NAFCU Services Blog

By Ann Davidson, Vice President of Risk Consulting, Allied Solutions

Due to an increase in online shopping in 2020 and 2021, card not present fraud has grown exponentially. With more credit union staff working remote than ever before, employee fraud and business email breaches are on the rise. One in five Americans are now using payment applications such as Zelle, Venmo, and PayPal, and fraud in this space was up 300% this summer. Additionally, social media quizzes and challenges allow for account security question answers to be easily guessed by fraudsters. More and more, the bad actors are posing as the credit union to deceive the member and are getting increasingly creative in their tactics.

While the fraud facts are sobering, with holistic best practices, credit unions can safeguard against various types of fraud.

Here are 5 best practices with an easy-to-remember FRAUD acrostic:

Friends and family only: This is the crucial rule of thumb for using person-to-person payment apps. Even if your credit union does not offer and promote a particular payment app, members can still download the app and link it to their debit card. The likelihood of information and money being stolen goes up drastically when your member uses payment apps outside of friends and family.

Reinforce members’ options to help protect their account. Educating members on the layers of protection in place for their information’s security can help them leverage options like travel alerts, text message alerts if a transaction occurs outside their typical radius, or a secure account passcode.

Authentication: The layers of authentication are ever so critical. Layers of authentication can include:

• Dynamic authentication (i.e. Apple Pay) versus cards’ static magnetic strips
• Biometrics can be utilized for authenticating remote credit union employees
• Tokenizing the 16-digit card number or members’ account numbers
• Set strong password requirements for online banking
• Implement checks and balances for member approvals
• Review funding mechanisms for new accounts
• Centralize data to quickly spot inaccuracies and red flags of fraud
• Report merchants that permit card fallback

Utilize 3D Secure: This is a fraud-detection protocol used by Visa, MasterCard, and Discover. Many credit unions aren’t aware that they opted out of the program when it was implemented in 2001. Ensure your credit union is on the latest version of 3D Secure to best protect against card not present transaction fraud.

Dollar limits: Limiting the daily dollars spent on credit and debit cards and capping the number of transactions are two significant risk mitigation tools. Daily dollar limits should be explained to the member at the time of account opening. For a positive member experience, accountholders can let your institution know when they are making a large purchase and need the limit temporarily lifted. Daily dollar limits should be in place for both credit and debit cards.

As the bad actors expand their reach, credit unions can stay one step ahead by ensuring tight processes in every area of the business. Credit unions should identify, validate and confirm what layers of security they have in place, and work toward a holistic risk strategy to help catch fraud at the onset.

For more information and fraud-fighting tips, check out our recent podcast series.