By Roy W. Urrico
Online and mobile risk and fraud issues continue to threaten credit unions. Even though you may be complying with the supplemental FFIEC guidance deadline, your job is not done. Maybe the threats look different but online and mobile banking security vigilance is a constant battle. So much so that the NCUA recently released a risk alert, following distributed denial-of-service attacks on at least two credit unions. The alerts re-emphasized the appropriate policies and procedures to guard against these types of security threats as outlined in the 2011 FFIEC supplement to guidance on Authentication in an Internet Banking Environment.
The increasing frequency of cyber-terror attacks on depository institutions heightens the need for credit unions to maintain strong information security protocols. Recent incidents have included distributed denial-of-service (DDoS) attacks, which cause Internet-based service outages by overloading network bandwidth or system resources. Two credit unions—University Federal Credit Union and Patelco—were shut down by DDoS attacks in January. Others may have suffered attacks. The two that are named were identified in Web postings as victims of the Izz ad-Din al-Qassam Cyber Fighters, the Middle Eastern group that has claimed authorship of the recent highly sophisticated takedowns of financial institutions. On March 12 at least six leading U.S. banking institutions were hit by DDoS attacks, the most number of institutions to be targeted in a single day. Even more worrisome, the attacks, caused by a bot known as Brobot, are evolving and increasing.