Financial Services Sector: Beware of IT Fraud
July 26, 2005
(Rome, Italy) - Fraud and theft in information technology is a large area of concern for any business, but particularly those in the financial services sector. Unfortunately, the necessary safeguards against these crimes are commonly misunderstood by those outside the IT field. In "Questions to Ask when Investing in Information Technology," one of Tuesday morning's educational break-out sessions, Kurt Lykins, chief technology officer for Corporate One Federal Credit Union, outlined the best systems for keeping vital information secure while meeting the credit union's diverse and changing needs.
In addition to Lykins' ten years of experience with Corporate One, he has volunteered his technical expertise to WOCCU on several projects, broadening his understanding of the technical needs and capabilities in credit unions outside of the US. His advice encapsulated a large range of systems, from rudimentary to complex. With the aid of simple language and diagrams, Lykins clarified his points in a way that even the technological novice could understand.
He warned about the dangers of connecting all computers directly to a central server, citing the example of a credit union he had worked with whose system had been tapped into by the creator of a music downloading site as proof of the weakness of this model. Instead, he advised the use of a firewall for maximum protection.
The exchange of credit card information over the Internet is another area fraught with risk. Besides ensuring one's own system is secure, it is necessary to verify the legitimacy of the party with which a transaction is being made. Lykins gave the example of a hacker who replicated the website of a major clothing manufacturer in the early days of online shopping, changing only one letter in the website address. The fraudulent website existed for four months and collected over 30,000 credit card numbers before it was discovered by authorities.
Sometimes security measures are simple, Lykins explained. For example, the symbol for a website that encrypts confidential information is an unbroken key on Netscape and a padlock on Internet Explorer. Just by looking at the bottom corner of the screen it is possible to know if the information you are sending is secure. However, as systems grow more advanced, so do the tactics of exploiters, so it is important to keep abreast of new security measures and update them whenever possible. He advised that virus- preventing software be updated at least once a week.
Although securing a more complex system naturally requires greater care, even rudimentary systems must be monitered. Lykins used the example of a credit union with only one computer and no Internet connection. It is still necessary to ensure that, in the case of a crash, the backup data is updated and saved. And, whenever possible, software should be updated.
Lykins stressed the importance of preventative measures, such as formulating a plan of action in the event of a security breach. "When a bank is robbed, managers don't sit around deciding how to respond," he said. "They have a pre-formed plan of action. The same is necessary with regards to IT." In the confusion and panic that always follows a major malfunction, a clear procedure will make a big difference in the credit union's ability to handle the situation quickly and effectively.
Other break-out sessions of the day included "Creating a Culture for High Performance and High Fulfillment," led by Eric Klein, president of Dharma Consulting of the US; "Co- operative Banks: German and Italian Experiences," led by Carlo Barbieri, head of the international department of ICCREA Holding of Italy and Jochen Lehnhoff, board member of the Bundesverband der Deutschen Volksbanken und Raiffeisenbanken of Germany; and "De-Mutualization: Exploring the Consequences," led by Adrian Coles, director- general of the Building Societies Association of the UK and Frank Diekmann, editor of The Credit Union Journal of the US.
World Council of Credit Unions is the global trade association and development agency for credit unions. World Council promotes the sustainable development of credit unions and other financial cooperatives around the world to empower people through access to high quality and affordable financial services. World Council advocates on behalf of the global credit union system before international organizations and works with national governments to improve legislation and regulation. Its technical assistance programs introduce new tools and technologies to strengthen credit unions' financial performance and increase their outreach.
World Council has implemented more than 290 technical assistance programs in 71 countries. Worldwide, 60,500 credit unions in 109 countries serve 223 million people. Learn more about World Council's impact around the world at www.woccu.org.