NAFCU Services Blog

By Ann Davidson, Vice President | Risk Consulting, Allied Solutions

As shared during our recent webinar, 2021 Fraud Crystal Ball, credit unions continue to face security risks from experienced bad actors. Member attacks are becoming more frequent and creative, and it’s important to stay educated about the types of fraud credit unions are experiencing and best practices for prevention.

As these attacks grow in sophistication, and more credit unions turn to digital and mobile tools, authentication protection measures will become increasingly important in protecting member data and securing against data breaches. Bad actors will continue to push and test for new opportunities, so it’s important credit unions continue to be vigilant in their methods to find weak links in their own security and authentication protocols.

In 2021, it’s key that credit unions stay proactive with prevention, authentication, and education strategies to help mitigate attacks, no matter the cause!

Common Fraud Types Expected in 2021

• COVID-Related Attacks: These include unemployment insurance fraud, consumer scams, charity scams, sweetheart scams, elder fraud, online shopping scams, and SBA loan fraud.
• Payment App Fraud: Consumers are being tricked into giving out personal information or having their information stolen through phishing and vishing (voice phishing). Scammers obtain necessary information to create an account on a payment app and break through authentication layers. Common payment apps are Zelle, Venmo, Cash App, Apple, and Facebook Cash, among others.
• Authentication Fraud & ID Theft: Criminals are stealing identities to open new accounts or take over existing accounts. This is especially common when weak authentication layers are in place for identifying individuals.
• Payment Card Fraud: Fraud is being reported with 3DSecure-related card-not-present fraud, card-present skimming through fallback fraud, and fraud from multiple same-day authorizations when funding limits are not in place.
• Paper Check Fraud (Corporate, Cashier, Consumer, and Business Checks): Paper check fraud occurs on no-limit accounts or high-limit accounts, or when checks are being counterfeited.
• Phishing Attacks: These attacks continue to evolve to include call centers, online logins, employees inadvertently sharing secure information, and information change requests. Passwords are a known weak link and continue to be exploited at alarming rates.

8 Best Prevention Tactics for 2021

As institutions investigate their risk exposure in 2021, consider these best practices to continue keeping your members’ data secure and their finances protected.

1. Educate members about how they can detect and report fraud by sharing known scams and important red flags to watch.
2. Advise members to monitor their accounts daily.
3. Educate employees across departments to look for important warning signs that might suggest fraud and appropriate ways to report and authenticate necessary information.
4. Implement strong authentication strategies for new and existing accounts, such as dynamic, knowledge-based authentication questions that provide layers of security, for all requests and transactions.
5. Require complex passwords for online and in-person account requests.
6. Push vendors to perform consumer authentication prior to ACH credit going out.
7. Set daily dollar and number-of-transaction limits for transactions processed through debit cards.
8. When fraud does occur, make sure to dedicate resources to finding out why it occurred and how it can be prevented in the future.

For more ways to educate your borrowers, download our Consumer Scam Prevention Risk Checklist.