In ongoing battle with cybercriminals, CUs turn to reinforcements
With fraud expected to cost financial institutions more than $2.7 billion in losses by the end of next year, credit unions may increasingly be turning to vendor partners to help strike the right balance of ease and security in the account-opening process.
That multi-billion figure comes courtesy of “Identity Verification: Successful Strategies to Minimize False Positives and Risk,” a new report from Melissa Data and Aite Group, which concluded that the financial services industry will have to continue to develop next-generation solutions if it hopes to keep pace with an evolving threat landscape.
The study’s release highlights the continuing problem fraud in the new-account process poses for financial institutions, particularly as credit unions continue to see growth in new memberships (though at a slower pace than in recent years).
In the report, Aite Group tracked fraud trends for both demand deposit accounts and credit cards. The Boston-based consultancy said the sheer volume of personal information available to criminals is a huge part of the problem. More than 13 billion data records have been lost or stolen over the past six years. Thieves can use that information to open accounts using several different techniques.
“Organized fraud rings create synthetic identities, which they nurture for months or years prior to using,” explained Shirley Inscoe, senior analyst for Aite Group, noting first, these rings obtain a mobile phone in the synthetic identity’s name so the “person” can be contacted. “Often, they will impersonate a card holder to get the identity added to an existing line of credit – but the true cardholder is unaware the identity has been added since there are no transactions conducted. This establishes a credit bureau file for the synthetic identity.”
After a period of time, the synthetic identity is used to apply for new accounts, cards or loans and, subsequently, fraud takes place, Inscoe continued. Because the identity exists in the third-party databases and credit bureaus, if a credit union checks during the application process, there are no red flags and the account usually is opened.
“Complex analytics can detect red flags by analyzing a lot of data across all the new applications and across all the credit union’s records,” Inscoe said.
And while credit unions may tout their ability to offer the same banking services as their competitors, Inscoe said there is one chief difference that could cause a problem for the industry.
“Credit unions don’t process volumes as high as large banks, but the concept is the same,” she said. “With online and mobile banking, credit unions are more likely to be targeted by fraud rings who know they don’t have as many fraud detection tools in place as large banks.”
Greg Brown, VP of marketing at Melissa Data, CUs must do a balancing act.
“Consumers are expecting opening an account to be easy and quick, but credit unions have to verify data,” he said. “We recommend different levels of identity verification. Something as simple as matching a name with an address is cost-effective. Then there is a sliding scale of verification, using multiple databases to check if all the data that is coming in can be verified. It is important to compare with watch lists and sanctions lists maintained by the U.S. government and the United Nations.”
Help is on the way?
The good news is that new tools are already being developed to fight fraud in the onboarding process.
Service Credit Union, a $3.6 billion-asset institution with a branch presence in New Hampshire, Massachusetts, North Dakota and U.S. military bases in Germany, has turned to cloud-based software from one of its vendor partners in order to ease friction in the account-opening process, including looking for more ways to involve the member.
David Weed, AVP of business services, explained that the system “has an integrated member portal that not only allows the member to submit loan and deposit opening documents, but further provides automated updates on the status of the loan or deposit opening process.” Among other benefits, he added, that helps boost security and “streamline” the onboarding process.
And vendors understand they need to deliver these services, Brown noted. He said the company hears from credit unions that want their platforms to be able to employ more layers of authentication. The company is currently developing additional layers of protection including biometrics and location intelligence tied to IP addresses.
“Eventually, more sophisticated biometrics will come into play, with facial recognition and fingerprint scanning,” he said. “With location intelligence, an easy thing to do is locate the region the mobile device IP address is coming from to determine if it is likely that the account information corresponds.”
For example, if the person setting up an account with a credit union in Orange County, Calif., appears to be creating an account online from Indiana, it can be flagged.
Aite Group’s Inscoe stressed the importance of ongoing investment in new technology. Along with the importance of utilizing biometrics and finding vendor partners that have a global footprint, she suggested turning to vendors using complex analytics and matching routines.
“Solutions for today’s environment must be robust or are easily defeated by organized fraud rings,” said Inscoe. “Machine learning and artificial intelligence are technologies that are proving to be very effective in combating fraud.”
Above all, she offered a reminder that credit unions are no longer just competing against other financial institutions – they also compete against technology firms that have created easy, convenient ways for consumers to do business. “A clunky application process will result in the applicant abandoning it and taking their business elsewhere.”