Multi-Layered Fraud Requires a Multi-Layered Solution
Screening member profile changes in real-time is critical to intercepting account takeover attempts.
Well-organized burglars always have a back-up plan. If your front door is locked, they’ll methodically creep around your house, testing each window until they find one that slides right open.
Just like brick-and-mortar criminals, identity thieves are highly flexible, and have once again shifted the way they gain access to consumers’ personal credentials. The Identity Theft Resource Center says we’re on track to break a new record for corporate data compromises in 2021 if we continue at our current pace, but we also need to be worried about the increase in scams that target consumers directly.
Last year, direct-to-consumer scams resulted in a whopping $43 billion in losses, as well as a treasure trove of personal identifying information, according to the 2021 Fraud Study by Javelin Strategy & Research.
Whether thieves attain data via breaches or directly from unsuspecting members, the result is the same: A criminal gains unauthorized access to the account and can abuse it for criminal activities. While brick-and-mortar criminals may wear black to remain unseen at night, identity fraudsters go undetected by changing the account’s address, email and phone number. In doing so, they have effectively disconnected the real account holder – the victim – from any credit union communication.
Credit unions use identity verification and authorization methods during account login to prevent criminal activity. However, the industry is finding that these solutions do not provide 100% protection from unauthorized access. These days, fraudsters have a wealth of data and sophisticated technology like bots that can fool many of the identity verification and authorization systems currently in use.
When these first lines of verification and authorization defense fail, giving the fraudster access to the victim’s account, there must be another level of protection. Solutions like Fiserv’s Notifi Detect, FIS FraudChex ATO or Safe2Change are needed to help ensure that the fraudster doesn’t change the member’s contact information.
If the contact information is successfully changed, the criminal takes control. One example: If your credit union is relying exclusively on two-factor authorization to verify the authenticity of financial transactions, a fraudster can change the member’s phone number and email to their own phone number and email so the one-time code will be sent to the fraudster. Once they get in and change the contact information, there is nothing stopping the fraudster from initiating the movement of money to digital cards, P2P payments or cryptocurrency. If they get in, it’s game over.
So how can credit unions keep a step ahead of fraudsters?
Put simply, they need to do two critical things: Screen profile changes in real time, and, if the profile change is flagged as high-risk, take immediate action to suspend certain account privileges until the discrepancy is resolved. While it is true that fraudsters have upped their game and changed their tactics, fraud-detection platforms have as well, often innovating faster than the speed of fraud. That said, the reality is that a single fraud solution will never be able to stop all the fraud all of the time. To stay a step ahead of current and emerging fraud schemes, credit unions must have a multi-layered, comprehensive, centralized network of fraud-detection solutions that cover non-monetary and financial access points throughout the member journey.
These fraud-detection solutions examine, analyze and score non-monetary events in real time to send alerts about suspicious activity so that the credit union can stop potential account takeover before the funds are moved. They can screen every profile change and discover out-of-pattern behaviors that may indicate fraudster hacking. When credit unions verify the legitimacy of high-scoring data change requests and then take immediate action, they will interrupt most account takeover attempts. But these lightning-fast solutions provide less-than-ideal coverage if they’re not integrated into your credit union’s real-time workflow.
Additionally, credit unions should be finding ways to improve collaboration as a means of keeping identity fraud out of the financial services sector. For example, information and insights can now – and should – be shared across various fraud-fighting departments within a single organization, and also with other institutions across the financial services industry. With technology now enabling a new level of collaboration, fraud investigators nationwide are able to join peer networks to prevent and detect account takeover and new-account fraud, easily and automatically benefitting from the investigative efforts and insights of their industry peers. Investigation insights around suspicious behavior from other institutions in the network are automatically shared in real-time as alerts and messages to the entire network, bringing added authority to every inquiry result and further strengthening the multi-layered approach that is needed to stop fraud.
At home, it makes sense to lock your doors and windows, put your lights on an automatic timer and use a home security system. A multi-layered, comprehensive, centralized fraud-detection approach creates similar protection for your credit union. Regardless of the other fraud and identity solutions you may be using, adding a platform that prevents fraudsters from changing the victim’s address, email and phone number can help stop criminals before they can even touch the goods.
Adam Elliott is founder and president of ID Insight, a Minneapolis, Minn.-based provider of a fraud intelligence platform to banks and credit unions.