The world of identity theft shifted a bit on Sept. 7, when news broke that hackers had infiltrated the Equifax consumer database. It’s estimated that somewhere around 143 million consumers were affected. This means vital information like names, dates of birth, social security numbers and credit card information could potentially be up for grabs. And while it’s sobering to think that all of this data could be sold to the highest bidder, the response by Equifax seemed to further complicate the matter.
The website, www.equifaxsecurity2017.com, was set up by the credit bureau to assist consumers with ascertaining whether or not their information had been compromised. However, the official Equifax corporate Twitter account redirected consumers to a fake phishing site for a while before the tweets were noticed and removed. Once the mistake was realized by Equifax, the phishing site was taken down. It was a step by an engineer to bring perspective to the issue of just how dangerous and unnerving the security breach is.
And while it seems that those situations have been rectified, the potential is still very real for the security breach to affect your credit union. Be on the lookout for membership duplicity. It can happen very easily. Here are two scenarios.
Pretending to be one of your existing members
Once an identity thief has someone’s vital information, they could easily approach your credit union and pretend to be one of your members. They might try to apply for an auto loan or credit card, or go straight for the big score and take out a home loan. Any one of these situations could spell disaster for your credit union and create a huge mess for your members.
Stop for a moment and consider the different ways an identity thief can take advantage of your credit union. Many institutions offer online loan processing. An identity thief could initiate the loan process online, then come in later to finalize the paperwork and have instant access to funds. The best way to prevent this type of scenario is simple: Your staff needs to be vigilant but not suspicious. Relying on the preponderance of data (from all reliable sources) to verify true intent is crucial. This could prevent an identity thief from running straight to the goal line with stolen information.
Credit cards are a bit trickier. Usually, a member can apply for those online with no formal verification required. It might be a good idea to verify that your member did indeed fill out a credit card application before a new account is established. Credit cards will be easy bait for identity thieves if they have all of your member’s vital information. All they have to do is fill in the online blanks and hit the submit button.
Another worst-case-scenario might include a duplicitous “member” opening another account type, only to gain access to funds existing in already established bona fide accounts. This, in time, could end up being the more disastrous scenario.
Cloning membership at another credit union
Of course, most identity thieves will be a bit savvier. The easiest thing for them to do is to simply go to another credit union and establish themselves as a member. Once they have a new account, they can then avail themselves of all the new services that particular credit union has to offer, including loan products and credit cards. This is where diligence is required. Member duplicity can be hard to stop, but is something that you simply have to be on the lookout for as this will be a very real threat for the time being.
The current state of affairs is as deep as it is wide. There could be widespread identity theft as a result of the Equifax breach or there could be very little. Your credit union has the potential to be impacted a great deal, or the result could be zero. This is the hard truth as it currently stands.
Minimizing the impact of the Equifax breach
This is one of those situations where a great offense is better than a good defense. Now is the time to be proactive and look at your processes. Make sure current processes are secure and there are measures in place for verification to prevent further damage.
We have the forms process and products covered. However, we can’t stop identity thieves from trying to establish themselves at your credit union with someone else’s information. Be diligent – verify and authenticate everything as much as you can before processing. This will minimize the impact and encourage them to remove your credit union as a target. In the grand scheme of things, the Equifax data breach serves to underscore the times we live in. Cyberattacks are the new Wild West for all businesses and identity theft is always a threat. It’s not unrealistic to consider that this could be done by multiple offenders at multiple credit unions. Somewhere in between the worst case scenario and the best (zero identity theft), is the reality of things. Knowing what to look for when a major data breach occurs is the best way to keep you protected in the long run.
Richard Gallagher is CEO of Oak Tree Business Systems, Inc., which provides forms, lending documents and disclosures for credit unions in all aspects of operation: business, membership, home equity lending, and consumer loans.