CUNA, CUNA Mutual Group & FS-ISAC: Fraud …...themselves, analyze the risk of the data that may have been or was taken in the breach; stolen consumer data may include: –Names –Addresses

CUNA, CUNA Mutual Group & FS-ISAC:

Fraud Mitigation Post Data Breach

Members Webinar

Thursday, September 21, 2017 1:00pm EDT

2 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC2

Agenda

• Call Opening: Greg Temm (FS-ISAC Chief Information Risk Officer)

– CUNA and CUNA Mutual Group Members-Only Call

– Agenda Overview / Presenters Introduction

• Issue Overview & What We Know: Lance Noggle (CUNA), Ken Otsuka (CUNA Mutual Group), Liz Shirley

(Wapack Labs), David Faphonda, (PWC), Charles Bretz (FS-ISAC) & Heather McCalman (FS-ISAC)

– Outline of the issue & advocacy (Lance Noggle)

– Background of recent events “data breach”

– Reusing stolen credentials on the dark web (Liz Shirley)

– Financial Sector Crimes & Fraud Update (David Faphonda)

– Proactively changing your fraud strategy after a large breach (Charles Bretz and Ken Otsuka)

– Offering best practices to your members to prevent identity theft (Heather McCalman)

• Q&A with Presenters

• Closing


Sharing information to mitigate risk

• Sharing information about how criminals exploit the stolen

information may mitigate risk to your FI and FS-ISAC

members.

• Concern that 143 million records of PII information is

aggregated and creating the potential to be exploited to

compromise FI authentication processes.

• Criminals have had time to use and/or sell the stolen

information.

• FI use multivariate processes for authentication.

• These authentication systems are adjusted and optimized

for customer experience and to prevent fraud.


Sharing information to mitigate risk

• Authentication systems adjustment and optimization

processes use reviews of fraud cases where criminals have

beaten or attempting to compromise the process.

• Are members seeing changes in criminals’ tactics exploiting

the stolen 143 million PII records?

• If so, will your institution share intel about the criminals’

tactics?


Fraud Uptick Survey

• 363 Responses to the Uptick in Fraud Survey

0 50 100 150 200 250

Are already Seeing Fraud

Have not seen any and not expecting uptick

Have not seen but expecting uptick

We cannot share this information

Have FS-ISAC Members Seen an Uptick in Fraud


Risk Survey

0 5 10 15 20 25

Do Not Know

No

We Cannot Share this information

Yes

Did Regular Reviews of Multivariate authentication systems performance are there indicators that criminals have recently changing

tactics in the last 60 days ?

0 5 10 15 20 25

Do not Know

No


If so, do the changes in tactics exploit data elements reported to be

compromised in the 143 million records ?

0 5 10 15 20

call center support

PIN Resets

we cannot share this information

do not know

If so what authentication systems are being targeted?


PII Survey

• 90 responses to the following questions

0 10 20 30 40 50 60 70

Address

Drivers License #

Name

Social Security #

We Cannot Share this information

What PII data elements are being exploited, check all that are part of the new criminal tactics


Criminal Tactics Survey

• 165 responses to this survey

0 10 20 30 40 50 60 70 80 90 100

Do Not Know

No


Yes with attribution

Yes without attribution

If you have determined a change in criminals tactics or find a change in criminals tactic to comprise authentication processes, are you willing to share the intelligence on the change in criminal tactics

with FS-ISAC members ?


Best practices to offer CU members

• To provide proper steps on how members can protect

themselves, analyze the risk of the data that may have been or

was taken in the breach; stolen consumer data may include:

– Names

– Addresses

– Phone numbers

– Email addresses**

– SSN, DoBs, driver’s license numbers**

– Credit or debit card information**

– Usernames and/or passwords**

**Information especially valuable for phishing campaigns, ID theft, account takeover and to carders


Best practices to offer CU members:

Security freezes on credit reports

• Recommend members place a security freeze on their

credit reports at all four credit reporting bureaus:

– Equifax:

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

– Experian: https://www.experian.com/freeze/center.html

– Innovis: https://www.innovis.com/personal/securityFreeze

– TransUnion: http://www.transunion.com/securityfreeze

Phone numbers to do the same:

– Equifax: 1.800.349.9960

– Experian: 1.888.397.3742

– Innovis: 1.800.540.2505

– TransUnion: 1.888.909.8872

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

https://www.experian.com/freeze/center.html

https://www.innovis.com/personal/securityFreeze

http://www.transunion.com/securityfreeze



Security freezes on credit reports

• Contact each bureau to place a freeze on credit reports

• Protect the PIN!

• The PIN is required to thaw or unfreeze a report

• Recommended to store the PIN in two separate secure

locations

• Check state specific details; some states freeze for free

and some charge a fee



Fraud alerts on credit reports

• Recommend members place a fraud alert on their credit reports; members only need to contact one of these agencies and request that the information be passed to the other two:– Equifax: call 800.525.6285 or go to

https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp;

– Experian: call 888.397.3742 or go to https://www.experian.com/fraud/center.html;

– TransUnion: call 800.680.7289 or go to https://www.transunion.com/fraud-victim-resource/place-fraud-alert.

• Members need to contact Innovis separately to place a fraud alert with that agency:– Call 800.540.2505 or go to

https://www.innovis.com/fraudActiveDutyAlerts/index.

https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp

https://www.experian.com/fraud/center.html

https://www.transunion.com/fraud-victim-resource/place-fraud-alert

https://www.innovis.com/fraudActiveDutyAlerts/index



Fraud alerts on credit reports

• A fraud alert requires potential creditors to contact the

consumer and obtain permission to open new accounts or

lines of credit.

• By law, consumers are allowed to request a fraud alert

every 90 days; after 90 days, they must repeat the process.

• With documentation showing they are an ID theft victim

(e.g. a police report), an extended fraud alert may be

placed on their reports; an extended alert lasts seven

years.



Check credit reports annually

• Check credit reports annually at annualcreditreport.com or

call 877.322.8228.

• Credit reports show personal information as well as lines of

credit and accounts.

• Recommended to stagger the review by pulling one report

every 4 months, to catch any “new” or suspicious accounts

more quickly.

• Beware of other sites that try to sell a credit report or offer a

“free” report in exchange for a subscription to a service and

of look-alike sites.

https://www.annualcreditreport.com/index.action



Free credit monitoring

• Sign up for free credit monitoring offered by an organization post-breach.

• Victims of breach should not have to pay for credit monitoring, unless the length of the monitoring has expired.

• Utilize free credit monitoring offers along with applying security freezes and fraud alerts to credit reports.

• Remember: credit monitoring services are generally “reactive” to fraud issues, not “proactive” in protecting against fraud issues.

• Remember: the best monitoring is the monitoring members do themselves.



More tips

• Additional tips for credit union members:

– Use account alerts;

– Do their own fraud analysis, with account statements and online and mobile banking;

– Email safety and security: Don’t click links or attachments;

**Additional email tips to protect against breach-related phishing attempts**

– Look out for scams, cautious of unsolicited emails and phone calls;

– Use two-factor authentication on any site they can;

– Use strong and LOOONNNGGG passwords;

– Safeguard credit cards, SSNs and personal information, to include securely destroying documents.


Primary benefit of FS-ISAC membership

The first and foremost benefit of an FS-ISAC membership is that your credit

union has a better chance of staying a step ahead of a potential crisis:

• Use the information received on attacks and campaigns at other

institutions to thwart and prevent the same threat at your CU.

• Share the information you see on your network and in your institution to

enable other CUs and community banks to protect themselves, which

makes the entire system stronger.

• Implementing the recommendations, suggestions and best practices

received in forums and other channels to strengthen your cyber and

physical security defenses, even with a limited budget.


Benefits of FS-ISAC membership

• Additional benefits credit unions receive when they join FS-ISAC:

– Credit Union Council and Community Institution Council listservs;

– Weekly Risk Summary Report;

– FS-ISAC Daily Summary Report;

– Access to Security Operations Center (SOC) alerts;

– Multiple methods to share information about attempts your credit union

is seeing, with or without attribution;

– Monthly Community Institution and Associations Council meeting;


Benefits of FS-ISAC membership

• Additional benefits credit unions receive when they join FS-ISAC:

– Risk mitigation toolkits;

– Portal access with an extensive document library;

– Annual free CAPS exercise, tabletop exercises and crisis response

playbooks;

– Coordinating response to physical disasters affecting financial

services;

– Monthly Executive Brief;

– Access to industry expert resources;

– Live events, mentoring and networking with your peers.

20 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC20 TLP Green

2017 FS-ISAC Fall SummitStrength in Sharing

Content. Connection. Collaboration.

1-4 October | Baltimore | fsisac-summits.com

More than 90 content rich sessions on IT security, governance,

payments, resiliency, technology and operations, testing and security

assurance and threat intelligence

Networking! Collaborate with other members connect with some of the

top industry thought leaders

Interactive opportunities Capture the Flag and an Innovation

Challenge

New trainings CyberSecure Workshop, Treadstone 71 and STIX 2.0

2017 FS-ISAC Fall Summit

1-4 October | Baltimore

www.fsisac-summit.com

• More than 90 content-rich sessions

• Innovative keynote with John

Brennan, former CIA Director

• New in-depth trainings and initiatives

• Networking and collaboration


How to join FS-ISAC

• For more information about FS-ISAC membership, see the Credit

Union Brochure in the Resources area of the webinar window.

• To join FS-ISAC and start receiving and sharing important

information to protect your credit union and members, go to

https://www.fsisac.com/join or call +1.877.612.2622, prompt 3.

• If you have any questions or comments about membership,

please feel free to contact [email protected].

• If you have any questions about the information in this

presentation, please contact Heather McCalman at

[email protected].

https://www.fsisac.com/join

mailto:[email protected]

mailto:[email protected]


Q&A

• Submit your questions in the chat window

• Lecture Mode Enabled

– If you wish to speak click on ‘Dial-in’ Tab and call in &

hit *9 to raise your hand and we will unmute your line.

• PowerPoints will be available to download later

today via portal.fsisac.com for FS-ISAC

Members

September 28, 2017 — FS-ISAC Confidential23

Fill Out Survey

Thanks!!

Follow us @FSISAC

Questions? [email protected]

CUNA, CUNA Mutual Group & FS-ISAC: Fraud …...themselves, analyze the risk of the data that may have been or was taken in the breach; stolen consumer data may include: –Names –Addresses

Documents