When it comes to fraud, the game has changed. You may have spent countless hours reviewing statistics, creating strategies and running various options, but suddenly, you've found yourself competing against an entirely different opponent. One with which you are unfamiliar, one that doesn't play by the same rules and one that appears to outmatch you.

But, before you and your teammates count yourselves out, remember that history is replete with examples of underdogs triumphing in challenging situations time and time again.

The current fraud environment can be characterized as unstable and complicated. Attacks on data are becoming more sophisticated. In today's environment, it is harder than ever for consumers to protect their credit and debit cards because crooks have access to more data than ever before. Fraudsters are using data to engineer around defenses that have been in place for years. The focus used to be on merchants with weak security environments that made it easy to retrieve account numbers. Over time, crooks figured out they could access other information while they were there – addresses, security codes, Social Security numbers. They started seeking out non-traditional targets like healthcare providers to get their hands on as much data as possible, and they started matching that data with account numbers. Thanks to access to all of this combined data, fraudsters are now able to get institutions to take action on accounts they would not have been able to in the past.

Crooks have gotten smarter. They have started employing tactics like footprint fraud – shopping in a target's own backyard – so the fraud is harder to detect. We are in a period of heightened fraud activity largely due to the residual of the compromises of the past few years.

To some, the situation might seem bleak. But before you throw in the towel, remember the best defense is a good offense. Thanks to an arsenal of tools now at our disposal, we can better position ourselves to fight off fraudsters more proactively and aggressively than ever before. And that is just what we are doing. While losses for many credit unions are due to past compromises, card volume in general continues to grow, so it naturally follows that fraud will mirror the increased activity. Neural network-based fraud detection systems continue to be extremely valuable at managing fraud while simultaneously minimizing the interruption to our members.

Just like a championship team has a variety of plays it can deploy at any given time, we must be prepared to attack fraud from multiple angles. EMV is a great addition to our playbook. It has shown itself to be very effective in combatting card present fraud. However, crooks haven't taken a time out; they have already started shifting their focus to other areas, like card not present fraud. This is exactly why we should be – and are – ready to counter with new plays like tokenization.

New technology that gives members an active role in fraud prevention continues to emerge. There are tools that now allow members to turn off authorizations in a specified timeframe, such as during the night. No activity means no fraud. Looking further down the road, geo-location data sourced through a mobile phone will be utilized to determine the proximity between a member's phone and the card being used to help prevent suspicious activity. Newer card technologies could even include a dynamic CVV/CVC so that, much like a RSA Token, the card's security will constantly change.

Fighting fraud is like playing an ever-changing game against an opponent whose strengths shift from one minute to the next. By putting in the hard work and preparation to make sure every play in our book is ready at a moment's notice, we can stay one step ahead of crooks and play like champions in the game of fraud.

cybersecurity and internal fraud threat how to fight backChuck Fagan is president/CEO of PSCU. He can be reached at 727-299-2504 or [email protected].

 

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.