Every credit union is committed to making fraud prevention a top priority. In addition to endangering the trust of members and harming brand reputation, financial fraud comes with a high price tag. According to PaymentsJournal.com, “In 2018 fraud losses due to account takeover were around $4B. In 2021 this number has grown by more than 200% and is estimated to be over $12 billion.” Account takeovers are now by far the most popular way for thieves to attempt fraud against the customers of financial institutions.
What’s Behind This Upswing in Account Takeover Attempts?
According to data collected by Kaspersky, 54% of fraud related events hitting banks, credit card companies, and credit unions are attempted account takeovers. That’s up from 34% in 2019. The cybersecurity technology company offered a likely explanation, “The importance of digital financial services and e-commerce increased in 2020 with people spending more time at home as a result of the pandemic. Kaspersky experts suggest that, in turn, it caused a spike in social engineering techniques being exploited by cybercriminals.”
Mobile and online banking weren’t the only areas of increased remote interaction. Credit unions saw a significant upswing in call volume with the temporary closure of local branches. With more members than ever using the contact center as their primary point of contact, it was no longer possible for member service agents to respond to familiar faces at the teller window. Unfortunately, the traditional method of vetting member identity with security questions was becoming increasingly unreliable during this same time period.
Social Engineering and Data Breaches Are Putting Credit Union Members at Risk
Although the number of successful account takeovers remains low in the credit union industry, attempts are more frequent (and sophisticated) than ever. According to TruWest contact center manager, Katie McAttee, “On some occasions, we would get someone coming through that wasn’t the member. They would do social engineering to discover more of the right answers and then call back and get a different agent.”
According to Alacer, a risk consulting firm serving the banking industry, it’s not very difficult for fraudsters to work their way into a consumer’s inner circle where personal information is often freely shared on social platforms. “Account takeover sequences can be initiated through various means. Most often, the consumer or an employee of the targeted business is lured into opening email attachments or responding to social media friend requests, which often redirect the person to compromised websites.”
Data breaches are making fraud prevention even harder. Banc of California points to another common source of PPI, the purchase of stolen information including account numbers. “Account takeover attacks begin with fraudsters obtaining personal data, often starting by purchasing data leaked in a previous breach. They use that data to create targeted phishing scams to hack accounts.” According to Security Magazine, in 2021 alone there were 4,145 publicly disclosed breaches that exposed over 22 billion records. 2020 set an all-time high of 37.2 billion records exposed.
Best Methods for Credit Union Fraud Prevention in the Contact Center
The National Credit Union Association provides a robust set of insights around education, training, policies, and procedures to help credit unions mitigate risk and prevent fraudulent activity. This includes resources to educate members about current scams so they can help protect themselves. But proactively shielding members also entails the use of updated technology within modern financial institutions.
Multi-factor authentication remains one of the best practices for preventing account takeovers and safeguarding members. The variety of available methods includes knowledge based authentication (KBA), one-time passcodes or related methods that rely on access to the member’s computer or smartphone, and biometric authentication. Of the three, biometrics remain the most secure, since they are based on immutable characteristics that are unique to the member.
Security questions are the most vulnerable to social engineering and data breaches. Mobile apps and one-time codes can provide an added layer of security, but it is possible for hackers to remotely intercept these codes. Biometrics have so far proven to be very difficult to circumvent or successfully imitate.
Facial and fingerprint recognition can be used for mobile banking access, while voice authentication is the obvious choice for identity verification in the call center because it can be layered into existing telephony platforms. Solutions that integrate easily with existing systems can be deployed at an affordable price point for credit unions and community banks that want a more secure and reliable way to prevent account takeovers..
Learn more about voice verification for fraud prevention in credit union call centers here.