Sharing information can help credit unions fight off attacks.
Fraudsters continually reinvent themselves. Unfortunately, for financial institutions and the public, they do so with vigor, intelligence and expertise. For this month’s special report, we dug into best practices in fraud prevention, including the role of collaboration.
Strength in numbers of fraud fighters pooling resources to net criminals works well in the fight against localized fraud types, such as phishing or skimming.
“Credit unions are one of the most collaborative segments in the payments industry, and that’s a huge benefit to leverage,” observes Eric Kraus, business executive/fraud, risk and compliance solutions for FIS, a CUES Supplier member based in St. Petersburg, Florida. “There’s a member-driven purpose and openness to learning from each other’s successes and challenges. Often, an impacted credit union within a targeted geographic threat vector will reach out to others in the immediate area to provide early fraud warnings.
“For example, a couple of years ago, a group of organized criminals was hitting ATMs along a highway corridor on the East Coast, and several credit unions sounded the alarm proactively. We’re also seeing more data-sharing related to areas like negative customer databases to combat fraudulent account openings.”
FIS empowers collaboration among its clients through advisory councils and focus groups, annually bringing credit unions of all sizes together for strategic planning.
“These sessions include fraud and risk topics that focus on industry trends, best practice fundamentals, and emerging innovations to protect against threats,” says Kraus. FIS also hosts a quarterly fraud forum, where financial institutions from across the country come together to learn from fraud and risk experts, of emerging trends, and dive into key industry performance metrics. Credit unions have an opportunity to ask questions and seek guidance from the assembled experts and other participating credit unions.
Recent topics included a focus on emerging fraud trends in P2P and contactless payments.
“First-party fraud continues to plague the industry,” says Kraus. Card-not-present and ATM fraud trends are two other areas of focus.
This continual learning helps institutions from becoming too passive. “Take a defensive posture and understand your weaknesses,” he adds. “Assume you’re continually under threat because you more than likely are. Have a proactive plan so that you can quickly pivot if fraud occurs and your staff knows what to do.”
Responding to Fraudsters
“Since the adoption of EMV, credit unions have shifted their focus to the more innovative tactics of fraudsters not seen before,” notes Ashley Town, director/fraud services for CUES Supplier member CO-OP Financial Services, Rancho Cucamonga, California. “They also engage each other when new trends occur and work collectively on solutions for prevention.” She notes that CO-OP Financial Services hosts a monthly fraud webinar, Fraud Buzz, to assist. In these sessions, credit union participants and guest speakers from across the U.S. discuss industry fraud trends.
Local fraud collaboration forums are also extremely advantageous. “Often, we see fraudsters attack specific geographic areas utilizing the same fraud pattern,” says Town. “Here, having a network of local fraud contacts allows for proactive communication for those likely to be impacted and timely collaboration shortly after a fraud trend arises.”
A credit union doesn’t want to wait for a monthly call to notify industry peers, she adds. Instead, she recommends participating in a virtual fraud forum, such as an email group or online bulletin board “to alert colleagues and discuss trends promptly, allowing others to be on the lookout.”
Widening the Circle
Liz Little, fraud consultant for CUES Supplier member SHAZAM®, a debit and credit payment processor based in Des Moines, Iowa, sees the best outcomes when information is proactively shared. This doesn’t mean proprietary or internal procedures, but rather spotted trends or fraud. “This includes sharing with us (or your payments processor) any compromised card data,” she says. “We, in turn, share this with all members without naming the reporting financial institution.”
She also recommends a point person join a community fraud group comprised of law enforcement, postmaster generals, attorney generals and other key players. “Here, credit unions can share and glean information and stay united as an industry, pertinent because of rising fintech competitors that can take advantage of perceived weaknesses” and quickly develop products and services to serve (and potentially steal away) credit unions’ members.
Another key stakeholder is the member, notes David McClurg, product manager/digital for Shazam. “Consider that a typical credit union spends about 80% of its time talking to members about products and 20% on how it protects member data. By sharing your story and stressing security innovation with members, you create brand affinity.”
Kraus also sees some of the most vigorous collaboration in CUs’ member education efforts. “We’ve seen credit unions partner to provide consumer tips on phishing schemes, social engineering scams or tips on practicing strong cyber hygiene. The more you can educate and empower your members, the more likely they can help in the fight against fraud.”
Fraud prevention products—such as Brella™ (formerly known as SHAZAM® BOLT$™), SHAZAM’s card control app—also can bring members further into the fraud prevention circle. Using the member’s smartphone, Brella adds a layer of protection to card transactions by notifying the cardholder of potentially fraudulent activity.
“These products also remind members how hard you’re working for them, while transactions are monitored from a self-protection perspective, providing data-rich insights, which help the institution to prevent fraud at a macro level,” stresses McClurg.
Onsite crisis management training further promotes collaboration within the broader community. “In our skimming and card cloning presentation, for example, we use actual photos and videos to show how thieves set up these devices and steal from cardholders,” adds Little. “A live demonstration encourages interaction with community partners … including business owners and city officials.”
Fraudster sophistication is escalating, and the concept of collaboration needs to take on ever more meaning, says Jack Lynch, chief risk officer for CUESolutions provider PSCU, St. Petersburg, Florida, and president of CU Recovery.
“Only by working collectively can we combat movements on the dark web, such as the move from counterfeit card information to selling personal information, and other efforts by thieves,” Lynch explains. “It’s the combination of technology and data as well as our Linked Analysis product that makes a difference.”
He notes that PSCU’s contact center can detect a fraudster via voice printing. Here, an attempt is made to gather information from one credit union’s interaction with a suspected fraudster, then link it to that same phone number to gain information from another credit union.
“Without this data collaboration, a pattern would not be detected until it was too late to avoid a loss,” explains Lynch. Analyzing many points of data (including contact center, interactive voice response, online banking and card transactions), aids fraud detection.
There is also a need to tear down siloes internally, stresses Lynch. “Realize everyone within the credit union plays a role, from the front line to lending and new accounts. Develop a plan that incorporates all people and channels holistically—so collaboration is layered, and solutions are reviewed for the right fit.”
Another networking avenue is the members’ area of PSCU’s website, where member credit unions and the online community can follow fraud trends, attend monthly fraud webinars and pose questions to the community in real time.
It’s a process. And ultimately, says Lynch, technology can’t save any organization from a weak link in its system. “Collaboration includes people, processes and technology, and with a chink in one, all are susceptible. A credit union must ensure all parts are working together, using the same processes to prevent fraud.”
Well-informed employees are another advocate in the fight against fraud.
“Knowledge is power,” says Cynthia L. Carter, lead compliance officer for training company TRC Interactive, Inc., Harrisburg, Pennsylvania. “It involves many avenues of training—getting information to the people who can make a difference not only to their institution but also the people they serve.”
TRC Interactive provides various levels of training to financial institutions in the U.S., including its staff fraud training program (First Line of Defense™). “Ten interactive scenarios are provided quarterly to clients” through the program, explains Carter. “Using real-life scenarios, such as check-cashing or deposits with account screens and sample items processed, the front-line employee goes through the transaction as if the person were in front of them.”
Using interactive modules (not dialogue reading), the program illustrates how integral collaboration is to the process. “In any given week, we might have hundreds of conversations with financial institutions,” notes Carter. “Customers contact us to ask that we highlight a specific fraud situation they have experienced. While not traditional collaboration, a teller in Pennsylvania could be working his or her way through an interactive training scenario a teller in Texas experienced last month. While many resources are used to create scenarios, real-world examples are some of the most valuable.”
Carter has also learned it’s a mistake to see fraud as a once-and-done training situation: “Ensure information is in the hands of the people who interact with your members every day. Fraudsters are not waiting for a new idea to come to them. Financial institutions need to do everything they can to protect their institutions and the people who rely on them for their financial well-being.” cues icon
Stephanie Schwenn Sebring established and managed the marketing departments for three CUs and served in mentorship roles before launching her business. As owner of Fab Prose & Professional Writing, she assists CUs, industry suppliers and any company wanting great content and a clear brand voice. Follow her on Twitter @fabprose.