Tech Advances That Have Aided Fraud Can Also Fight It
Advances in technology have added to the impact of fraud on credit unions and other financial institutions. The best response, two analysts told CUNA Mutual's Discovery conference here, is to turn some of those same advances back on the perpetrators.
"From the information that is available on the Internet to scanners that can duplicate government-issued identification documents, technology has made it so easy for fraudsters to commit crimes," said Deborah Humbert, senior risk management specialist for CUNA Mutual Group. "So we'll fight technology with technology."
Humbert co-taught an educational session on "check fraud technology" with Jennifer Coughenour, vice president and national sales manager for Scottsdale, Ariz.-based Primary Payment Systems, a division of First Data Corp. In addition to check fraud, the two speakers discussed identity theft, new account fraud, ATM fraud and account takeover fraud. Coughenour introduced the audience to two technology devices that aid in the fight against these crimes.
According to statistics provided by the Federal Reserve, the U.S. Treasury and the FBI, the annual cost of check fraud alone approaches $20 billion. Forty-eight percent of fraudulent checks are forged, while 39% are fraudulently deposited.
"Those two are the biggest pieces of the pie, which tells us those are the two areas we need to concentrate on," said Humbert.
The number of forged and fraudulently deposited checks reached a peak in 2000 when credit unions reported more than 14,000. That year, Humbert said, CUs turned to third-party advisors in an effort to reduce the onslaught. The numbers have gone down each year since, but credit unions paid $28 million in 2003.
"That is less than previous years, but still way too much," Humbert declared.
One weapon in the fight against several forms of fraud is a data processing system designed to detect telltale signs such as: overdrawn accounts, excessive deposits, booster payments, and multiple deposits to accounts-especially multiple deposits at different branches or ATMs. Individual credit unions set their threshold for what constitutes a "large" deposit, as this number will vary greatly.
The same person should review the data processing reports each day so he or she will become familiar with usage patters at a particular branch. Just as important, said Humbert, is to develop a backup person for the times the primary reviewer is sick, traveling or on vacation. "Some credit unions just wait until the one person comes back, which doesn't work. One person can't read four or five days of reports all at once. It's too overwhelming," she said.
Most data processing systems automatically assign a "red flag" to new accounts. The time period can vary from 30 days to six months depending on various factors. According to Humbert, most fraudulent deposit schemes are perpetrated on new accounts within 180 days.
In some cases, CUs can use data processing programs to sniff out fraud from the data members supply on their applications. This includes identifying private mailboxes given as a street address, verifying the telephone prefix is "reasonable" for the person's given address and area code, identifying cellular phone numbers, verifying Social Security numbers are "good" or "impossible" combinations, detecting if the social security number is that of a deceased person, and verifying the year of issuance of the Social Security number matches the person's birth year.
Credit bureau reports also can be used to screen new accounts-even for share and share-draft accounts, Humbert said. High-risk members can be identified, and Empirica scores can be used to determine the level of services to offer. Humbert said there is a strong statistical correlation between low Empirica scores and negative share accounts.
"This helps credit unions see which accounts to put check holds on," she said. "It also helps weed out identity theft."
Humbert emphasized the importance of asking members who are opening new accounts to produce two forms of identification, at least one with a picture. She said a driver's license by itself is not enough, because "fake ID kits" are widely available on the Internet, or people can obtain a valid ID under fraudulent pretenses. Humbert told the audience to type "fake ID" into a Google search to see how many results are returned.
Coughenour then demonstrated IDLogix and DECISION CHEK MICR, two useful weapons in the war on fraud.
IDLogix is a handheld, wireless device that can detect invalid and counterfeit identification. It reads and stores electronic data contained within the magnetic stripe or bar code on a driver's license, military ID and other government-issued form of identification.
DECISION CHEK MICR is a microreader that verifies checks. It can be used at teller windows, or at new account opening. It compares the information printed on the check to a national shared database of 205 million checking accounts and 17-million stop payment records.
"Together, these two devices can help cut down on new account fraud," said Coughenour. "IDLogix can spot a tampered drivers license, and DECISION CHEK MICR allows a teller or someone at the new account desk to verify a check before the person is given cash back."