The Two Critical Threats Every Credit Union Faces & How to Address Them

Center your credit union's response to data breaches and identity fraud around effective and empowered action.

Data breach (Image: Shutterstock).

There are two interrelated and under-addressed threats that imperil the financial health of every credit union and its members: Data breaches and identity fraud.

There’s plenty of concern for each of these issues. Data breaches are occurring at an average rate of four every day, and each one releases a wave of resulting identity thefts, scams and fraud that cost financial institutions and consumers $40 billion each year.

And, COVID-19 is enhancing these threats. The increase in remote work caused by the pandemic has exacerbated our data breach problem, putting more members and credit unions at risk.

Based on my work as a researcher and expert witness in the country’s biggest data breach legal cases, here’s how I encourage the credit unions we consult with to think about – and address – this massive problem.

One-Size-Fits-All Responses Don’t Work

What we’ve come to understand about data breaches is that general, one-size-fits-all security advice isn’t effective. Commercially available identity protection solutions are mostly reactive and neither put members nor their credit unions in a position of strength.

Every data breach puts particular identity credentials in the hands of criminals. From partial or full Social Security numbers, various payment card digits or deeper demographic data, each piece of information is used by criminals on the dark web in different ways and combinations to perpetrate cyber-attacks, scams and fraud. As digital crooks and their robots obtain more pieces of an individual’s personal data puzzle, the odds of successfully pulling off a fraudulent transaction (such as new account opening, account takeover, card or even tax refund fraud) grow exponentially.

Based on the specific information leaked, each data breach carries a unique type and degree of risk. Further, based on an individual’s comprehensive data breach history, the landscape of threats that a single person faces varies widely.

It’s easy to see the complexity of the challenge and why common generic advice falls short.

A Modern-Day Robbery

If we could eliminate all data compromises, most identity fraud would dry up. But that is about as likely as closing every physical branch to prevent the in-person robberies that happened more prevalently in days past.

Identity crimes are modern-day bank robberies, and highly profitable ones at that. Unlike a traditional robbery, once a cybercriminal is in possession of a member’s personal data, it can be used over and over again in various combinations for a long tail of crime. Because identity theft is so lucrative, the problem is here to stay for the foreseeable future. It will continue to evolve and become more complex as criminals work hard to keep and grow their revenue streams.

Worse yet, the criminals have a distinct advantage. There often is no direct connection between credit union fraud professionals and members. Although they share the same goal of preventing fraud, they aren’t able to work cooperatively – and in fact, the member may not be engaged in any proactive, protective behaviors at all. The result of this disconnect is both parties end up engaging far too late in the fraud cycle.

However, advanced methods are finally becoming available to both fraud pros and the people they are working to protect. New technology is transforming how credit unions respond to members’ identity security concerns; importantly, these solutions are working at the account level to address the wide-ranging and hyper-personalized threats consumers today face.

Partnerships Between Credit Unions & Members

Credit unions and their members share the pain of data breaches and fraud. Working together formulates the strongest counterattack. Digital tools that didn’t previously exist now strengthen that partnership, keeping both the cooperative and the consumer farther in front of criminals.

The emergence of data breach notification regulations and dark web intelligence feeds fraud professionals rich new sources of information about data breaches – but that alone still isn’t enough. Combine that data with sophisticated artificial intelligence algorithms that perform deep analysis, and a new, detailed picture of risk comes into focus.

With this deeper level of intelligence, credit unions are in a position to understand each member’s data vulnerabilities – what that means for them and what it means for the cooperative’s own risk. They can pinpoint which specific members have had particular identity credentials exposed the most, and predict the identity theft, fraud and scams they are likely to face.

Armed with this information, both the member and the credit union can take effective early action that interrupts the fraud cycle. Just as patients trust the personalized health guidance they receive from doctors; members are much more likely to act on individual-specific financial safety prescription they receive from their credit unions. This approach, which is at the same time robust and highly personalized, promises to reorient the response to data breaches to one that’s centered around effective and empowered action.

Jim Van Dyke

Jim Van Dyke is CEO of consumer fraud prevention and detection technology firm Breach Clarity based in Walnut Creek, Calif.