You've shored up your fraud defenses when it comes to screeningnew members, but no product or process is 100 percent“fraud-proof.” So why and how should you protect yourself from theones that get through your process?

These days, there are myriad ways for criminals to stealsomeone's identity: malware, phishing, smishing, social engineeringand even old-fashioned dumpster diving, to name but a few. Even thebest fraud protection systems find it a challenge to catch fraud atacquisition when the criminal has all of the victim's personaldetails or, even worse, a copy of the victim's credit report.

Although fraud investment and operational focus at the point ofapplication are relatively high, the recent FFIEC Supplement toAuthentication in an Internet Banking Environment pointed out that,since 2005, there have been significant changes in the threatlandscape for financial institutions. In addition, with the greaterthreats come concerns that the customer authentication methods andcontrols implemented in compliance with the FFIEC's originalguidance from 2005 have become less effective.

As a matter of common practice, credit unions now consistentlyauthenticate new members to ensure that they are truly who they saythey are and that no identity thieves get through. Inevitably, somedo. Combine these potential fraud losses with those from existingaccount fraud (i.e., account takeover and identity theft), and thenumbers are staggering.

According to Javelin Strategy & Research, $17 billion inidentity fraud occurred last year in the United States on accountsopened using stolen identities. In addition, they estimated another$20 billion in fraud losses associated with existing accounts.Speaking of account takeovers of member accounts, the onlineenvironment is particularly vulnerable. The recent FFIEC Supplementcites that fraudsters are responsible for losses of hundreds ofmillions of dollars resulting from online account takeovers andunauthorized funds transfers.

Given the trend toward reduced or zero liability for consumervictims of fraud, even with debit cards, the cost burden for creditunions continues to grow. The good news is that newer technologies,data sources and scoring approaches now make it possible toidentify fraud risk in the “early life” of a new memberaccount.

Data and analytics designed to assess the risk of a newly openedaccount, as well as the risk of account takeover or compromise ofexisting accounts, can be useful weapons in the fight against postacquisition fraud. Risk associated with an account and identityoften may be different just days later than it was when the accountwas opened, or a higher level of risk was present at the time ofaccount opening but was less “detectable” given that lessinformation about those identity activities was available at thetime.

Taking a score-based or analytical approach to early-life andexisting account fraud management can help credit unions:

• Quickly detect fraud and lower their average fraud losses peraccount. Predictive scores generally outperform more binary rulesand checks associated with transactions and identity elementverification.
• Improve operational efficiency by allocating the finite amountof resources at a credit union to truly high-risk accounts whileleaving lower-risk accounts to continue transacting withoutdisruption.
• Reduce costs by employing lower-cost automated scores versushigher-cost documentary reviews and phone interactions withmembers.
• Maintain member satisfaction as a result of less intrusion andinterruption of service unless truly warranted by a risk offraud.

According to George Tubin, senior research director atTowerGroup, manually reviewing accounts to detect fraud can betime-consuming and resource-intensive, especially for organizationswith limited resources.

Credit unions should seek out products and services thatautomate the review process to help reviewers identify high-riskaccounts more quickly and accurately with fewer false positives.This leads to improved productivity, higher customer service levelsand faster return on investment.

As the dust settles from recent economic challenges, creditunions may now be expanding their addressable markets moreaggressively, loosening credit policies, and adding new memberaccess channels via online services and mobile applications.Incorporated use of these access points quite often outpaces theimplementation of appropriate cyber security and identity riskprevention strategies.

For a stakeholder in a credit union — or any financialinstitution, for that matter — it is imperative that strategicenergies be as focused on risk management of early-life andexisting accounts as they are on application processing andscreening. In doing so, credit unions will find opportunity inmaintaining happy members while mitigating fraud losses at allpoints in the customer life cycle.

KeirBreitenfeld is a senior director of product management andmarketing for Experian's Decision Analytics business unit.