Credit Union Reduces Security Threat from Zelle pmiquel November 27, 2024

Credit Union Reduces Security Threat from Zelle

Integrating Zelle without Putting Members at Risk

Financial institutions must contend with a complex dynamic. They must keep pace with evolving customer preferences while ensuring new technologies do not create security vulnerabilities. When a local Florida credit union decided to improve the functionality of its mobile banking apps by integrating Zelle peer-to-peer payments, it discovered that this would also increase the security risks for its members. They knew they needed to reduce security threats from Zelle.

Zelle publishes information about every bank, credit union, and financial institution client on their website within six months of integration. While that was valuable advertising for this 26,000-member credit union, it can also pose security problems.  Fraudsters monitor the Zelle site for new clients and potential scam opportunities. Whenever a new logo is added to the website, a brand impersonation campaign often follows.  Credit unions must address these risks before fraud campaigns can be launched.

Zelle attack characteristics are straightforward. Fraudsters impersonating the brand send SMS messages to banking customers and credit union members, informing them of an issue with their funds and Zelle account.  These messages contain a malicious link. The fraudster can upload malware or extract sensitive information when the user clicks. This is a common occurrence after deploying Zelle that credit unions and financial institutions warn their peers to expect an influx of fraud attacks.

Anticipating the Impending Threat from Zelle

Our client credit union prides itself on its connection to the community it serves. It actively supports Habitat for Humanity and provides financial education to its members. The relationship between the brand, community, and members is the core of its business, so it needed to anticipate the impending threat.

They contacted Allure Security to discuss protecting their members and stopping brand impersonation attacks.

Small Teams and Partner Relationships

One of the most significant challenges for the credit union is that it staffs a small IT team with a single cybersecurity engineer. Many of their IT and web functions are outsourced through various partner relationships. They lack the in-house resources and expertise to protect their brand or operate a brand protection platform internally. The credit union needed a vendor to provide guidance, report to the CEO and board, and execute takedowns after a threat was discovered. They needed a true security partner who could communicate effectively, monitor risks, and take immediate action when necessary.

“When we did the first call, it was more like a partnership… [Allure Security] listened to what we were looking for and guided us to where we wanted and needed to go. It was clear they weren’t just trying to sell us a product. They wanted to protect us. That was where it clicked that it'd be a good partnership for the organization.”
Cybersecurity Engineer at Credit Union

Easy Integration Despite Complex Partner Relationships

The credit union was concerned that its network of partner relationships would make integrating Allure Security difficult and time-consuming. Although it had an internal web developer, the developer had limited and primary access to the website’s back end. The credit union feared integration would require coordination between multiple partners, with setbacks and delays along the way. The reality was quite the opposite.

The deployment of Allure Security solutions proved so easy that the credit union is confident it can move forward with other IT and digital footprint expansions. They know they can integrate Allure Security and protect their brand as they expand.

“There was always a little concern about the difficulty of deployment. That concern proved to be unfounded. The deployment went very quickly and smoothly.”

Cybersecurity Engineer at Credit Union

The Results

Once deployed, Allure Security identified spoofs and impersonations of the credit union brand on the broader web. The credit union felt confident in its improved security posture and could begin integrating Zelle with its mobile apps.

Since then, Allure has identified, reported, and initiated takedowns of phishing campaigns exploiting the credit union’s brand. Credit unions have a straightforward and standard digital footprint. In addition to their website, Android and iOS apps are available in their respective app stores. If Allure Security finds anything beyond these instances, it can be confident that it is a spoof.

Identifying these attacks and risks allows for a simple, expedited takedown process. Allure Security notifies the internal cybersecurity engineer of the threat. The engineer either approves or declines the takedown, and the team at Allure sets to work.

With Zelle on their mobile apps and the proper security, the Florida credit union is well-positioned to offer an exceptional member experience.

"I think of Allure as an important layer in our security protection. You will have many types of threats to face and defend against. Those who could impact our members are especially impactful and important to us. Allure Security has helped us ensure our members are protected."
Cybersecurity Engineer at Credit Union

Related Articles