The risks associated with certain transactions made it difficult and expensive for Chevron Federal Credit Union to serve its customers, so the institution turned to behavioral analytics — and eliminated its online fraud.
In changing its approach to online fraud, Chevron was adapting to an issue many financial companies face: fraudsters continuously adapt to find weaknesses in any security system, making it more expensive and more time-consuming for financial institutions to keep up.
To get ahead of the fraudsters, Chevron installed a Guardian Analytics system in the first week of 2010, said Sachin Kundra, Chevron's vice president of information systems and technology. "Since we've implemented the system, we've had zero actual fraud losses occur in the online channel," compared to up to 15 cases a year previously, he said in September. And "that number was increasing, month after month," until Chevron put a stop to it.
This year, the Oakland, Calif., company found 22 cases of potential online fraud that Guardian's system stopped. It estimated its potential fraud losses from these cases at more than $800,000; Kundra would not say what the credit union's actual fraud losses were before that.
The benefits went beyond stopping fraud. Chevron Federal was also able to expand the range of services it can offer members by switching on certain types of transactions it had earlier deemed too risky.
In particular, Guardian Analytics' system allowed a major change in how Chevron handles wire transfers.
It faced what Kundra said were "huge wire-transfer frauds," particularly as fraudsters were quick to adapt to any change the credit union made to protect itself.
Chevron wanted to let anyone initiate a wire transfer of less than $10,000 without having to be phoned for additional verification. The fraudsters realized that, so they snuck in transfers just under the limit, prompting Chevron to repeatedly reduce the limit in what Kundra described as "a cat-and-mouse game," until the limit was $4,000.
"We had staff sitting in operations … paid staff that we had to bring in and sit there all day and call back every wire transfer that came in" under $4,000, he said. These people were calling members for nearly "every single wire transfer request that came in, 16 hours a day and five days a week — that actually adds up," he said.
Its old methods of authentication were ineffective on their own, Kundra said.
"Fraudsters out there had account info for members, and they had answers to their challenge questions, … so having the Guardian system, being able to really decipher to some degree of confidence that this is something" authorized, was a huge improvement, he said.
With Guardian's system vetting online requests, "we pulled that limit from $4,000 back to its $10,000 limit — anything less than $10,000, we can let it slide because we have some confidence" that the person requesting the transfer is authorized to send the money, Kundra said.
Guardian Analytics examines online banking behavior to determine which actions are legitimate and which signal fraud.
It said that Chevron's example is not unique — another credit union on the East Coast used Guardian's system to identify 75 compromised accounts last year, blocking potential losses of $15 million.
Another client, a large business bank, stopped 80 fraudulent automated clearing house payments that would have aggregated to $800,000. A credit union client stopped a fraudulent home equity line of credit worth $700,000.
Guardian's system examines the characteristics of each individual's typical online activity, creating a behavioral profile for each customer of a financial institution.
