CCUL Risk Management Resources shares fraud prevention tips for the New Year
Wednesday, January 23, 2019
As we all know, fraud is very prevalent and is getting more sophisticated with time. Putting in place proactive measures at your credit union is a great first step in helping to prevent fraud.
Call Center Fraud
One of the biggest areas for fraudulent activity is a credit union’s call center. Fraudsters are able to obtain enough information online about members (such as their name, address, last 4 of their SSN, etc.) that they then use to impersonate the member over the phone using the information they easily found on the Internet.
In an article from creditunions.com, the following tips are offered to help improve security in a credit union’s call center:
- Implement an automated call screening and authentication system that engages the caller before reaching a live agent;
- If there is no pre-authentication, require member service intervention on select service offerings, such as no funds transfer or PIN set and reset;
- Enhance controls for digital product enrollment. At Patelco CU in California, members must be set up to receive either an email or text alert for account activity.
Payment Card Fraud
Payment card fraud is also a major area of concern. Third-party counterfeit fraud, where someone uses personal information to open a fraudulent account or copy a card. Also, synthetic ID fraud – in which a fraudster combines real and fabricated information to create an identity and then open a fraudulent account. As mentioned in the article below, one of the easiest ways credit unions can prevent card-not-present fraud and account takeover fraud is to use the security protocol offered as Verified by Visa and MasterCard SecureCode. Also, as mentioned above, text and email alerts are card controls that are helpful in preventing fraud as well.
John Buzzard, fraud control specialist at CO-OP Financial Services, recommends a succession plan for fraud and risk areas, no matter how small your credit union. He also recommends credit unions document and train every 6 to 12 months. Quarterly lunch-and-learns on trends and threats are a good way to accomplish this.
Additional Fraud Prevention Tips
Here are a few additional ways your credit union can prevent and/or combat fraud:
- Establish a Hotline – The number one way that fraud is detected is through tips. Promotion of a whistleblower hotline that credit union employees and volunteers could anonymously call if they suspect fraud would be an important way to curtail fraud once detected.
- Compulsory Vacations – A compulsory, consecutive one- to two-week vacation forces individuals to relinquish their duties to someone else, allowing the potential for irregularities to surface. A policy for compulsory vacations is only effective if someone else can transition to the position while the employee is gone and remote access is blocked during vacation.
- Written Fraud Policy – Together with legal counsel, credit unions should develop a written fraud policy including oversight by management, senior executives and Board oversight. The policy should also include employee responsibilities and potentially a fraud policy agreement for staff to sign annually.
- Appropriate Training at All Levels – A credit union can have the best fraud policy in the world but without proper training it is unlikely to be effective. Conducting fraud awareness training for all employees, management and board directors ensures everyone understands how to detect fraud.
- Annual Independent Audit – Working with a third-party vendor like the League’s Credit Union Accounting Services Department or a CPA firm to conduct an annual independent audit ensures examination of all risk areas, with those of the greatest risk receiving priority.
- Annual Independent Account Verification – Contract with an independent third party, like CCUL CU Accounting Services, to conduct an independent account verification of the credit union’s accounts (e.g. Certificates, Lines of Credit, and all other investment accounts). Verification of this nature will aid in identification of any discrepancies between reports and balance sheets provided by credit union management and external account records.
- Biennial Internal Controls – Conducting an independent audit of the credit union’s internal controls, at a minimum, every other year, can provide reasonable assurance that internal controls are functioning properly in order to safeguard the assets of the credit union as well as prevent and detect errors and irregularities that may otherwise go undetected during a routine audit.
- Board Oversight – Credit union boards should have oversight of the credit union’s anti-fraud program. The board should also be meeting with examination staff and auditors on a regular basis. Internal controls need to be implemented at the board level and established throughout the credit union. Additionally, the board should ensure appropriate follow-up on examination and audit findings.
- Segregation of Duties – Segregation of duties can be difficult when staffing is limited, however, fraud can be significantly limited if appropriate segregation is in place. Most transactions can be broken down into the following three steps: processing, approval and funding. One employee should not have complete control over all steps within a transaction
- Rotation of Duties – This can also be a difficult task when staffing is limited, however, rotation of duties has both internal control benefits as well as cross-training benefits. Cross-training provides for staffing when an employee goes on vacation and can also aid in identification of irregularities.
- Appropriate Dual Controls in Place – Dual controls over vault cash, wire transfer functions, and various other functions provide oversight and deterrence of fraud.
For more information on Fraud, please visit our Fraud Resources page here.