Internal Assessments at Ripco Credit Union
The new supervisory guidance offers ways we can look for
anomalies that could indicate fraud. Ripco Credit Union has
conducted a comprehensive risk-assessment of it’s current methods with
regards to the following:
- changes in the internal and external threat environment
- changes in the customer base adopting electronic banking
- changes in the customer functionality offered through electronic banking, and
- actual incidents of security breaches, identity theft, or fraud experienced by others in the financial services industry.
Whenever an increased risk to your transaction security may warrant
it, Ripco Credit Union will be able to conduct additional verification procedures
or layers of control such as:
- utilizing call back (voice) verification, email approval, or cell phone based identification
- employing member verification procedures
- analyzing banking transactions to identify suspicious patterns
- establishing dollar limits that require manual intervention to exceed a preset limit
Your Protections Under “Reg E”
Financial institutions are required to follow specific rules issued by the Federal Reserve Board, known as Regulation E,
for electronic transactions. Reg E covers all kinds of situations
revolving around transfers made electronically. Under the
consumer protections provided under Reg E, you can recover internet
banking losses according to how soon you detect and report them.
What the Federal Rules of Reg E require:
If you report the losses within two (2) days of receiving your
statement, you can be liable for the first $50. After two (2)
days, the amount you can be liable for increases to $500. After
sixty (60) days, you could be liable for the full amount. Details
of your rights are included on each account statement.
Knowing how fraudsters may try to trick you and understanding the risks
is critical to safe online banking. You can take further steps to
protect yourself and make your computer safer by installing and
- anti-virus software
- anti-malware programs
- firewalls on your computer
- operating system patches and updates
Additional steps include:
- create strong complex passwords that contain both CAPITAL and small letters, numbers and any allowed special characters
- if you think you may have visited a website with malware or if you
think your computer may be infected with a virus, do not access your
online banking or other sensitive logins until you have scanned your
computer and know it is is clean and virus free
You can also learn more by visiting the sites recommended and listed to the left of your screen.
Understand the Risks
FFIEC studies show significant increase in cyber threats. Not only
do fraudsters continue to deploy more sophisticated methods to
compromise security measures, they now manufacture computer hacking kits
to sell illegally to less experienced fraudsters.
Corporate Account Takeover (CAT)
Corporate Account Takeovers have increased every year, representing
losses of hundreds of millions of dollars. When a Corporate
Account Takeover (CAT) occurs, legitimate login credentials are stolen
by computer hackers, and fraudulent transfers (ACH or Wire Transers) are
completed before the business account owner knows what happened.
Layered Security for Increased Safety
Layered security is characterized by the use of different controls at
different points in a transaction process, so that a weakness in one
control area is compensated by a strength in another control area.
Layered security can substantially strengthen the overall security of
online transactions by protecting sensitive customer information,
preventing identity theft, and reducing account takeovers with their
resulting financial losses.
Added layers of security allow your bank to authenticate customers
and detect and respond to suspicious activity related to initial login
and then reconfirm this authentication when further transactions involve
transfers of funds or higher risk actions.
Examples of Layered Security for Businesses
For business accounts, layered security can include enhanced controls
for system administrators who are granted privileges to set up or change
system configurations, and control access privileges and application
functions or limitations for their own staff and users.
Added layers can include:
- fraud detection and monitoring systems that include consideration of your transaction history and behavior
- dual customer authorization through different access devices
- out-of-band verifications for certain transactions
- “Positive Pay” debit blocks or other techniques that limit transactions
- transaction value thresholds that restrict the number or amount of transactions for a set time frame
- Internet Protocol (IP) reputation-based tools
- policies and procedures for addressing customer devices that have
been potentially compromised, or for detecting customers who may be
- account maintenance controls over activities performed online or through customer service channels.
Recommendations for Business Accounts
- conduct periodic assessments of internal controls
- use layered security for system administrators
- initiate enhanced controls over high-dollar transactions
- provide increased levels of security as transaction risk increase
If You Have Suspicions
If you notice suspicious activity within your account or experience a
security related event (such as a compromised PIN or
Password, known or suspected infection of computer or network by viruses
or malware, etc) please contact us immediately, and you will be
directed to a member service representative
who can assist you with these matters.