Fraud and Order: Dun-Dun

If you take a behind-the-scenes look into the CU Times publishing platform, you’ll find a list of category words we use to organize stories for your online viewing pleasure. If it was possible to wear out a taxonomy check box, the word “fraud” would be barely visible.

For instance, if you see a byline from our Peter Strozniak, there’s a good chance we’ve clicked the “fraud” category. You’ve definitely come across “fraud” for one of the credit union embezzlement stories he’s written. To be clear, I have no idea how many embezzlement stories he’s filed over the years. Hundreds? A thousand? It would take too long to sort through everything to give you that number.

If you add up the amount of cash embezzled or allegedly embezzled by former credit union executives and employees reported on by Peter just in the past month, you’d come up with more than $7 million in stolen money. That’s a lot of fraud. And that’s just the fraud happening inside the credit union industry. Then you have the non-credit union employee fraud like the Wisconsin guy charged with 30 counts of fraud against Educators Credit Union ($3.1 billion, Mount Pleasant, Wis.) and some of its members.

Thinking about fraud and how we always seem to be fighting it and protecting ourselves from it, it seems like it’s a much harder fight to fight than before.

A new study from the United Kingdom-based Juniper Research painted a dark picture of our fraud future.

In its whitepaper “Fighting Online Payment Fraud in 2022 & Beyond,” the research group found that cumulative merchant losses globally from online payment fraud between 2023 and 2027 will be more than $343 billion.

In what Juniper Research called “Key Drivers” behind the fraud losses, it listed online payment losses driven by fraud “innovation in areas such as account takeover” despite “the wide employment of identity verification measures.”

The research pointed to a grim horizon for account takeover (ATO) attempts. The report said in the past year, ATO has potentially been industrialized (it’s become more efficient) and “we will likely experience Account Takeover 2.0 in the coming years, as fraudsters move from generalized attacks to an increasing focus on more targeted ATO attacks.”

Yeah, that’s what we need, Account Takeover 2.0. Thanks crime people.

“This approach replaces mass credential stuffing with more targeted exploitation that could yield higher returns for the fraudster and drive increased fraud losses for FIs,” the report stated.

Similar to fake roof-repair employees who come around neighborhoods hit by a hailstorm or hurricane, fraudsters used the chaos of the pandemic to create phishing emails and fake websites that offered the latest fake information about COVID-19. Juniper Research found one such pandemic-related fraud attempt resulted in more than 27,000 cases of possible fraud.

To be clear, these cases represent just the normal emails and ATO things we see on a daily basis. When you add cryptocurrency fraud into the mix and flash loan attacks, that’s another ball of fraud we’ve yet to really come to terms with or even understand at this point. New data out this month from crypto experts at BanklessTimes found a 2000% increase in flash loan attacks in the second quarter of 2022, with losses totaling more than $300 million.

And let’s not forget Amazon Prime Day fraud. Amazon’s site is considered the most impersonated retail brand for phishing websites. Atlas VPN reported in July that there are more than 1,600 phishing sites impersonating Amazon ahead of the company’s big Prime Day sale. Walmart, the second-most impersonated site for fraudsters, had more than 400 fake sites detected by Atlas VPN researchers.

Javelin Strategy & Research reported in March that fraudsters used the Zelle payment app to defraud nearly 18 million Americans in 2020. For context, Zelle is by far the most-used payment app. People sent $490 billion through the app last year, compared to $230 billion through Venmo, Zelle’s closest competitor.

From our phones, laptops and desktops, we are getting clobbered by fraud. Alas, we keep fighting.

We have credit unions hosting fraud workshops. We have alerts going out to credit union members to let them know there’s a phishing scam targeting their membership.

But, what’s our other choice other than to fight back? If there’s no pushback or systems in place to at least try to stop fraud attempts, the financial industry would actually fall apart.

In reality, what can we actually do about it? The Gramm-Leach-Bliley Act and Homeland Security Act are fine cybersecurity laws in place today, and staying in compliance with those laws is important for credit unions. But laws and regulations are just a baseline minimum of what to do. Fighting fraud requires extra credit work, like what those overachieving students I envied did in school.

Beyond the regular member and employee fraud education approach, you’re going to need more money and people to make a difference in this fight.

Experts believe the fraud battle has surpassed the ability of the human brain and should be fought through machine learning and AI-based tactics. There are tools and algorithms that use big data, where machines can learn, target and flag any microscopic change or blip in the system to instantly shut down fraud attempts.

For better or worse, this means that most credit unions would need to partner with a third-party provider to handle this fraud-fighting approach.

Credit unions have internal controls to prevent and detect fraud – at least they are supposed to have those in place. Those controls just don’t seem to work until some point in time after the crime has been committed.

Many of our internal credit union fraud stories revolve around an executive or employee who has been skimming and hiding money for years before they’re caught. Those same controls appear to offer the same results for external fraud cases in that days later it’s discovered that the money is gone.

It seems credit unions and the financial industry as a whole aren’t really able to prevent fraud. We’re basically just rolling up our windows and locking the car that’s parked on the street overnight. If someone wants to break in, they will.

By the way, you all seem love to read the fraud stories. Don’t worry, Peter will be writing more.

A Quick Space Note

On July 11, NASA released the first image from the James Webb Space Telescope – that multi-billion dollar telescope launched this past December. You’ve probably seen the image by this point. The image showed the deepest and clearest look we’ve ever had into space, revealing thousands of galaxies and objects never observed before. My first two thoughts after seeing the image were:

1. That reminds me of the opening to the 1960s sitcom “Family Affair.”
2. Surely there is another credit union system out there.

Yep, those were my dumb thoughts. If you haven’t checked out the image, take a look. It’s wild.

Michael Ogden is editor-in-chief for CU Times. He can be reached at mogden@cutimes.com.