Protecting personally identifiable information, financial data and funds is a top priority for credit unions these days. And employing fraud detection analytics as well as employee and member education can help institutions be more proactive when it comes to security.

Cybercrime organizations continue to develop fraud, malware and social engineering techniques targeting financial institutions, consumers and websites, often with the objective of snatching credentials to take over user accounts.

According to IBM's X-Force Research, financial services is one of the top three industries targeted by cybercriminals. Within the financial services industry, nearly 20 million records were breached in 2015.

Recommended For You

For example, malware such as the GozNym Trojan, recently found by the X-Force Research team, used redirection attacks to drive unsuspecting consumers to bogus sites where hackers could steal their banking credentials. These fake websites were spoofs of financial institutions' sites and even included the correct URLs and SSL certificates in the address bar. Once a criminal obtains personal credentials, they can log in as the user and attempt to move as much money as possible through fraudulent transactions.

Frauds committed against consumers can also affect financial institutions. More than 12% of members responding to the San Diego-based Identity Theft Resource Center's "Identity Theft: The Aftermath 2016" survey said they switched credit unions due to unauthorized activity on an existing account.

Early detection of account fraud, which is not solely cyber-based, is more important than ever as criminals persistently target deposit accounts. The American Bankers Association 2015 Deposit Account Fraud Survey found that 74% of respondents saw an increase in fraud attempts over the previous year. The categories that saw the most losses, in order of highest dollar loss, were debit cards, checks, mobile banking and online banking (including bill pay, ACH and wire transfers initiated online).

The $4.5 billion, Burbank, Calif.-based Logix Federal Credit Union has sought to protect its assets wherever thefts take place.

"We just have a need for more tools to detect fraud. Either our members are doing bad things or people are doing bad things to our members," Matthew Overin, manager, fraud risk management for Logix, said.

Logix uses the St. John, Newfoundland, Canada-based Verafin's account fraud detection analytics and anti-money laundering protection. Within weeks of implementation, the credit union saw a difference.

"We've definitely seen a reduction in false positives and the latest alerts are very targeted," Overin explained. "They're helping us catch things that would be very difficult to find without Verafin."

Verafin utilizes data trends gathered from more than 1,400 institutions within its cloud defense network. Its solutions apply advanced analytics to alert users about unusual activity in real-time.

"The Verafin Cloud gives us access to an unprecedented amount of rich data. Working closely with our broad community of financial institutions allows us to develop new solutions to fight fraud. We can do this with extremely low-alert volumes and high-detection rates," Mauriceo Castanheiro, Verafin's director of fraud analytics, said.

The analytics leverage data across multiple channels to give financial institutions a holistic view of various fraud trends, which include deposit fraud across multiple channels (ATM, mobile and branch), wire fraud, ACH fraud and online account takeover.

"It takes all of our deposit information from the previous day, the debit/credit card information, final maintenance changes, all of our online banking logs, wire files and ACH files, and looks for anomalies in those files that look like fraudulent transactions either by or to members," Overin said. "They alert us in a dashboard first thing the next morning. Our job is to create a case in their case management system and start working it."

Verafin's account fraud analytics helped alert Logix to fraud during a mass reissue of debit cards while the credit union was transitioning to chip-and-pin technology.

"Mail thieves got their hands on some of the reissued cards. They also managed to steal boxes of checks from people's mail," Overin said. "They were activating our debit cards and using them to deposit the stolen checks through ATMs and then cashing out. Verafin's early alerts meant we prevented thousands of dollars in fraud."

In addition, the investigative team uncovered fraudulent dormant-card transactions.

"A number of cards hadn't seen much use by our members, and then all of a sudden there was activity. We were able to shut them down quickly," Overin said.

An alert on just one of those cards helped prevent a $10,000 loss, he added.

In looking at online transactions, Verafin's analytics observes a member's normal IP login patterns.

"So when someone starts logging in from a different IP address, different part of the country or at a different time, it throws up alerts for us to look at," Overin pointed out.

"Part of my job here in fraud risk management is getting the word out to our members about different frauds that are out there," Overin said. "We do seminars and newsletters with specifics on different fraud scams and schemes."

The credit union also educates frontline staff so they can inform members of active scams and frauds taking place.

Successful member education requires every stakeholder in the credit union industry to participate.

"CO-OP knows every element of financial transactions and consumer financial identity is under attack. As payment solutions become more convenient for members, opportunities for fraud also become more convenient for the perpetrators," Samantha Paxson, chief marketing officer for the Rancho Cucamonga, Calif.-based CO-OP Financial Services, said.

Paxson noted CO-OP's major focus is working closely with credit unions to activate important controls that thwart and reduce fraud, while helping members understand the landscape and recognize scam signs.

"Though consumers believe it is the issuer's responsibility to protect them, we think the best way to combat fraudsters is to combine consumer vigilance with the best practices of their credit union," she said.

CO-OP also provides credit unions with ready-made content designed to educate members about the latest fraud trends and prevention strategies.

"We work aggressively on our clients' behalf to deliver insights and best practices to consumer-oriented news outlets, which is another layer of consumer education about being on guard in this era of heightened criminality," Paxson said.

John Peterson, vice president/general manager for the Clifton, N.J.-based cybersecurity firm Comodo, offered the following security tips to help credit unions and their members:

  • Practice good password hygiene. Create strong passwords using a hard-to-guess combination of uppercase and lowercase letters, numbers, and symbols or special characters. "Don't use common names, dates, your pets' or kids' names, street addresses, birthdays or other facts that attackers could easily find on social media, public records or the internet," Peterson said. He also suggested using separate passwords for each account and paying attention to reports of new breaches. In addition, if you're doing business with an affected company or site, make sure to quickly change your password and look out for any fraudulent activity signs. Bottom line: Stay aware, use strong, unique passwords and use a good password manager.

  • Educate employees on cybersecurity. Make employees aware of recent phishing scams and emails, and how those campaigns operate. Also, encourage them to create strong passwords and periodically mandate that they change those passwords. "Nobody enjoys doing this, but everybody really hates getting breached or divulging sensitive company or customer data. Encourage employees to report suspicious behaviors or emails. Education is critical," Peterson advised.

  • Utilize endpoint security. The best way to prevent being compromised is to employ a multi-layered approach to endpoint security made up of a firewall, URL filtering, anti-virus tools, a file lookup service, a host intrusion protection system, behavior analysis and containment with auto-sandboxing. "Only with all these layers of defense in place can organizations truly be protected," Peterson said.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).