Are your member authentication methods up to par?
Thursday, June 13, 2019
In a recent article by CUNA Magazine, it is discussed that online access provides fraudsters with a key channel to target members and your credit union quickly and effectively. Credit unions should make sure they properly authenticate and verify members and potential members when offering online access.
Even though technology security has continued to evolve, so has the methods that fraudsters use. They continue to access Social Security numbers and other personally identifiable information such as names, address, and birth dates from different data breaches. This stolen information ends in identify theft-related losses. The article highlights these common examples:
- New account fraud. Fraudsters who open accounts typically use stolen identities, make fraudulent deposits of checks or ACH debits, and withdraw the funds before the items are returned unpaid to the credit union. New account fraud generally occurs within the first 90 days after an account is opened.
- Loan fraud. Fraudsters open fraudulent accounts and apply for loans including unsecured loans, credit cards, and vehicle loans. Typically, these transactions are carried out online and tend to be larger dollar amounts than losses seen with new account fraud.
- Call center fraud. Fraudsters impersonate members and then request changes to current members’ contact information, like a phone number or email address. This provides access to other forms of fraud, like requesting wire transfers through the call center.
- Account takeovers. Once a fraudster has accessed accounts online or changed contact information, they create opportunities to receive advances against a member’s line-of-credit, request wire transfers, or use bill pay to complete transactions.
- Deposits over holiday weekends. Savvy fraudsters usually wait more than 30 days before making a fraudulent deposit after opening an account, or they will make small deposits and withdrawals during the first month to establish a pattern. Additionally, perpetrators may make deposits on a Friday or Saturday prior to a banking holiday that will give them a longer period to withdraw the funds before the deposited items are returned, especially when deposit holds aren’t used.
- Targeting nonprofits. There is a growing trend to target nonprofit or charitable organizations that are included in a credit union’s field of membership. Fraudsters will join under a fictitious identity or contribute to the nonprofit organization in order to be eligible for membership. This action provides another way to side-step member authentication efforts at the credit union.
Member service representatives and front-line staff also share these steps to take in order to minimize risk from those types of scenarios:
- Ensure the name and Social Security number hasn’t been previously used to open other accounts recently.
- Review photo identifications and Credit Privacy Numbers (CPNs) of members or potential members. These are easily counterfeited and frequently used to commit fraud.
- Be alert for changes to a member’s contact information that occur immediately following an account being enrolled for online banking.
- Scrutinize all loan and deposit documents for any irregularities, missing information, or new contact information.
- Manually review membership applications submitted by individuals who live outside the credit union’s community or regular service area.
The article states that in the end, the best defense are your employees and ensuring front-line staff are alert and cautious when opening accounts, processing loan applications, and handling online transactions.
Read the Full Article »
Additionally, please visit the CCUL Fraud Resources webpage for additional information.