Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

CU System Archive

CU System

What should CUs do when members are phished

 Permanent link
MADISON, Wis. (8/21/08)--A rash of recent phishing and vishing attacks against financial institutions has many credit unions looking for procedures for reporting and squelching the attacks. "Credit unions should have a contingency plan for these types of situations, similar to other business continuity plans," said Dorothy Steffens, vice president of web services at the Credit Union National Association (CUNA). "The important piece is communication, to members and to staff." she said. "Also, get the phishing site shut down and get the phone numbers disabled if it is a vishing scam, Steffens said. Credit unions can start by reporting the scam to its regulator and insurer. But to shut down a scam attempt, the credit union will need help. "IC3 (Internet Crime Complaint Center) has a website to report scams and it is very helpful in getting vishing phone numbers shut down," said Steffens. "I also always send every phish or vish to the Anti-Phishing WorkingGroup e-mail address." (See the resource links). How does a credit union get a phishing site shut down? "Credit unions with websites should have a procedure in place to check their Web logs for traffic that is indicative of phishes," Steffens said. "There are a number of companies (such as CUNA Strategic Services partner, Perimeter) that will monitor the website for phishing activity. You can trace the URL address of the phishing site using http://www.betterwhois.com, which is the Internet Registrar," she said. "Most phishing collection sites have been hacked into, and the owners of those servers usually are not aware that their systems have been compromised," she said. "The Internet Registrar will provide an e-mail address of the technical contact and owner of the site, but in many cases these are in foreign countries, so having a relationship with a vendor will expedite the process for you," she explained. How should a credit union alert its members about a phish? "As soon as a phishing scam is discovered, the credit union should put a notice on its website, possibly add a statement to its after hours mailbox, and let the tellers and call center staff know that the credit union is aware of the scam. Communication is critical," Steffens said. "At the time of a phish, the message should always be: the credit union would never ask for personal identification information via an e-mail or a website. Never, ever," Steffens emphasized. "And if it is a vishing scam, where the recipients are asked to call an unknown number, the credit union again needs to remind its members that they should never call a number that they receive via an e-mail." CUNA Mutual Group also has addressed the issue of phishing in a risk alert it sent Aug. 1 to policyholders, according to Vince Wagner, risk manager in credit union protection. If a member is a victim of phishing/smishing/vishing, take the appropriate steps, he said:
* Block and reissue the compromised credit/debit cards or the account that is at risk; * If not blocking the at-risk card number or account, use an authorization strategy to prevent fraud exposure; * Have the member report the incident to the credit bureau; and * Encourage the member to order a credit report.
CUNA Mutual's risk alert has an extensive checklist of steps to take to shut down a site and suggests using protective monitoring tools to ensure the credit union isn't susceptible to spoofing.

More CUs in storms path close in Florida

 Permanent link
TALLAHASSEE, Fla., and MADISON, Wis. (8/21/08)--Tropical Storm Fay's slow, soggy march across east Central Florida closed more credit unions but as of 8 p.m. EDT Wednesday, none had reported damage from winds or flooding from the nearly 15 inches of rain. "CUNA Mutual has had no reports of credit unions suffering any damages from Fay, although we understand many credit unions in the storm's path are closed," said Phil Tschudy, media relations manger for CUNA Mutual Group. "We will continue to monitor this storm and respond to any credit union that suffers a loss," he said. CUNA Mutual's Disaster Team can provide coordinated assistance to policyholders, Tschudy said. Credit union policyholders needing assistance can contact the CUNA Mutual Group Disaster Team at 800-637-2676. The number is answered 24 hours a day, 365 days a year, by a corporate property and casualty claims manager. Anyone reporting a claim should be prepared to give:
* The nature of the loss; * Any special claim needs; and * The phone number and main contact for the credit union.
The Florida Credit Union League reported more closings, although some expect to reopen today. The league's website provided the following updates on credit unions' status as of 8 p.m. EDT Wednesday:
* Community Educators CU, expected to reopen today; * Community First CU of Florida, closed Wednesday and Thursday; * First Florida CU, closed Wednesday and Thursday; * Indian River FCU, opened Wednesday, with no impact from the storm; * JetStream FCU, all branches closed Tuesday, but planned to reopen Wednesday if warning was lifted; * Kennedy Space Center FCU, closed Wednesday, expects to reopen today; * Lee County Mosquito Control CU, reopened Wednesday; * Lee County Postal Employees CU, reopened Wednesday; * Multi-Media CU, closed Wednesday, expects to reopen today; * Power Financial CU, all branches closed until further notice; * Priority One CU, all branches and call center closed until further notice; * Sarasota Coastal CU, expected to reopen Tuesday; * Space Coast CU, closed Wednesday, planned to reopen today; * Tropical Financial CU, all branches closed until further notice; and * VyStar CU, closed at 3 p.m. Wednesday and will be closed today. It plans to reopen Friday, pending weather conditions.
Tropical Storm Fay was responsible for one death, spawned seven tornadoes, damaged as many as 8,000 homes in two low-lying areas, and prompted flooding in several areas. In Brevard County, Melbourne received nearly 22 inches of rainfall, shattering its 50-year record, and surfers in nearby Vero Beach in discovered a beached whale. The storm moved off coast but was expected to return and head north into Georgia (CNN.com Aug. 20).

Ohio league Vishingphishing all over state

 Permanent link
DUBLIN, Ohio (8/21/08)--Phishing and vishing are "running rampant" in Ohio, with "people all over the state receiving messages" Tuesday and Wednesday purporting to be from three credit unions, says the Ohio Credit Union League. "We've taken dozens of calls from credit unions saying they're getting a ton of calls from their members," said Katie Walton, director of member communications at the league. The league has taken measures to assist the three credit unions: Credit Union of Ohio and CME FCU, both based in the Columbus area, and Superior CU, based in Lima. Both members and nonmembers received the calls. The messages were sent by e-mails, text messages, and auto-dialers leaving messages on consumers' answering machines. They claim the recipient's account has been suspended for suspicious activity. They provide a toll free number, but recipients who call the number get an automated answer that asks for debit-card and credit-card account information. "Some members submitted information such as their account numbers," Walton told News Now Tuesday. Credit unions have put a hold on those accounts. "The credit unions leapt to action to inform their members about the scam," Walton said. "The league is doing some legwork in case it reoccurs or continues to develop," she added. "We have an advisory for credit unions set up on our website, ohiocreditunions.org," Walton said. The league helped alert its members and notified the press. An article appeared in Wednesday's The Columbus Dispatch warning of the phishing scam and providing information for consumers about the attacks. The league also contacted the Federal Trade Commission, the Federal Bureau of Investigation, the National Credit Union Administration, and the Ohio Attorney General's office. The league's advice to credit unions in similar situations:
* Send an immediate alert to members and the media. * Call the credit union's regulator and insurer. * Try to determine the phone carrier of the suspicious phone number using a reverse search Web site, such as www.411.com. Ask the carrier to investigate and shut down the number.
Some companies, such as Perimeter, a CUNA Strategic Services provider, can conduct the take downs for the credit union. (For more information, use the resource link.) Also, credit unions are using their websites to educate members about how they will communicate with them. In essence, they're saying, "don't trust any text messages or auto dialers. Contact the credit union from a number that's different from the one listed in the message, such as the number listed on their statement." "It's important that credit unions regularly communicate with their members," Walton said. See "What should CUs do when members are phished?" in News Now's System section, for procedures to follow when phishing and other attacks occur.

Online fraud attacks vs. FCUs drop 50 since May

 Permanent link
BEDFORD, Mass. (8/21/08)--Phishing attacks against federal credit unions for the month of July decreased nearly 50% since May, according to the July Online Fraud Report from RSA's Anti-Fraud Command Center (AFCC). However, attacks against regional banks rose, said RSA. Those attacks were more than attacks against nationwide banks and federal credit unions combined during July. Although the total number of phishing attacks decreased in July to its lowest rate since February, first-time attacks against new entities rose by about 30%, said the Bedford, Mass., company. Twenty-nine new organizations were targeted in July. During July, the U.S. continued to dominate in distribution of targeted banking brands with about 60%. RSA also reported the demise of Neosploit, a professional malware infection kit that exploited system vulnerabilities to infect computers worldwide. Neosploit was considered the most advanced infection kit and was adopted widely among online criminals, RSA said. The company attributed Neosploit's demise of to the burden of a rapidly growing customer acquisition rate and a lack of substantial revenue.

How to measure whether CUs fin-ed program works

 Permanent link
MADISON, Wis. (8/21/08)--What role does financial education play in improving credit union members' financial performance? The Credit Union National Association's (CUNA) Personal Finance Institute, Sept. 10-12, in Lansdowne, Va., aims to shed new light on the question. "It stands to reason that members who understand money management will make better decisions than those who do not," said Jim Hanson, Credit Union National Association vice president of personal finance. "But one of the biggest unknowns about financial education is how to measure its success." The institute will feature Angela Lyons, Ph.D., associate professor in the department of consumer economics at the University of Illinois at Urbana-Champaign, discussing "How to Measure the Results of Your Financial Literacy Efforts." A former advisor to the U.S. Department of Justice providing expertise on debtor education for U.S. bankruptcy filers, Lyons is the director at the University of Illinois Center for Economic and Financial Education and editor of The Journal of Consumer Education. She has been interviewed by The Wall Street Journal, U.S. News & World Reports, CBS MarketWatch, and Money magazine. Today's turbulent economic environment is presenting financial challenges for consumers in every demographic category, Hanson noted. "Many financial institutions, including credit unions, are responding by providing financial education tools online and in person, but how do we know what works? And how does that translate into sales at your credit union?" For more information, use the link.

Visa issuers pilot fraud-warning system

 Permanent link
NEW YORK (8/21/08)--Visa Inc. and eight credit card issuers are piloting a system that notifies cardholders of suspicious transactions by sending them e-mails and text messages. Announced Monday, the test is part of efforts to expand its mobile capabilities, Visa said. These type of alerts could make consumers more comfortable using their phones for financial services, analysts said (American Banker Aug. 20). Visa employees started testing the alerts last year. The company is expanding the tests to 2,000 employees of eight issuers in the U.S. and Canada, including Vancouver City Savings CU in British Columbia. For transactions made with Visa cards, the service lets consumers set up as many as four triggers for transactions, including:
* Cash withdrawals at ATMs; * Purchases that exceed a set limit; * Purchases made abroad; and * Online purchases.
The cardholder will receive an alert by e-mail or text message if a transaction trips any of the triggers. The alert thresholds can be set with a mobile phone or at the issuers’ online banking sites.

Rogue FCU auctions repossessed vehicles online

 Permanent link
MEDFORD, Ore. (8/21/08)--Rogue FCU, Medford, Ore., has sold 13 repossessed vehicles through its online auctions program since July. The online auctions can be accessed from the credit union’s website, opening the door to anyone in the market for a new vehicle. Some buyers live as far away as New Mexico and Texas, according to the credit union. “Anyone can view, get information and bid on vehicles just like they might on eBay,” said Gene Pelham, Rogue FCU president/CEO. All vehicles are inspected for safety and mechanical problems prior to the auctions. “Our reputation is on the line, so we want to not only make sure that people are getting a good deal, but also a safe and sound vehicle for their family,” Pelham said. The credit union partnered with cuAuctions to sell the vehicles. “We’re not a car dealership. We’re a credit union--so we’re anxious to sell the repossessed cars, trucks and recreational vehicles we have available,” he added. Rogue FCU has more than $330 million in assets.

CDCU Mortgage Center aids New Orleans revival

 Permanent link
NEW YORK (8/21/08)--A pilot program developed by ASI FCU, New Orleans, and the National Federation of Community Development Credit Unions has helped several New Orleans homeowners refinance their mortgage loans. One homeowner, “Helen,” was struggling to make her loan payments before Hurricane Katrina hit in 2005. Her interest rate jumped to 14% from 9%, and because she had made late payments, she was unable to refinance. Helen received help from the federation’s Community Development Credit Union (CDCU) Mortgage Center, which provided funds to ASI FCU to purchase the loan it refinanced to Helen. With a new rate of 6.125%, Helen’s monthly payment dropped by $724. Another ASI member, “Belinda,” also was struggling to make her payments. Belinda had taken out a home equity loan to pay for surgery. With a 14.75% interest rate, her monthly payments surpassed $1,000. With the ASI and the federation’s program, Belinda refinanced her loan at a new rate of 6.125%. Like Helen, her monthly payment dropped by $724. “It’s so very important to stabilize our population in New Orleans,” said Mignhon Tourne, ASI CEO. Credit unions have helped thousands of members rebuild, she added. The CDCU Mortgage Center was created to help CDCUs expand their affordable-mortgage lending programs to low-income people by purchasing CDCU loans. “We definitely see possibilities to expand this pilot program,” Tourne said. “People come to us with high-priced loans from finance companies and brokers, even without us advertising or marketing the program.” Contributors to the program include the John D. and Catherine T. MacArthur Foundation, the National Credit Union Foundation and the Jewish Funds for Justice.

FSCC Shared Branching awards top fraud busters

 Permanent link
SAN DIMAS, Calif. (8/21/08)--Financial Service Centers Cooperative (FSCC) announced recipients of its Fraud Buster Awards. The awards recognize credit unions for protecting their members and those of other credit unions from fraud for the first and second quarters. Awards for stopping more than $1 million in fraudulent activities were given to:
* First Metropolitan CU, Concord, Calif.; * Global CU, Spokane, Wash.; * Numerica CU, Spokane, Wash.; * Patelco CU, San Francisco; * Pearl Harbor FCU, Waipahu, Hawaii; * Point Loma CU, San Diego; * Point West CU, Portland, Ore.; * San Francisco Fire CU, San Francisco; * Sound CU, Tacoma, Wash.; and * First Future CU, San Diego.
The awards program was organized in 2000 by the Operation Advisory Committee comprising stockholder credit unions. The first Fraud Buster Awards were presented in 2001. In seven years, credit unions have stopped more than $6.5 million in fraud and FSCC has presented more than 200 awards.

Sunset staff recommends 12 more years for Texas regulator

 Permanent link
FARMERS BRANCH, Texas (8/21/08)--A Texas Sunset Commission staff report recommends the Texas Credit Union Department continue existing for 12 more years, according to the Texas Credit Union League. The commission regularly reviews state agencies to determine if any should be eliminated. The report is available online with recommendations that are being reviewed by the Texas Credit Union League’s advocacy department (LoneStar Leaguer Aug. 20). The commission will conduct a hearing Sept. 23-24 with public comment on the report. In December, the commission will meet to adopt final recommendations it will make to the 81st Legislature. The commission is an independent regulator that routinely up for review every 12 years. To view the staff report, use the link.

Minnesota foundation elects board officers

 Permanent link
ST. PAUL, Minn. (8/21/08)--The Minnesota Credit Union Foundation (MNCUF) Board of Directors named its table officers during a meeting Aug. 14. Four incumbents and one new board member were elected at MNCUF’s Annual Meeting in July. Elected to serve one-year terms on the board are:
* Chuck Albrecht, Mid-Minnesota FCU, Baxter; * Mary Hansen, Mayo Employees FCU, Rochester; * Lynn Kothe, North Memorial FCU, Robbinsdale; * Kristi Mukomela, Novation CU, Oakdale; and * Judy Root, Bluestone FCU, Eagan.
Mukomela was re-elected as the MNCUF board chair, along with Kothe as vice chair and Root as secretary/treasurer. Mukomela is serving her fifth year on the board, Kothe and Root are in their fourth terms, and Hansen is in her third. This is Albrecht’s first year on the board. “The foundation has created a three-year strategic plan and is currently working toward achieving the goals we set in that plan,” Mukomela said. “Our vision is to have all Minnesotans achieve financial independence, and our mission is to provide resources for credit unions and communities to prosper and thrive.” In 2007, the foundation helped fund the Minnesota Credit Union Network’s Small Credit Union Conference and the international partnership with Paraguay, and it provided educational grants for credit union professionals and volunteers.