Fighting increasingly sophisticated forms of fraud and complying with increasingly stringent Federal Financial Institutions Examination Council guidelines can be daunting challenges for credit unions, especially with members flocking to online and mobile services.
As part of a four-year strategic plan to strengthen security, The Summit Federal Credit Union in Rochester, N.Y., was searching for a cost-effective, user-friendly solution to meet FFIEC guidelines and protect its 75,000 members, including about 25,000 online banking users and 10,000 mobile users.
“Safeguarding our members’ personal information and accounts is a top priority, and we take all FFIEC guidelines very seriously, which is why The Summit Federal Credit Union always strives for the highest level of security and believes strongly in investing to protect all members, whether they conduct transactions in person, on the Internet or via a smartphone,” said Jeff Vieira, senior information technology manager for The Summit FCU.
Vieira said the $690 million New York credit union has implemented an automated transaction monitoring and anomaly detection solution from Mountain View, Calif.-based Guardian Analytics, a provider of behavior-based fraud prevention and SaaS solutions for more than 250 financial institutions.
Using Guardian Analytics’ behavior-based anomaly detection solutions, FraudMAP Online and FraudMAP Mobile, The Summit FCU said it now can monitor all user activity— from login to logout— across all online and mobile banking platforms. Not only does the system transparently and proactively protect members by identifying suspicious activity, Vieira said, it also simplifies the FFIEC audit process.
By monitoring transactions, customer behavior patterns, account activity and access to administrative functions, Vieira said, the CU can spot anomalies, halt suspicious transfers and pinpoint security vulnerabilities.
Now The Summit FCU proactively reaches out to members when suspicious activity is identified that appears outside the member’s normal behavior – such as when an account is accessed from an unusual location or a bill pay is set up for a new payee.
“We now have a key strategic advantage over fraudsters – knowledge of members’ behavior and the ability to detect anomalous activities and unusual transactions at the individual account holder level,” Vieira added.
“Plus, going through the FFIEC audits has been a lot easier. With Guardian Analytics’ solutions such as FraudMAP in our corner, we know we’re always prepared for audits. We can give auditors a live demonstration of FraudMAP or even provide logs, if needed. Meeting FFIEC guidelines and not having to worry about audits are great benefits of FraudMAP,” Vieira said.
Selecting the best solution wasn’t easy, Vieira said, with so many new fraud prevention products and services entering the marketplace. Like other CUs of their size, he said, The Summit FCU needed a solution with low operational impact that did not require additional resources to train employees or manage the system. Plus, the CU wanted to streamline the FFIEC audit process.
For The Summit FCU, he said, FraudMAP provides these benefits:
*Delivers an efficient means to conform to FFIEC guidance *Defends against the growing variety and sophistication of fraud threats across multiple end points *Maintains an appropriate balance between ease of use and providing a high level of fraud prevention *Protects all online and mobile banking users transparently with no change to their banking process *Identifies suspicious activity proactively – instead of waiting for a fraudulent transfer to happen * Minimizes fraud risk on future solutions like P2P and remote deposit capture.
With Guardian, FFIEC audits have become “significantly easier” for Summit, Vieira said, and the credit union now has more time to focus on launching new products and services such as P2P and electronic check image deposits to further improve customer service, efficiency and profitability.
Taking a proactive approach to security is a wise move, according to fraud prevention experts. Unfortunately, a recent study revealed that many CUs have not implemented adequate safeguards such as transaction monitoring.
The vast majority of financial institutions surveyed for the 2012 State of Cybercrime Study have a “bare minimum” of security precautions in place, according to ThreatMetrix, a San Jose, Calif.-based company focused on cyber crime.
To combat crime, experts say, credit unions must implement multiple layers of security and solutions such as transaction monitoring and anomaly detection.
“In today’s world, it’s not enough to look at the current attack vectors,” said Andreas Baumhof, chief technology officer for ThreatMetrix. “The bad guys are moving very fast – we need to move towards more of a holistic view of cybercrime and how to prevent it.”