Scammers and hackers are looking to infiltrate all types of organizations, and credit unions are no exception. A defense is needed for every plan of attack. It is important that credit union executives know how thieves are looking to gain access to financial information, and understand the best practices to combat such attempts.
The only way prepare for a potential problem is to be aware of what is out there. From there, you will know how to protect your credit union and its members.
Getting mixed up with the wrong crowd
A recent example of a scam hurting a credit union took place at the UW Credit Union. The official banking partner of the University of Wisconsin, located in Madison, the credit union is one of the largest in the state. One of the credit union's investment advisers was a Milwaukee-based company called Pennant Management. The problem for UW Credit Union was that Pennant's finances were not what they seemed, according to the Wisconsin State Journal.
In a lawsuit filed last September in U.S. District Court, Pennant claimed that a packet of loans it acquired from a Florida firm were partially phony. The firm, First Farmers Financial, allegedly placed three made-up loans in the packet of 26 it sold to Pennant for more than $179 million. Upon a review, Pennant filed an amended complaint that stated all 26 loans were a sham.
"A defense is needed for every plan of attack."
Because the borrowers did not exist, and the money they loaned out could not be paid back, Pennant did not have the capital it had initially believed. That meant the books at the UW Credit Union were also off. At the end of 2014, the credit union reported a loss of more than $15 million, just a year after it had reported a profit of $14.5 million.
That hit affected the UW Credit Union's ratings. Bankrate.com dropped the organization from four stars, which it classifies as "sound," to two stars, or "below peer group."
While UW Credit Union did not have direct contact with the scammers, the fact that they were in business with a company that did hurt the credit union in a major way. The massive loss impacts all their members, which include current and former employees, students and alumni of the university. The lowered rating may also make it difficult for members to make investments or take out loans in the future.
Ways to spot trouble
Hacks against nonprofits are not as highly publicized as breaches into major brands like Target and Sony, but they still happen. That means credit unions need to have strong security to ensure what happened to UW Credit Union doesn't happen to them.
Many credit unions invest heavily in cybersecurity after online invasions occur. Credit unions spent an average of $226,000 and an estimated 1,600 hours per year on fraud issues as a result of data breaches, according to a survey released by the National Association of Federal Credit Unions.
Additionally, credit unions spend $136,000 annually on data security.
Still, most of that work is done after an incident takes place, and it's not always enough to prevent future crimes, such as identity theft and fraud. Keeping members' personal information secure has to be a top priority for credit unions. Stopping criminals begins with spotting irregular trends and knowing how members handle their money, so monitoring financial trends also can be of great value.
Keep an eye out for fraudulent investors as well. While they are not easy to spot, it can make all the difference to a credit union to know they are out there. Credit unions can hire outside background check organizations to review advisers and investors to ensure their legitimacy. The last thing a credit union's executives and its members can afford is to hand out loans to shadowy organizations that don't really exist.
Safety must come first, and that starts with a good defense.