‘Knowing Your Member’ a Smart Defense Against Fraud
Credit unions are just as susceptible to fraud as traditional banks – especially given changing habits and practices by credit unions and members alike. Between the push to digital banking and the relaxing of membership requirements, today's credit union is not your parents’ credit union. Member access to digital channels – increasingly the “price of entry” for all financial institutions – is an important component of member relations and a vital way for credit unions to establish and maintain a strong connection with members.
But navigating new ways of doing business, while simultaneously detecting and eradicating new forms of fraud, is critical for credit unions. These organizations must account for the increased levels of account takeover and other forms of identity-based fraud that come with the move to digital channels – and be aware of how their commitment to high-quality customer service can actually put them at more risk when it comes to identity-based fraud.
While identity thieves have been taking pot shots at consumers and the financial services industry for the past 20 years, today's fraudsters are highly organized and have essentially weaponized stockpiles of stolen personal data. Changing consumer banking habits are likely having a major impact on fraud. As consumer relationships with financial institutions become increasingly digital, fraudsters are using consumers’ own personal information to take over and drain accounts.
‘High Touch’ Becomes More Difficult in the Digital Age
It's been a tradition for credit unions to take pride in knowing their members; after all, membership is restricted to members sharing a common bond, such as working at the same company or living in a well-defined community. Today, relaxing membership requirements has helped credit unions grow. But this expansion – coupled with the rise of mobile banking – is widening the gulf between the credit union and its members, and even threatens to erode the trust that members place in credit unions.
The point to remember is: Traditional relationship management – knowing your members – is increasingly difficult. Essentially, not knowing your members like in the old days creates a much higher risk for account takeover. In this day and digital age, “knowing your member” becomes less about a face-to-face, personal relationship and more about understanding (and codifying) habits and preferences – especially when it comes to fraud detection and prevention.
Blurred Lines Between Public and Private Data
In 2016 alone, nearly 2,000 reported data breaches left 36 million identities exposed, but it's not just hacking that makes members’ personal information vulnerable. In the past, scammers relied on publicly available information – such as a telephone book – while today's fraudsters have new weapons to obtain even the most private information.
With so much personal data available on the black market, updates to the consumer profile – such as mailing address, telephone number and email address – need to be scrutinized because these non-monetary changes to the account can be a leading indicator that fraud is happening. Yet, distinguishing legitimate, consumer-authorized changes from fraudulent activity can be difficult, and can potentially affect the consumer experience. It's a tough balancing act for credit unions to protect their institutions while keeping member friction low.
Fraud schemes are increasingly sophisticated and organized, and data breaches make credit unions vulnerable – even if they have not yet experienced account takeover fraud losses. Even more alarming is the fact that branch managers and information security professionals may not even know that fraud is happening until it's too late.
Here's how a typical scam works:
Step 1: Obtain Personal Information
This step is often accomplished through malware, ransomware or data breaches, or even through unsecured sources, such as social media and other public records. Criminals can also “sweet talk” customer service representatives – who think they are helping the legitimate credit union member – into relaxing security protocols and divulging personal information. This first step in the scheme represents the opportunity funnel (or the victim prospect pool) for the fraudsters; the sheer volume of personal data available from breaches has increased the frequency of takeover attempts and made the criminal process more efficient.
Step 2: Get Between the Credit Union and the Member
This is the critical step – intercepting communications by changing the victim's contact information (e.g., mailing address, phone number and email address) – thereby getting between the victim and their credit union. Non-financial account changes often fly under the radar, particularly at financial institutions that rely on manual processes for monitoring administrative changes. All of these tactics have a singular goal: Getting between the member and the credit union. This way, the fraudster can redirect communications to the points of contact they control, leaving the victim completely out of the loop.
Step 3: Cash Out and Cover Tracks
Once the fraudsters are in control of the account, and confident they will receive subsequent communications and notifications, they then begin draining finances, using card requests, online bill payments, on-us checks, cash advances, wire transfers, check orders and ATM withdrawals to cash out. Since the criminal now controls the points of contact between member and credit union, any alerts for suspicious activity are quickly dispatched.
Preventing Account Takeover Fraud
As fraud risks continue to change and fraudsters adapt their methods to exploit vulnerabilities, it's more important than ever for credit unions to tighten their processes and seek new technologies to fight fraud. In short, credit unions need to know their members better than ever before, despite more and more members moving to electronic banking.
Manual fraud detection and prevention processes are inefficient and impractical. Asking members to verify personal information can create member friction, even if it prevents fraud. Finding a better way to identify high-risk account changes will help credit unions balance member inconvenience with protection, while also maintaining member trust and confidence.
Big data is the key to better understanding – of markets, consumers and emerging trends – in the information age. For as much as technology has opened the floodgates to increased fraud, technology can also help credit unions plug the holes that make their members most vulnerable.
Credit unions’ core processor platforms may already have robust anti-fraud tools integrated into their systems, but the quality and utility of the data may be lacking. Plus, the numbers may not be easy to comprehend without context (or a Ph.D. in data science). The most useful solutions offer predictive scoring that isolates the majority of fraud in a very small number of cases, alert management systems that allow credit unions to mine their own data for suspicious patterns, and a flexible delivery model that can be integrated into a variety of automated workflows.
The financial services industry is changing rapidly and credit unions are particularly adept at adapting to new challenges. Since credit unions are so dedicated to member service and engagement, they will soon be on the leading edge of new trends in “knowing your member.” These new methods of using big data and predictive analytics to guard against identity and account takeover fraud will ultimately allow credit unions to protect themselves while effectively managing the increasingly digital consumer experience.
Elliot is Co-Founder & President at ID Insight. He can be reached at email@example.com.