Even credit unions that have made recent investments in preventive technologies and offer robust fraud education for members and employees can benefit from learning what risks other financial institutions face.
Doing so informs credit unions about the defenses they should employ, says Idrees Rafiq Jr., vice president, IT consulting, for Cornerstone Resources.
If, for example, area institutions report “vishing” scams, whereby fraudsters make random calls to consumers with caller ID showing the name of a particular credit union to elicit login credentials or other personal information, you may want to post a warning on your own website, Rafiq says.
Michigan State University Federal Credit Union in East Lansing embraces this approach. It’s part of a local group of financial institutions and law enforcement agencies that aims to reduce fraud, says Deidre Davis, chief marketing officer at the $6.3 billion asset credit union.
“It’s great to see the collaboration,” she says. “Together we all become more effective at preventing fraud.”
Core processing vendors also provide a window into trends, says Sheilah Montgomery, CEO of $26 million asset FAMU Federal Credit Union in Tallahassee, Fla. Although vendors can’t share specifics about other institutions, “they communicate to us if there are threats out there,” she says.
It’s also important to monitor member transactions, Davis says. For example, if the credit union’s call center receives two calls within hours from members saying their credit card has a charge they didn’t make, that will be reported to the credit union’s card department to quickly investigate.
The call center is the first line of defense at $227 million asset Texoma Community Credit Union in Wichita Falls, Texas, says Chris Hansard, information technology manager. “Our call center is trained to be on the lookout for anything unusual.”
One truth holds true when it comes to fraud: Scammers seize on every available opportunity. For instance, while the pandemic accelerated credit union digital offerings and adoption, it created just as many opportunities for fraudsters, according to the Financial Crimes Enforcement Network (FinCEN).
The agency reports a jump in “Suspicious Receipt of Government Payments/Benefits” from 380 in 2019 to 14,509 in 2020.
The increase in the adoption of mobile and online services during the past 18 months is likely to continue, and digital channels “increase the inherent risk by way of increasing the attack surface,” says Miguel Hablutzel, vice president of strategy at SilverSky, a CUNA Strategic Services alliance provider.
Some members will always be vulnerable to romance, and the sense of detachment the pandemic has created for many has fed a new fraud trend as well, according to Michael Barry, chief information officer at $1.2 billion asset Gulf Coast Educators Federal Credit Union in Pasadena, Texas.
Barry provides an example where the victim fell to someone’s profession of love and responded to pleas to send money. “Unfortunately, there are always people who are vulnerable to this,” he says.
Another threat that arose during the pandemic were “money mule” scams. Members received messages that they won money or landed a job but had to transfer some of the prize money or salary that landed in their account erroneously. Barry says these scams may abate as the economy strengthens.
A major threat enabled by digital infrastructure is account takeover, says Andrew Corbett, senior presales consultant at NICE Actimize. As the name implies, an account takeover involves crooks obtaining login credentials through various means and then taking control of the member’s account.
With such access, they can transfer funds to themselves, gain access to additional accounts, and even open new accounts.
Corbett estimates the 2,978 reports of account takeovers at credit unions in 2020 represent just 10% of the actual total.
“By its very nature, account takeover isn’t seen in real time, and institutions often don’t have all the information needed to file a report after its discovery,” he says.
One longtime concern, credit and debit card fraud, has grown even more insidious, with a vast underground network of websites offering card numbers for sale, according to Rafiq.
He says an army of crooks exists who supply these sites with valid card numbers by skimming ATMs or embedding malware within online shopping sites.
Another type of fraud garnering headlines is ransomware, a malicious software that prevents organizations from accessing their data. As the name implies, scammers then demand a ransom to unlock the data.
“No type of business can ignore ransomware,” says Hansard, noting that while many of these attacks draw media coverage, many go unreported.
If crooks gain entry into a credit union, they could wreak two types of damage: shutting down operations and seizing member information, he adds.
Scammers also steal identities in multiple ways, from scraping identifying information people unwittingly leave on social media to phishing and vishing scams. They use that false identification to commit account takeovers and other fraud.
NEXT: Defensive measures