Protecting your members and reducing your risk requires executing a sound fraud-fighting strategy, starting with a holistic playbook.
Sponsored by FIS
Businesses make advances in the fight against fraud, and then a billion new personal identity records get stolen, adding more fuel to the fire. This happened in 2018, according to Threatmatrix, and it signals continuing peril ahead.
One fallout of these large breaches is rising synthetic identity, but that’s just scratching the surface. Fraud is shifting online and to mobile, mirroring where consumers are shopping and how they are connecting. As bankers employ artificial intelligence for defense, fraudsters use AI to create smarter attack bots. Social engineering attacks defraud thousands of consumers who move their money into fraudsters’ accounts for “safe keeping.” And, an increasing number of contact points through the Internet of Things and social media paves the way for fraudsters to further game your members.
Protecting your members and reducing your risk requires executing a sound fraud-fighting strategy, starting with a holistic playbook. These five tactics represent key building blocks in creating a successful playbook.
Tactic 1: Identify your weakest points of defense.
Keep asking such questions as: What in your onboarding process leaves you vulnerable to synthetic identity fraud? From where is your card fraud stemming? What social engineering schemes put your employees and members at risk? Do you sufficiently monitor your social media presence and online domain?
Tactic 2: Harness your data to identify trends quickly.
Define a data strategy that enables reconciliation of front- and back-office data to identify where gaps in the system allow for fraud—for example, authorizations, chargebacks and disputes. Look for indicators of social engineering and account takeover attacks at key points of contact. Use machine learning to red flag suspicious behavior.
Tactic 3: Layer your defenses.
Establish business rules to manage the amount of risk you’re willing to take, and work with third parties to incorporate additional data to pre-empt fraudulent card use. Consider employing risk-based authentication tools, such as 3-D Secure 2.0, that reduce risk in the e-commerce channel. Employ a robust cyber-monitoring program to detect potential malware and unauthorized penetration of your networks. Formalize a social media and online domain monitoring system to protect your brand integrity.
Tactic 4: Enlist and educate members and employees.
Let your members know what your credit union will and will not ask for. Educate members at all points of contact. Require the use of strong passwords and dual authentication. Empower your members with alerts, notifications and card controls. Conduct phishing tests with employees and train call center employees to identify suspicious requests.
Tactic 5: Collaborate with other credit unions and partners to identify risks sooner.
Fraud prevention increasingly relies on timely information-sharing among association members and with partners. Enlist your vendors in identifying potential weak points in your defenses and recommending solutions to fill the gaps.
Eric Kraus is VP/fraud management for FIS, Jacksonville, Florida.