Prevent, Detect, And Monitor Online Fraud

Create an environment where fraud can be detected, prevented, monitored, and benchmarked against industry standards.

April 01, 2005
/ PRINT / ShareShare / Text Size +

To mitigate risk associated with online financial services, credit union policies and systemic controls should create an environment in which fraud can be prevented, detected, monitored, and benchmarked against industry standards.

According to 'Fraud Prevention Strategies for Internet Banking,' published by the

BITS Internet Fraud Working Group,, Washington, D.C., risk mitigation policies and controls should:

  • Require 'reasonable efforts' to be made to ascertain the true identity of individualmembers and/or the stated business purpose of each commercial enterprise with which theinstitution conducts business.
  • Have a 'know your member' policy that includes the following requirements forpersonal account opening: proper identification; validation of the member's residence orplace of business; consideration of the source of funds used to open an account; and checkingwith a service bureau for undesirable behavior such as insufficient funds or check kiting.
  • Have adequate ongoing monitoring systems in place to identify suspicioustransactions. These include monitoring transactions coming in and going out of depositaccounts using reports that identify a certain threshold history of the activity over aspecific time frame; creating reports that monitor large dollar deposits; and trackingautomated teller machine activity based on dollar thresholds over a certain timeframe.
  • Establish policies and train call center representatives to recognize memberimpersonation or 'pretext' calls. 'Pretext callers' are individuals who call a financialinstitution's call center posing as a member/customer or someone authorized to havemember/customer information to obtain confidential data. When these types of calls areidentified, the representative should deny the caller access to the information and reportthe incident.

For additional guidance, consult NCUA's Letter to Credit Unions No. 01-CU-09 regarding identity theft and pretext calling.

BITS recommends using the following new account opening strategies to deter online identity theft:

Application process

  • Limit timeframes during which applications must be completed to deter fraud operatorsfrom keeping an application open while researching member data;
  • Provide a secure channel for receipt of the member's data to prevent interception; and
  • Create an audit trail to assist in authenticating the customer at a later date.

Applicant authentication

  • Use a real-time process to determine whether the member is accurately representinghis/her identity;
  • Ask 'in-wallet' questions (i.e., request information from identification typicallyfound in a wallet, such as credit cards) to verify that data is correct and that the identity existsby comparing various data sources. (Used alone, in-wallet questions can't verify that the individualapplying for a new online account is actually who he/she purports to be.);
  • Ask 'out-of-wallet' questions, which are generated from information in an individual'scredit bureau report;
  • Use 'out-of-credit' questions that ask for information that can't be found on a creditreport, such as what high school the individual attended;
  • Provide standard field validations to ensure the member entered all of the informationon the application in the correct format;
  • Verify application data by providing checks against Social Security number and date ofbirth, comparing and verifying that the area code belongs with the state of residence, checking thedriver's license format, and confirming that both the former and current address fields are valid andmatch U.S. Postal Service mailing addresses;
  • Partner with third-party suppliers of application pattern recognition services (i.e., Websystem environment tracking, false address tracking, and so on); and
  • Integrate all 'know your customer' procedures into your online account opening process toensure that your online and offline account opening processes are consistent for auditing purposes.

After applicant approval

  • Wait for funding prior to opening an account;
  • Require that a signed application be on file;
  • Require member authentication to be completed in the branch or by contacting a callcenter;
  • Implement manual fraud screening on initial deposits, which can be done with imagescaptured by check processing equipment; and
  • Mail account verification only to the address supplied in the online application.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory ( will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive