Secret Service to Credit Unions, Beware

Willie Sutton is famous for coining the phrase, “Because that’s where the money is,” in response to the question of why he robbed banks. Today, however, the modern-day version of Sutton is more likely to be armed with nothing more than a computer, a mobile antenna and perhaps a drawer full of plastic cards.

That was the message delivered by Special Agent Kirk Arthur of the U.S. Secret Service last week to a marketing council seminar held at the Federal Way offices of the Northwest Credit Union Association.

Arthur said the Secret Service has seen an alarming increase in hacking and skimming scams that are aimed directly at financial institutions, including credit unions. Last year, the Secret Service arrested more than 1,200 individuals responsible for more than $7 billion in losses. He noted that almost 92% of all thefts have been perpetrated by external agents, many of them from overseas where law enforcement’s reach is limited.

Criminals are becoming so sophisticated that they can place a skimming device on an ATM machine in less than 30 seconds. They then use a remote wireless device with antenna to gather account numbers and passwords without running the risk of being physically present at the ATM.

“Eighty-six percent of all breaches are discovered by a third party,” Arthur said.

The Secret Service maintains an Electronic Crimes Task Force in Seattle to investigate a breach at any Northwest credit union. There is also a field office in Portland to field calls.

“The key to averting major losses and catching the responsible parties is to notify us immediately upon evidence of any breach in your security network,” Arthur said.

Arthur also discussed new trends he is seeing in the electronic crime wars. He indicated that the expansion of applications moving onto smart phones marks the next arena where electronic criminals are likely to migrate. The phones’ wireless nature makes them extremely vulnerable to hackers, and the use of the phones to perform banking tasks and make debit- and credit-card purchases provides a whole new portal of entry for hackers.

Arthur advises credit unions to monitor their network daily for unusual activity. He also suggests that unnecessary data be regularly removed, and advises that credit unions regularly audit user accounts and assess remote access services while ensuring that essential controls are met. He also says credit unions should continue to advise their members to monitor their personal accounts on a regular basis and immediately report any suspicious activity to the credit union. Arthur said that 92% of all attacks are “not technically difficult” and attest to the failure of both individuals and financial institutions to properly maintain basic security controls.

“Today’s criminal is simply waiting for you to let down your guard,” Arthur said. “Don’t let yourself be one of them.”

 

Questions or Concerns? Contact the Anthem Editor: Editor@nwcua.org.

Posted in Article Post.