Skip to main content

BIN There, Done That: Air Force FCU Topples An Attack

In late April 2021, transactions totaling close to six figures from the same retailer hit the credit union in nearly one fell swoop. Transaction data from Air Force FCU’s core provider indicated all the charges were card-not-present purchases, which tipped Miller off to the fraud.

The cooperative had to act quickly.

Because the retailer, which Miller declines to name, is a large, legitimate business, the credit union couldn’t simply cut off those transactions. However, during its due diligence, Air Force FCU learned the attack came from only one of the several networks through which it processes transactions, and it could shut off transactions from specific card networks.

“We made the decision to stop all transactions from that network for two days,” Miller says. “It stopped the fraud in its tracks and gave us enough time to figure out our next move.”

The credit union’s chief technology officer along with several risk employees began to thoroughly review Air Force FCU’s daily credit card transaction reports. A pattern soon emerged. Miller says her exceptions report often state “card destroyed,” “card lost,” “card stolen,” or “wrong pin.” Not this time.

“We saw was a huge pattern of ‘card not found,’” Miller says. “Plus, these were all from the same vendor and the impacted card numbers ran in a sequential order. It just wasn’t normal.”

The fraudsters, however, had accurate card information so transactions were going through, putting the credit union on the hook for losses. And the hackers were sophisticated, Miller says. They used different names, different dollar amounts, and even different addresses — not always in the United States.

“People were really buying stuff,” Miller says. “It was going as far away as Colombia.”

The Response

Air Force FCU implemented immediate changes to its card numbering logic — no longer would the same several digits appear for each card. By altering the pattern, the credit union hoped to make hacking more complicated. Additionally, the credit union reissued every card that was affected by the attack, but it did not reissue cards en masse.

“It’s a long process to reissue like that,” Miller says. “And it wasn’t going to stop the bleeding.”

The fact the dollar amounts tended to be small posed a challenge to identifying fraudulent charges. And because it was a well-known retailer, members weren’t always aware they were victims. Air Force FCU posted a message on its home banking platform asking members to review their statements carefully for suspicious activity. It did not name the retailer because the attack ultimately wasn’t the retailer’s fault. In fact, the retailer was helpful.

“When we contacted them, they were eager to help us stop the fraud,” Miller says.

Internally, three employees in the risk department started reviewing daily core and card processor reports looking for context clues for potential fraud. Of primary focus are those “card not found” transactions, especially sequential card numbers used in close succession.

“The crook spends his whole day looking for ways in. We’re going to be behind the curve in trying to catch up, but we’ll do everything we can.” Cathy Miller, SVP & Chief Risk Officer, Air Force FCU

Looking forward, Air Force FCU hopes its risk review process will curb future fraudulent activity and is evolving its cybersecurity efforts, which include a new information security committee. Miller knows the battle is far from over, but that doesn’t mean it’s not worth the fight.

“The crook spends his whole day looking for ways in,” Miller says. “We’re going to be behind the curve in trying to catch up, but we’ll do everything we can.”

 Callahan & Associates, Inc.

Comments

Popular posts from this blog

NCOFCU Newsletter

The Bucket Coach is a financial advice book designed by Fire Services Credit Union, Tronto, Canada. and written exclusively for Fire Fighters It's a practical guide for household financial management, including investments, credit and mortgages, and retirement. Developed with contributions from Fire Fighters," NCOFCU Newsletter : " Kevin Connolly Chief Executive Officer    Fire Services Credit Union Phone: 416-440-1294 ext 301  Toll Free: 1-866-833-3285 E-mail:  kevin@firecreditunion.ca 1997 Avenue Rd Toronto, ON M5M 4A3 

CUNorthwest Todd A. Powell Award is SFCU CEO Gayle Furness.

Spokane Firefighters Credit Union Big Enough to Serve. Small Enough to Care. This year’s recipient of the CUNorthwest Todd A. Powell Award is SFCU CEO Gayle Furness. Like Todd, Gayle has been instrumental in the growth, as well as the safety and soundness, of the credit union. Congrats to Gayle for living up to the standard that Todd created for our organization and the greater credit union community. __ ________________________________ Check out NCOFCU's additional features: First Responder Credit Union Academy Podcasts YouTube Mini's Blog Job Board

The Shrinking Pool of Small Credit Unions: Why It Matters & What We Can Do About It. - Henry Meier, Esq.

  Henry Meier, Esq. Henry Meier is the former General Counsel of the New York Credit Union Association, where he authored the popular New York State of Mind blog. He now provides legal advice to credit unions on a broad range of legal, regulatory and legislative issues. He can be reached at (518) 223-5126 or via email at  henrymeieresq@outlook.com . For as long as I’ve been around the industry, I’ve heard concerns about the demise of the small credit union. But I’ve come to realize it’s a lot like the weather: Everyone talks about it, but no one does anything about it. This is unfortunate. We need credit unions of all shapes and sizes to survive, and if we don’t take action soon, it will be too late.  Fortunately, there are steps the industry can take to potentially decrease the rate at which small credit unions are disappearing by making it viable for credit unions to survive by getting larger credit unions interested in making the necessary investments to keep the sma...

What Are Your Plans -As Government Shutdown Continues, Credit Unions Expand Offers of Assistance

BILOXI, Miss.— With the federal government shutdown now entering its second week, an increasing number of credit unions across the country are offering relief and financial assistance. All indications are the shutdown is no closer to ending than it has been since it began on Oct. 1. While the House has passsed a continuing resolution (CR) to fund government operations in the short term, the Senate remains at an impasse, even as it has scheduled a vote for today. In addition to the earlier assistance reported by the CU Daily  here , the latest pledges to support members include: • In Biloxi, Miss., Keesler FCU said it is offering paycheck relief for all eligible federal employees affected by the shutdown and will advance the amount of direct deposit paychecks for eligible members during the shutdown for up to 90 days. There is no cost or fee to enroll in the program. • In Nebraska, Cobalt Credit Union is offering furloughed members loans of up to $5,000 with no fees or interest...

Sunday Reading - FIRE, 101 - “financial independence, retire early,”

  Retiring at 30     FIRE, 101 Most US workers aim to retire around age 65—but for many followers of the FIRE movement, which stands for “ financial independence, retire early ,” that’s not the case. FIRE followers, who range from low- to high-income workers, typically prioritize high savings rates, relatively frugal living, and aggressive investing strategies in an effort to work less and enjoy life more in the long-term ( see five distinct approaches ). While many proponents argue that the movement is more of a mindset about achieving financial freedom than any ...