DENVER – It was a hot topic at the joint America's Credit Union Conference and World Credit Union Conference in Denver, and it's not difficult to see why. Many of the convention's breakout sessions focused on fraud, cyber and mobile security, and hacking, and a new trend involves attacks on smaller financial institutions, according to several of the speakers. For small credit unions, that means trying to figure out how to mitigate those risks on a budget while increasing the use of technology to attract a younger age group.
Smartphone apps are an easy way to attract younger customers because they are accustomed to using the apps in nearly every other aspect of their lives. However, it's also an easy way for hackers to access information, speaker Tony Ferris, managing partner of the Overland Park, Kan.-based Rochdale Group, said. Third-party apps can be hacked to access the microphone of an individual's cell phone. Once the voice is captured, it can bypass voice authentication.
Mobile spyware is also growing, as well as counterfeit banking apps. Hackers can create apps that look similar to a credit union's app in the hopes that customers will download the wrong one and make it easy to install malware. However, hacking the good old fashioned way can still be an easier, preferred method for hackers, speaker Jim Stickley, CEO of the San Diego-based Stickley on Security, said.
Recommended For You
During his session, Stickley covered social engineering – which involves gathering enough information about an employee to access their computer and install malware. A hacker can easily use LinkedIn or Google to discover which employees work where, for how long, what their job titles are and who their colleagues are. From there, he said, it is easy for hackers to send faux emails that appear to be from legitimate IT personnel from either the credit union or the third-party vendor. Many times, employees will actually watch their computer being hacked without knowing what is happening.
Financial institutions can take several measures to disrupt hackers, however. Stickley said emails are one of the easiest and most common uses for hackers, so never trust an email without verifying it in person or over the phone with the person who sent it. He advised to never install software or allow others to install software on a computer without approval, and, never allow someone to remote access a computer unless it is the company's IT expert and was verified in advance.
When it comes to mobile security, speaker Robert Jarosinski, a senior risk management consultant with CUNA Mutual Group, said asking someone for their date of birth or Social Security number is out of date and not a secure method to authenticate a person's identity. Instead, he suggested using multiple resources, such as requiring PIN numbers on the mobile device's app, using the fingerprint sensor and taking photos for facial recognition.
"For credit unions with an established remote membership, we are seeing a movement to identifying members by the one thing that has become ingrained in their daily lives and that they are rarely without…their mobile phone," Jarosinski said.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
