From CUNA Mutual Group
Guardian Analytics, an online banking security vendor specializing in behavioral analytics, recently announced its discovery of a wire fraud scheme perpetrated through the live chat feature in the financial institutions’ online banking platform. Credit unions that accept wire transfer requests through the live chat feature in online banking platforms should reconsider this practice.
A new wire transfer fraud scheme was recently reported by Guardian Analytics. The fraud scheme takes advantage of the live chat feature through the financial institution’s online banking platform. The victims’ login credentials were somehow compromised allowing the fraudsters to login to their accounts.
The compromised accounts were accessed from locations, computers and through Internet Service Providers that did not match the access patterns of the victims. Once logged into the account, the fraudsters initiated internal transfers to transfer funds from other accounts at the institution into the compromised account from which the wire transfers were requested. The fraudster would then launch a live chat feature while logged into the account to request a wire transfer. The unauthorized wires were all under $8,000.
It is believed the impacted financial institutions did not attempt to perform additional identity verifications since the live chats were launched during authenticated online banking sessions.
The fraud scheme was perpetrated against financial institutions that used the same online banking platform that offered the live chat feature.
Similar losses have been reported by credit unions that involved fraudsters using the online banking system’s secure messaging system to request wire transfers.
Risk Mitigation Tips
Due to the risk of members’ online banking login credentials being compromised, credit unions should avoid accepting wire transfer requests via the online banking system’s live chat and/or secure messaging feature.