cuna, cuna mutual group & fs-isac: fraud …...themselves, analyze the risk of the data that may...
TRANSCRIPT
CUNA, CUNA Mutual Group & FS-ISAC:
Fraud Mitigation Post Data Breach
Members Webinar
Thursday, September 21, 2017 1:00pm EDT
2 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC2
Agenda
• Call Opening: Greg Temm (FS-ISAC Chief Information Risk Officer)
– CUNA and CUNA Mutual Group Members-Only Call
– Agenda Overview / Presenters Introduction
• Issue Overview & What We Know: Lance Noggle (CUNA), Ken Otsuka (CUNA Mutual Group), Liz Shirley
(Wapack Labs), David Faphonda, (PWC), Charles Bretz (FS-ISAC) & Heather McCalman (FS-ISAC)
– Outline of the issue & advocacy (Lance Noggle)
– Background of recent events “data breach”
– Reusing stolen credentials on the dark web (Liz Shirley)
– Financial Sector Crimes & Fraud Update (David Faphonda)
– Proactively changing your fraud strategy after a large breach (Charles Bretz and Ken Otsuka)
– Offering best practices to your members to prevent identity theft (Heather McCalman)
• Q&A with Presenters
• Closing
3 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC3
Sharing information to mitigate risk
• Sharing information about how criminals exploit the stolen
information may mitigate risk to your FI and FS-ISAC
members.
• Concern that 143 million records of PII information is
aggregated and creating the potential to be exploited to
compromise FI authentication processes.
• Criminals have had time to use and/or sell the stolen
information.
• FI use multivariate processes for authentication.
• These authentication systems are adjusted and optimized
for customer experience and to prevent fraud.
4 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC4
Sharing information to mitigate risk
• Authentication systems adjustment and optimization
processes use reviews of fraud cases where criminals have
beaten or attempting to compromise the process.
• Are members seeing changes in criminals’ tactics exploiting
the stolen 143 million PII records?
• If so, will your institution share intel about the criminals’
tactics?
5 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC5
Fraud Uptick Survey
• 363 Responses to the Uptick in Fraud Survey
0 50 100 150 200 250
Are already Seeing Fraud
Have not seen any and not expecting uptick
Have not seen but expecting uptick
We cannot share this information
Have FS-ISAC Members Seen an Uptick in Fraud
6 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC6
Risk Survey
0 5 10 15 20 25
Do Not Know
No
We Cannot Share this information
Yes
Did Regular Reviews of Multivariate authentication systems performance are there indicators that criminals have recently changing
tactics in the last 60 days ?
0 5 10 15 20 25
Do not Know
No
We cannot share this information
If so, do the changes in tactics exploit data elements reported to be
compromised in the 143 million records ?
0 5 10 15 20
call center support
PIN Resets
we cannot share this information
do not know
If so what authentication systems are being targeted?
7 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC7
PII Survey
• 90 responses to the following questions
0 10 20 30 40 50 60 70
Address
Drivers License #
Name
Social Security #
We Cannot Share this information
What PII data elements are being exploited, check all that are part of the new criminal tactics
8 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC8
Criminal Tactics Survey
• 165 responses to this survey
0 10 20 30 40 50 60 70 80 90 100
Do Not Know
No
We cannot share this information
Yes with attribution
Yes without attribution
If you have determined a change in criminals tactics or find a change in criminals tactic to comprise authentication processes, are you willing to share the intelligence on the change in criminal tactics
with FS-ISAC members ?
9 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC9
Best practices to offer CU members
• To provide proper steps on how members can protect
themselves, analyze the risk of the data that may have been or
was taken in the breach; stolen consumer data may include:
– Names
– Addresses
– Phone numbers
– Email addresses**
– SSN, DoBs, driver’s license numbers**
– Credit or debit card information**
– Usernames and/or passwords**
**Information especially valuable for phishing campaigns, ID theft, account takeover and to carders
10 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC10
Best practices to offer CU members:
Security freezes on credit reports
• Recommend members place a security freeze on their
credit reports at all four credit reporting bureaus:
– Equifax:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
– Experian: https://www.experian.com/freeze/center.html
– Innovis: https://www.innovis.com/personal/securityFreeze
– TransUnion: http://www.transunion.com/securityfreeze
Phone numbers to do the same:
– Equifax: 1.800.349.9960
– Experian: 1.888.397.3742
– Innovis: 1.800.540.2505
– TransUnion: 1.888.909.8872
11 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC11
Best practices to offer CU members:
Security freezes on credit reports
• Contact each bureau to place a freeze on credit reports
• Protect the PIN!
• The PIN is required to thaw or unfreeze a report
• Recommended to store the PIN in two separate secure
locations
• Check state specific details; some states freeze for free
and some charge a fee
12 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC12
Best practices to offer CU members:
Fraud alerts on credit reports
• Recommend members place a fraud alert on their credit reports; members only need to contact one of these agencies and request that the information be passed to the other two:– Equifax: call 800.525.6285 or go to
https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp;
– Experian: call 888.397.3742 or go to https://www.experian.com/fraud/center.html;
– TransUnion: call 800.680.7289 or go to https://www.transunion.com/fraud-victim-resource/place-fraud-alert.
• Members need to contact Innovis separately to place a fraud alert with that agency:– Call 800.540.2505 or go to
https://www.innovis.com/fraudActiveDutyAlerts/index.
13 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC13
Best practices to offer CU members:
Fraud alerts on credit reports
• A fraud alert requires potential creditors to contact the
consumer and obtain permission to open new accounts or
lines of credit.
• By law, consumers are allowed to request a fraud alert
every 90 days; after 90 days, they must repeat the process.
• With documentation showing they are an ID theft victim
(e.g. a police report), an extended fraud alert may be
placed on their reports; an extended alert lasts seven
years.
14 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC14
Best practices to offer CU members:
Check credit reports annually
• Check credit reports annually at annualcreditreport.com or
call 877.322.8228.
• Credit reports show personal information as well as lines of
credit and accounts.
• Recommended to stagger the review by pulling one report
every 4 months, to catch any “new” or suspicious accounts
more quickly.
• Beware of other sites that try to sell a credit report or offer a
“free” report in exchange for a subscription to a service and
of look-alike sites.
15 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC15
Best practices to offer CU members:
Free credit monitoring
• Sign up for free credit monitoring offered by an organization post-breach.
• Victims of breach should not have to pay for credit monitoring, unless the length of the monitoring has expired.
• Utilize free credit monitoring offers along with applying security freezes and fraud alerts to credit reports.
• Remember: credit monitoring services are generally “reactive” to fraud issues, not “proactive” in protecting against fraud issues.
• Remember: the best monitoring is the monitoring members do themselves.
16 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC16
Best practices to offer CU members:
More tips
• Additional tips for credit union members:
– Use account alerts;
– Do their own fraud analysis, with account statements and online and mobile banking;
– Email safety and security: Don’t click links or attachments;
**Additional email tips to protect against breach-related phishing attempts**
– Look out for scams, cautious of unsolicited emails and phone calls;
– Use two-factor authentication on any site they can;
– Use strong and LOOONNNGGG passwords;
– Safeguard credit cards, SSNs and personal information, to include securely destroying documents.
17 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC17
Primary benefit of FS-ISAC membership
The first and foremost benefit of an FS-ISAC membership is that your credit
union has a better chance of staying a step ahead of a potential crisis:
• Use the information received on attacks and campaigns at other
institutions to thwart and prevent the same threat at your CU.
• Share the information you see on your network and in your institution to
enable other CUs and community banks to protect themselves, which
makes the entire system stronger.
• Implementing the recommendations, suggestions and best practices
received in forums and other channels to strengthen your cyber and
physical security defenses, even with a limited budget.
18 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC18
Benefits of FS-ISAC membership
• Additional benefits credit unions receive when they join FS-ISAC:
– Credit Union Council and Community Institution Council listservs;
– Weekly Risk Summary Report;
– FS-ISAC Daily Summary Report;
– Access to Security Operations Center (SOC) alerts;
– Multiple methods to share information about attempts your credit union
is seeing, with or without attribution;
– Monthly Community Institution and Associations Council meeting;
19 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC19
Benefits of FS-ISAC membership
• Additional benefits credit unions receive when they join FS-ISAC:
– Risk mitigation toolkits;
– Portal access with an extensive document library;
– Annual free CAPS exercise, tabletop exercises and crisis response
playbooks;
– Coordinating response to physical disasters affecting financial
services;
– Monthly Executive Brief;
– Access to industry expert resources;
– Live events, mentoring and networking with your peers.
20 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC20 TLP Green
2017 FS-ISAC Fall SummitStrength in Sharing
Content. Connection. Collaboration.
1-4 October | Baltimore | fsisac-summits.com
More than 90 content rich sessions on IT security, governance,
payments, resiliency, technology and operations, testing and security
assurance and threat intelligence
Networking! Collaborate with other members connect with some of the
top industry thought leaders
Interactive opportunities Capture the Flag and an Innovation
Challenge
New trainings CyberSecure Workshop, Treadstone 71 and STIX 2.0
2017 FS-ISAC Fall Summit
1-4 October | Baltimore
www.fsisac-summit.com
• More than 90 content-rich sessions
• Innovative keynote with John
Brennan, former CIA Director
• New in-depth trainings and initiatives
• Networking and collaboration
21 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC21
How to join FS-ISAC
• For more information about FS-ISAC membership, see the Credit
Union Brochure in the Resources area of the webinar window.
• To join FS-ISAC and start receiving and sharing important
information to protect your credit union and members, go to
https://www.fsisac.com/join or call +1.877.612.2622, prompt 3.
• If you have any questions or comments about membership,
please feel free to contact [email protected].
• If you have any questions about the information in this
presentation, please contact Heather McCalman at
22 September 28, 2017 — FS-ISAC Confidential. © 2017 FS-ISAC22
Q&A
• Submit your questions in the chat window
• Lecture Mode Enabled
– If you wish to speak click on ‘Dial-in’ Tab and call in &
hit *9 to raise your hand and we will unmute your line.
• PowerPoints will be available to download later
today via portal.fsisac.com for FS-ISAC
Members
September 28, 2017 — FS-ISAC Confidential23
Fill Out Survey
Thanks!!
Follow us @FSISAC
Questions? [email protected]