From paBanker Magazine's 2017 Q4 Edition: Volume 19.6

It’s the holiday season, which means that millions of consumers are searching for “the perfect gift” for their loved ones. Whether that “perfect gift” is the new iPhone X, Apple Watch or, in the case of my children, the Amazon Echo or “Alexa” (Brooks thinks it would be really cool to be able to discover facts about inane things in the comfort of his own bedroom. I told him we used to do that by reading the Encyclopedia), consumers will be spending thousands of dollars within the next few weeks. And, in order to make those purchases, they will be using their credit and debit cards issued by your banks.

So, what does that mean for our industry?

Increased Threats
You will all recall the Target breach that occurred during the holiday season in 2013. More than 70 million consumers had their personal information - such as credit and debit card information, names and contact information - compromised as hackers gained access to Target’s payment system (source: Corporate.Target.com). Although the breach happened on a third party’s system, our banks, and our customers, felt the pain and were financially burdened by the hack.

More recently, Equifax, one of three major credit reporting agencies, announced that 209,000 credit card numbers and the records of approximately 143 million Americans were breached between May and July of this year. Those records contained names, birth dates, addresses, Social Security numbers and some driver’s license numbers.

More and more consumers are inadvertently becoming exposed to identity theft and fraud each year. According to a recent report by the Identity Theft Resource Center, there have been 1,140 data breaches in 2017 alone (as of Nov. 1), exposing the records of nearly 171,638,592 consumers.

With threats at an all-time high during the busy holiday season, it is extremely important for our banks to continue to be vigilant and take precautions to protect our customers and their personal and financial information. We know that this vigilance does not end on Jan. 1; this is a never-ending, time-consuming process.

Information Sharing
But, please know that you are not alone. We, as an association, are here to help and offer resources to make staying up to date on the latest cybersecurity trends (and being vigilant) easier for you, your staff and your bank. While we know that you spend a lot of time and money each year on precautions like chip-based payment cards, tokenization, mobile alert programs and neural networks, the association has a few offerings below that may assist with your risk management and keep your bank in front of the cybersecurity enemy lines.

Recently, the association put out a press release with the following tips to help consumers proactively protect their information from the threat of identity theft. Please feel free to share these tips with your customers and use them on your social media channels and website.

  • Do not share your private information online or over the phone, including your Social Security number, account information, PINs and passwords. Be sure to use a combination of upper- and lower-case letters, numbers and special characters for your passwords, and change them periodically.
  • Shred sensitive papers, such as receipts, banks statements and unused credit card offers, before throwing them away.
  • Keep an eye out for missing mail. Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen.
  • “Snack” on your balance. Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.
  • Monitor your credit report. Order a free copy of your credit report every four months from one of the three credit reporting agencies at www.annualcreditreport.com. 
  • Protect your computer. Make sure that the virus protection software on your computer is active and up-to-date. Additionally, when conducting business online, make sure your browser’s padlock or key icon is active and look for an “s” after the “http” to be sure that the website is secure.
  • Protect your mobile device by using the passcode lock and/or fingerprint access on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Also, use caution when downloading apps, as they may contain malware, and avoid opening links and attachments – especially from senders who you do not know.
  • Report any suspected fraud to your bank immediately. PA Bankers will continue to monitor cybersecurity issues on behalf of the membership. As you have read on page 39 , our IT Committee works diligently on behalf of the membership by identifying issues, products/services opportunities and training topics.

Additionally, PA Bankers is a member of the FS-ISAC, and as a result, our members all have access to relevant cybersecurity information. In conjunction with the American Bankers Association and the FS-ISAC, we have developed an all-hazards state and regional crisis Incident Response Playbook. This playbook guides bankers on how to respond before, during and following a crisis event, such as a cyber threat or breach. If you would like to view a copy of this playbook, please contact me at dcampbell@pabanker.com.

We are here to assist you in keeping your customers safe and staying aware of cybersecurity issues relevant to your banks. If you have any questions, please do not hesitate to contact us.

Thank you for your continued support of the association. From all of us at the PA Bankers, we wish you a wonderful holiday season.


Duncan Campbell
President & CEO