Building a Proactive Fraud Strategy in a Digital Age

Credit unions are a vital part of the financial system, providing their members with a safe and affordable place to save and borrow money. However, credit unions are also prime targets for fraudsters. Fraud can cost credit unions millions of dollars each year - not to mention damaging their reputation and eroding the trust of their members. With incidents of fraud on the rise, especially cyber fraud, it’s more important than ever to have a comprehensive fraud prevention strategy as well as a thorough incident response plan. The four essential pillars of a proactive fraud prevention strategy are centralization; technologization; reinvestment; and continuing education. 

Centralizing your fraud prevention efforts is critical to ensuring success. Centralizing your fraud functions is not only more cost effective, but it also provides better visibility and insight into data and trends that can help predict, detect, and prevent breaches. Centralizing your fraud prevention functions also allows for more streamlined reporting and clear lines of communications to relevant stakeholders in the event of a breach. A centralized team means more efficient use of resources, more efficient investigations, and expertise that can guide best practice within each department. Regardless of where fraud is centralized - for example risk or information security - centralization can ensure the discipline is addressed holistically. This simplifies regulatory compliance, ensures training is managed appropriately, and that everyone is on the same page regarding prevention and response.

The benefits of centralization and unification also apply to your fraud technology and systems infrastructure. Utilizing the right technology to identify suspicious activity is critical and the fewer systems you have, the more integrated your prevention strategy will be. Consolidating data and functionality is key. If you are using multiple programs, be sure that you aren’t duplicating your efforts and that there is interconnectivity. Your systems need to speak to each other. For example if your lending software identifies fraudulent activity - it should notify the deposit side of the house to ensure the member is protected. Bundling software can lead to better protection and cost savings. When it comes to fraud technology, you also need to consider the future. Don’t just look at what your needs are today, but plan for where you will be in ten years. Take advantage of systems that offer predictive capabilities and are capable of evolving to meet your needs and the rapidly changing cybersecurity landscape. 

Continuous reinvestment in all aspects of your fraud strategy is crucial for success. If you don’t reinvest in technology, education, and compliance you will fall behind quickly. Conduct an annual audit to assess your current practices and plan for the future. Outdated technology often has vulnerabilities that fraudsters can exploit, so it’s important to stay ahead of the curve and keep your software up to date with regular security patches. Regularly conduct penetration testing and extend your KYC verification processes with AI and behavioral analytics. Fraud technology has advanced beyond multi-factor authentication and transaction monitoring to be able to track member behaviors - for example how long it takes for a member to login, how long they spend in the mobile app and each website page, and whether or not they copy and paste their password. Credit unions can’t afford to get comfortable with existing systems and controls or they will fall behind the fraudsters’ innovations. 

Continuing education is another crucial piece of the fraud prevention puzzle - both of your employees and your members. Employees should receive regular training on how to detect and report fraud. They need to understand how to identify red flags, how to report fraud and who to report it to, what steps they should take themselves and when to escalate the situation, and be educated on the most common types of fraud credit unions are experiencing today. Continuing employee education on best practices will enhance vigilance and stress the importance of established internal controls. Member education is another critical component to preventing fraud. Members need to be educated on the perils of fraud and how they can protect themselves. Beyond providing tips on how to avoid phishing scams, the credit union needs to help the member understand that required MFA, card transaction limits, and complex password requirements are in place for their benefit. They need to understand the protections the credit union can offer them and what the credit union can’t or won’t cover. For example the protection you can offer on P2P applications might be very different (or non-existent) than your protection and reimbursement practices for victims of EFT or card skimming fraud. Helping the member understand their risks is essential to striking the balance between what is competitive and what is secure. If the member chooses to act outside of the secure environment you can control, they need to understand their actions might be unprotected. 

Even if a credit union established good cyber hygiene and risk management practices, it is possible to experience a breach. If you discover fraudulent activity, you need to have an established and rapid incident response plan. It should be easy to follow and have clearly defined responsibilities. There are five stakeholders you may need to engage: your attorneys; your insurance company; law enforcement; regulators; and members. Your first goal should be to contain the incident. Then investigate and address the underlying cause(s) or vulnerabilities. Finally, remediate or recover damages. By implementing these best practices, credit unions can help to protect themselves from fraudsters and cyberattacks and safeguard the sensitive financial information of their members.