How Credit Unions Fight Fraud … and What it Costs Them

Fraud is not an area where credit union executives like to see their dollars go, but with protecting and recovering valuable data being a necessity, they're left with little choice. Fortunately, most executives (37.5%) reported their total 2015 fraud expenses (including new technology and systems, card reissuance and member credit monitoring) equaled less than $100,000. Nearly 19% said they didn't know their total 2015 fraud tab, 23.21% reported spending between $100,000 and $249,999, 16.07% spent between $250,000 and $999,999, and 7.14% of respondents said their fraud expenditures exceeded $1 million.

Of course, lowering fraud costs begins with prevention. Internal controls are the top tactic credit unions employ to prevent fraud (40.37%), followed by strong cybersecurity measures (22.94%), data and analytics (20.18%), employee training (13.76%) and member education (2.75%). Nearly 12% noted they utilize all of the above strategies. A majority of respondents (almost 87%) said their credit union has implemented a mixture of internal and external fraud prevention resources.

However, not all credit union executives are confident their fraud prevention strategy is working. Only 11.4% of respondents called their strategy 99% effective, while a majority (58.77%) said it was 75% effective. Just 4.39% view it as less than 50% effective.

Steve Ruwe, chief risk officer for the St. Petersburg, Fla.-based PSCU, said he recommends credit unions spend more resources on member education.

"Credit unions are very focused on this and do a good job of addressing fraud on a number of levels, but I was surprised to see member education as low as it was," Ruwe said after reviewing the survey results. "We believe involving the member in fraud prevention can be a successful strategy for credit unions. There are tools out there, such as alerts and controls they can put on their card, which at an industry level are being underutilized and can help them prevent fraud."

Terry Pierce, senior product manager for the Rancho Cucamonga, Calif.-based CO-OP Financial Services, agreed, stating that member awareness and education is key to preventing fraud.

"Members should be aware of fraud trends such as phishing schemes and fraud resulting from computer viruses and malware," she said. "Members also need to be alert to when an ATM looks suspicious and educated on what to look for in terms of skimming devices and other forms of ATM tampering."

Fraud and the EMV Shift

Many credit unions are not clear on their total EMV-related costs, according to the survey, but most said they haven't devoted – or won't devote – an exceptionally large chunk of their budgets to it. About 30% of respondents said they spent less than $50,000 on EMV compliance in the past year, 28.16% didn't know how much they spent, 19.42% spent between $50,001 and $100,000, 9.71% spent between $100,001 and $300,000, and just 4.85% said the cost totaled more than $300,000. Similarly, 37.62% of respondents said they plan to spend less than $50,000 on EMV implementation in the coming year, 22.77% said they didn't know how much they plan to spend, 18.81% are planning to fork out $50,001 to $100,000, 12.87% expect to spend between $100,001 and $300,000, and 4.95% plan on a tally higher than $300,000.

Reducing card fraud is a top motive for the EMV transition, but a majority of survey respondents – 65.05% – said it's too early to tell if EMV compliance has lowered their fraud costs. Ruwe, however, noted PSCU's research has indicated a reduction in fraud post-EMV.

"I'm seeing EMV as having a positive effect on reducing counterfeit activity," he said.

Pierce added, "EMV implementation will reduce fraud for card present transactions, such as those performed at POS and ATM locations. However, the industry will need to be on guard as fraud is likely to shift from card-present to card-not-present transactions, such as online and mobile purchases."

Internal Fraud Controls

Fraud caused 11 of the 16 small credit union closures in 2015, leading to more than $12.5 million in NCUSIF losses, according to the NCUA, in addition to job losses and reputational damage to the credit union industry nationwide.

CU Times reported those facts in the June 1, 2016 article "Mitigating Internal Fraud at Small Credit Unions," and survey respondents appear to be aware of internal fraud-related risks, as many said their credit union has implemented and enforced internal controls to prevent fraud. Nearly 59% said their internal controls were adequate and 37.11% said they were somewhat adequate, and most respondents said employees are trained annually (46.94%) or quarterly (31.63%) on internal fraud controls.

However, when asked if their credit union dedicates enough resources to internal controls, respondents were less confident. Nearly 36% said yes, 31.63% said maybe, 23.47% said no and 9.18% said they weren't sure.

Stop by CU Times' booth, #825, at the NAFCU conference to pick up a copy of the whitepaper. It will also be available for download at cutimes.com/fraudresearch beginning June 13.