New year, new fraud risks
One New Jersey-based credit union is starting 2018 with an unexpected crash course on fraud prevention.
During the holiday season, $218 million-asset North Jersey Federal Credit Union dealt with a scammer who mailed out counterfeit cashiers checks drawn from the credit union.
According to Jeannette C. Cisero, VP of compliance, security and technology, NJFCU officials first became aware of the issue when the call center reps began receiving phone calls from non-members asking to confirm the authenticity of checks they’d received in the mail.
The culprit was not caught since the check sender’s name was the same as person that received a check in the mail. “The scammer is hiding behind a valid customer mailing list that was compromised somewhere,” noted Cisero.
Luckily, North Jersey FCU suffered zero losses from these fraudulent acts since the credit union uses Positive Pay to monitors the check numbers and amounts on all checks that the credit union cuts, a program the credit union purchased “years ago” in order to prevent potential losses due to check fraud.
“The fraudulent checks had valid check, routing and account numbers, however, the amounts did not match the electronic register for our accounts, so they were rejected and then returned,” Cisero explained.
While Cisero noted that payments fraud usually spikes during the holiday season, it remains a year-round problem for credit unions. Indeed, the National Credit Union Administration issued a warning last spring about fake check scams.
John Buzzard, account executive and fraud specialist at CO-OP Financial Services, said the increase in routine non-fraudulent transactions during Christmas provides an “excellent forest of subterfuge for criminals to literally hide in plain sight.”
The bigger issue, he noted, is that payment fraud is shifting from brick-and-mortar instances to card-not-present channels due to more widespread adoption of EMV-enabled plastic.
“The shift to chip-enabled technology isn’t happening as fast as we would like,” Buzzard added. “As a result, there has been a slower burn-through of payments cards used in card-present fraud schemes like card-skimming, counterfeiting and subsequent fraudulent purchases. That is in tandem with the ramping up of card-not-present fraud.”
Ken Otsuka, CUNA Mutual Group senior consultant, risk and compliance solutions, noted that while statistics show fraud increasing during the holidays, it remains a year-round concern for the credit union industry. “Some forms of payments fraud, such as checks, wire transfers and plastic card, have been around for years, while others are emerging,” he warned. “For instance, plastic card fraud has been a problem for several years and will continue until credit unions are fully EMV-compliant.”
In addition, Otsuka stated, Automated Clearing House payments are an emerging area of fraud as more credit unions are introducing ACH transactional services to members.
“Wire transfer fraud is still a high-loss area for credit unions,” added Otsuka. “Fraudsters continue to impersonate members to request wire transfers from member accounts, many of which are funded by advances against members’ line-of-credit loans.”
Otsuka also said he is seeing new twists to wire scams, such as the CEO email fraud scam (also known as “business email compromise”).
“Another new wire scam impacting credit unions involve wire transfers for real estate loan closings where the fraudsters impersonate a closing agent and sends spoofed emails containing ‘updated wire instructions’ to either the member or credit union,” he offered.
Otsuka asserted that check fraud has been one of the most prevalent forms of payments fraud ever since check printing software first hit the marketplace. “Anyone can manufacture near-perfect counterfeit checks using their home computer,” he said. ”A newer counterfeit check scheme involves counterfeit checks drawn on member HELOCs. Counterfeit HELOC checks are particularly concerning since a loss from a single counterfeit item can be [as high as] six figures.”
Light at the end of the tunnel?
There may be some good news, though. According to Lou Grilli, director of payments strategy at Trellance (a CUSO born out of CSCU), payments fraud in general is on the decline. Grilli cited Trellance’s own data, which found that in the third quarter of 2017, of all the fraud detected on the card base, 18 percent of that fraud was conducted via counterfeiting.
“This is down from 28 percent in the third quarter of 2016,“ he said. “The trend is that fraud is shifting away from counterfeiting to other, more sophisticated forms of fraud.”
But this drop, he adds, would lead to a conclusion that “if fraud is down at the point-of-sale, it must be up for online e-commerce transactions.”
Even if fraud is slowing, however, it’s still difficult – if not impossible – to accurately measure total annual losses incurred by credit unions.
“It’s reasonable to say that across the entire population of credit unions in the U.S. there could be millions of dollars lost to fraud on the whole annually, but specific numbers simply aren’t ... available,” said Buzzard. “This isn’t dramatically different to what the experience is like at banks. Criminals do not have a preference for one over the other. They simply prefer to run a variety of schemes across all channels to net the highest return-on-investment for their criminal operations.”
Solving the problem
Stopping the problem, experts say – or at least containing it – will require a mix of new-school technologies and old-school member education.
North Jersey FCU’s Cisero said she believes automating payments would help lower the risk exposure – however, she cautioned that if new payment instructions were accepted from someone else beside the account holder, “we still would experience a loss.”
CO-OP’s Buzzard proposed that credit unions have a variety of tools in their arsenals to prevent fraud. “The best examples of savvy fraud prevention techniques involve a layered-on approach that includes real-time fraud analytics to stop fraud within the authorization stream,” he explained.
“Increasingly…machine learning is proving itself to be a powerful weapon in the fraud-prevention realm when it’s paired with existing fraud analytics tools to create this ‘one-two punch’ of predictive analytics and classic fraud rule strategies. The cherry on top of this layered approach to fraud prevention is the new focus on transparency down to the consumer level.”
For more on fraud prevention strategies, click here.