Beware the Inside Job

Core processors warn CUs about the threat of internal fraud.

September 02, 2011
/ PRINT / ShareShare / Text Size +

Mobile safety

Looking at potential new security concerns, Messier says credit unions should keep an eye on remote deposit capture and the expanding number of channels for financial transactions.

“The good news is that some channels will actually decrease the amount of fraud,” he says. “For example, mobile is a strong point of authentication so we could see less fraud with that channel. Also, it’s easier and faster for mobile users to get alerts about their accounts—minutes versus hours or even days.”

Messier says, however, that credit unions should not forget:

  • Text is notoriously unsecure;
  • Websites are in the middle regarding security; and
  • Downloadable apps are the best and most secure way to do mobile banking. The apps are free and the proliferation of smart phones means they’re getting out there quickly and abundantly.

One problem, however, is that people include personal information on social networking sites that can be used against them, Messier notes. “Some members, for example, casually let slip answers to the challenge questions credit unions ask to authenticate users such as ‘What was your mother’s maiden name’ or ‘What street did you grow up on?’ ”

Wire transfer scams

There was a “significant resurgence” in wire transfer scams in 2010, particularly those involving home equity lines of credit (HELOC), says Brad Mundine, senior manager, credit union protection risk management, for CUNA Mutual Group. And he expects that trend to continue.

Typically with this type of fraud, transfers are requested over the phone, a portion of the funds are pulled from the member’s HELOC, and the wire is sent to a foreign bank, Mundine explains.

Credit unions can reduce wire transfer risks through a variety of mechanisms, says Dave Selina, Fiserv segment executive. He cites Fiserv’s WireXchange solution for completing end-to-end wire transfers.

WireXchange offers both multifactor and multilayered solutions that improve security, with options customizable to the credit union’s specific security policies and requirements, Selina explains.

It also provides a variety of tools to help minimize fraud, including the ability to red-flag transactions for review prior to release; reports that monitor activity in real-time; various security authorization options; and scanning of all wires for Office of Foreign Assets Control compliance.

“To reduce internal fraud risks, dual controls are required to complete select wire-related tasks,” he says.

Tanner says core processors have been good about disseminating best practices, listening to clients’ suggestions and concerns, and providing useful information because it’s in everyone’s best interests.

“Credit unions should take advantage of security seminars, training, and the latest updates,” he says. “They should understand current and evolving threats, and always ask questions. Chances are good that others have asked these questions and that answers are readily available.”


CUNA Strategic Services alliance providers:

  1. 3SI Security Systems
  2. Agility Recovery
  3. Diebold
  4. Intersections
  5. Ongoing Operations
  6. Perimeter E-Security
  7. Switch SuperNAP
  8. TraceSecurity
  9. Verafin

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive