With Halloween just around the corner, here’s a scary statistic: The cost of fraud at financial institutions has risen nearly 10 percent in just one year.
That’s according to the 2018 “True Cost of Fraud – Financial Services Report” from LexisNexis Risk Solutions, which revealed every dollar of fraud costs FIs $2.92 – a 9.3 percent increase from 2017, when it was $2.67 per dollar.
“The growth of new digital and mobile channels, and the increased fraud that comes with them, means that financial institutions must find the right approach to deal with this issue,” stated Kimberly Sutherland, senior director, fraud and identity management strategy, at LexisNexis Risk Solutions.
The report surveyed 175 executives working in fraud and risk divisions across the financial services spectrum, including at credit unions, retail and commercial banks, trusts and wealth management firms and more.
So how can credit unions lower those fraud costs? According to Sutherland, a multi-layered risk model can help lower costs when protecting against identity and transaction-related fraud.
“There is no one-size-fits-all solution to fraud and having a strong detection and prevention system in place decreases the likelihood of customer friction and lost current and future business,” noted Sutherland.
Given those sobering costs, fraud and fraud prevention were hot topics at the annual CUNA Technology Council conference, held recently in San Francisco.
According to Paul Wilson, product manager for Cytera, a Miami-based security infrastructure company, one of the next big steps could be the end of passwords as institutions look for more ways to create a frictionless security experience for the end user.
“There is a lot of buzz about password-less access,” said Wilson. “We have been hearing about the end of the password era for years, but it looks like we are much closer now and banks are credit unions are starting to realize how effective it can be.”
For credit unions specifically, Wilson said, these sorts of metrics are easy to implement, especially from a mobile banking perspective.
“As always, the fraudster will go for the weakest link, so CUs will need to rely on security options that gives users the positive experience they expect in the era of ‘easy-access everything,’” he said.
Cyber strategies
With October designated as Cybersecurity Awareness Month, analysts recommended a variety of metrics credit unions should be focusing on – two of which go hand-in-hand, said Keaton Tanzer, business development manager for the Cheney, Wash.-based Rivial Data Security.
“The first metric is more about timing than content. Compliance with FFIEC/ACET controls is a common measure in today’s credit union via independent IT audits and NCUA/state exams,” said Tanzer. “But measuring compliance once or twice per year is not effective protection. Credit unions should implement simple procedures to measure compliance as controls are implemented.”
The second metric, he said, is “an ongoing measure of overall IT risk,” which should be an aggregate of individual risks on information systems across the credit union.
“This measure is a better representation of cybersecurity specific to the environment, rather than a generic set of IT controls,” explained Tanzer. “More preventive measures and less policies, so to speak.”
Identity fraud, including synthetic identify fraud, remains among the biggest threats to financial institutions, according to the LexisNexis report, particularly in larger institutions with revenues exceeding $50 million – a metric most (if not all) credit unions fall well below. Synthetic identity theft is the practice of using real data like a social security number with a fraudulent alias.
Still, LexisNexis found that 61 percent of fraud losses come from identify fraud, while 20 percent of the fraud seen at larger institutions was due to synthetic identity fraud.
“Continuing the trend of prior years, the cost of fraud continues to rise for global financial institutions, particularly in the digital and international transaction spaces, while these firms are working to combat fraud, they are not doing so in the most optimal way,” noted Sutherland. “Fraudsters continuously test for the weakest entry point in the financial transaction system and these institutions should apply a multi-layered approach to fraud prevention to combat this growing issue.”
Assessing the competition
Since cyber fraud is present in all industries—from health care to insurance to banking – every organization has to remain vigilant and forward-leaning.
So how to CUs’ cyber defenses stack up? According to Tanzer, they’re on level ground with the competition.
“We work almost exclusively with financial institutions. So I can’t speak to other industries in relation to cybersecurity efforts, but I would say banks and credit unions are very similar on average. Neither banks nor credit unions do a better job overall from what we can tell,” he said. “The primary difference between organizations is the approach to security by board of directors. Some care about protecting member information, others just want to do the minimum to check the compliance box.”
