FARMERS BRANCH, Texas (2/15/13)--Credit unions should take a holistic approach to preventing online fraud, an information technology (IT) expert advised the Texas Credit Union League.
That strategy should include training, a robust patch management program, testing and security devices on network perimeters, said Idrees Rafiq, assistant vice president of IT Consulting for Financial & Technology Resources, who was interviewed by the league for the Feb. 14 edition of its LoneStar Leaguer
Fraud will increase in 2013, in tandem with the continued surge in consumer online transactions, said Rafiq. Fraud is evolving at the same rate as technology, he said.
A holistic approach to fraud prevention includes:
- Training--Train members, employees, volunteers, and even custodians one topics such as online and e-mail safety, social engineering and the credit union's overall information security policy and program. A breach will most likely target the weakest link in the training, Rafiq said.
- Patch Management--The program should patch critical vulnerabilities in operating systems (Windows), firmware (routers) and software (Adobe Flash).
- Security Devices--An antivirus is not sufficient and often will not detect more complex viruses, Rafiq said. Firewalls and intrusion prevention systems that can detect anomalies in traffic are more effective. The National Credit Union Administration requires credit unions to implement encryption technologies for member information both in storage and in transit, he said.
- Testing--The credit union can best identify vulnerabilities by reviewing and testing security procedures. A third-party review of the processes can help a credit union increase its overall security posture, he added.