High-Profile Security Breaches Prompt CU Response

Register now

Ongoing news reports of ever-larger data security breaches, from lost bank back-up file tapes to card processors losing data on tens of millions of customers to phishing attacks against credit unions, has raised the profile of what members can do to protect themselves.

In response, credit unions across the country are teaming with various providers of identity-theft services, which offer to do everything from helping to guard against theft of personal financial data in the first place to helping to rebuild credit and clean up files if a theft has occurred.

Among the steps credit unions are taking:

* San Antonio-based Digital Defense, Inc. is rolling out an identify-theft education program this summer aimed at members, after previously concentrating just on credit union data security. Digital Defense launched a dedicated website July 13 detailing phishing scams and how to fight them.

* Sterlent Credit Union in Pleasanton, Calif. recently teamed with Fraudlines, based in Oregon City, Ore., to provide member education.

* Georgia FCU is teaming with Identity Theft 911 and combining the service with its existing "We've Got You Covered" campaign for new auto loans.

The new program will provide members with a monthly newsletter, fraud alerts and a website dedicated to various articles, congressional updates and interviews.

* CUNA Mutual Group and CUNA announced in May a collaborative effort to develop an online toolkit that will compile "the nation's best resources for preventing and repairing identity theft."

Officials told The Credit Union Journal the new programs represent an acknowledgement of how large ID theft is getting and how the weak link in the security chain is actually a credit union member who doesn't monitor his account.

Digital Defense Launches Site

In San Antonio, Digital Defense, Inc. has launched a low-cost educational website geared toward phishing scams, in which Internet fraudsters send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

Digital Defense Marketing Director Mark Leutwyler said his company usually works with credit unions directly, but the increase in member phishing incidents prompted a change in tactics which led to the creation of its Security TEAM program.

"More and more attacks are being focused on members and not credit unions," Leutwyler said.

The Security TEAM website will feature content describing phishing scams, how to create a better password, computer virus information and tips on creating a secure home computer.

A quarterly newsletter will detail new schemes or threats. The website will be accessible with a normal web browser by members clicking on a link located on a credit union's own website.

The Digital Defense site has the option of being co-branded with credit union's logo.

Fees range from $25 to $75 per month, depending on the number of members a credit union serves.

An introductory fee has yet to be determined, but Leutwyler said it will likely be approximately $100.

As phishing scams don't breach credit union security, but instead use the web to mail directly to clients, member education is the new key to fighting this form of ID theft, he said.

"As people become more educated about phishing and take action, the number of attacks will drop as well," he said.

Leutwyler said he expects smaller credit unions around the nation to become targets as larger credit unions use more of their resources to fight off identity thieves.

Fraudlines CEO Paul Solomon said ID theft is the "first true global business" with stolen information being sold and resold around the world, especially in Russia.

Solomon met Sterlent Credit Union CEO John Wagner last summer and they began a partnership to create a full education and prevention system to meet the growing threat.

Solomon will serve as "prevention officer-in-residence" for Sterlent CU and its members.

Prevention Is Key

"First and foremost, we are in the prevention business," Solomon said. "Prevention is far better than resolution."

Fraudlines includes a two-inch thick binder with information divided into four sections: prevention, resolution, resources and updates.

The kit includes an application for $25,000 in identity theft insurance and a special pen with ink that cannot be removed by chemical means and penetrates a document to prevent thieves from chipping off the ink.

In addition to teaching families how to minimize the threat of identity theft, the Fraudlines system provides blank forms for durable power of attorney, an ID theft affidavit and requests for credit reports or a Social Security statement, among other forms.

Solomon said the system teaches the basics of ID theft, but also lesser-known facts such as the high number of crimes during the summer months.

Thieves break into parked rental cars at popular tourist locations and sell any personal information they've stolen.

For instance, Solomon said rental car agreements left in the glove box reveal quite a bit of personal information about the renter.

Business Owners Fall Prey

Business owners are often victims when thieves pull their federal identification number out of trash bins. Many business owners aren't even aware their tax numbers can be used for ID theft.

"People don't protect their tax ID as much as their Social Security Number," he said.

Solomon said the Fraudlines system teaches members, credit unions and business to develop a complete plan to protect all private information that could be used to build a detailed false identity.

Sterlent offers Fraudlines free to members with more than $5,000 in deposits or with a loan balance more than $10,000. New members can get the program, normally priced at $200, at a reduced rate.

With new technology comes new challenges and vulnerabilities, and CUs are stepping up to protect their members.

CUJ Resources

For more information on identity theft in the credit union movement:






For reprint and licensing requests for this article, click here.