P2018-ND-100

On July 17, 2018, fraudulent impersonators contacted the Organization via telephone to obtain access to the on-line banking of a credit union member. The contact center agent failed to engage adequate safeguards to verify the identity of the caller. The agent assisted the caller in changing passwords and granting access to the member’s on-line banking portal. The perpetrator attempted to fraudulently transfer funds on three occasions. The first occasion was successful and a transfer was completed. The subsequent attempts were blocked by loss detection systems and did not occur. The breach was discovered on July 18, 2018 via on-going monitoring of unusual transactions via automated systems and an attempt by the perpetrator to send fraudulent e-transfers.

File Type: pdf
File Size: 329 KB
Categories: 2018