Systems/Technology
Credit unions use data processing systems to store and process member data and accounting records. Secure access to these systems helps minimize the risk of cyber-enabled fraud.
A prudent credit union:
-
Protects systems with strong password and access control methods
-
Requires each employee to have their own profile, username, and password or token to establish an accurate audit trail for all transactions
-
Provides staff with training to help them understand the importance of keeping information and systems secure
Ideally, credit unions will establish system parameters to limit staff access to system functions related to their job responsibilities. Systems can be set up to require dual control or supervisor approval for certain transactions (for example, large-dollar transactions, transactions on dormant accounts, or insider account transactions).
A strong supervisory committee or internal audit function regularly reviews the system parameters for each employee to verify all access is appropriate and related to their current job responsibilities.
Additional information can be found on the NCUA’s Fraud Prevention Resources page, the Information Technology section of the Examiner’s Guide, and on the NCUA’s Cybersecurity Resources page.
Last updated on May 01, 2023