12:50 am
March 3, 2022
Stuff like this is bad through and through on a larger scale, and will get worse.
The smaller FIs cannot catch up (given their fewer resources) to digital security when even big ones aren't safe (even given their almost unlimited resources.)
So the smaller FIs need to attract customers by offering higher rates (and hope security is lesser of a concern to those customers.)
It's a vicious cycle... where customers chase rates, and ultimately discover the vulnerabilities and risks of doing so. As a result customers see the big banks as safer havens. Which in turn makes the big banks realize that they can get away by giving less rates because their security is perceived to be higher...
I think one of the solutions is that data retention laws need to be strengthened much more than now, if security cannot be guaranteed (which it cannot, hackers will hack whatever is there.)
So when we close accounts, our data must be wiped cleaned and FIs audited regularly by the regulator to ensure it is. And even while we have accounts, only the minimum requirements of data to keep the accounts in good condition should be mandated and maintained, not so much as now (as FIs are getting bolder and bolder in requiring more and more personal information, and more worryingly, sharing it with so many other players.)
1:35 am
April 14, 2021
iotama said
I think one of the solutions is that data retention laws need to be strengthened much more than now, if security cannot be guaranteed (which it cannot, hackers will hack whatever is there.)So when we close accounts, our data must be wiped cleaned and FIs audited regularly by the regulator to ensure it is. And even while we have accounts, only the minimum requirements of data to keep the accounts in good condition should be mandated and maintained, not so much as now (as FIs are getting bolder and bolder in requiring more and more personal information, and more worryingly, sharing it with so many other players.)
There simply is not much financial penalty against institutions for loss of personal data. If the same penalties were applied against data as for dollar amounts, you can bet your house that the FIs would take immediate action. Until such time, little will be done to secure personal data.
The amount of personal info demanded varies greatly between institutions. Some demand pictures to be scanned, others demand in-person visits. I personally avoid some FIs I find to be too onerous. When Tang demanded I scan my driver's licence in order to change eFT linkages, I refused. I did not need to do so when opening the account and I will not do so, now. Thus, I am forced to use other FIs to transfer money.
4:55 am
March 30, 2017
canadian.100 said
FastJonny said
I was expecting to find it in the news.I was expecting that DUCA would issue a communication to clients on this. (Perhaps then the press would have picked it up.)
I remember when WealthOne Bank sent a communication a few years ago as did Peoples Trust about 10 years ago when they had some intrusion.
I would think they need to or should too. At the minimum, should ask ALL clients to change their passwords and make it mandatory to activate 2-factor verification immediately or wont be able to access account at all.
Re data security, isnt it true CU does not have as stringent a capital requirement as Sch A banks, let alone the requirement for IT security ?
Luckily I have no money in the account at the time the incident happened.
6:31 am
December 7, 2022
canadian.100 said
Do u notice now when u call into DUCA, the agent asks many questions to validate u. They sure have greatly increased security since the fraud which is under investigation. Would be interesting to know the extent of this fraud. DUCA probably does not want to disclose. I asked and the agent evaded giving much of an answer.
I spoke to a CSR at DUCA yesterday. According to her at least, the outage was directly related to some upgrades that glitched when they were pushed.
6:56 am
September 7, 2018
deflating_of_inflation said
I spoke to a CSR at DUCA yesterday. According to her at least, the outage was directly related to some upgrades that glitched when they were pushed.
Probably the "2 Step Verification" which they implemented starting mid November. Too late for those of us whose DUCA accounts were defrauded just before.
DUCA (to me) is a clunky Credit Union. Certainly reinforces why most people still deal with the Big Banks. While the Big Banks are not perfect - still much better systems than the clunky CUs orgs like DUCA, Meridian and Motus, Tandia, Saven, Luminus, etc.
4:51 am
September 7, 2018
whynot said
I also visited a Duca Office yesterday morning , and no one seemed to know anything. Told me the outage was directly related to the upgrade. They seemed genuinely surprised at the news of the illegal transfers.
DUCA Member Connect 1-888-900-3822 can confirm the frauds occurred and an investigation is ongoing. Unless perhaps DUCA wants to avoid any publicity so employees are told to “express surprise” if someone asks.
5:06 am
March 30, 2017
canadian.100 said
DUCA Member Connect 1-888-900-3822 can confirm the frauds occurred and an investigation is ongoing. Unless perhaps DUCA wants to avoid any publicity so
employees are told to “express surprise” if someone asks.
it could be its not a wide spread fraud as in not a massive hack of any kind.
If its not a hack, they prob dont have to officially announce the news to anyone including staff.
5:26 am
September 7, 2018
savemoresaveoften said
it could be its not a wide spread fraud as in not a massive hack of any kind.
If its not a hack, they prob dont have to officially announce the news to anyone including staff.
Sure could be it was not widespread. The DUCA agent would not give me any info on the extent when I asked - except that he said that there were "a lot" of occurrences same day (almost a month ago) as I was affected. So I do not know "the extent".
6:31 am
March 3, 2022
I find it interesting that the official spiel is presenting it as a "glitch" and "outage" during some "update" being made.
Almost like ensuring that the public's outtake should be "it was an error which only happened because we were trying to strengthen your security"... and not someone hacking into, or defrauding deliberately (thus potentially far more serious implications for the institution.)
I am NOT saying that a glitch/outage is not what happened. It very well may have been just an unintentional error, not malicious at all. But not issuing a clear statement will only lead to more speculation, and more importantly a dent in confidence.
8:27 am
February 7, 2019
10:56 am
December 7, 2022
iotama said
I find it interesting that the official spiel is presenting it as a "glitch" and "outage" during some "update" being made.Almost like ensuring that the public's outtake should be "it was an error which only happened because we were trying to strengthen your security"... and not someone hacking into, or defrauding deliberately (thus potentially far more serious implications for the institution.)
I am NOT saying that a glitch/outage is not what happened. It very well may have been just an unintentional error, not malicious at all. But not issuing a clear statement will only lead to more speculation, and more importantly a dent in confidence.
Many here were speculating the outage was a direct result of what happened with at least the OP. My call to them yielded that the outage was actually not related to a fraud event, but a glitch as part of their upgrades. I don't think any poster here can prove otherwise and that this event was sufficiently widespread where DUCA needed to provide a statement. Server outages can and do happen during data migration, upgrades, etc, so their "spiel" is in line. And further in line is the DUCA email on the subject referring to "working with our banking system provider" to restore the outage.
11:28 am
December 1, 2022
6:44 am
September 7, 2018
canadian.100 said
DUCA had a number of fraud occurrences on Nov 14 - funds taken from what I understand a fair number of savers' accounts - specifically a problem with their Interac e-transfer system. An investigation is apparently to take place.
So after about six weeks now, I have been advised by DUCA that an investigation is apparently now in progress by Police Services Fraud section and that it will likely take a "long" time before my money is returned to me. Presume the other affected DUCA depositors are in the same boat. I have found it very difficult to get any information from DUCA - they are polite but evasive. I suppose they do not really want to talk about this fraud and how the crook(s) got into a number of accounts at DUCA.
7:28 am
March 30, 2017
canadian.100 said
So after about six weeks now, I have been advised by DUCA that an investigation is apparently now in progress by Police Services Fraud section and that it will likely take a "long" time before my money is returned to me. Presume the other affected DUCA depositors are in the same boat. I have found it very difficult to get any information from DUCA - they are polite but evasive. I suppose they do not really want to talk about this fraud and how the crook(s) got into a number of accounts at DUCA.
just for our reference, it was an unauthorized log in and then a EFT out ? Can they trace it to app or desktop access on the unauthorized log in ?
7:59 am
September 7, 2018
savemoresaveoften said
just for our reference, it was an unauthorized log in and then a EFT out ? Can they trace it to app or desktop access on the unauthorized log in ?
1. Yes it was an unauthorized log in and an INTERAC e-transfer out.
2. I do not know what tracing (to app or desktop) they are doing. I have not been provided with that info.
8:02 am
March 30, 2017
canadian.100 said
1. Yes it was an unauthorized log in and an INTERAC e-transfer out.
2. I do not know what tracing (to app or desktop) they can or are doing. I have not been provided with that info.
Thanks for sharing.
It makes me wonder for accounts that one uses purely for savings and not a regular account for transaction, is it possible to disable the EFT feature completely ?
9:36 am
September 24, 2019
I e-mailed GIC direct yesterday to inquire about all their GIC rates and Monarch Wealth e-mailed back. They said all their rates are with DUCA. To get the best rates for the most part you'd have to put in $50-$100K. With $25K the rates dropped a bit. Anyway, I didn't text back and I deleted their e-mail.
12:49 pm
October 21, 2013
I'm sorry this happened
Not sure why it is taking so long to reimburse If it's true that there are several victims, then it's not due to member error.
I guess the next question is whether it was an issue at DUCA's end or with the interac system (which all or most FIs use), and that is probably what is being investigated and what they don't yet know who is responsible for reimbursement. If DUCA takes the initiative to reimburse, it could look like they are accepting responsibility for something that may not have been their issue per se. Sounds very complicated but somebody somewhere has money they aren't entitled to.
We have not had any problems but we rarely use interac and never at DUCA.
Please write your comments in the forum.