Fraud is not going away, and criminals are working harder and becoming more sophisticated in their quest to steal from businesses, financial institutions, and individuals. To thwart their activities, credit unions should rethink their approach to managing fraud risk by adopting an Enterprise Fraud Management strategy, a CUNA Mutual risk manager said Wednesday.
Ann Davidson, senior risk management consultant, told an America’s Credit Union Conference Discovery breakout audience that means no longer “silo monitoring” fraud within each product area of a credit union.
“Enterprise Fraud Management coordinates fraud detection and prevention efforts across the entire business enterprise, and it establishes a framework for enterprise-wide deployment of fraud resources,” Davidson says.
It enables a credit union to gather and cross-match fraud-relevant data from all product lines, organizational units, and geographic regions of the enterprise. It will prepare credit unions to “connect the dots and spot large-scale fraud attacks early in their life cycle,” she says.
Rather than having individuals working in siloed areas, Enterprise Fraud Management uses highly skilled and motivated fraud teams that prioritize fraud alerts based on the level of risk they pose to the entire credit union. Teams can plan and execute focused countermeasures to combat large-scale attacks.
Despite preventive efforts, what if fraud still occurs?
“It’s not a matter of ‘if’ but ‘when’ you are attacked,” Davidson warns. Getting to the root cause of fraud is critical. Know what controls are already in place and where there may be gaps.
Davidson provided an update of the most popular fraud schemes being perpetrated and best practices for minimizing risks. The most common schemes include:
- Card fraud, including skimming, phishing via e-mail, phone and text, and kiting between business and consumer cards;
- Wire fraud by phone, fax, or e-mail;
- Insider dealings (e.g., embezzlement); and
- Data breaches and system intrusions.
“This is the year of the cyber vandals,” she says. “Assaults can come from anywhere in the world, they’re difficult to nab, and they use multiple computers to cover their tracks.”
To help combat system intrusions, Davidson advises the following:
- Use antivirus software and update it often;
- Use a hard-to-guess password containing a mix of numbers and letters. The longer the password, the harder it is to compromise;
- Use different passwords for different websites and applications to keep hackers guessing;
- Install firewall software to screen traffic;
- Leave e-mail attachments unopened unless you know the source; and
- Use a dedicated computer for the incoming/outgoing of funds by the credit union.
Regardless of how the fraudsters get in, their end game is financial gain, and how they accomplish that continues to evolve. Fraud prevention measures are vital, but knowing where fraud is occurring and plugging the hole is even more important.
“It’s sort of like misplacing the lid to the candy jar in a roomful of kids,” Davidson says. “Until you find it and screw it back on, the candy’s going to keep disappearing.”