Service vs. Security

Safety isn’t convenient, but members will be glad you’re acting in their best interest.

September 21, 2013
KEYWORDS funds , heloc , risk , security , transfer
/ PRINT / ShareShare / Text Size +

If your credit union accepts remote requests for wire transfers, make sure you’re taking steps to thwart criminals who are exploiting these transactions.

These criminals are targeting high-dollar home equity lines of credit (HELOCs). They impersonate members, requesting a large transfer from a HELOC to a checking account, then request a wire transfer from the checking account to another account, usually overseas.

Credit unions reported more than $25 million in losses from 2007 to 2012 due to wire/HELOC claims, according to CUNA Mutual Group. The average loss reported in 2012 was $175,000—but some totaled nearly $1 million.

Limiting this risk is a balancing act: You must weigh your desire for convenient service to members against your duty to protect their accounts from the bad guys.

As you weigh service against security, factor in the value of the trust you’ve built among your membership and community. Even if this type of loss is covered by insurance, losses that gain publicity through word of mouth, social media, or traditional news outlets can deal a significant hit to your credit union’s reputation.

Make criminals’ job harder

Depending on the needs of your membership, you may be able to virtually shut off this risk exposure by requiring members to make HELOC transfer requests and/or large dollar wire transfer requests in person.

This practice is heavily weighted toward safety and away from convenience—it simply may not be feasible for your membership.

But even if you choose not to cut off remote funds transfer requests, you can significantly reduce the risk exposure. Consider these steps:

Set a dollar threshold for remote funds transfer requests. You can either require the request to be in person above the threshold, or implement more strict verification procedures above the threshold.

Replace simple callbacks with a more rigorous verification system. Simply calling the phone number listed on the member’s account and asking to verify a funds transfer is no longer sufficient.

Thieves have found a number of ways to get around callbacks by call-forwarding the member’s phone numbers. The same holds true for emails, faxes, or internal messaging systems.

Scammers can reproduce signatures and notary seals with ease. They can even uncover the answers to your online banking security questions.

Seek expert advice on secure identity verification programs and consider passwords in addition to callbacks. This is called layered security.

Elevate high-risk transactions for management review and approval, and use a real-time fraud detection system to augment manual reviews (if you don’t already).

Also, train staff to monitor funds transfer requests for red flags. Signs of a potential scam include:

  • A wire transfer involving funds recently transferred from a HELOC;
  • The transfer is going to a foreign account;
  • The member has no history of funds transfers; and
  • The account’s password, email, or phone number has been changed recently.

Your procedures for handling funds transfers should be in writing. Employees who may handle these transactions should review the procedures at least once a year.

Unfortunately, safety isn’t always convenient—for employees or for members. But most members will understand that you’re acting in their best interest.

ROGER NETTIE is a senior risk consultant with CUNA Mutual Group. Contact him at 800-356-2644, ext. 6657154.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive