EXTENDED COVERAGE | YS Credit Union suffers massive fraud attack
- Published: September 28, 2022
The Yellow Springs Federal Credit Union recently became one of many targets of a widespread debit card-based fraud attack.
Of the local credit union’s 2,000 person membership, 161 card-holding members were affected by the attack as of Monday, Sept. 19.
YSCU CEO Sandy Hollenberg told the News in an interview earlier this week that the attempted fraudulent transactions made on member debit cards totaled over $35,400 as of Sept. 19.
Hollenberg said the credit union was able to prevent nearly 70% of those fraud attempts, with over $10,000 posted to member checking accounts. Debit card charges ranged from a couple dollars to several thousand dollars.
According to Hollenberg, she and the five-person staff at the credit union have spent the last three weeks ensuring that all members affected do not suffer any financial loss to their checking accounts. Compromised cards have been closed, and replacements have been issued.
“Every dollar of fraud has already been posted to member accounts or is in the process of being credited,” Hollenberg said. “No member involved in this situation will have a single outstanding penny.”
Hollenberg said the attack, which began slowly and incrementally at the beginning of September, did not target members’ saving accounts or any personal information such as names, social security accounts or addresses.
“This was not a case of identity theft,” Hollenberg said. “No member data has been stolen by these fraudsters.”
Hollenberg identified this spate of fraud as a “brute-force attack” coming from an external source.
This type of fraud involves algorithmically generating debit card numbers en masse and attempting to make small online purchases until a transaction goes through. Once the fraudsters snag a match to the randomly guessed debit card number, fraudsters will then begin making larger purchases until noticed.
This wave of attacks not only affected the Yellow Springs Credit Union, but also financial institutions across the country and internationally, though Hollenbeg said the exact number of institutions impacted remains unclear.
“This is not specific to us,” Hollenberg said. “All the appropriate blocks are in place. It’s no fault of our systems, our employees, our board of directors or our vendors.”
She said the fraud investigation department in the credit union’s external processing company, which Hollenberg declined to name for liability reasons, identified Russia as the likely source for this attack. Having made this determination by tracing IP addresses and observing patterns among the fraudulent transactions, the credit union’s processing company has put a temporary block on all YSCU debit card transactions made in and coming from Russia. The duration of this block remains uncertain.
Hollenberg added that the fraudsters could potentially hail from other countries, and that additional countrywide blocks may be added as more information becomes available from the ongoing investigations.
In addition to those geographical blocks, YSCU and the other affected financial institutions have placed blocks on the merchants where the fraudulent charges were made. Hollenberg said that while the number of those merchants was too high to determine, many of them were clothing and jewelry stores. The duration of those blocks is also unclear.
In the meantime, the Yellow Springs Credit Union employees are continuing to monitor member accounts — approving or disapproving every individual debit card transaction made with a YSCU card. But as Hollenberg said, she and the credit union staff members have begun to see a decrease in the number of daily fraudulent charges since the attack first began over three weeks ago.
In addition to monitoring individual accounts, YSCU staff have been working longer hours to make sure affected members have access to their accounts and are not without their money. In many cases, that means issuing provisional credit while the fraud department evaluates the legitimacy of the claims.
Hollenberg said the issuing of provisional credit typically follows an extended investigation process that lasts several days. In this instance, though, provisional credit has been posted to member accounts within 24 hours of the discovery of fraudulent charges. As of Sept. 19, YSCU had issued out $13,855 in provisional credit, with a portion of that covering fees for late bill payments members were unable to make when their account balances were in flux.
“No questions asked,” Hollenberg said. “We’re taking full liability for [that provisional credit]. We’re making members’ accounts whole in every regard.”
As a chartered credit union under the National Credit Union Administration, or NCUA, the Yellow Springs Credit Union may eventually receive federal assistance to cover costs the credit union incurred in replenishing member accounts.
“The NCUA regulates, audits and insures us,” Hollenberg explained. “We don’t have any insurance claims filed yet, but once we know the extent of our loss, then we’ll submit a claim. [The NCUA] will reimburse us what we’ve lost from the incident — which, for us, will cover the provisional credit.”
Villagers impacted
Over the last week, the News spoke with several local residents whose debit cards had been compromised. Although the monetary amounts of the fraudulent charges varied from individual to individual, they each shared a similar degree of frustration and confusion.
“I’ve had an account [at YSCU] since I was a little kid with a paper route,” Travis Hotaling told the News. “Now, I’m very much leaning towards switching banks. It’s been just such a hassle with all the direct deposits and withdrawals.”
Hotaling said at least four fraudulent charges, ranging from $100 to $300, had been taken from his personal checking account. He said that at the beginning of the attack, he took some solace in knowing he had money in his savings account to fall back on.
“But then an overdraft protection kicked in and sent about $300 into my checking from my savings, which was then promptly also taken,” Hotaling said.
At least one of the fraudulent charges made using Hotaling’s compromised debit card number went to a pillow and mattress store in Minneapolis, Minn., called Lagoon Sleep.
At the time of the interview, Hotaling said his money had only been partially restored.
Former villager Matt Moon contacted the News via email to share his experience. Now living in Fairhope, Ala., but still banking with YSCU, Moon said he was tipped off to the situation by a Facebook post Hotaling made in a local discussion board.
“Last week, my wife let me know that thousands of dollars had been fraudulently charged to our account,” Moon said in his email. “Who tipped her off? Not YSCU — they never, ever contacted us to let us know what was going on. It was from Facebook.”
Longtime villager Pam Funderberg, who’s banked with YSCU since 1975, had a similar experience. She said once her business account had been drained entirely, money from her personal account was automatically withdrawn to cover the overdraft.
“In the past, I would have been notified right away,” Funderberg said. “They’d send something in the mail, give you a call — something. If I hadn’t asked my teller about my accounts, I wouldn’t have known what was going on.”
Fraudulent charges from Funderberg’s account were made at the online supplement retailer Nordic Naturals, the apparel company Fashion Nova and several other clothing companies.
In reconciling her situation, Funderberg said she felt dismayed by the newness of the staff at the credit union. Whereas she once knew every employee by name and had a personalized experience when banking, she said she no longer recognizes the YSCU staff.
According to Hollenberg, maintaining a full roster of employees has been difficult since the early days of the COVID-19 pandemic.
“I hate the fact that we’ve had such high turnover, but I can only deal with the things in my power,” Hollenberg told the News. “The broader labor shortage in our country is not something in my control.”
Although Hollenberg was unable to say how many employees the credit union has lost and gained over the last three years, she said some staffing arrangements had recently been made to bolster the credit union’s focus on customer service.
Another issue in dealing with member complaints Hollenberg pointed to was a downed phone system at the credit union during two of the earliest days of the attack. Hollenberg said that because of an AT&T glitch, YSCU was unable to receive any incoming calls from members who might have wanted to address any fraudulent charge they may have noticed.
Since then, phone lines have been restored and Hollenberg said she and her staff have done what they can to contact all affected members.
“We don’t have the budget of a larger financial institution, but what we can offer is a commitment to always trying to improve our quality of service,” Hollenberg said. “We obviously care about the village. We’re here because we love what we do and where we do it.”
Villager Carol Cottom said this is the second time she’s experienced a fraud attack since she first started banking with the Yellow Springs Credit Union 39 years ago.
“My card was compromised just a few days before we were leaving on vacation, so I did not have an ATM card to take with me. Very inconvenient,” Cottom said. “I think their response may not have been great as the number of issues increased, but overall, [their] service is good.”
Because of that, Cottom said she plans to continue banking with YSCU.
Hollenberg said she doesn’t believe the credit union has lost any members owing to the fraud attack.
“But I have heard talk about it,” she added.
Hollenberg emphasized the importance of members who believe they were affected by the ongoing fraudulent charges to contact the Yellow Springs Credit Union immediately. The credit union can be reached by email at yscuinfo@yscu.org, or at 937-767-7377. It is open 9 a.m.–5 p.m. Monday–Friday, and 9 a.m.–noon Saturday.
The Yellow Springs News encourages respectful discussion of this article.
You must login to post a comment.
Don't have a login? Register for a free YSNews.com account.
No comments yet for this article.