The Risk From A Can of Pringles-The Other Side Of Identity Theft
As credit unions expand non-face-to-face delivery channels, they need to address risks related to privacy of their own system data, as well as that of individual members, according to one person.
The Internet is everywhere-that is, everybody has access to it-and its reach into files of information of all kinds extends far and wide, noted Bob Ferderer, VP-internal operations and security with CUNA Mutual Group. Along with the millions of everyday consumers using the Internet are those intent on perpetrating crimes. And therein lies the opportunity and the problem, Ferderer told CUNA's Future Forum.
Nearly 20% of American households now have high-speed cable or DSL Internet connections and within four years that will increase to 50%, Ferderer said. Already, 72% of us are on-line 10 hours or more weekly, using the web mostly for comparison shopping.
"That affects credit unions, because if a consumer is shopping for rates or a quick and easy way to apply for a loan and your credit union doesn't offer these, the surfer is gone to your competitor," he said. "Credit unions need to make their technology easy-and safe-for consumers to use or they will lose the opportunity to somebody else."
With the plethora of personal financial information sent and accessible via the web and the too frequent occurrences of identity theft, consumers remain distrustful of the security of their personal information, Ferderer said. "Credit unions find themselves exposed to these privacy issues and they need to reassure their members that they're keeping this data secure," he noted.
Theft On The Increase
Identity theft and the resulting fraud are not likely to disappear. Ferderer pointed out there were 27-million victims in the past five years, costing consumers $5 billion and financial institutions an estimated $48 billion. "The Federal Trade Commission received double the complaints in 2002 compared to the previous year," Ferderer said. "The trend is worsening. Seventeen percent of identity thefts were used in crimes against credit unions and banks."
As technology allows more portals to data, the opportunities for illicit uses rise. "We'll be seeing still more wireless devices in our cars, hanging from our belts and of course, in our offices-all connecting to the web," he said. "That's a powerful exposure to crime. We will need a fool-proof way to establish our identities so others know we are whom we say we are, and vice versa, so nobody takes our identity and creates havoc."
In an example of wireless data theft, Ferderer described an incident where the hacker used a homemade antenna device made from a potato chip tube container that enabled him to tap into a wireless network. "All it takes is a Pringles chip can and a wire wrapped around it with a cable connecting the can to PC and a laptop can tap into an unprotected network," he said. "At the very least, the hacker will use their Internet service, and at the most, peruse their data files. And with a real antenna, costing less than a hundred dollars, the wireless capability can extend as far as two miles."
Increasing web connectivity plus wireless capabilities require credit unions to be diligent in protecting their data-especially members' financial information. A must-do list includes:
* Reviewing internal security policies and procedures, ensuring all staff know the importance of good security and continuously practice it.
* Using firewalls, virus protection, and other technology to prevent and detect intrusions.
* Controlling vendor, member, and partner access with secure passwords or digital keys.
* Encrypting financial and personal data.
* Protecting wireless applications from intrusion.
* Ongoing monitoring of networks-systems.
"In the past, system access was limited to employees and trusted partners," Ferderer said. "Now, anybody with an Internet connection can approach your web portals and attempt to get in. You need to make sure your systems and your members' information is well protected."