I don’t know about you, but I can’t believe it is 2012 already. FinCEN is starting the new year with some guidance on identifying “account takeover” suspicious activity. FinCEN defines “account takeover” as the act of using computer intrusion to target a member holding an account at a credit union to remove, steal, procure or otherwise affect the member’s funds.
A common misconception is that a credit union’s IT department is the only line of defense, which is not the case. FinCEN provides the following “red flags” for this type of activity; unusual ATM activity, clustered ACH transactions in different geographical areas, sudden wire transfers, and changes to a member’s account or profile.
Once this activity is discovered, FinCEN provides the following keys to completing a SAR for account takeover suspicious activity:
- If the account takeover involves computer intrusion, check the box for “computer intrusion.” In addition, financial institutions can check the “other” box and note “account takeover fraud” in the space provided.
- If the account takeover involved other delivery channels such as telephone banking or fraudulent activities such as social engineering, financial institutions can check the “other” box, note “account takeover fraud,” and include a short description of the additional information in the space provided.
- If the account takeover involves a wire transfer, then in addition to selecting the “other” box and noting “account takeover fraud,” the box for “wire transfer fraud” should be checked.
- If the account takeover involves an ACH transfer, financial institutions can check the “other” box and note “account takeover fraud – ACH.”
- Account takeovers often involve unauthorized access to PINs, account numbers, and other identifying information. Financial institutions may need to check the box for “identity theft,” in addition to selecting the “other” box and noting “account takeover fraud.” Additional boxes should be checked if appropriate (e.g. “terrorist financing”).
As technology advances with each coming year, it is important to remember that your credit union’s security measures should too. By the way, this would be an excellent item to include in your 2012 BSA training.
Best wishes for 2012!