Integrating Zelle without Putting Members at Risk
Financial institutions must contend with a complex dynamic. They must keep pace with evolving customer preferences while ensuring new technologies do not create security vulnerabilities. When a local Florida credit union decided to improve the functionality of its mobile banking apps by integrating Zelle peer-to-peer payments, it discovered that this would also increase the security risks for its members. They knew they needed to reduce security threats from Zelle.
Zelle publishes information about every bank, credit union, and financial institution client on their website within six months of integration. While that was valuable advertising for this 26,000-member credit union, it can also pose security problems. Fraudsters monitor the Zelle site for new clients and potential scam opportunities. Whenever a new logo is added to the website, a brand impersonation campaign often follows. Credit unions must address these risks before fraud campaigns can be launched.
Zelle attack characteristics are straightforward. Fraudsters impersonating the brand send SMS messages to banking customers and credit union members, informing them of an issue with their funds and Zelle account. These messages contain a malicious link. The fraudster can upload malware or extract sensitive information when the user clicks. This is a common occurrence after deploying Zelle that credit unions and financial institutions warn their peers to expect an influx of fraud attacks.
Anticipating the Impending Threat from Zelle
Our client credit union prides itself on its connection to the community it serves. It actively supports Habitat for Humanity and provides financial education to its members. The relationship between the brand, community, and members is the core of its business, so it needed to anticipate the impending threat.
They contacted Allure Security to discuss protecting their members and stopping brand impersonation attacks.
Small Teams and Partner Relationships
One of the most significant challenges for the credit union is that it staffs a small IT team with a single cybersecurity engineer. Many of their IT and web functions are outsourced through various partner relationships. They lack the in-house resources and expertise to protect their brand or operate a brand protection platform internally. The credit union needed a vendor to provide guidance, report to the CEO and board, and execute takedowns after a threat was discovered. They needed a true security partner who could communicate effectively, monitor risks, and take immediate action when necessary.
Easy Integration Despite Complex Partner Relationships
The credit union was concerned that its network of partner relationships would make integrating Allure Security difficult and time-consuming. Although it had an internal web developer, the developer had limited and primary access to the website’s back end. The credit union feared integration would require coordination between multiple partners, with setbacks and delays along the way. The reality was quite the opposite.
The deployment of Allure Security solutions proved so easy that the credit union is confident it can move forward with other IT and digital footprint expansions. They know they can integrate Allure Security and protect their brand as they expand.
“There was always a little concern about the difficulty of deployment. That concern proved to be unfounded. The deployment went very quickly and smoothly.”
The Results
Once deployed, Allure Security identified spoofs and impersonations of the credit union brand on the broader web. The credit union felt confident in its improved security posture and could begin integrating Zelle with its mobile apps.
Since then, Allure has identified, reported, and initiated takedowns of phishing campaigns exploiting the credit union’s brand. Credit unions have a straightforward and standard digital footprint. In addition to their website, Android and iOS apps are available in their respective app stores. If Allure Security finds anything beyond these instances, it can be confident that it is a spoof.
Identifying these attacks and risks allows for a simple, expedited takedown process. Allure Security notifies the internal cybersecurity engineer of the threat. The engineer either approves or declines the takedown, and the team at Allure sets to work.
With Zelle on their mobile apps and the proper security, the Florida credit union is well-positioned to offer an exceptional member experience.
Related Articles
-
Credit Union in U.S. South Supercharges Takedown CampaignsDo-It-Yourself Takedown Struggles A credit union based in the southern United States supports...
-
Fraudsters Steer Clear of Federal Credit UnionSleepless Nights and Overburdened IT Teams A federal credit union managing $3.06 billion...
-
Credit Union Reduces Security Threat from ZelleIntegrating Zelle without Putting Members at Risk Financial institutions must contend with a...
-
Damn Filters Recovers from Poisoned Search Engine ResultsPoisoned Search Engine Results Damn Filters, a leading company in Kansas, sells online...
-
Regional Bank Protects their Brand and CustomersEliminating the Precursor to Phishing and Fraud A regional bank managing $30 billion...
-
Service Credit Union Reduces Online FraudFake Sites, Frustrated Members, and Online Fraud Service Credit Union is an award-winning...