Skip to main content

BIN There, Done That: Air Force FCU Topples An Attack

In late April 2021, transactions totaling close to six figures from the same retailer hit the credit union in nearly one fell swoop. Transaction data from Air Force FCU’s core provider indicated all the charges were card-not-present purchases, which tipped Miller off to the fraud.

The cooperative had to act quickly.

Because the retailer, which Miller declines to name, is a large, legitimate business, the credit union couldn’t simply cut off those transactions. However, during its due diligence, Air Force FCU learned the attack came from only one of the several networks through which it processes transactions, and it could shut off transactions from specific card networks.

“We made the decision to stop all transactions from that network for two days,” Miller says. “It stopped the fraud in its tracks and gave us enough time to figure out our next move.”

The credit union’s chief technology officer along with several risk employees began to thoroughly review Air Force FCU’s daily credit card transaction reports. A pattern soon emerged. Miller says her exceptions report often state “card destroyed,” “card lost,” “card stolen,” or “wrong pin.” Not this time.

“We saw was a huge pattern of ‘card not found,’” Miller says. “Plus, these were all from the same vendor and the impacted card numbers ran in a sequential order. It just wasn’t normal.”

The fraudsters, however, had accurate card information so transactions were going through, putting the credit union on the hook for losses. And the hackers were sophisticated, Miller says. They used different names, different dollar amounts, and even different addresses — not always in the United States.

“People were really buying stuff,” Miller says. “It was going as far away as Colombia.”

The Response

Air Force FCU implemented immediate changes to its card numbering logic — no longer would the same several digits appear for each card. By altering the pattern, the credit union hoped to make hacking more complicated. Additionally, the credit union reissued every card that was affected by the attack, but it did not reissue cards en masse.

“It’s a long process to reissue like that,” Miller says. “And it wasn’t going to stop the bleeding.”

The fact the dollar amounts tended to be small posed a challenge to identifying fraudulent charges. And because it was a well-known retailer, members weren’t always aware they were victims. Air Force FCU posted a message on its home banking platform asking members to review their statements carefully for suspicious activity. It did not name the retailer because the attack ultimately wasn’t the retailer’s fault. In fact, the retailer was helpful.

“When we contacted them, they were eager to help us stop the fraud,” Miller says.

Internally, three employees in the risk department started reviewing daily core and card processor reports looking for context clues for potential fraud. Of primary focus are those “card not found” transactions, especially sequential card numbers used in close succession.

“The crook spends his whole day looking for ways in. We’re going to be behind the curve in trying to catch up, but we’ll do everything we can.” Cathy Miller, SVP & Chief Risk Officer, Air Force FCU

Looking forward, Air Force FCU hopes its risk review process will curb future fraudulent activity and is evolving its cybersecurity efforts, which include a new information security committee. Miller knows the battle is far from over, but that doesn’t mean it’s not worth the fight.

“The crook spends his whole day looking for ways in,” Miller says. “We’re going to be behind the curve in trying to catch up, but we’ll do everything we can.”

 Callahan & Associates, Inc.

Comments

Popular posts from this blog

NCOFCU Newsletter

The Bucket Coach is a financial advice book designed by Fire Services Credit Union, Tronto, Canada. and written exclusively for Fire Fighters It's a practical guide for household financial management, including investments, credit and mortgages, and retirement. Developed with contributions from Fire Fighters," NCOFCU Newsletter : " Kevin Connolly Chief Executive Officer    Fire Services Credit Union Phone: 416-440-1294 ext 301  Toll Free: 1-866-833-3285 E-mail:  kevin@firecreditunion.ca 1997 Avenue Rd Toronto, ON M5M 4A3 

Sunday Reading - What is the Dow Jones?

    What is the Dow Jones? Created in 1896, the Dow Jones Industrial Average is one of the world’s oldest and most widely recognized stock indexes—a measure tracking the stock performance of a selected group of companies ( see most recent data ). Originally designed to track America’s leading industrial firms, the Dow has evolved into a cultural and financial shorthand for the health of the US economy. As of 2025, it measures 30 major companies —like McDonald's, Boeing, and Nike—across sectors such as technology, healthcare, finance, and consumer goods.  Unlike most modern indexes, which are weighted by the total value of a company’s shares, the DJIA uses a price-weighted formula —meaning stocks with higher share prices exert more influence, regardless of company size. The DJIA has been updated 59 times since its creation to reflect changes in the US economy ( see ch...

New from AutoLink

New from AutoLink

Powell Rejects Any Plan for Fed to Intervene in Secondary Market to Bring Down Rates

  Frank Diekmann October 20, 2025 2:22 am No Comments PHILADELPHIA–Federal Reserve Chair Jerome Powell said there are no plans for the central bank to directly intervene in secondary mortgage markets in an attempt to help bring down mortgage rates, an idea some have proposed as a means of addressing the affordability crisis In housing. Jerome Powell Speaking at the  National Association for Business Economics  conference in Philadelphia, Powell spoke to the Fed’s progress with “quantitative tightening,” that is, its work to reduce the more than $6 trillion of securities it holds on its  balance sheet . Read more about the Balance Sheet HERE Those holdings include approximately $2 trillion in mortgage-backed securities (MBS), which are bundles of home loans that are packaged together and sold to investors, usually by middlemen  Fannie Mae and Freddie Mac , noted Realtor.com. Rolling Off Balance Sheet As the report noted, the Fed dramatically increased M...

The Role and Hazards of an Interim Executive

  The Role and Hazards of an Interim Executive Leadership transitions are rarely smooth. A change at the top can trigger uncertainty, speculation, and anxiety. Staff worry about their jobs, members wonder about continuity, and boards feel the weight of stewarding the organization through uncertain change. The utilization of an interim executive director is meant to stabilize the organization and allow the board enough space and capacity to find the right successor leader. Here’s a catch: if an interim executive is also a candidate for the successor role, the very purpose of an interim engagement is compromised. With an Interim, there’s always a second wave of anxiety Every leadership transition comes with some anxiety. The staff sometimes don’t know what’s going on. The board is worried about continuity, and members may be worried about joining. One task of an interim is to absorb some of that anxiety and provide reassurance that things are moving forward. But there is al...