Protecting Cardmembers Against Cybersecurity Threats in the ‘New Normal’

With so many people transitioning from in-person to digital banking, cybercriminals have been quick to exploit the 'new normal.' FTC data shows soaring numbers for attacks and losses. Given the changing environment, it's crucial that credit unions reevaluate their security plans to protect both their own and consumers’ data.

As consumers focused on social distancing and staying home to stop the spread of COVID-19, many of the routines of life’s daily activities changed. People are now spending more time on digital devices such as the computer, tablet, and smartphone surfing the web, shopping, and catching up with friends on social media.

With so many of us transitioning from in-person to online activities over the course of 2020, new opportunities arose for cybercriminals to exploit the changing circumstances. The FTC received over 1.3 million fraud reports in the period from Q1 to Q3 of 2020, resulting in total losses of over $1.5 billion.

Given the changing environment, credit unions should navigate cybersecurity in the “new normal” landscape with an effective and comprehensive security plan to protect their own data and cardmembers’ data.

New and Evolving Cybersecurity Threats

Cybercriminals are always evolving their methods and looking for new vulnerabilities to exploit. Given the rapidly changing world we live in, coupled with the consumer behavior changes brought about by the pandemic, cybercriminals have stayed busy searching for and executing new means of attack. Here are several of the main ones:

Sophisticated attacks allow criminals to target victims effectively by displaying expected browser or application behavior to emulate human activity. Basic attacks, on the other hand, test a high number of credentials against a platform in a short amount of time. Basic attacks are easier to detect as they often use the same IP address or contain other easily spotted markers of a large scale attack. In the first half of 2020, 96% of attacks on financial institutions were sophisticated in nature.

Identity theft happens when cybercriminals use verified data (that they may have obtained illegally through the dark web or other sources) to create an account that falsely identifies them as a real customer. They can then open accounts, apply for cards, etc. Perhaps not surprisingly, credit card fraud was the most common type of ID theft in the second quarter of 2020.

Major catagories of identity theft

Phishing, the practice of sending seemingly legitimate emails from organizations in an attempt to have an individual give up sensitive information such as login credentials, has been on the rise. Attackers are using COVID-19 and/or stimulus payments as bait to impersonate brands and mislead consumers hoping to gain personal info, login credentials, credit card info, etc.

Phishing scams simple but effective

Losses in Credit Cards and Payments

Credit cards and cardmember information are a key target for cybercriminals due to their high value, and the pandemic has only exacerbated this nefarious activity. Criminals have acted under the guise of the government and other organizations to attempt to gain cardmember information via various schemes including stimulus and unemployment scams. As of Jan. 3, 2021, the FTC had received almost 300,000 reports of COVID-19 and stimulus-related fraud, identity theft, and other reports of unwanted activity, resulting in over $253 million in losses.

In a recent study by PYMNTS and Elan, protection against theft of funds is a motivating factor for 35% of credit card users — twice the share of debit card users with this view. Consumers also appear to have more confidence in the overall data security of credit cards: 27% of credit card users cite data security as a motivating factor while only 14% percent of debit card users do the same. This suggests that, while both debit and credit card issuers could do better in assuring consumers of the security of their offerings, such concerns are elevated among debit card users.

Mitigating Cybersecurity and Fraud Threats

Failure to effectively address cyber threats not only results in financial risk, but also carries significant reputational and regulatory risk that could harm a credit union’s core business.

Employees will always be the first line of defense for a credit union. Taking the time to educate them about current threats is essential. They should be informed on what threats could look like and how to deal with them if they arise.

For credit unions offering a credit card program, educating cardmembers is important as they are also targeted by cyberattacks. Protecting them by providing resources where they can learn more about the current trends in cyberattacks and how to protect their credit card information when shopping online or using mobile or online cardmember services is important.

Both employees and cardmembers should be encouraged to engage in safe data practices, such as strong passwords with non-sequential numbers and letters mixed with symbols, and case-sensitive capital and non-capital letters which are changed frequently. Data security education also includes knowing when, where and how (e.g., letter, phone call, email, text message, in-app, etc.) certain parties would typically reach out for information, so that employees and cardmembers can better detect and avoid threats posed by illegitimate requests.

Beyond education, credit unions should offer payments solutions backed by secure technology such as biometrics and strong password requirements. On the back end, these solutions should employ robust fraud and unusual activity detection solutions to mitigate instances of data exposure and loss.

Partner with Elan for Security Peace of Mind
Many credit unions choose a partner like Elan that can offer cutting-edge solutions to alleviate the need to invest in-house, which can be costly and complicated. Elan employs state-of-the-art fraud protection and security to make sure that our partners and their data, as well as the data of their cardmembers, remain safe. Elan’s cyber strategies are comprehensive, and intelligence driven.

  • Elan has made significant investments in fraud technology and techniques used to develop complex models and machine learning capabilities. These technologies are used to take diverse populations of both known good and bad activity to train artificial intelligence and machine learning models resulting in speed, scale and quality not possible with traditional methods. These techniques result in more efficient risk scoring of card applications and transactions for which we can apply more robust strategies and verification methods to mitigate risk.
  • Elan invests in human capital to employ top talent who carefully assess the ongoing performance of all fraud strategies and analyze transaction data to identify emerging trends and then accordingly adjust fraud strategies. Our fraud experts are highly connected to industry forums and fraud threat intelligence sources.
  • Elan offers a comprehensive suite of card fraud protection products and has increased access to digital innovations, including text alert capabilities, and fingerprint authentication for mobile applications. From activation strategies and card level verification checks to real-time card blocking and safer online payment options, our solutions and fraud experts provide layers of security — allowing cardmembers to use their cards with greater confidence.

With an Elan-managed credit card program, partners can focus on what is most important, serving members, instead of worrying about cybersecurity.

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.