Skip to main content

BIN There, Done That: Air Force FCU Topples An Attack

In late April 2021, transactions totaling close to six figures from the same retailer hit the credit union in nearly one fell swoop. Transaction data from Air Force FCU’s core provider indicated all the charges were card-not-present purchases, which tipped Miller off to the fraud.

The cooperative had to act quickly.

Because the retailer, which Miller declines to name, is a large, legitimate business, the credit union couldn’t simply cut off those transactions. However, during its due diligence, Air Force FCU learned the attack came from only one of the several networks through which it processes transactions, and it could shut off transactions from specific card networks.

“We made the decision to stop all transactions from that network for two days,” Miller says. “It stopped the fraud in its tracks and gave us enough time to figure out our next move.”

The credit union’s chief technology officer along with several risk employees began to thoroughly review Air Force FCU’s daily credit card transaction reports. A pattern soon emerged. Miller says her exceptions report often state “card destroyed,” “card lost,” “card stolen,” or “wrong pin.” Not this time.

“We saw was a huge pattern of ‘card not found,’” Miller says. “Plus, these were all from the same vendor and the impacted card numbers ran in a sequential order. It just wasn’t normal.”

The fraudsters, however, had accurate card information so transactions were going through, putting the credit union on the hook for losses. And the hackers were sophisticated, Miller says. They used different names, different dollar amounts, and even different addresses — not always in the United States.

“People were really buying stuff,” Miller says. “It was going as far away as Colombia.”

The Response

Air Force FCU implemented immediate changes to its card numbering logic — no longer would the same several digits appear for each card. By altering the pattern, the credit union hoped to make hacking more complicated. Additionally, the credit union reissued every card that was affected by the attack, but it did not reissue cards en masse.

“It’s a long process to reissue like that,” Miller says. “And it wasn’t going to stop the bleeding.”

The fact the dollar amounts tended to be small posed a challenge to identifying fraudulent charges. And because it was a well-known retailer, members weren’t always aware they were victims. Air Force FCU posted a message on its home banking platform asking members to review their statements carefully for suspicious activity. It did not name the retailer because the attack ultimately wasn’t the retailer’s fault. In fact, the retailer was helpful.

“When we contacted them, they were eager to help us stop the fraud,” Miller says.

Internally, three employees in the risk department started reviewing daily core and card processor reports looking for context clues for potential fraud. Of primary focus are those “card not found” transactions, especially sequential card numbers used in close succession.

“The crook spends his whole day looking for ways in. We’re going to be behind the curve in trying to catch up, but we’ll do everything we can.” Cathy Miller, SVP & Chief Risk Officer, Air Force FCU

Looking forward, Air Force FCU hopes its risk review process will curb future fraudulent activity and is evolving its cybersecurity efforts, which include a new information security committee. Miller knows the battle is far from over, but that doesn’t mean it’s not worth the fight.

“The crook spends his whole day looking for ways in,” Miller says. “We’re going to be behind the curve in trying to catch up, but we’ll do everything we can.”

 Callahan & Associates, Inc.

Comments

Popular posts from this blog

Ramp Up Cyber Spending As AI Reshapes Industry Priorities

NEW YORK—Artificial intelligence is rapidly becoming the defining force shaping banking strategy, with 80% of banking executives now expecting AI to significantly disrupt their business and operating models within the next three to five years, according to KPMG's 2026 Banking Technology Survey. The survey of 200 U.S. banking executives found institutions are responding by accelerating investments in cybersecurity, payments modernization and technology-driven acquisitions. "AI, payments modernization, cybersecurity, and tech-driven M&A are no longer separate agendas," said Peter Torrente, KPMG's U.S. Banking Sector Leader, who said banks are increasingly being challenged to keep pace across technology, risk and growth simultaneously. Cybersecurity remains a top concern. More than three-quarters (76%) of banking leaders reported an increase in cyberattacks over the past year, while 92% said they are boosting cybersecurity budgets. In addition, 84% are increasing cyb...

White Paper from WOCCU Examines How Stablecoins are Reshaping Financial Infrastructure

WASHINGTON– World Council of Credit Unions (WOCCU) has released a new white paper that examines how stablecoins are reshaping the financial infrastructure that credit unions and other cooperative financial institutions rely on to serve their members.  According to WOCCU, the white paper, How Digital Money Is Impacting Credit Unions, Part 1: Focus on Stablecoins , is the first in a planned three-part series exploring how emerging forms of digital money are affecting the global credit union movement.  “The report begins by noting that stablecoins are no longer a niche fintech development, but part of a broader structural shift in how money is stored, moved and regulated,” WOCCU explained. “As commercial banks, payment networks, technology firms and retailers build stablecoin offerings or integrate stablecoin rails into their platforms, credit unions must consider how these changes could affect deposits, payments, member relationships and long-term institutional relevance.” For ...

Half of Credit Union & Bank CEOs are Now Older Than 65, Up From 20% Two Decades

NEW YORK — At a time when there are some generational changes in credit union leadership taking place, a new analysis has found the nation’s bank CEOs are getting older, with half of the chief executives leading banks now older than 65, compared with fewer than 20% two decades ago. The KBW Bank Index from Truist Securities found that the median age of bank CEOs has increased by 10 years since the early 2000s, mirroring a broader aging trend among corporate leaders across the United States. However, bank executives remain older on average than their counterparts in many other industries, according to the analysis by Truist Securities Managing Director John McDonald and associates Peter Nicolo and John Manahan. One reason is tenure. Bank CEOs typically remain in their positions longer than executives in many other sectors. According to data from CristKolder Associates cited in the report, financial-services CEOs average nine years in the role, compared with 5.4 years in the energy secto...

What Credit Unions Can—And Can't—Do With New Trump Accounts

07/02/2026 09:36 am         WASHINGTON--With Trump Accounts set to officially launch July 4, America’s Credit Unions updated its frequently asked questions document to clarify the role of credit unions now and in the future. Credit unions do not have a role to play yet, as the Treasury has not announced steps to transition accounts from initial provider BNY Mellon to other authorized institutions, ACU noted. Trump Accounts are tax-deferred accounts that can be established on behalf of a child under the age of 18. Account contributions begin after July 4, with contributions up to $5,000 a year allowed. Created by H.R. 1, the law also established a pilot program to deposit a one-time $1,000 grant into accounts of children born between Jan. 1, 2025 and Dec. 31, 2028. Once the child turns 18, the account funds are available for educational expenses, home ownership, entrepreneurship, and other designated purposes. Once guidance is available from Treasury, credit unions ...

Sunday Reading - We Hold These Truths to Be Self-Evident

We Hold These Truths to Be Self-Evident .  The Declaration of Independence is the founding document that formally announced the American Colonies' break from British rule. Adopted on July 4, 1776, it laid the philosophical and moral foundation for American self-governance, asserting that individuals possess inherent rights and that governments must be accountable to the people. While it didn't create a government or legal framework, the Declaration marked the birth of the United States as a sovereign nation. >  Hear why the Continental Congress decided to declare independence, how the text took shape...

What You Might Not Know About July 4th.

Twenty-Five Years of Showing Up

www.NCOFCU.org/Tucson-AZ-2026    Attendee Registration Schedule at a Glance ...

Stern Advice: Financial predictions for 2012 | Reuters

Stern Advice: Financial predictions for 2012 | Reuters : " A lot of people are predicting more of the same for 2012: Another year of stock market volatility, high unemployment, banking industry upheaval, weak housing and more talk about Facebook, mobile commerce, 401(k) plans and taxes. But maybe that's just because it's hard to envision change." 'via Blog this'

NCUA Tells FICUs Crypto Trading is OK — If Big Exchanges Provide the Service

When it comes to reading between the lines of financial regulators’ advisory letters, tone matters. Take last week’s letter from the National Credit Union Administration (NCUA) which gave the federally insured credit unions (FICUs) it oversees permission to partner with digital asset providers to allow retail customers to buy, sell and trade in cryptocurrencies. Now compare it to the one issued by Comptroller of the Currency Michael Hsu’s agency to the national banks and federal savings associations it regulates a month earlier. On the surface, both said much the same thing: Financial institutions can provide cryptocurrency services (albeit with some notable differences: the OCC’s letter dealt with more back-end services, including custody services as well as holding and using dollar-pegged stablecoins for transaction settlement). Neither was enthusiastic. The NCUA’s letter said it “does not prohibit FICUs from establishing these relationships” — which is not as enthusiastic as “are a...

Emerging Risks and How to Mitigate Them

5 Emerging Risks and How to Mitigate Them With each technological advance emerges new risk. Think about it: Every technology upgrade, new mobile device and new payment method brings exposure that wasn’t identified previously. The real threat occurs when these risks aren’t anticipated or communicated within your organization. Here are five emerging risks every credit union should have on their radar right now: Social media. Employees posting comments on social media that are inaccurate or appear incomplete or disparaging can threaten your organization’s reputation. Be careful when taking disciplinary action, as the National Labor Relations Board can classify social media activity as “protected concerted activity.” Mistakes here can lead to retaliation, wrongful termination claims and expensive litigation. Internet of Things (IoT) era . The IoT offers new tools and technologies that provide constant connectivity. It also creates new opportunities for data compromises. Workplace ...