In recent years, the demand for digital channels among consumers has grown rapidly. The ability to make payments on a mobile app or apply for a loan online, without ever needing to visit a physical branch, has become ubiquitous among larger financial institutions. To remain competitive, many credit unions are adopting these new digital channels. However, it is not without its risks. Without the proper fraud and identity protocols in place, credit unions could be on the hook for unwittingly authorizing a fraudulent transaction or loan.
As EMV identity verification has replaced magnetic-stripe cards over the past decade, criminals have sought out new methods to perpetrate fraud. Digital channels have become the new weak point for identity and account takeover fraud: It is harder to verify if a person is who they say they are when they're behind a computer screen. According to LexisNexis Risk Solutions' "2017 True Cost of Fraud Study," 31% of monthly transactions that pass through financial service companies are fraudulent. This is higher among mid- to large-sized financial institutions where digital channels account for more than half of all transactions.
The cost of fraud can be debilitating for a credit union. According to the study, for small financial institutions with less than $10 million in revenues, every dollar of fraud costs an average of $3.08 in chargebacks, fees, interest and so forth. This is notably higher than for larger financial institutions, which have the benefit of scale, but are also more likely to already have multi-layered identity verification in place to deter fraudsters. These fraudsters are instead turning their attention to smaller, community-based institutions, such as credit unions, which might have weaker protocols.
For a credit union considering adoption of digital channels, it needs to ensure it has multi-layered identity verification and fraud prevention tools in place. When setting up a new online account or mobile device, it is imperative to add additional layers of identity verification. The first is the device itself: Does the IP address, location, language and time zone of the device match that of the physical address on the account? If not, that can be a red flag for further investigation. It is also important to regularly assess the risk of the contact information on file – has the phone number been recently ported or has it been forwarded? Are there risks associated with the email address? Was it ever verified?
Second, deploying a form of authentication can help confirm if a user is who they say they are. While one of the most common methods is dynamic knowledge-based questioning, where consumers answer randomly generated questions that, theoretically, a fraudster would not know the answer to, such as, "What was the color of your vehicle registered at 123 Browning Street?" there are a number of authentication options that may be risk appropriate and fit with an organization's desired customer experience. Financial institutions are also incorporating authentication processes that include ID document authentication and sending one-time passwords to verified methods of contact.
As a third layer, biometrics are increasingly popular among consumers, particularly millennials, in seamlessly verifying the identity of the user. Facial recognition, while nascent, can enable users to verify their identity for a new account by taking a selfie with their driver's license. Voice authentication also enables users to verify their identity by recognizing a caller's unique speech, acoustic and behavioral patterns. Mobile device innovations have lessened the reliance on the need for biometric readers, improving the ease to deploy biometric technology into business processes. However, credit unions should bear in mind that these methods are not infallible – most mobile phones allow users to store multiple fingerprints, and all biometric sensors and cameras on mobile devices are not of the same quality.
When applied in concert with each other, these identity verification tools can protect a credit union and its members from fraud across digital channels. As fraudsters increasingly target smaller financial institutions, with historically weaker identity verification protocols than big-name banks, this is imperative to reducing the risks and costs of fraud for credit unions. Only once these systems are in place can a credit union can confidently adopt digital channels as a new way to engage with consumers in an increasingly competitive financial landscape, without jeopardizing the very foundation of their business. Credit unions pride themselves on knowing their members and need to carry this responsible approach into the digital era.
Kimberly Sutherland is Senior Director, Fraud & Identity Management Strategy for LexisNexis Risk Solutions. She can be reached at [email protected].
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
