Brosnac allegedly provided investors and lenders with false and fraudulent financial information concerning the investment properties, which induced loans and investments totaling approximately $16 million.

He would then divert funds from the sale of the properties to cover lease payments and expenses and to buy new properties and also  received approximately $1.9 million in commissions and consulting fees from the sales of the properties, authorities said.

This scam likely had all the signs of a typical loan transaction that a credit union or bank might encounter, said Chris Ryan, director of global consulting-fraud and ID verification solutions for Experian Decision Analytics in Wilmington, Del.

"I'm sure the investors and lenders were confident that the perpetrator was selling them a legitimate interest in a legitimate business," Ryan said. "The fact that the perpetrator misused the proceeds and falsified documents afterward would be difficult to detect."

Auto transactions can be challenging from a fraud detection standpoint because the transactions involve many components that can be misrepresented–buyers, sellers, dealerships plus the legal ownership and the condition of the vehicle can all be misrepresented, Ryan said.

It is critical to track exactly what's occurring so that the appropriate tools can be leveraged to secure each piece of the transaction, he added. There are tools available in the marketplace that can help lenders verify that a vehicle is owned by the seller, Ryan pointed out.

In the Jiffy Lube scam, Brosnac and Pearson used the names of several companies to allegedly hide their dealings. However, small red flags can go far in helping to reveal whether transactions are legitimate or not, experts advise.

Accuracy of information and ensuring that all the information a credit union if obtaining makes sense is key, said Brian Crum, vice president of lending at the $924 million FORUM Credit Union in Fishers, Ind. For instance, a loan officer should be suspicious of a 28-year old being an employee at the same job for 12 years. The bottom line is making sure credit unions know who they are actually doing business with, he emphasized.

"Things such as straw purchases–when someone purchases collateral for someone else–can greatly reduce the likelihood of collecting on that loan. This happens in both auto and real estate lending," Crum said.

The Federal Financial Institution Examinations Council released recommendations earlier this year that cautioned against the use of authentication questions that can be easily researched by criminals, Ryan said.

The rationale is that the answers to common questions such as a mother's maiden name, high school mascot or city someone grew up in, for instance, are too easily researched through social media, he suggested. As a result, the FFIEC is insisting on more dynamic questions that are more difficult to research.

A high-profile case involving the $245 million AEA Federal Credit Union in Yuma, Ariz., once again put the spotlight on internal fraud. In June, William Liddle, the former business lending vice president, was found guilty of 54 counts of fraud that led to the cooperative's near collapse. He is facing a 15-year prison sentence for approving shady business loans in exchange for nearly $1 million in kickbacks. Between 2004 and 2009, Liddle approved more than $25 million in loans. Due in part to his actions, AEA was placed in conservatorship in December 2010.

Some have said Liddle may have had too much authority to approve business loans and checks and balances were either not in place or not followed. Crum said everyone must be on the same page.

"Ensure loan policies are clearly written and understood by the entire staff so they can be adhered to accordingly," he advised. "Make sure that anyone taking loan applications are skilled at asking the right questions and identifying red flags."

Crum said he believes applicants are getting more sophisticated in their attempts to fraudulently obtain loans especially on the real estate side.

"There is more misrepresentation of documentation for income and assets due to less opportunity for nonconforming loan programs," Crum said. "It is the only way they are going to obtain credit."

According to the BankInfoSecurity survey, of the top 10 investments credit unions and banks said they would invest in this year, 27% of respondents said more internal and external audits and 49% cited increasing and improving staff training. Twenty-one percent plan to use resources to improve how they track high-risk customers.

Ryan said some of the traditional methods are still useful in stopping potential fraudulent behavior, including being vigilant in procedures used to verify the identity of a member calling the credit union.

"Be careful with any process that you use to accommodate customers who can't remember their password or their account number," Ryan said. "When contact information is changed, keep the old information and use it to verify the request. If a member asks to change a phone number, call the old one just to make sure the real member doesn't answer. Use the same process when new names are added to a member's account."

The BankInfoSecurity survey also showed that 27% of respondents said they plan to improve vendor management practices. Crum said a thorough due diligence check on everyone the credit union does business with including auto dealerships, realtors, builders and microlending partners is essential.

"Be willing to quit doing business with those that do not conduct business the right way," Crum said. "Do not go for volume for volume sake. Ensure that it is the right type of business that fits the credit union's purpose."