Pub. 3 2013 Issue 2

20 www.azbankers.org C OMMUNITY BANKS ARE BEING HIT PARTICULARLY HARD BY THE SURGE IN DATA BREACHES AND HACKING ATTACKS THAT LEAD TO losses involving identity theft, debit card fraud and other technology-based criminal activity. The percentage of financial institutions under $5 billion in assets reporting losses jumped from 61% in 2008 to 94% just three years later. In addition to hacking losses, community banks watched their fraud losses on signature-debit sales skyrock- et from 3.5 basis points to 11.9 basis points during the same time period, and these numbers are still on the rise. Larger and more security-sophisticated regional and national banks are seeing their losses decline, however, so the perpetrators appear to be focusing their criminal activity on smaller banks which lack the defensive technology utilized by larger banks. Large banks are not immune, however, and many have been targeted successfully. As we often find in criminal schemes against financial institutions, the criminals are seeking the path of least resistance, so it makes sense that they would focus on smaller banks. Following are some recent hacking events: • In February of this year the Federal Reserve Bank was targeted by the infamous hacker organization, Anonymous, and detailed information on 4,000 bank executives was reportedly stolen. • In late 2012 our agency received notice of two hacks through two separate bank customers’ accounts that resulted in financial losses to the customers in the mid-six figure range. • Also in late 2012 and early 2013 we received notice of a wire transfer diversion loss of nearly $1 million; and another bank reported a near loss of several hundred thousand due to a similar scheme. Both of these events appear to be the result of spyware/malware in the electronic communications chain. Fortunately the bulk of the large loss was recovered and the second wire was ultimately not sent. • In October of 2012 Barnes & Noble Booksellers reported a breach that struck 63 of its locations nationwide. The breach was determined to have been the result of internal device tampering at several stores in 9 states. • In January, Zaxby’s restaurants discovered a point-of-sale breach that involved 108 stores in the East and Southeast. The company subsequently revealed that compromising malware had been discovered on computer systems at several locations. • A large Arizona grocery chain’s payment system recently suffered a breach tied to a worldwide criminal network that appears to have been initiated as far back as late 2012. Hundreds of compromised payment cards were reported as a result of this hack and the affected cards were undoubtedly sold to the worldwide marketplace. Banking institutions tracking the suspicious activity on these cards eventually traced the breach back to the Basha’s Family of Stores, a popular Arizona group of grocery outlets. Basha’s management indicated malware was behind the attack. These events are an ominous sign that our community banking sys- tem is vulnerable to an ever more sophisticated worldwide network of technology-savvy criminals. These crime syndicates are well-financed, Cyber Crime and Cyber Liability IsYour Bank Protected? BY PATRICK R. COREY, PRESIDENT IBIS INSURANCE SERVICES, INC.