Cyber criminals are growing increasingly clever.
Just consider what happened to Tampa Bay Credit Union recently. Fraudsters played an elaborate game of connect-the-dots by figuring out the Bin number on the credit union’s debit cards and spoofing cards by connecting Bin numbers to members’ debit cards, reports SC Media. Thousands of cards had to be canceled.
“This was a situation where the ‘bad guys’ tried using sophisticated software to perpetrate fraud without having any other card or personal information needed to be successful,” the credit union told a local news station, SC Media reports. “No Tampa Bay Federal Credit Union member incurred any loss from the attempted transactions.”
Meanwhile, third-party vendor data breaches continue to be a serious problem. Nearly 24 million mortgage documents from a variety of major banks and lenders going back ten years, including sensitive data like Social Security numbers, birth dates, account numbers, and tax documents, was exposed for at least two weeks, according to TechCrunch, which uncovered the problem. It’s unclear if any of the data ended up in criminal hands, though it’s being investigated.
The leak was caused by a server configuration error by Ascension, a data analysis company that was hired to convert the documents into computer readable files.
These are just two examples of a growing problem.
In 2018, there were more than 53,000 security incidents with 2,216 confirmed data breaches, according to the Verizon 2018 Data Breach Investigations Report. The most common types of attacks against banks included:
- Denial of service (DoS)
- ATM payment card skimming
- ATM jackpotting
That list of attacks doesn’t include one of the greatest threats of all: third-party data breaches.
Among U.S. firms polled by Deloitte about third-party events over the past three years:
- 11% Experienced a high-impact third-party incident
- 36% Experienced a low-impact third-party incident
- 27% Didn’t know
Make sure your institution has controls in place to spot nefarious activity and that your third-party vendors are just as smart as the cyber criminals. This problem isn’t going away anytime soon.