• No results found

Top Authentication & Identification Methods to Protect Your Credit Union

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Top Authentication & Identification Methods to Protect Your Credit Union"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Top

 

Authentication

 

&

 

Identification

 

Methods

 

to

 

Protect

 

Your

 

Credit

 

Union

Presented on: Thursday , May 7, 23 ET

Copresented by:

Ann Davidson – VP of Risk Consulting at Allied Solutions 

Tammy  BehnkeCredit Union Program Executive at ProSight Specialty 

Insurance

Breakdown

 

of

 

Today’s

 

Session

1. Define authentication

2. Discuss who and what should be authenticated

3. Introduce recommended authentication measures to

better protect your credit union

4. Share tips about hiring staff you can trust to help your

credit union remain protected from theft and fraud

(2)

What

 

is

 

authentication?

Defining

 

Authentication

 

• Authentication is the process of determining whether

someone or something is, in fact, who or what he, she, or it is declared to be

• Multi-factor authentication is a method of requiring a user to accurately provide more than one form of information before giving access to the account

• The most commonly required forms of authentication include:

– Knowledge factors, such as password protection – Possession factors, such as ATM cards

– Inherence factors, such as biometric methods

• Requiring more than one independent authentication makes it much more difficult for an individual to provide false

(3)

Authentication

 

&

 

Phishing

Account access may be given through phishing attacks if the only authentication layer your credit union has in place is password protection:

• From simple phishing attacks to sophisticated targeted spear phishing attacks, gaining access to members’ passwords is an easy access point for an attack

• Passwords are a known weak link and continue to be exploited at alarming rates

• Employees may inadvertently share passwords when responding to phishing attacks

How

 

do

 

you

 

authenticate

 

(4)

FFIEC

 

and

 

Regulators

 

Address

 

Authentication

 

• FFIEC and other regulatory agencies are setting increasingly rigorous requirements for stronger authentication for users

www.ffiec.gov

• Multi-factor authentication is no longer strong enough to keep the bad guys out

Who

 

and

 

What

 

Needs

 

to

 

Be

 

Authenticated?

Who to Authenticate:

• New employees • Existing employees • New members

• Existing members conducting business

What to Authenticate:

• Access to any systems or accounts that contain private information

• ALL transaction activity performed by an employee or member

Remember! User credentials require stronger authentication - a username and password are the keys to the kingdom.

(5)

Biometrics

Passwords

Signature

Pin 

Challenge 

Questions Passcodes

Voice/Heat Tokens

Systems

Employee/Member

 

Authentication

Payment

 

Card

 

Authentication

• Signature • PIN • Biometrics • Tokenization • Encryption

• No signature or PIN

• Verified by Visa/MasterCard SecureCode

• EMV – Contact and Contactless

(6)

Authentication measures for protecting face or non face-to-face wire requests:

• Call back to multiple phone numbers • Agreed upon challenge question(s) • Agreed upon dollar amount

• Verification of signature (using ID) • Wire PIN or Passcode

• Account holder PIN or Passcode

Wire

 

Authentication

• Weak authentication methods can lead to easy access points for various types of account takeover fraud, like ‘money mule scams’

– Corporate accounts often targeted due to large balances and the availability of funds through ACH credit

• Layers to authenticate and identify the employee and member is key to helping prevent fraud

– Require system user authentication for members and employees – Identifying the individual is key before sending out ACH funds

Did You Know?Apple Pay has weak authentication to identify users at the front end, so it is up to the financial institution to have these authentication layers in place.

(7)

How

 

can

 

you

 

ensure

 

you

 

are

 

hiring

 

trusted

 

staff?

Performing background checks before hiring employees have the following benefits for your credit union:

Background

 

Checks

• Reduce turnover

• Deter theft and embezzlement

• Prevent litigation over hiring practices • Save money: it is cheaper to do a

background check than it is to fire someone

(8)

You should require background checks for: • Vendors

• Outside contractors

• Anyone who works on your premises

Did You Know? The Target Breach can be traced back to an

HVAC contractor.

Background checks should include: • Criminal history

• Civil history • Driver’s license • Education verification • Employment verification

Who

 

Should

 

Receive

 

Background

 

Checks?

Aside from performing the initial background check, ensure your employees remain trusted through the following mechanisms: • New hire training

• Policies and procedures • Strong internal controls

– Separation of duties – Access controls – Authorization controls

• Code of conduct • Discipline for violations • Annual training

• Acknowledgements each and every time • Lead by example

(9)

• Positive Work Environment

– Established policies and procedures – Fair employment practices

– Written job descriptions – Clear organizational structure – Open lines of communication – Employee recognition – Vacation requirement

• Anonymous Reporting System

– Employees, vendors, and customers – Investigate everything

– Increase perception of detection – always be seeking out information concerning internal theft

• Audits

– CPA and Supervisory – Internal – including surprise

Retaining

 

Honest

 

Employees,

 

Continued

(10)

Key

 

Takeaways

 

of

 

Today’s

 

Session

1. Establishing layers to authenticate and identify the employee and member is key to helping prevent fraud.

2. Requiring more than one form of authentication makes it much more difficult for an individual to provide false credentials – knowledge factors, possession factors, and inherence factors.

3. Authentication should be required for employees and members for all transaction activity performed and for access to anything that contains personal information. 4. Perform background checks prior to hiring staff, vendors, or

outside contractors to ensure they can be trusted to protect private member or organizational information.

Q&A

 

Session

Education

 

and

 

awareness

 

is

 

key

 

to

 

our

 

success!

 

Therefore,

 

if

 

you

 

have

 

any

 

remaining

 

questions

 

about

 

authentication

 

and

 

background

 

checks,

 

please

 

ask

 

(11)

To find out more about the risk prevention and bond products Allied Solutions and ProSight Specialty Insurance offer to credit unions, contact your Allied Representative or:

Patrick Touhey

Senior Vice President of Bond

Allied Solutions, LLC

[email protected]

To ask additional questions about authentication and background checks that were not addressed today, contact either of today’s co-presenters:

Ann D. Davidson

Vice President of Risk Consulting

Allied Solutions, LLC

[email protected]

Tammy Behnke

Credit Union Program Executive

ProSight Specialty Insurance

[email protected]

References

Download now ( PDF - 11 Page - 302.89 KB )

Related documents

Benign Metastasizing Leiomyoma to the Lung and Spine: A Case Report and Literature Review.

There are currently no standard guidelines for treatment of BML, given the rare nature of this condition, with most patients treated with a combination of surgical resection and

SaaS in Business: Exploring Strategic Benefits and Considerations of Software as a Service (SaaS) Model in Business Organizations

In the following subtopics, we will discuss the current status of research and literature covering the cloud computing and Software as a Service (SaaS) model then the strategic

Organic loading rate: A promising microbial management tool in anaerobic digestion

Analysis of the microbial commu- nities indicated that the change in OLR induced changes in the microbial community structure, abundance and dynamics and that decreases in biogas

BRT Impacts at a Neighbourhood Level: Insights from Diepkloof

The work finds a correlation between urban population density and the use of different modes of transport in the City of Johannesburg, with private cars used more in

A Novel Assembly Algorithm That Optimizes For RNA-Seq Data

The first idea for the de Bruijn graph-based algorithm came from Nicolas Govert de Bruijn (1946).(de Bruijn, 1946) He designed his signature de Bruijn

On the contagion effect of the Greek crisis in the Euro-zone stock markets.

By implementing the Breitung and Candelon (2006) cau- sality test, we show that the Google search volume can reveal either short or long-run linkages with the majority of the

Re: Human Research Subject Protections under Federalwide Assurance (FWA) - 357

In particular, we note as per your responses, the NAU human protections coordinator, who is not listed on the IRB membership roster, “approve[s] new studies eligible for

CONTENTS. 2 CHAPTER I: Welcome to Your ROBO 3D Experience! 3 CHAPTER II: Installing Software. 4 CHAPTER III: Connecting Your R1 3D Printer

 After preheating your extruder and heated bed, now make sure that you have your Slice Engine settings exactly the way that you want them. Remember to select your Slice Engine