Part 1 in a 2-Part Series
Fraud is a complex and insidious crime that is growing harder to detect by the day. In the age of social media, fraudsters have access to unprecedented volumes of personal information online – and they are putting this information to work.
“If you look at Facebook, Snapchat, LinkedIn and other social media avenues, you can see how easy it is to understand people at a level that was never possible before,” said Karen Postma, SVP, product-fraud and contact center, CO-OP Financial Services. “Breaches involving insurance companies, social media sites and email servers send even more detailed information into the hands of fraudsters – and this type of information benefits them tremendously.”
According to Postma, there are several common strategies fraudsters use to access account data – here are five of the most challenging for credit unions to address:
- Phishing Like a Pro
Social engineering is on the rise, says Postma, and fraudsters are getting better at it. “Phishing has been out there for years, but the way it looks and feels is different today,” she said. “Whether by email, text messaging or phone, in the past fraudsters could be very pushy, tipping people off to their intent.”
Today’s fraudsters are more likely to employ what she calls the “bees with honey” approach. “These criminals are overly nice when they approach consumers in order to gain their confidence,” she said. “Their objective is to get just a few more details to make transactional fraud that much easier.”
- Sidestepping EMV
Postma emphasizes that migration to EMV security, while better securing card data, has accelerated criminal efforts in areas such as identity theft and account takeover fraud.
“What we have found over the last couple of years is that criminals are focusing on additional avenues for fraud,” she said. “We need to look at fraud more holistically today – beyond the transaction level.”
- Profile Building
Fraudsters understand well the power of profiling consumers, and they are getting bolder in their efforts.
“For example, fraudsters may call into a credit union, impersonate a member, and say they are traveling and need access to online banking,” said Postma. “Or they may simply ask to confirm recent transactions. These data points can help them build a profile of a potential victim – and can provide enough information to fake an authentication.”
- Finding the Weakest Channel
Fraudsters are also skilled at working every channel. “IVR, contact centers, online banking, mobile apps and in-branch transactions are all points of vulnerability,” said Postma. “But preventing fraud is not a ‘one-size-fits-all’ exercise. Fraudsters are not always going after a transaction. They are sometimes just looking for information to use in the future.”
- Outsmarting Authentication
When it comes to authentication, credit unions should avoid standard questions such as “What is your mother’s maiden name?” or “What is your social security number?” Postma says, because this information is very easy for criminals to source.
Even more alarming, she adds, is that “out-of-wallet” questions are also losing their effectiveness.
“Consumer answers to questions like, ‘What is the gas station closest to your house?’ and ‘How many fireplaces do you have?’ are recorded in databases – and fraudsters today can get into these databases,” she said.
Why Layers of Authentication Are Essential
Postma emphasizes that the best way to stop fraud from occurring is to shore up authentication policies by taking a layered approach, one that “overlays some of the tried and true components that have worked in the industry for a long time, including modeling, scoring and rules, with new technologies, such as machine learning and biometrics.”
To help credit unions secure sensitive member data, CO-OP’s own fraud mitigation organization incorporates layers of protection, including technology, analytics and case management, to keep credit unions and their members ahead of the threat.
Managed by an experienced team of analysts working day and night, CO-OP fraud mitigation services have embarked on major technology initiatives this year that will bring all the benefits of machine learning and biometrics to the fight against fraud.
CO-OP client credit unions also enjoy access to advanced tools that place card security squarely in the hands of members, including EMV chip cards, tokenized digital wallets and CardNav, a mobile security app that allows members to specific exactly when, where and how their cards can be used.
In Part 2 of this series, Postma illustrates how these and other strategies work together to help credit unions catch fraudsters in the act – and keep sensitive member information out of reach.