Protecting Your Credit Union Against Digital Fraud
2020-07-28This post is provided by CULedger, a credit union owned CUSO and associate member World Council of Credit Unions.
Recently, we invited Jim Stickley, CEO of Stickley on Security and a well-known cyber security expert, to participate in a fireside chat discussion on the impacts of fraud as the shift in member behavior turns to more digital channels.
Member fraud always seems to come down to one thing: identity theft. Fraudsters will often change the approaches and methods they use to commit fraud, but the goal is still the same. While fraud continues to rise across all channels, especially since the COVID-19 pandemic, one type of fraud is specifically growing in popularity.
Vishing
Vishing (or voice phishing) is an impersonation scheme that preys on the most vulnerable. Phone phishing refers to phone calls from people who are pretending to be from a reputable organization, like your credit union. To get victims to share personal and financial information, they use social engineering tactics—psychological and social methods of manipulation or tricking users—and the victim’s own emotions to get them to provide information or to perform a specific action.
“It’s almost impossible, over a telephone, to be able to know—am I really talking to who I think I’m talking to,” said Stickley.
Three of four consumers say the most important factor when choosing a financial services provider is trust and security. If members have digital trust, they won’t feel the need to worry about the possibility of being victims of such fraud.
It’s no secret that fraudsters use weakness and vulnerability to their greatest advantage, and they move fast. Fighting fraud is a reoccurring cat-and-mouse game, and it’s unlikely to change in the future, especially with the use of digital channels continuing to rise. According to a recent study conducted by Forbes and VMWare, the number of consumers that have been targets of digital fraud related to COVID is now over 30%, while financial fraud has increased 283% in just the first five months of 2020.
Account takeover fraud
Account takeover fraud is another type of identity theft that is growing in prevalence. This is where a fraudster gains access to their victim’s accounts, then makes non-monetary changes that may include modifying personal identifiable information (PII), requesting a new card or adding an authorized user. The weakest channel where this type of fraud takes place is in the call center.
“When authentication approaches are tied to human interaction, you are always going to have a higher risk of fraud,” said Stickley. “People want to believe people.”
Cyber criminals have adapted their attacks and are mimicking consumer behavior as closely as possible, to attack the institutions themselves. Social engineering continues to play a major role in many attacks.
Most credit union call centers rely on knowledge-based authentication—asking members to prove their identity by supplying personal information such as their account number and mother’s maiden name—to grant access to member accounts and commit fraud. Answers to these questions can be easily found on genealogy websites or on social media. When conducting authentication that is based on something you know, you have to assume somebody else knows it too.
According to Stickley, the dark web makes social engineering much easier. Personal information about an individual, like name, address, date of birth and social security number, is being sold on the dark web for only $1 as a “full account” used for account takeover purposes.
Building trust with credit union members
A person’s online identity isn’t always what it appears to be. Data breaches, phishing schemes, identity theft, money laundering and other digital scams have wreaked havoc on credit unions' ability to build trust.
Your members want to feel assured that you know who they are and the history of their relationship with your credit union, that you value their business and that you can help them resolve any issue or concern they may have.
The digital nature of interactions during this crisis can make it more difficult to fulfill these emotional and functional needs while delivering exceptional member experiences. Developing and delivering personalized interactions to your members can help lessen the strain and frustration members feel during this troubled time. Personalized interactions that focus on demonstrating that you know your members and have their best interests in mind can help strengthen your relationship with your members, and lead to improved loyalty and trust.
Consumers in general have less tolerance than ever for unnecessary friction. Instead, each interaction and step along the member journey must be considered through the lens of trust. Where does a credit union start in building trust with their members?
Stickley suggests performing a risk assessment for authentication in your member journey. What you’ll likely discover is there’s a different authentication process for each channel that usually involves some party in the middle—between you and your credit union.
To be truly impactful, you must provide a frictionless experience across all channels you interact with. Focus first on improving the channels that put the member’s needs and best interests first and break down the silos of your credit union.
Taking the first step toward creating digital trust between your credit union and your members is easy. To learn more about MemberPass and how to take the first step by participating in the MemberPass Trust Registry, send us an email requesting a list of FAQs or a demo, register to attend one of our webinars, or visit us at www.memberpass.com.
CULedger, a credit union service organization, is offering MemberPass, the simplest, most secure solution to verify your members through leveraging touchless, privacy-enhancing technology to protect credit unions and their members from identity theft and fraud. Visit www.memberpass.com or email us at sales@memberpass.com.
Click here to return to the Challenge 2025 homepage.