The perpetrators of payments fraud never take a day off. They are reliably relentless in their criminal mission to separate people and companies from their valuables. Fraudsters start with deception and data theft to acquire the keys that ultimately unlock a treasure chest of assets that they then peddle on the dark market. And when these digital pirates who troll the cyber seas are thwarted in one of their attacks, they simply adapt and move on to another, perhaps more vulnerable target.
The fraud network is an elaborate and illicit underworld exchange. The precious commodity of confidential information ― Social Security numbers, account numbers, passwords and more ― is auctioned, bought, and sold for profit at the expense of the owners (and protectors) of the data.
The devious techniques used by fraudsters continue to evolve. The methods and tools we use to detect and prevent fraud today may no longer be as effective or comprehensive as the ones we need tomorrow. Instead of waiting for the next attack, proactively addressing emerging fraud threats can dramatically reduce the number of fraudulent transactions and mitigate fraud losses.
Credit unions should adapt their risk management strategies to account for these two relatively new types of fraud:
Loyalty Redemption Fraud
A fast-growing trend globally, loyalty fraud is a way for fraudsters to launder money by stealing and then reselling rewards points or goods. It targets the loyalty rewards points members accumulate from their debit and credit card transactions. Loyalty fraud costs more than redemption points, and it carries a potential negative impact to the credit union’s reputation and brand.
PSCU recently announced deployment of new technology to minimize loyalty rewards redemption fraud for all CURewards credit unions. The platform uses an advanced authentication process to validate all entities in the points redemption loop ― the device, the member, and the redemption transaction.
The tool detects suspicious activity through digital risk-engine rules that block and eliminate: blacklisted devices, inconsistent location indicators, suspect form-filling behaviors, and multiple redemptions under different identities from a single device. The tool was instrumental in blocking 11 attempts of fraudulent redemptions worth 1.2 million points during its pilot phase of implementation.
Caller Authentication Fraud
Call center fraud happens when criminals use the phone channel to impersonate consumers to gain access to their account funds and sensitive data. More than 61% of fraud starts with a phone call, and the voice channel accounted for more than $10 billion in fraud in the U.S. in 2016.
Pindrop is a fintech pioneer in voice security and caller authentication. The company’s patented Phoneprinting technology analyzes calls to identify malicious behavior and verify legitimate members. It analyzes nearly 150 characteristics of a call to create a unique audio “fingerprint” that reveals the type of phone the caller is using, the geographic location of the call’s origin, and whether the caller has been “seen” before.
Pindrop’s technology stops 80% of all phone fraud with less than a 1% false positive rate. PSCU recently became the first credit union service provider to contract with Pindrop to use its proprietary platform to fight call center authentication fraud.
It is imperative that credit unions and their partners protect every transaction across multiple payment channels and points of interaction. Continued investment in the strongest risk management tools and practices available is essential in protecting members from the potential financial and reputational damage associated with fraud.
Identifying fraud attempts early on can reduce costs associated with the fraud lifecycle, which makes early detection more important than ever.
In 2016, PSCU analyzed and scored 2.1 billion individual transactions for the presence of fraud and investigated 1.7 million transactions based on alerts generated by its fraud detection platform. The company reported savings for its Owners of more than $300 million in losses in 2015 and 2016 by nullifying fraudulent transactions directly at the point of attempt, as well as industry-leading fraud-to-sales ratios and above industry average fraud recovery rates for credit and debit cards. PSCU processed 365,000 fraud cases in loss recovery efforts in 2016 for its Owner credit unions.
Credit unions can leverage the scale and buying power of their partners to shore up their own risk management strategy and protocol. Working with these partners to identify and address emerging fraud trends like loyalty redemption fraud and caller authentication fraud can go a long way toward not only preventing fraud, but also to creating a more seamless and fulfilling member service experience.
Jack Lynch serves as Senior Vice President, Chief Risk Officer leading PSCU’s Fraud and Risk Management Operations Area. Jack has over 25 years of leadership experience delivering operational services, project management, client implementations, process re-engineering, account management, training, and technology services.