Top-Level Takeaways
- Nearly 80% of credit unions and community banks experienced more than $500,000 in direct fraud losses last year.
- Cross-organizational support and information sharing can improve vigilance and defense strategies.
A 2024 report from Alloy found nearly 80% of credit unions and community banks lost more than $500,000 in direct fraud losses last year — higher than the amount reported by credit unions, banks, and fintechs all together.
To protect the enterprise, its members, and their information, Lake Trust Credit Union ($2.7B, Brighton, MI) created a cross-functional team focused on security, fraud, and related initiatives.
Here, Omari Boone, general counsel and chief risk officer, and Razi Qadri, chief information and operations officer talk about sharing information, organizational support, and more.
What are the Security Committee’s primary responsibilities and daily functions?
Razi Qadri: The committee operates as a cross-functional team. We discuss information security and fraud trends and the status of fraud- and security-related initiatives. Team members are individually responsible for their functions listed above. The larger team meets once a quarter to discuss trends and address issues, whereas the core team meets more frequently as needed.
Who comprises the Security Committee? What expertise do they bring to the table?
RQ: The core team comprises information security, risk management, information technology, and fraud/loss prevention. Corporate services, accounting/finance, and onstage leadership also participate to share information. Committee members are mostly senior managers who are responsible for making decisions and leading their teams in response to any event.
Employees from multiple departments work together to mitigate fraud, reduce response times, and improve member satisfaction. Learn more in “How Langley FCU Reduced Fraud Incidents By 25%.”
When did Lake Trust establish the Security Committee? Has it changed or grown?
Omari Boone: We’ve had a traditional fraud mitigation team for more than 20 years, but we created this cross-functional team around 2017 to integrate information security, physical security, and fraud for information sharing and organizational support. The team was expanded in 2023 to include corporate services, accounting/finance, and onstage leadership, which has improved the information flow to and from the committee.
What types of fraud or malicious activities does the team focus on preventing or mitigating?
OB: Cyber events, phishing campaigns, account takeover, email compromise, and elder abuse trends. Of course, we have an incident response process that involves more front-line staff to address specific events.
What strategies or tools does the team use to detect and prevent fraudulent activities?
RQ: We use Verifin, Rembrandt, and IT-monitoring tools like SEIM and SolarWinds. We’re also partners with Rapid 7 for 24/7 monitoring.
3 Ways To Practice Vigilance
Omari Boone, general counsel and chief risk officer at Lake Trust Credit Union, shares the fraud-detection practices that resonate to him as a chief risk officer.
-
Communicate often and in novel ways to members and staff about current fraud and information security threats.
-
Practice incident response processes, table-top exercises, and business continuity and disaster recovery exercises with fraud and information security themes.
-
Learn from others’ experiences. Identify attack vectors and fraud techniques that have been used against other financial institutions and analyze how the credit union’s processes and procedures would have addressed them. Use that process to improve its security posture.
What are some success stories that demonstrate the effectiveness of the anti-fraud team?
OB: The team’s biggest success has been the improvement of communication and awareness for the organization. Having this team has helped to coordinate responses to fraud campaigns, especially those that involve digital elements like spoofed websites or larger-scale phishing campaigns.
How does the team stay up to date on emerging fraud trends and evolving cyber threats?
OB: We’re members of information security-focused industry groups — like the National Credit Union ISAO and the Financial Services Information Sharing and Analysis Center (FS-ISAC) — and fraud-focused groups such as the Association of Certified Fraud Examiners (ACFE) and International Association of Financial Crimes Investigators (IAFCI). We also participate with local fraud-information sharing groups.
How does the anti-fraud team communicate and educate members about fraud risks?
OB: The larger committee meets quarterly. Information is cascaded from those meetings as well as shared in newsletters and articles on the website for our members and internal communications and training for our team.
Looking ahead, what challenges and opportunities do you foresee for the team as fraud techniques evolve?
RQ: Targeted attacks, ransomware, sophisticated phishing schemes and business email compromise attempts. The availability of cheap and powerful AI tools combined with the prevalence of personal data released from large scale breaches like the National Public Data (NPD) breach will make social engineering attacks more difficult to defend.
What’s the biggest takeaway other credit unions can learn from your experience with your team?
RQ: Don’t get complacent. The fraud and information security threat environments are always evolving. It’s important not to assume your defenses are sufficient because you haven’t had an incident recently. It’s important to continue to improve your protection against current threats and prepare for emerging threats.
This interview has been edited and condensed.
What Can You Learn From Like-Minded Leaders? Credit unions are responding to the evolving needs of members with a variety of products and services … and they are putting the proper guardrails in place to do so. Callahan Roundtables put leaders in the same room to share solutions, solicit feedback, pose questions, and more. Inspiration is a Roundtable away. Learn more today.