Integrating Zelle without putting members at risk
Financial institutions must contend with a complex dynamic. They must keep pace with evolving customer preferences while ensuring new technologies do not create security vulnerabilities. When a local Florida credit union decided to improve the functionality of its mobile banking apps by integrating Zelle peer-to-peer payments, it discovered that this would also increase the security risks for its members. They knew they needed to reduce security threats from Zelle.
Zelle publishes information about every bank, credit union, and financial institution client on their website within six months of integration. While that was valuable advertising for this 26,000-member credit union, it can also pose security problems. Fraudsters monitor the Zelle site for new clients and potential scam opportunities. Whenever a new logo is added to the website, a brand impersonation campaign often follows. Credit unions must address these risks before fraud campaigns can be launched.
Zelle attack characteristics are straightforward. Fraudsters impersonating the brand send SMS messages to banking customers and credit union members, informing them of an issue with their funds and Zelle account. These messages contain a malicious link. The fraudster can upload malware or extract sensitive information when the user clicks. This is a common occurrence after deploying Zelle that credit unions and financial institutions warn their peers to expect an influx of fraud attacks.
Anticipating the impending threat from Zelle
Our client credit union prides itself on its connection to the community it serves. It actively supports Habitat for Humanity and provides financial education to its members. The relationship between the brand, community, and members is the core of its business, so it needed to anticipate the impending threat.
They contacted Allure Security to discuss protecting their members and stopping brand impersonation attacks.
Various teams at ORNL FCU handle fraud response and mitigation, but the team responsible for addressing brand impersonation attacks has been managed by a small team of employees. Moreover, fraud mitigation was just one of many responsibilities of this team. With such limited resources, reacting to the influx of fraud proved an unworkable burden.
The team spent countless hours contacting domain registrars and web hosting providers to take down the fake sites. However, when the number of fraudulent sites exceeded 100 per month, it became overwhelming.
Small Teams and Partner Relationships
One of the most significant challenges for the credit union is that it staffs a small IT team with a single cybersecurity engineer. Many of their IT and web functions are outsourced through various partner relationships. They lack the in-house resources and expertise to protect their brand or operate a brand protection platform internally. The credit union needed a vendor to provide guidance, report to the CEO and board, and execute takedowns after a threat was discovered. They needed a true security partner who could communicate effectively, monitor risks, and take immediate action when necessary.
They contacted Allure Security to discuss protecting their members and stopping brand impersonation attacks.
Various teams at ORNL FCU handle fraud response and mitigation, but the team responsible for addressing brand impersonation attacks has been managed by a small team of employees. Moreover, fraud mitigation was just one of many responsibilities of this team. With such limited resources, reacting to the influx of fraud proved an unworkable burden.
The team spent countless hours contacting domain registrars and web hosting providers to take down the fake sites. However, when the number of fraudulent sites exceeded 100 per month, it became overwhelming.
Easy integration despite complex partner relationships
The credit union was concerned that its network of partner relationships would make integrating Allure Security difficult and time-consuming. Although it had an internal web developer, the developer had limited and primary access to the website’s back end. The credit union feared integration would require coordination between multiple partners, with setbacks and delays along the way. The reality was quite the opposite.
The deployment of Allure Security solutions proved so easy that the credit union is confident it can move forward with other IT and digital footprint expansions. They know they can integrate Allure Security and protect their brand as they expand.
They partnered with Allure Security to search for, identify, and remove fake website and social media threats. Allure Security used an AI-powered solution with computer vision to scan the internet for brand spoofs in a way that mimics human interaction.
This allowed the recognition of brand imagery and catching spoofs that other solutions miss. Then, Allure Security’s veteran takedown team executed takedown campaigns for each spoof uncovered. Rather than sit back and wait, they performed as many follow-ups as necessary to remove the content as quickly as possible.
“There was always a little concern about the difficulty of deployment. That concern proved to be unfounded. The deployment went very quickly and smoothly.”
Results
Once deployed, Allure Security identified spoofs and impersonations of the credit union brand on the broader web. The credit union felt confident in its improved security posture and could begin integrating Zelle with its mobile apps.
Since then, Allure has identified, reported, and initiated takedowns of phishing campaigns exploiting the credit union’s brand. Credit unions have a straightforward and standard digital footprint. In addition to their website, Android and iOS apps are available in their respective app stores. If Allure Security finds anything beyond these instances, it can be confident that it is a spoof.
Identifying these attacks and risks allows for a simple, expedited takedown process. Allure Security notifies the internal cybersecurity engineer of the threat. The engineer either approves or declines the takedown, and the team at Allure sets to work.
With Zelle on their mobile apps and the proper security, the Florida credit union is well-positioned to offer an exceptional member experience.
