It's been a tradition for credit unions to take pride in knowing their members; after all, membership is restricted to members sharing a common bond, such as working at the same company or living in a well-defined community. Today, relaxing membership requirements has helped credit unions grow. But this expansion – coupled with the rise of mobile banking – is widening the gulf between the credit union and its members, and even threatens to erode the trust that members place in credit unions.

The point to remember is: Traditional relationship management – knowing your members – is increasingly difficult. Essentially, not knowing your members like in the old days creates a much higher risk for account takeover. In this day and digital age, "knowing your member" becomes less about a face-to-face, personal relationship and more about understanding (and codifying) habits and preferences – especially when it comes to fraud detection and prevention.

Blurred Lines Between Public and Private Data

In 2016 alone, nearly 2,000 reported data breaches left 36 million identities exposed, but it's not just hacking that makes members' personal information vulnerable. In the past, scammers relied on publicly available information – such as a telephone book – while today's fraudsters have new weapons to obtain even the most private information.

With so much personal data available on the black market, updates to the consumer profile – such as mailing address, telephone number and email address – need to be scrutinized because these non-monetary changes to the account can be a leading indicator that fraud is happening. Yet, distinguishing legitimate, consumer-authorized changes from fraudulent activity can be difficult, and can potentially affect the consumer experience. It's a tough balancing act for credit unions to protect their institutions while keeping member friction low.

Fraud schemes are increasingly sophisticated and organized, and data breaches make credit unions vulnerable – even if they have not yet experienced account takeover fraud losses. Even more alarming is the fact that branch managers and information security professionals may not even know that fraud is happening until it's too late.

Here's how a typical scam works:

Step 1: Obtain Personal Information

This step is often accomplished through malware, ransomware or data breaches, or even through unsecured sources, such as social media and other public records. Criminals can also "sweet talk" customer service representatives – who think they are helping the legitimate credit union member – into relaxing security protocols and divulging personal information. This first step in the scheme represents the opportunity funnel (or the victim prospect pool) for the fraudsters; the sheer volume of personal data available from breaches has increased the frequency of takeover attempts and made the criminal process more efficient.

Step 2: Get Between the Credit Union and the Member

This is the critical step – intercepting communications by changing the victim's contact information (e.g., mailing address, phone number and email address) – thereby getting between the victim and their credit union. Non-financial account changes often fly under the radar, particularly at financial institutions that rely on manual processes for monitoring administrative changes. All of these tactics have a singular goal: Getting between the member and the credit union. This way, the fraudster can redirect communications to the points of contact they control, leaving the victim completely out of the loop.

Step 3: Cash Out and Cover Tracks

Once the fraudsters are in control of the account, and confident they will receive subsequent communications and notifications, they then begin draining finances, using card requests, online bill payments, on-us checks, cash advances, wire transfers, check orders and ATM withdrawals to cash out. Since the criminal now controls the points of contact between member and credit union, any alerts for suspicious activity are quickly dispatched.

Preventing Account Takeover Fraud

As fraud risks continue to change and fraudsters adapt their methods to exploit vulnerabilities, it's more important than ever for credit unions to tighten their processes and seek new technologies to fight fraud. In short, credit unions need to know their members better than ever before, despite more and more members moving to electronic banking.

Manual fraud detection and prevention processes are inefficient and impractical. Asking members to verify personal information can create member friction, even if it prevents fraud. Finding a better way to identify high-risk account changes will help credit unions balance member inconvenience with protection, while also maintaining member trust and confidence.

Big data is the key to better understanding – of markets, consumers and emerging trends – in the information age. For as much as technology has opened the floodgates to increased fraud, technology can also help credit unions plug the holes that make their members most vulnerable.

Credit unions' core processor platforms may already have robust anti-fraud tools integrated into their systems, but the quality and utility of the data may be lacking. Plus, the numbers may not be easy to comprehend without context (or a Ph.D. in data science). The most useful solutions offer predictive scoring that isolates the majority of fraud in a very small number of cases, alert management systems that allow credit unions to mine their own data for suspicious patterns, and a flexible delivery model that can be integrated into a variety of automated workflows.

The financial services industry is changing rapidly and credit unions are particularly adept at adapting to new challenges. Since credit unions are so dedicated to member service and engagement, they will soon be on the leading edge of new trends in "knowing your member." These new methods of using big data and predictive analytics to guard against identity and account takeover fraud will ultimately allow credit unions to protect themselves while effectively managing the increasingly digital consumer experience.

Elliot is Co-Founder & President at ID Insight. He can be reached at [email protected].