1. Understand the Threats

Before you can venture out and take the fight to the fraudsters, you need to first look inward and take stock of your institution to figure out where to focus your efforts.

The list of potential threats can be dizzying. Fraudsters are hitting financial institutions from all angles with all sorts of tactics and techniques.
You can’t attack all the problems equally, but you can identify where you’re most vulnerable. Do your internal checks and balances make you more likely to lose track of a rogue employee who’s enabling fraud, either through corruption or incompetence? Do you have manual processes that make it difficult to spot red flags for fraud until it’s too late? Are you seeing fraud losses via P2P payments, thanks to social engineering? What about account-based fraud? Or are hackers worming their way into your digital channels?

Assessing your people, processes and tech, and having some hard conversations internally, will help your credit union wrap its hands around the problem.

Then, it’s a matter of making the rest of your institution aware.

2. Educate Your Employees

Now that you’ve identified the problem areas, the next step is making your employees aware of the threat and training them on the tools and techniques they’ll use to ensure the fraud attempt never breaches the credit union’s defenses.

Let’s say you’re a credit union that serves several large retirement communities in your area. You have a segment of elderly members that is frequently falling victim to various phishing attempts, as well as social engineering and impersonation schemes. It’s important to explain to your call center employees why this type of fraud is a problem and show them all the ways it can be perpetrated. Equip them with the questions they need to ask, and the red flags they should be alert to when trying to verify the identity of the elderly member on the line – or the person who’s claiming they have the authority to act on behalf of that member. Then track the process you put in place to determine if the education is taking root and getting results.

One other note here: While it’s critical to put processes in place, allow your employees some freedom to use their instincts. Does the person claiming to be the son of a 90-year-old member sound more like a 20-year-old? Do they sound nervous? Are there multiple other phone conversations going on in the background? Even if technically the call is meeting your standards, you should empower your employees to sound a warning if they feel like something’s “off.”

3. Determine What ‘Normal’ Looks Like for Your Members

Once you’ve done that internal review, look outward to your members. You need to understand them so you can determine what “normal” behavior looks like for each of them and then act when it looks like they’re deviating from those norms.

Make sure you have strong identification verification data for each member – the usuals (dates of birth, Social Security numbers, etc.) and others, like income verification, which can be highly effective in separating the real members from the frauds.

Then there’s member transactional data. What are their typical spending patterns and monthly cash flows? What are their go-to vendors? What types of transactions do they typically have?

If you know your member owns a small business, a large amount of remote deposit capture activity isn’t going to set off any alarm bells. But if your member is part of that retiree segment we mentioned earlier and hasn’t worked in several years, those transactions are a red flag.

As you add layer upon layer of member data, you eventually arrive at a very clear view of who your members are, how they behave, and when that behavior has moved out of the “normal” range and into the “fraudulent” range.

Doing this sort of data deep dive, member by member, is not scalable, even for the most member-centric credit unions. It will require you to set up your systems so they can gather all the relevant data and then present a holistic view of each member, in real time.

4. Educate Your Members

Along with developing a comprehensive view of your members and their behaviors, you must make them aware of the fraud threats out there and the steps they can take to defend themselves.

This is where credit unions have an inherent advantage over other financial institutions: Your members are more inclined to view your communications with them as helpful tips and not thinly veiled sales pitches. Still, there’s work to be done to avoid fatigue through overcommunication. And, of course, fraudsters are fond of phishing unsuspecting members by posing as the helpful credit union.

Know your audience and how they consume content. In that hypothetical credit union that serves a large elderly population, phone calls and in-branch notifications may be the better way to reach members about potential fraud. Meanwhile, a credit union that serves a local university should opt for in-app communications over, say, mailing a newsletter.

Use language that sounds personal. “This could be potentially fraudulent activity,” sounds scary and a little too vague to most members. “This could be a scam. Here’s how to make sure it isn’t,” is more personal and more likely to get attention and a response.

Incentivize your members to participate. Like offering a dessert if your child eats their vegetables, you may need to offer something to get your members to take actions that will benefit them. Let’s say you’re a credit union that services small businesses that all need to use positive pay. Invite them to an educational webinar about this powerful fraud tool, and in return for their attendance, give them positive pay – at a discount or maybe even for free.

5. Leverage Your Technology

Technology is the thread that runs throughout this shift toward a proactive fraud-fighting stance. You need it to:

• Automate processes that reduce human error and make it easier to monitor activities and identify anomalies.
• Compile member data from multiple sources, bring it together into a holistic view, and then deliver it to your employees so they can use it to act quickly when potential fraud has been identified.
• Communicate at scale and in diverse ways based on particular member segments at your credit union.

But tech is a means, not an end. It’s about having the machines do what they do best – processing all that data and identifying those anomalies – so your credit union employees can do what they do best – delivering service and fostering strong relationships with each of your members.

That’s a combination that will enable your credit union to stop more fraud earlier, keeping your members’ money safe and their trust intact.