AI tools and people work together to mitigate risk
Fraud monitoring throughout the financial system proved challenging in 2020 and 2021 as economic programs designed to provide relief and stimulate the economy were rapidly deployed. While programs like enhanced unemployment payments and the Paycheck Protection Program are no longer providing targets for fraudsters, the aftermath of pandemic-era behavior has created new challenges.
“One of the lasting effects of the pandemic is the comfort level with online transactions for all of our members,” said Stephanie Painter, BSA manager at DuPont Community Credit Union. “Even though foot traffic in our branch offices is back to normal, we have seen a significant increase in members who are using online services on a more regular basis.”
The number of members using online services not only grew at DuPont, but the credit union also grew, which meant new members and an increased volume of online transactions, said Painter. “These increases mean a greater need to monitor online activity.”
“NAFCU’s compliance team has noticed an increase in the number of fraud questions we receive,” said Nick St. John, director of regulatory compliance at NAFCU. “We help members interpret the regulations for different types of fraud by researching their issue and providing sources of information to help them comply with those regulations.”
The types of fraud questions have included everything from fraudulent checks to Zelle or other third-party payment providers to romance scams, said St. John. Some scams, including the tech support scam, are difficult for credit unions and their members. When members willingly give their information to the fraudsters, they are responsible for the loss, but credit unions don’t want to be in the position of either writing off a significant loss or potentially losing a member. “These type of scams are a lose-lose situation for both the credit union and the member,” he added.
In addition to more traditional identity theft, where a criminal obtains the information necessary to take over another person’s account, synthetic identify theft poses special challenges for financial institutions, said Lynn M. English, senior vice president of risk management for Lafayette Federal Credit Union. A synthetic identity account is “grown” over time, using a name with a different social security number and different birth date.
“The profile is created, then applications for credit or small loans are made until eventually an institution takes a chance and gives the applicant a loan,” she explained. Once the small loan is paid, applications for more credit are made with more institutions approving the applications based on the payment history. “It takes about two years to grow an identity and acquire the large dollar loan or credit line that is the fraudster’s goal.”
Even traditional identity theft has become more complex to monitor, said English. “Most identity theft fraud is a result of a data breach, but criminals know that organizations provide one year of monitoring to victims of the breach, so they sit on the information for one to two years before using the information,” she said. In most cases, people don’t choose to pay for ongoing monitoring after the free period has expired, so they are vulnerable.
“Credit unions must use artificial intelligence (AI) tools to monitor for complex fraud such as synthetic identity theft, but it is not always effective against theft following data breaches,” said English. “Because the breach provided all of the information typically used in questions used to test the identity of the person, the fraudsters have the answers.”
There is no one-size-fits-all technology solution for credit unions, but automated monitoring provides a foundation for the most success—if standards are constantly reviewed and revised to reflect changing trends in fraud. “An automated monitoring program is not something you can set and forget,” said Painter. “The goalposts to mitigate fraud are constantly moving, so you must continually revise standards.”
Although technology is a critical component of a fraud monitoring program, don’t forget to address the human element, recommended Painter. “We offer education to members on fraud, but we usually end up counseling them after the fact,” she said. Successful fraudsters present their scams as urgent and immediate because they don’t want their victims to think about what is being asked of them, so the best advice for members is the “five-second rule.” By telling members to take five seconds to think about the request and consider if it makes sense to them, people can protect themselves, she said.
In addition to educating members and staff on how to identify potential scams or identity theft, make sure you have the right number of people monitoring fraud in your organization, said English. “Unfortunately, the compliance and fraud department is often viewed as a cost center, which means it is the last department to get new staff positions,” she said. “As you bring in new business, remember that you are bringing in more accounts and transactions to monitor.”
While technology can help identify unusual activity, the actual investigation requires a person and time, said English. Over the next two years, she projects that she will add five to six people to her team that handles BSA and fraud activities.
The first step to mitigating fraud is to remember that fraud is about getting cash, pointed out Painter.
“The old school fraud involved stealing checks from mailboxes and changing names on the check, but today online transactions provide the easiest way for fraudsters to get cash,” she said. “Look at every service and program offered by the credit union and make sure you understand the inherent risk of each one.”
Fraud Info Resources
Go to www.nafcu.org/compliance for links to blogs, articles, whitepapers and other sources of information on mitigating the risk of fraud and regulations related to fraud.
Research Documents Rise in Fraud
In a NAFCU survey of members related to fraud, 42% of respondents reported a significant increase in fraud, and 100% reported at least some increase.
Survey respondents also reported that card online transactions, along with check and P2P, were the payment channels most likely to correspond with an increase in attempted fraud over the past year. For all three channels, most respondents reported that the dollar amount of losses had also increased, and a subset (16%) observed losses for card online transactions increase over the past year by over 100%. Fraud involving online card transactions was cited by 42% of respondents as the most difficult type of fraud to prevent, followed closely by P2P (39%).
NAFCU members can see a copy of the full report, at https://bit.ly/3Ykozdl.