Criminals Rethinking Strategies, And, As Result, CUs Must, Too
SAN ANTONIO-Criminals aren't getting any dumber, and in fact are working harder than ever.
For credit unions that means a need to rethink their approach to managing fraud risk by adopting an Enterprise Fraud Management strategy, according to a risk manager with CUNA Mutual Group.
Ann Davidson, senior risk management consultant, told an America's Credit Union Conference Discovery breakout audience that means no longer "silo monitoring" fraud within each product area of a credit union.
"Enterprise Fraud Management coordinates fraud detection and prevention efforts across the entire business enterprise, and it establishes a framework for enterprise-wide deployment of fraud resources," Davidson said.
The strategy enables a credit union to gather and cross-match fraud-relevant data from all product lines, organizational units and geographic regions of the enterprise, Davidson said. It will prepare credit unions to "connect the dots and spot large-scale fraud attacks early in their life cycle," she said.
Rather than having individuals working in siloed areas, Enterprise Fraud Management uses highly skilled and motivated fraud teams that prioritize fraud alerts based on the level of risk they pose to the entire credit union. Teams can plan and execute focused countermeasures to combat large-scale attacks.
Despite preventative efforts, what if fraud still occurs?
"It's not a matter of 'if', but 'when' you are attacked," Davidson adding, that getting to the root cause of fraud is critical. Know what controls are already in place and where there may be gaps.
Davidson provided an update of the most popular fraud schemes being perpetrated and best practices for minimizing risks. The most common schemes include:
* Card fraud, including skimming, phishing via e-mail, phone and text, and kiting between business and consumer cards.
* Wire fraud by phone fax or e-mail.
* Insider dealings (embezzlement).
* Data breaches and system intrusions.
"2011 is the year of the cyber vandals. Assaults can come from anywhere in the world, they're difficult to nab, and they use multiple computers to cover their tracks."
To help combat system intrusions, Davidson recommended the following:
* Use antivirus software and update it often.
* Use a hard-to-guess password - containing a mix of numbers and letters - the longer the password the harder it is to compromise.
* Use different passwords for different websites and applications to keep hackers guessing.
* Install firewall software to screen traffic.
* Don't open e-mail attachments unless you know the source.
* Utilize a dedicated computer for the incoming/outgoing of funds by the credit union.
Regardless of how the fraudsters get in, their end game is financial gain, and how they accomplish that continues to evolve, Davidson said. Fraud prevention measures are vital, but knowing where fraud is occurring and plugging the hole is even more important.
"It's sort of like misplacing the lid to the candy jar in a roomful of kids. Until you find it and screw it back on, the candy's going to keep disappearing."