With the advancement of digital technology and influx of places people store their money and information, there have never been more ways for fraudsters to attack. Credit unions must adapt and progress their fraud prevention methods at the same rate in order to keep their members’ accounts safe.
According to Javelin, there was $52 billion in identity fraud losses in the U.S. in 2021. Furthermore, fraud attempts doubled in recent years, increasing from $317.3 million in 2018 to $638.6 million in 2020 and $637.2 million in 2021, while there was a 58% increase in account takeover attacks in May 2022 alone.
“These are some really powerful numbers,” says Fiserv Vice President of Product Patti Reid, who hosted a session Thursday at the 2022 CUNA Operations & Member Experience Council and CUNA Technology Council Conference in Las Vegas. “There’s a problem.”
There’s no easy way to solve the entire problem, but Reid says credit unions can use member data to combat against fraud. Credit unions naturally have significant information about each of their members. Does a certain member pick up coffee every day on their way to work? Have they changed their PIN number recently? Do they regularly pay for a certain utility on a peer-to-peer payment application?
Each of these bits of data can be used to put together a 360-degree view of a member. If the credit union notices anomalies in the member’s behavior, it could set off alarm bells that prevent potential fraud.
Successfully using that information to combat fraud requires having a system that allows the credit union to gather data across all channels to put together that 360-degree view. The best platforms can mesh all credit union channels, including ATMs, mobile apps, websites, call centers, and point of sale, with all types of payment, such as debit cards, credit cards, wires, ACH, and bill pay.
“Detecting identity fraud requires a comprehensive, layered approach,” Reid says, noting that Fiserv’s product AuthHub creates a unique member profile, generates member scores, and offers recommendations for decisioning. “Connected intelligence leads to more informed decisioning. You need to have those systems talking to each other and having a holistic view.
“Fraudsters attack fast,” she continues. “If you can inform your contact center that the mobile app is seeing fraud, you’re going to stop a lot of authentication fraud and stop a lot of that downstream fraud.”
Identity fraud can carry far downstream. An AITE-Novarica Group survey found that, in 2021, fraudsters’ most common activities performed after account takeover were making fraudulent credit card transactions (43%), using a peer-to-peer service to move funds out of the account (25%), changing the account’s contact information (24%), purchasing items on the internet with a card stored on file (18%), transferring funds with bill pay or ACH (17%), sending a wire transfer (17%), ordering checks (9%), using loyalty reward points to travel (9%), and using reward points to make purchases (9%).
That leaves the member feeling fear, loss, doubt, and frustration. From a credit union perspective, a Javelin study found that 42% of members leave their credit unions after account takeover happens.
One of the best methods to prevent any of those negative affects is education—for members and employees.
“This is critically important. Educate members about account identification and identity theft. And do it frequently,” Reid says, noting there are many available resources. “Members need to be reminded of common examples of emotional tactics and techniques. Remind them what the experience should be like when you have fraud on your account. And we’re supposed to be experts at these things as employees, so make sure we’re educating ourselves and our associates on the best practices.”
Reid also suggests credit unions combat fraud by monitoring member behavior and looking for abnormalities, adding stronger authentication methods, increasing targeted friction to make attacks more time-consuming for fraudsters, and encourage members to set up alerts so that they are notified when anything happens with their accounts.