Security & Fraud

Credit Unions Doing Cyber-Battle

Credit Unions Doing Cyber-Battle

Comedy legend Groucho Marx is credited with the famous line, “I don’t want to belong to any club that would have me as a member.” Good thing people don’t feel that way about credit unions (CUs). Quite the opposite, actually. After rumors of decline, CUs kicked off the roaring 2020s with higher metrics across the board – mortgage loans up by a staggering 81 percent, loan originations up almost 30 percent year over year, and non-real estate loans up by double digits.

Seems that everybody likes credit unions—including cybercrooks. Reading the February 2020 Credit Union Tracker® done in collaboration with PSCU, we discover that Canadian credit union Desjardins Group was hacked, impacting the records of 4.2 million individual and business members in 2019. They were not alone in 2019, a year when cybertheft records were set.

Thankfully, for every bad actor there’s an organization like PSCU, the credit union service organization (CUSO) that saved its CU members close to $300 million in potential 2019 losses by interdicting, intercepting and otherwise interfering with cybercriminals at work.

The Trust Factor

Trust established via shared connections (typically an employer) is the reason that some people choose credit unions over banks. Trust. The latest PYMNTS Credit Union Innovation Index found that three-quarters of respondents chose to bank at their CU because of trust, and over 60 percent of current CU members said they wouldn’t leave their CU for another financial institution (FI) because of – you guessed it – trust. CUs deal in trust, and it’s a winning strategy.

With trust, however, comes inevitable breaches. The Desjardins Group incident sent a chill through the CU community. When hackers hit Pennsylvania-based fuel and convenience retailer Wawa, they made off with the credentials of potentially thousands of credit union members. It’s been a jarring wakeup call, but now, CUs are wide awake.

The February 2020 The Credit Union Tracker® notes that many CUs already utilize the Automated Cybersecurity Examination Tool provided by the National Credit Union Administration (NCUA). That program is detailed in the February Tracker, as are efforts including the California Consumer Privacy Act (CCPA). As currently written, that law “…creates a private right of action for California consumers whose unencrypted personal information is breached as a result of a failure to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the information,” according to a blog post from The National Association of Federally Insured Credit Unions (NAFCU).

That sounds ominous because it is, and CUs that don’t take identity fraud and cybertheft super seriously face losing more than what hackers steal. The government is holding feet to the fire over cybersecurity, and credit unions are expected to have the same protections as any bank.

CU in Court

“Credit unions should work to continually educate their members about safeguarding their data, protecting login credentials and avoiding the latest phishing attacks,” said PSCU CIO Dave Stafford in The Credit Union Tracker®.

“As fraudsters become consistently more sophisticated in their attacks, CUSOs can provide credit unions with a comprehensive set of advanced fraud management tools to deliver proactive insights into fraud activity trends that inform strategies and strengthen defenses against new threats,” Stafford told PYMNTS.

Depending on amendments to the California law (which is being used as a model elsewhere), credit unions’ non-profit status may insulate them from certain penalties associated with data breaches. But legal loopholes to compliance aside, the CU community is firmly behind data privacy and security measures, as detailed in the full report.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.