monitor the victim's online activity and automatically start keylogging (recording every keystroke) when a victim types in the name of a financial institution or e-commerce site.  The criminals then steal personal information for identity theft, to make fraudulent purchases or to access other private accounts.

Since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including three million computers in the U.S.  More than $100 million has been stolen in the U.S. the past five years (IDG-News-Service March 26). Microsoft's lawsuit identifies 39 John Does, who use 65 online aliases. ( March 25). Many are identified only by nickname in the suit.

This is the second time Microsoft has conducted physical seizures in a botnet operation, and the first time other organizations have joined as plaintiffs in a legal case on a botnet operation.

It also is the first operation for Microsoft that involved simultaneous disruption of multiple operating botnets in a single action and the first known time it has applied the Racketeer Influenced and Corrupt Organizations (RICO) Act in a consolidated civil case to charge the botnet users.

Unlike Microsoft's previous botnet seizures, the goal of this action was not to permanently shut down all impacted botnets, but to gather intelligence and to undermine the criminal infrastructure that relies on the botnets to make money. It also will provide new tools to fight the cybercrimes, said the coalition's press release. 

The group also made these recommendations to computer users:

  • Use safe practices such as running up-to-date and legitimate computer software, firewall protection and antivirus or antimalware protection.
  • Use caution in surfing the Web and clicking on ads or e-mail attachments that may be malicious.
  • Use free information and malware leaning tools if the computer is suspected to have a malware infection.(See the malware cleaning tools link.)
For businesses looking for information about corporate account takeovers, including those due to malicious software, use the link to a fraud advisory from FS-ISAC, the Federal Bureau of Investigation and the U.S. Secret Service.

FBI Robberies down in third quarter

 Permanent link
WASHINGTON (3/28/12)--Robberies and related crimes decreased during third quarter 2011 to 1,094 violations of the Federal Bank Robbery and Incidental Crimes Statue, from the 1,325 reported for the same quarter of 2010, according to the Federal Bureau of Investigation (FBI).

There were 1,081 robberies, 11 burglaries, two larcenies, and one extortion of a financial institution reported between July 1 and Sept. 30, said FBI's Bank Crime Statistics report released Tuesday.

Of the 1,081 total robberies, 94 were committed at credit unions. Commercial banks experienced 959, savings and loan associations 26, and mutual saving banks two. Credit unions also saw two burglaries in the period.

Highlights of the report include:

  • Loot, totaling more than $9.3 million, was taken in 89% of the incidents.
  • Of the loot taken, 25%, or more than $1.9 million, was recovered and returned to financial institutions.
  • Bank crimes most frequently occurred on Friday. Regardless of the day, the time frame when bank crimes occurred most frequently was between 9 a.m. and 11 a.m.
  • Acts of violence were committed in 5% of the incidents, resulting in 18 injuries, three deaths, and four persons taken hostage.
  • Demand notes were the most common method of operation used.
  • Most violations occurred in the Western region of the U.S., with 381 reported incidents. The fewest occurred in the Northeast region with 171 reported incidents.
The statistics were recorded as of Oct. 28. Not all bank crimes are reported to the FBI, which means the report is not a complete statistical compilation of all financial institution crimes that occurred in the U.S.

To read the full FBI report, use the link.

CUs mortgage services still have hurdles

 Permanent link
NORWALK, Conn. (3/28/12)--One out of five consumers don't know where to turn when shopping for a mortgage, according to a recent survey by

When asked, "If you were apply for a home loan, which type of institution do you trust the most?" more than 20% of respondents selected "none of the above" when asked to choose among a credit union, bank or mortgage broker.

"This sentiment could reflect the negative public opinion that still remains following the well-publicized housing and credit market collapse, and the subsequent spate of defaults and foreclosures that have been plaguing consumers," said in a press release.

This could also be an example of collateral damage--credit unions didn't cause the housing crisis but they have been affected by it in consumer perceptions.

And while credit unions are making many mortgage loans, and have received positive media coverage for their member service, they still have hurdles to clear when consumers consider where to shop for their mortgages.

In applying for a home loan, about 30% of respondents said they would trust a credit union most, while about 33% of respondents said they would trust a bank.

In December 2006, credit unions had originated 1,454,340 mortgage loans for a total of $164 billion, according to Credit Union National Association Research & Statistics Department. In December 2011, credit unions had originated 1,824,471 mortgages for a total of $236 billion.

Mortgage bankers and government-sponsored enterprises (GSEs) such as Fannie Mae were least trusted by consumers, with about 8% of consumers saying they trust mortgage brokers and about 7% trusting GSEs.

BEST program pilots last cycle underway

 Permanent link
MADISON, Wis. (3/28/12)--Credit unions in New Jersey are implementing the final phase of a collaborative project that provides internship opportunities for people with disabilities.

Through the Building Economic Strength Together (BEST) program, New Jersey credit unions are providing internships for people with disabilities. A group of interns, credit union representatives, and program partners met at a recent luncheon at the New Jersey Credit Union League office to discuss their experiences. (Photo provided by the National Credit Union Foundation)
The last cycle of Building Economic Strength Together (BEST) is underway after its pilot debuted two years ago.

The BEST program was developed by a strategic partnership among the National Credit Union Foundation (NCUF) through its REAL Solutions program, the New Jersey Credit Union League and the New Jersey Credit Union Foundation, the National Federation of Community Development Credit Unions, the National Disability Institute, and Allies Inc., a New Jersey-based training group for people with disabilities, with funding provided by the Kessler Foundation.

The BEST program provides internships to persons with disabilities in New Jersey credit unions with the goal of creating permanent employment opportunities while developing best practices for credit unions to serve these families.

"These interns have been very productive in the credit unions they are working in," said Paul Gentile, league president/CEO. "Some have even gone on to full-time positions and could very well become our credit union leaders of the future. It's been equally rewarding to see our credit unions learn how to better serve this underserved segment of America. I hope it can be emulated in other parts of the country."

During the two-year program, 44 New Jersey credit unions hosted 54 interns during seven cycles. While credit unions were under no obligation to hire the interns at the conclusion of the six-week training period, several interns are working either full-time or part-time at the credit unions.

CU System briefs (03/27/2012)

 Permanent link
  • ALBANY, N.Y. (3/28/12)--National Credit Union Administration (NCUA) Board member Michael Fryzel will address attendees June 8 at the Credit Union Association of New York's (CUANY) annual convention, which will be held June 7-10 in Lake George, N.Y. "Since he joined NCUA's board, he has proposed and passed the Corporate Stabilization Plan, addressed liquidity problems facing credit unions and promoted the Credit Union Homeowner Affordability Relief and System Investment Programs," said William J. Mellin, president/CEO of CUANY.  Fryzel was appointed by President George W. Bush to the board on Nov. 30, 2007 and took office on July 29, 2008. His term expires Aug. 2, 2013 …
  • WILMINGTON, Del. (3/28/12)--Ronald Tate, 42, of Middletown, Del.,  was  sentenced to two years in prison on charges related to filing fraudulent mortgage applications and cashing six loan checks totaling more than $240,000 from credit unions around the nation (The Daily Times March 26). Tate pleaded guilty in June to one count each of mail fraud and wire fraud.  He allegedly submitted a fraudulent mortgage application to fund the purchase of a home valued at nearly $1 million in North Wilmington. The application allegedly included false information about his employment and income and a false verification of funds on deposit. Tate allegedly cashed the checks from the credit unions between May and September 2009. The checks were loans to be used to fund the purchase of a car. However, the money went elsewhere and no payments were made on the loans …
  • DUBLIN, Ohio (3/28/12)--Ohio Healthcare FCU (OHCFCU)  is reaching out to current and potential members throughout Ohio with its new full-service online branch, WebCU. WebCU provides 24/7 access to healthcare professionals who can open accounts online, manage money and communicate with credit union staff. Money management services include remote depositing, account to account transfers, account alerts, bill pay, automatic transfers and mobile banking. The credit union is also cross-promoting upcoming events in the Ohio healthcare community in its "Community" area. "We hope our members will turn to us for more than just financial services," said Bill Butler, CEO of OHCFUC. "WebCU is intended to be the portal for a wealth of healthcare community-related information," he added …
  • DALLAS (3/28/12)-Dallas-based Neighborhood CU celebrated reaching the $300 million assets milestone during its 82nd Annual Meeting Thursday.  "While other financial institutions are struggling to stay afloat, the active participation by 30,000 North Texans has allowed our credit union to flourish and remain relevant," said Gerald Townsend, chairman of Neighborhood CU's board.  He noted the milestone is the result of proactive change and the addition of new products and services--such as Kasasa, a free checking account that gives members extra money every month and MPower, an auto loan service--to meet the changing demands of members. The products have a strong financial education focus, he said. Neighborhood CU also announced it will open a new branch in Grand Prairie in the fall; is redeveloping its technology platform to include mobile apps for iPhone, Android and iPad; and will serve as "The Official Bank of Six Flags Over Texas" this year …