Given the constant threat of physical and digital attacks on credit unions, it’s important to survey the current threat landscape from time to time.
FTSI tapped some of the foremost financial security experts to get a better picture of the most prevalent and emerging threats to credit unions.
Here are the top four that emerged, plus some methods for combating them.
Threat #1: Vestibule skimming
With attacks surpassing $366 million in 2015 alone, most people are well aware of the threat that skimming poses to financial institutions.
Savvy ATM users even know to look for skimming overlays when inserting their cards.
But according to March Networks, criminals are now targeting the card readers that allow members to get access to ATM vestibules, the small enclosures that house ATMs and are usually accessed after hours.
“Criminals started installing skimmers on those door swipes rather than on the ATMs themselves,” says Dan Cremins, global leader for March Networks.
To combat this, some credit unions simply leave their ATM vestibule doors open. But this move has presented new problems.
“People loitering in ATM vestibules is an issue we’re hearing more about from our credit union customers,” Cremins says. “A person using an ATM vestibule as a shelter at night, for example, creates an environment that’s potentially unsafe—and certainly feels unsafe—for members who simply want to use the ATM.”
March Networks recommends that credit unions combine video surveillance with a loitering detection analytic that can alert security personnel to handle the situation.
And as always, anti-skimming kits are a must have.
Threat #2: Failure to upgrade cybersecurity defenses
Cybersecurity remains a top priority. After all, security guards or cameras can’t catch what they can’t see.
But Axis Communications points out that as credit unions add different layers of security from various providers, the systems don’t always work well together—and that can open up vulnerabilities.
“It’s critical to identify technology risks and implement remediation for security hardware that no longer meets security policies or needs to be updated,” says Stephen Joseph, business development manager for Axis Communications Inc. “Outdated security hardware left unchecked can be a doorway for hackers to launch [distributed denial of service] attacks.”
While cybersecurity is an ongoing concern, March Networks echoes the sentiment that credit unions need to have multiple layers of defense along with ongoing audits to be effective.
“Cybersecurity is definitely an area where our credit union customers are focused,” says Cremins. “Secure product design, comprehensive security audits, and proactively tracking and assessing potential vulnerabilities should be part of every video surveillance manufacturer’s security program.”
Threat #3: Piecemeal security measures
Having a hodge-podge of security measures requires a high level of coordination and persistence to be effective.
But cheap fixes can cost credit unions in the long run.
“One issue I see are customers going with a small mom-and-pop security company to get the cheapest, most unreliable security equipment,” says Gerard Warren, FTSI security product manager. “The threat here is the customer may not have the most adequate amount of battery life on their alarm system—the industry standard is 72 hours of battery backup—or not enough hard drive storage on their DVRs (industry standard is 90 days of storage).”
Verint Systems agrees that ineffective piecemeal security measures are essentially a waste of money.
“It’s time for credit unions to think holistically about security,” says Matt Tengwall, retail and banking team general manager for Verint. “Financial organizations continue to face growing security and safety risks so the need for a comprehensive, intelligent surveillance solution that can make a difference is greater than ever.”
Threat #4: Improper installation of security measures
Even the best security measures aren’t much good if they’re installed poorly.
“The problem is when a camera is installed above eight feet it becomes a shot of the top of a person’s head and not of their face,” says Warren. “The bad guys pick up on this and wear a baseball cap to cover their faces.”
He adds that a surprising number of credit unions also fail to build in adequate redundancy to their security measures.
“Every cash point, such as ATM safes and night drops, must have two alarm devices; a door switch and a heat detector,” Warrant says. “A large cash vault with safe deposit boxes must have three forms of alarm devices; a door switch, heat detector and sound detectors.”
Credit unions are starting to realize that these improper security measures are just wasted money.
“As leaders in credit unions continue to evolve risk management processes, they are looking at the whole picture and speaking the language of business, not just ‘speeds and feeds’ for security equipment,” says Tengwall. “The adoption of IoT (IP capture, integrations, cyber security), automation to drive effectiveness and investigations, and enterprise footprint and life cycle management of systems are all key considerations for today’s financial industry security practitioner.”
The threat landscape is constantly changing as hackers and criminals find new means of circumventing security measures.
But by adhering to best practices and employing the countermeasures prescribed by these experts, you can give yourself the best protection possible.