Fraud | CreditUnions.com | Data & Insights For Credit Unions https://creditunions.com/keyword/fraud/ Data & Insights For Credit Unions Thu, 02 Jul 2026 20:55:52 +0000 en-US hourly 1 https://creditunions.com/wp-content/uploads/2022/02/cropped-CreditUnions_favicon-32x32.png Fraud | CreditUnions.com | Data & Insights For Credit Unions https://creditunions.com/keyword/fraud/ 32 32 Defending Your Credit Union Against Fraud Means Fighting Fire With Smarter Fire https://creditunions.com/features/perspectives/defending-your-credit-union-against-fraud-means-fighting-fire-with-smarter-fire/ Thu, 02 Jul 2026 04:00:12 +0000 https://creditunions.com/?p=114648 The challenge is no longer whether to adopt AI, but how to adopt it responsibly with the right governance, the right partners, and the right balance between technology and human oversight.

The post Defending Your Credit Union Against Fraud Means Fighting Fire With Smarter Fire appeared first on CreditUnions.com.

]]>
Fraud used to feel like a game of whack-a-mole with isolated bad actors. Today, it has evolved into a highly organized, corporate-style industry.

Look at the data from the FBI. Losses from cyber-enabled fraud hit nearly $20.9 billion in 2025. That is a massive leap from $12.5 billion in 2023 and a staggering jump from just $4.2 billion in 2020.

Financial institutions handled more than a million fraud claims last year. According to the Federal Reserve, debit card fraud and check scams dominate the sandbox alongside payment app exploits. Unfortunately, older adults are frequently caught in the crosshairs.

Here’s the thing: Artificial intelligence didn’t start the fraud fire. It just doused it with gasoline.

Criminals are leveraging AI to scale operations at a terrifying pace. We are talking about voice-mimicking deepfakes, flawless altered documents, and hyper-personalized phishing campaigns. It lets bad actors exploit synthetic identities and attempt account takeovers with absolute precision.

For credit unions, this hits close to home. Your biggest strength is your member-first philosophy. It builds incredible community trust. But fraudsters know this, and they actively exploit that very trust to manipulate vulnerable members who expect safety.

More Tech Isn’t Always Better

Many credit unions are fighting back by deploying AI tools to catch check fraud. They are adopting behavioral analytics while enhancing biometric identity verification. They are also automating document processing to support Bank Secrecy Act compliance. They pair these tools with front-line staff training and excellent member education.

No model catches everything. The strongest fraud defenses combine AI-driven detection with experienced people who know when to intervene.

Ati Azemoun, VP of Business Development, ParaScript

Even so, implementation across the industry remains uneven. Legacy systems don’t play nice with modern software, and smaller institutions face real resource constraints. Then there’s the governance question. If an AI system flags a transaction, you need to be able to explain the logic to an auditor. You cannot simply trust a black box.

Do you know what happens when credit unions just pile on more tools to solve this? They get buried under alert fatigue. Think of it like putting six different security alarms on your house. If the sirens go off every time a neighborhood cat walks past the window, you eventually start ignoring the noise altogether. That is exactly when the real threat slips through your front door.

The goal shouldn’t be acquiring more technology. The goal is investing in better technology. When you evaluate fraud prevention platforms, look for three critical elements:

  • Transparency — The logic must be clear and auditable.
  • Flexibility — The Technology must adapt as criminal tactics change.
  • Experience You need partners who actually understand financial workflows.

It’s important to remember: No model catches everything. The strongest fraud defenses combine AI-driven detection with experienced people who know when to intervene.

The Irreplaceable Human Element

Ati Azemoun, VP of Business Development, ParaScript
Ati Azemoun, VP of Business Development, ParaScript

Let me explain why the human element remains completely irreplaceable. Software is great at spotting data anomalies, but it completely lacks intuition. An experienced fraud investigator understands context, nuance, and member behavior in a way lines of code never will.

Fraudsters are already using AI to operate faster and smarter, and credit unions have to match that speed. The real challenge today isn’t deciding whether to use AI. It is figuring out how to deploy it responsibly, choosing the right partners, and maintaining the perfect balance between high-tech tools and human judgment.

Ati Azemoun is vice president of business development at ParaScript, where he has spent the past seven years driving growth, partnerships, and market expansion. He has led sales and partner enablement teams supporting a wide range of fintech organizations, including leading check fraud prevention solution providers. With more than 20 years of experience in recognition technology and AI-based systems, Ati brings deep expertise in solution implementation and delivery. His work focuses on helping organizations enhance operational efficiency, reduce risk and successfully adopt advanced automation technologies. Ati’s combination of technical knowledge and business development leadership provides a unique perspective on aligning innovative solutions with real-world business needs.

ParaScript is the global leader in AI-powered document automation and fraud prevention. Trusted by the world’s leading financial institutions, government agencies, and service providers, ParaScript’s proprietary artificial intelligence processes more than 100 billion documents annually with unparalleled precision. Specializing in high-volume check fraud detection, ParaScript replaces unreliable and inefficient manual reviews with forensic-level handwriting analysis, biometric signature validation, and sophisticated alteration detection. By enabling true straight-through processing, ParaScript empowers organizations to drastically reduce operational costs and stop sophisticated fraud before it ever impacts the balance sheet.

The post Defending Your Credit Union Against Fraud Means Fighting Fire With Smarter Fire appeared first on CreditUnions.com.

]]>
Fraud Is Faster, Smarter, And Harder To Stop. Here’s How To. https://creditunions.com/features/perspectives/fraud-is-faster-smarter-and-harder-to-stop-heres-how-to/ Mon, 18 May 2026 04:36:23 +0000 https://creditunions.com/?p=113804 RKL offers insight, expertise, and experience to help fight off growing threats.

The post Fraud Is Faster, Smarter, And Harder To Stop. Here’s How To. appeared first on CreditUnions.com.

]]>
Barry Pelagatti, RKL
Barry Pelagatti, Partner, RKL

No longer solely a back-office issue, fraud attacks against credit unions are becoming faster, more technology-enabled, and more pervasive across all member touchpoints.

As digital capabilities advance, institutions must view fraud within a broader risk management framework, especially as financial crimes grow more scalable and irreversible, with schemes like business email compromise, cryptocurrency fraud, identity theft, and lending scams exploiting speed, anonymity, and control gaps.

But there’s also a way credit unions can protect themselves: by implementing practical solutions to counter threats. These include proactive approaches based on internal controls, training, monitoring, and governance, along with identifying weaknesses and addressing them before they can be exploited.

Barry Pelagatti, a partner in RKL’s Audit Services Group and leader of its Financial Services and Risk Management Service groups, shares insight from his 30 years of experience helping financial institutions across the Mid-Atlantic strengthen controls, respond to evolving threats, and manage risk in a practical, proactive way.

How does RKL support credit unions in preventing, detecting, and responding to fraud and identity theft?

Barry Pelagatti: RKL supports credit unions in designing risk-based plans focused on preventing, detecting, and responding to fraud and identifying theft by emphasizing strong internal controls, data protection, access management, security awareness, and incident reporting.

Internally, we focus on safeguarding sensitive information through restricted access, password controls, secure data storage, device security, ongoing training, and prompt reporting of lost devices or suspected unauthorized access.

These same practices help us support credit unions as we work with them to strengthen fraud prevention, improve detection of suspicious activity, and respond quickly to potential incidents.

What are the key fraud trends you’re seeing today, including some recent data and the rise of cyber-enabled and cryptocurrency-related schemes?

BP: Fraud trends today show that financially motivated crime is increasingly digital, fast-moving, and scalable. The FBI Internet Crime Complaint Center’s 2024 Report shows the Internet Crime Complaint Center has received approximately 836,000 complaints per year on average during the past five years, reflecting the persistent nature of online fraud. The report also highlights that cyber-enabled fraud accounted for roughly 38% of 2024 complaints but nearly 83% of total reported losses, with approximately 333,981 complaints and $13.7 billion in losses.

Investment scams were the largest category by reported loss at about $6.57 billion, whereas business email compromise caused roughly $2.77 billion in losses. Cryptocurrency continues to play a major role due to its speed, pseudo-anonymity, and limited recovery options, with more than $9.3 billion in losses in 2024.

Common payment channels include cryptocurrency, wire transfers/ACH, debit and credit cards, peer-to-peer payments, and gift cards. Overall, fraud is becoming more technology-enabled, more cross-border, and harder to reverse once funds leave the victim’s control.

How are fraud schemes evolving, and what should credit unions know about identity theft risks, modern scam tactics, and loan fraud red flags?

BP: Fraud schemes are evolving by blending traditional deception with modern technology, social engineering, and increasingly realistic fake documentation.

Identity theft remains one of the fastest growing crimes, with fraudsters targeting personally identifiable information such as Social Security numbers, addresses, driver’s license numbers, email credentials, insurance data, and loan information.

Tactics include phishing, spear phishing, vishing, smishing, pharming, skimming, mail theft, pretexting, typo-squatting, and whaling. Newer scams like “pig slaughtering” involve building trust over time before steering victims into fake investment platforms, often involving cryptocurrency.

An important takeaway is that scams are no longer always crude; fake websites, executive impersonation, and AI-assisted document creation can make fraud attempts appear legitimate. On the lending side, red flags include unusually large loan requests, questionable repayment terms, inconsistent or forged documentation, discrepancies in personal information, frequent applications, and reluctance to provide supporting details.

What practical steps can credit unions take to strengthen fraud risk management, including detection methods, internal controls, employee training, and overall risk strategy?

BP: Credit unions can strengthen fraud risk management by starting with a formal fraud risk assessment that identifies vulnerabilities, measures risk, and connects those risks to specific control activities.

Strong internal controls are foundational, especially since fraud often arises from control weaknesses. Key measures include segregation and rotation of duties, mandatory vacations, surprise audits, employee account reviews, and background checks for higher-risk roles.

Maintaining a confidential reporting system allows employees, agents, and the public to report concerns without fear of retaliation, which is critical since tips are a leading method of detecting fraud. Continuous monitoring, including automated tools, helps ensure controls are working as intended.

Employee training should be mandatory and ongoing, covering fraud awareness, warning signs, reporting procedures, and consequences. Targeted, frequent, recurring training is especially important for high-risk functions.

At a broader level, organizations should align fraud management with governance, oversight, and a prevention-first strategy, as prevention is generally more effective than recovery after losses.

To learn more about RKL, visit the firm’s website and follow RKL on Instagram, Facebook, X, and LinkedIn for updates on services, insights, community involvement, and career opportunities as well as information about RKL’s mission and values.

The post Fraud Is Faster, Smarter, And Harder To Stop. Here’s How To. appeared first on CreditUnions.com.

]]>
A Credit Union Journey Into Cryptocurrency And Stablecoins https://creditunions.com/features/a-credit-union-journey-into-cryptocurrency-and-stablecoins/ Mon, 11 May 2026 04:00:44 +0000 https://creditunions.com/?p=113705 St. Cloud Financial is betting on digital assets to protect member relationships and future relevance. It’s picked up lessons for other leaders along the way.

The post A Credit Union Journey Into Cryptocurrency And Stablecoins appeared first on CreditUnions.com.

]]>
Headshot of Jed Meyer, CEO of St. Cloud Financial Credit Union.
Jed Meyer, CEO, St. Cloud Financial Credit Union

St. Cloud Financial Credit Union ($430.0M, Sartell, MN) has quickly evolved from early adopter to advocate when it comes to digital assts.

The Minnesota-based cooperative has built a core-integrated digital asset vault, connected to multiple blockchain networks, and even launched its own stablecoin. But CEO Jed Meyer is quick to clarify this isn’t about chasing crypto because it’s new and buzzy.

“We never set out to be a trailblazer,” he says. “We always start with our member and work outward.”

This time, it started with a market penetration problem.

In 2019, the credit union had roughly 23,000 members in a market of 200,000 people and nearly 40 competing financial institutions. Through strategic planning sessions, two priorities emerged: to better serve underserved populations through customized products, and to understand where member money might be going next.

That second priority led the credit union to digital assets.

“We were seeing some deposit outflows,” Meyer says. “Not a ton, but enough to ask, ‘what are we going to do?’”

In 2023, approximately $1 million in deposits flowed from St. Cloud Financial to exchanges. In 2024, that number jumped to $15 million.

“That’s a 15x trend of liquidity outflows,” Meyer says.

Across the industry, the CEO estimates roughly 3% of deposits might already be leaving for digital asset platforms with no guarantee of return.

“With every innovation in the past 100 years, we were still needed at some point in the lifecycle of the dollar,” Meyer says. “This is the first time that might not be true. When a dollar leaves me for the DeFi space, there’s never a need for a centralized ledger ever again.”

According to Gallup, one in seven Americans reported owning cryptocurrency in 2025. For St. Cloud Financial specifically, Meyer says 16% to 25% of its members either already have or are showing interest in digital assets.

“Relevancy always equals ROI,” he says. “I’m more interested in plugging the hole in the bottom of the income boat than I am worrying about future dollars.”

Education Before Execution

Before building anything, St. Cloud focused on understanding the space.

The CEO says it’s difficult to find education materials, so the credit union helped foster the Minnesota Crypto Council, a nonprofit focused on education for members, staff, and the broader community. For four years, the organization has hosted quarterly sessions, developed training materials, and brought in subject matter experts.

That education-first approach proved critical not just for adoption but also for addressing skepticism.

“When you launch something like this, you have to speak to the 50% of your membership that doesn’t want it,” Meyer says. “This is optional. We’re not forcing anything.”

Industry peers might be even harder to convince. A fall 2025 report from American Banker found the majority of the banks, credit unions, and payments companies it surveyed remain in the discussions and learning phase. The uncertainty around regulations has slowed adoption, and one of the most common arguments against digital assets is its association with volatility and fraud.

Meyer flips that framing.

“What risk have I actually taken?” he asks. “Other than human capacity and time spent, what risk have I taken?”

In his view, the greater risk lies in waiting.

“I actually think people who say, ‘I’ll get to this in five years,’ are taking the risky position,” he says.

What Came First — The Vault Or The Coin?

Although much of the industry conversation has centered on stablecoins, St. Cloud Financial took a different path with the launch of its CU-Digital Asset Vault in March. Initially envisioned as a digital version of a safe deposit box, it quickly evolved into foundational, core-integrated infrastructure. Rather than building a single product, the cooperative deployed a core-integrated digital asset framework developed by DaLand CUSO – Coin-2-Core – capable of operating across multiple financial rails, from traditional payment networks to blockchain-based systems.

CU QUICK FACTS

ST. CLOUD FINANCIAL

HQ: SARTELL, MN
ASSETS: $430.0M
MEMBERS: 28,066
BRANCHES: 5
EMPLOYEES: 82
NET WORTH: 7.6%
ROA: 1.22%

“The vault acts as a vault, but really it’s a switch,” Meyer says. “It turns my core into the wallet. It turns my core into the node. It allows me to plug into any DLT [distributed ledger technology] money network.”

At a structural level, the credit union designed the vault around member ownership, employing a self-custody model where members retain control of their digital assets while the credit union facilitates storage and movement. This is in line with the current regulatory environment, where full custody authority remains an area of ongoing clarification. Rather than push ahead in a gray area, Meyer says St. Cloud Financial has spent years engaging regulators at both the federal and state levels, including ongoing dialogue with the NCUA and the Minnesota Department of Commerce. In the meantime, the vault serves as both a practical member tool and a strategic bridge, connecting digital assets back to the cooperative’s core system without overstepping regulatory boundaries.

With the infrastructure in place, launching a proprietary stablecoin became possible. Although that was not originally a main objective of the strategy, a use case convinced the credit union to proceed. Two national food co-ops approached St. Cloud Financial looking for a settlement solution aligned with cooperative principles.

“We offered them USDC,” Meyer says. “They said, ‘We’re a cooperative, you’re a cooperative. We want a cooperative stablecoin.’”

Thus, St. Cloud Financial introduced the Cloud Dollar ($CLDUSD) in late 2025, making it the nation’s first credit union-issued stablecoin.

Still, Meyer cautions against overemphasizing this aspect of the technology.

“In five years, we’ll look back and say that was a small sliver of what we were actually talking about,” he says.

Don’t Stop Here. Stablecoins and digital assets have moved beyond “wait and see” into active development. For a look at both the risks and the opportunities in this next phase of financial services, read “What Should Credit Unions Know About Stablecoins?” only on CreditUnions.com.

Slow Rollout, Strong Signals

St. Cloud Financial has taken a measured approach to rollout.

Following an NCUA audit in late 2025, the credit union launched a friends-and-family pilot in December and expanded to full membership in March. Today, the credit union holds approximately 15 Bitcoin in its system and between 50 and 75 vaults in progress.

So far the most notable insight isn’t volume, Mayer says, but member behavior, especially among younger demographics.

“When they open a vault, they bring everything with them,” he says, indicating it’s been a way to deepen relationships and increase products per member. “We’ve been told, ‘Finally someone is listening to our generation and what we believe our wealth will be.’”

Consumers are already in the cryptocurrency space, and Meyer urges industry peers not to outsource those members.

“You worked hard for those relationships,” he says. “You cannot continue to give your relationships away to third parties.”

An Uncertain Timeline

Crypto is only the beginning for St. Cloud Financial. The same infrastructure that supports digital assets today could eventually handle tokenized financial instruments, identities, and other forms of value.

“This is going to be bigger than a product,” Meyer says. “It’s going to be bigger than one innovation.”

The CEO expects the traditional finance and digital asset ecosystems will coexist and, ultimately, St. Cloud’s strategy is less about predicting the future and more about preparing for it.

“If this takes another seven to 10 years, I’m okay with that,” Meyer says. “If this happens tomorrow, I’m okay with that.”

For credit unions, the question isn’t whether to launch a stablecoin or offer crypto trading. According to Meyer, it’s whether they will have a role in a financial system where money can move, store, and grow entirely outside of them.

“Our only play is to establish ourselves as the access point, the aggregator point, and the trusted advisor point,” he says.

The post A Credit Union Journey Into Cryptocurrency And Stablecoins appeared first on CreditUnions.com.

]]>
Serving The Underserved Without Accepting Preventable Fraud Losses https://creditunions.com/features/perspectives/serving-the-underserved-without-accepting-preventable-fraud-losses/ Mon, 20 Apr 2026 04:00:29 +0000 https://creditunions.com/?p=113065 Preventable fraud losses quietly erode credit union margins. The difference between a 25% and 6% loss rate isn’t risk. It’s execution.

The post Serving The Underserved Without Accepting Preventable Fraud Losses appeared first on CreditUnions.com.

]]>
Steve Durney, VP of Partnerships & Alliances, Quavo
Steve Durney, VP of Partnerships & Alliances, Quavo

Credit unions committed to serving members with limited or impaired credit operate at the intersection of access, trust, and protection. Fraud management plays a critical role in that mission, but many accept fraud losses that are neither inevitable nor sustainable.

Internal portfolio analysis reveals a striking disparity across the industry. While the average fraud loss rate hovers around 25%, some institutions operate with loss rates as low as 6% without restricting access, increasing false positives, or eroding member trust. The difference between these outcomes: strategy.

The Financial Impact Of The Gap

To understand what this gap means in practical terms, consider a mid-sized credit union with $7 million in annual dispute dollars.

  • At a 25% fraud loss rate, approximately $1.75 million of that total reflects loss tied to process inefficiencies, delayed resolution, and misclassified disputes.
  • At a 6% loss rate, that loss drops to roughly $420,000.

That’s a difference of $1.33 million every year. For institutions operating on thin margins, this gap can materially impact financial performance.

Why Credit Unions Feel This More Acutely

Research by Cornerstone Advisors provides context for why many credit unions struggle to close this gap. Credit unions earned an average fraud experience score of 75, placing them squarely in “C-grade” territory and trailing several large issuers.

Only 5% of credit union cardholders rated their fraud experience an A, while nearly a quarter graded it a D or F.

Notably, the biggest gaps appeared in:

  • Provisional credit issuance.
  • Investigation and documentation collection.

These steps are where friction accumulates through manual handoffs, inconsistent timelines, limited self-service, and poor visibility into case status. While more than half of cardholders believe their disputes are resolved within a week, Cornerstone’s research shows 1 in 5 experiences resolution times longer than two weeks, often due to operational bottlenecks rather than investigative complexity.

For credit unions serving subprime or financially stressed members, these delays carry outsized consequences. Access to funds matters more, patience is thinner, and trust is more fragile.

Fraud Experience Is A Relationship Decision

Cornerstone’s data underscores a critical reality: fraud resolution quality directly shapes member behavior. Among cardholders who rated their experience an A:

  • 87% reported increased confidence in their institution.
  • 39% increased card usage.
  • 81% were more likely to add products.
  • 83% said the relationship was strengthened.

By contrast, poor experiences drive disengagement, reduced card usage, and attrition.

Proof The Gap Is Real And Fixable

Rogue Credit Union’s experience illustrates what’s possible with the right operational strategy.

“We were seeing about $2.5 million in fraud losses a year,” says James Richie, vice president of payment services at Rogue Credit Union ($4.2B, Medford, OR). “Now, with Quavo, we’ve been able to cut that by close to 60–70%.”

Institutions closing the gap between 25% and 6% loss rates consistently focus on:

  • Parallelized investigations instead of linear workflows.
  • Clear, auditable provisional credit handling aligned with Reg E and Reg Z.
  • Real-time visibility into case status for staff and members.
  • Fewer handoffs and less rework across dispute teams.

Protecting The Mission By Eliminating Waste

Serving the underserved does not require absorbing losses as a cost of compassion. Every avoidable fraud dollar represents longer wait times for real victims, fewer resources for prevention, and less capacity to support members when it matters most.

Credit unions that modernize fraud operations are discovering that lower losses, stronger relationships, and better experiences are not competing priorities. They are the same outcome delivered through better strategy.

Explore the full Fraud Experience Differentiator from Cornerstone Advisors x Quavo.

Steve Durney is VP of Partnerships & Alliances at Quavo. Contact him at steve.durney@quavo.com.

Quavo is a technology partner and strategic advisor helping financial institutions resolve fraud and disputes faster and more transparently. Its award-winning platform automates the dispute lifecycle end to end, enabling institutions to reduce losses, ensure compliance, and strengthen customer trust at scale.

The post Serving The Underserved Without Accepting Preventable Fraud Losses appeared first on CreditUnions.com.

]]>
2026 Innovation Series: Fraud Prevention & Resolution https://creditunions.com/webinars/2026-innovation-series-fraud-prevention-resolution/ Mon, 23 Mar 2026 15:35:56 +0000 https://creditunions.com/?post_type=webinars&p=112665 Come and find the newest fraud prevention innovations in the credit union space

The post 2026 Innovation Series: Fraud Prevention & Resolution appeared first on CreditUnions.com.

]]>
Fraud tactics evolve quickly, and member trust is on the line every time an incident occurs. In this on-demand session, four finalists demonstrate solutions that modernize how credit unions detect, investigate, and resolve fraud while reducing operational burden on internal teams. Watch to explore approaches that help unify monitoring across channels, speed up resolution, and strengthen communication during fraud events.

Congratulations to this year’s winner, Quavo Fraud and Dispute Solutions, for its groundbreaking approach to financial empowerment.

 

Featured finalists: illuma, Quavo Fraud & Disputes Solutions, Quinte Financial Technologies, TTEC Digital

The post 2026 Innovation Series: Fraud Prevention & Resolution appeared first on CreditUnions.com.

]]>
Community Financial Institutions Need A New Playbook To Combat Scams https://creditunions.com/features/perspectives/community-financial-institutions-need-a-new-playbook-to-combat-scams/ Mon, 02 Mar 2026 05:00:03 +0000 https://creditunions.com/?p=112130 Fraud is increasing and becoming more sophisticated – and it’s often not caught until it’s too late.

The post Community Financial Institutions Need A New Playbook To Combat Scams appeared first on CreditUnions.com.

]]>
For decades, fraud prevention followed a familiar playbook: verify, identity, monitor transactions, and reimburse account holders when something slipped through. That approach worked because most fraud was fundamentally an identity problem. Today, that threat has shifted. Scams have overtaken many traditional fraud patterns as one of the fastest-growing threats facing community credit unions.  And unlike fraud, scams don’t rely on criminals impersonating account holders. They rely on manipulating and persuading them. That change in who is acting – and why – means scam risk can’t be solved with the same tools or strategy you’ve relied on for fraud.

The critical difference: Fraud attacks systems. Scams attack people.

In a classic fraud scenario, a criminal would impersonate your consumer: they open accounts, take over credentials, or initiate unauthorized transactions. Your fraud systems – identity verification, authentication, and transaction monitoring – are engineered to detect and stop those activities.

In a scam scenario, everything looks “normal” on paper, the consumer is real, the authentication is valid, and the transaction is authorized. What is different is intent. A scammer exploits trust, creates urgency, and uses emotion to convince legitimate account holders to send money themselves. And when your account holder authorizes the transaction, your systems see a clean transaction from a known user – and approves it.

Why This Is Escalating Now

Scams aren’t just increasing in volume, they’re increasing in sophistication. Criminals now operate across multiple channels – text, phone, email, social media, and even video – often moving the victim between them to build credibility and avoid detection. Advances in AI and deepfake technology make it harder to trust voices, images, or caller ID. As consumers lose confidence in what they see and hear, they change behaviors: ignoring outreach, hesitating to act digitally, and in some cases, disengaging from their primary financial institution altogether. The result is a new category of risk that combines financial loss with relationship erosion.

The hidden cost: attrition, not reimbursement

When fraud occurs, community financial institutions often have a clear path forward. They investigate the event, reimburse the eligible losses, and reassure the account holder, handled well, that experience turns moments of concern into validation of trust for the consumer.

Scams follow a different pattern. Because the account holder authorized the transaction, reimbursement is less likely and often more complex from a regulatory and precedent standpoint. When losses aren’t covered, the emotional impact can land hard. Consumers feel embarrassed and angry, blame their financial institution (even when controls worked as designed), and many quietly move deposits somewhere else. When an account holder leaves after a scam, the real loss is rarely just the dollar amount of the scam. It’s the lifetime value of the relationship that walks out the door.

Why Traditional Fraud Controls Can’t Solve Scam Risk

Community financial institutions have spent many years investing in fraud-prevention technology, producing tools that are excellent at what they were built to do:

  • Identity verification and KYC
  • Authentication and device intelligence
  • Transaction monitoring and anomaly detection

Those are all highly effective and they should stay. But scams don’t break those controls; they use them.

  • Scammers coach victims through “security questions” to pass authentication.
  • They encourage test transactions to build trust in a fraudulent destination account.
  • They position the FI’s own alerts as proof that “we’re watching together”.

When the account holder is convinced they’re doing the right thing, even your best controls can end up simply confirming that the wrong behavior is “OK.”

Scam prevention requires an approach that focuses on people and moments of influence, not just systems and events.

How Scams Unfold – And Where You Can Intervene

1.      The hook – An urgent message, opportunity, or threat: a “fraud alert,” a tech‑support call, a government notice, a romance outreach, or an investment pitch.

2.      Building credibility – The scammer reinforces legitimacy with convincing stories, spoofed numbers, cloned websites, or borrowed branding. By this point, the victim often trusts the interaction more than their own institution.

3.      Creating urgency – Now comes the pressure. Scams give victims the impression they must take immediate action to avoid a negative consequence or claim or limited offer. There’s no time to verify, no time to think, there is only time to act.

4.      Monetization – The victim sends money, shares credentials, or provides private information. The damage is done. And by the time the financial institution becomes aware, it’s often too late, the story in the consumer’s mind is already fixed.

The Key Insight: Intervention Must Happen Earlier

Most financial institutions encounter scams at the final stage, during or after the transaction. At that point, the consumer is already convinced, and believes they’re doing the right thing. Stopping the transaction becomes difficult. Not because your controls are weak but because the consumer is convinced. That’s why prevention must happen before scammers establish trust, before urgency takes hold, and before the money moves.

Because scams are emotional, high‑stakes events for consumers, their impact ripples across your organization. Your contact center handles more complex, emotional calls. Your frontline staff face difficult conversations. Your operations teams spend more time investigating. Your marketing team sees decreased engagement as trust erodes. Your executive team sees unexpected attrition. And your institution absorbs the reputational impact escalating from a fraud problem to a full enterprise problem. Treating scams purely as a fraud issue underestimates their effect on growth, retention, and brand.

What Leading Community Financial Institutions Are Doing Differently

Forward‑thinking credit unions are reframing scams as a strategic risk that requires its own playbook. This shift focuses on three priorities:

1. Supporting consumers in the moment of risk

Generic fraud education (“never share your password”) is necessary but not sufficient. Consumers need specific, contextual guidance while they are being targeted. Clear, scenario‑based warnings in digital channels and statements. Scripts and training for frontline staff to spot and slow down scam patterns. Prompts that ask the right questions before high‑risk transactions move forward. The goal isn’t to block legitimate activity – it’s to create just enough friction and reflection for a potential victim to pause and reconsider.

2. Equipping account holders with proactive security tools

If your first meaningful interaction with a scam is after the loss, you’re already on defense. Institutions are increasingly offering tools that help consumers take action as soon as they feel exposed, such as:

  • Dark web and breach alerts that flag compromised information.
  • One‑click credit lock and unlock to reduce account‑opening risk.
  • Guided scam assessments that walk consumers through what’s happening.

Solutions like Kasasa SureLock can anchor this kind of protection strategy inside everyday accounts – making security feel like a benefit, not a burden.

3. Measuring impact beyond fraud loss

Dollar losses tell only part of the story. Leading institutions are also tracking:

  • Attrition after scam event.
  • Contact center volume and handle times tied to scams.
  • Digital engagement trends for affected segments.
  • Referral and satisfaction scores for scam victims vs. overall.

Looking at these metrics together surfaces the true cost of scams, and the upside of getting ahead of them. Because the damage done to account holder relationships compromises your long-term growth.

The Strategic Opportunity

Scams are changing the expectations consumers have of their financial institutions. Consumers are increasingly looking to their primary financial institution for protection. Reimbursement matters, but so does protection, guidance, and reassurance. Community financial institutions are uniquely positioned to lead here:

  • You already own high‑trust relationships in local markets.
  • You can combine digital tools with human conversations.
  • You can move faster than larger competitors when it comes to education and experience design.

Making the shift from “fraud controls” to “scam strategy” is ultimately about expanding your promise: from guarding balances to standing up for people. Community financial institutions that recognize this shift, and act on it, won’t just reduce losses. They’ll strengthen loyalty, deepen engagement, and protect the relationships that drive long-term growth.

If you would like to learn more about the current state of scams, view the webinar, From Fraud Events to Fraud Strategy: How Community FIs are Protecting Account Holders (and Trust). Scamnetic CEO Al Pascual and Kasasa CPO Chris Cohen explore the ways community financial institutions are moving from case handling to proactive protection.

Remember, understanding the scope of the problem is the first step toward solving it. Because the biggest risk isn’t just the scam itself. It’s the cost of doing nothing.

The post Community Financial Institutions Need A New Playbook To Combat Scams appeared first on CreditUnions.com.

]]>
Meet The Finalists For The 2026 Innovation Series: Fraud Prevention And Resolution https://creditunions.com/features/perspectives/meet-the-finalists-for-the-2026-innovation-series-fraud-prevention-and-resolution/ Mon, 23 Feb 2026 05:00:29 +0000 https://creditunions.com/?p=111824 This year’s Innovation Series returns with bigger impact and broader horizons. Since 2018, this annual showcase has spotlighted forward-thinking solutions by giving innovators a stage to share ideas, demonstrate solutions, and spark meaningful change.

The post Meet The Finalists For The 2026 Innovation Series: Fraud Prevention And Resolution appeared first on CreditUnions.com.

]]>
This year’s Innovation Series returns with bigger impact and broader horizons. Since 2018, this annual showcase has spotlighted forward-thinking solutions by giving innovators a stage to share ideas, demonstrate solutions, and spark meaningful change.

The Innovation Series is celebrating 2026 with a diverse slate of finalists whose breakthroughs are reshaping member experience, data and business intelligence, lending, employee engagement, fraud prevention, and digital member engagement — all with the power to help credit unions thrive in a rapidly evolving marketplace. Register for the Innovations In Fraud Prevention And Resolution webinar on Thursday, March 17th at 2PM EST.

Read on to learn more about this year’s finalists in fraud prevention and reduction: illuma, Quavo, Quinte, TTEC Digital.

illuma

Amy Travers, Vice President Of Sales, Illuma
Amy Travers, Vice President Of Sales, Illuma

Describe your innovation.

Illuma’s latest fraud risk flagging feature closes a critical gap in credit union contact center fraud-management operations by extending IllumaSHIELD™ beyond authentication into real-time fraud risk awareness and response. The solution blends human insight with automated pattern detection, allowing agents and AI to collaboratively flag risky accounts, phone numbers, and voiceprints as threats emerge. When flagged activity is encountered, agents receive instant alerts, while supervisors and fraud teams can review, manage, and act on risk indicators through a centralized portal — eliminating manual reporting and disconnected monitoring processes.

What opportunity or challenge does it address?

Credit union contact centers remain a prime target for increasingly sophisticated fraud. While technologies like IllumaSHIELD™ have transformed member authentication, many institutions still rely on slow, manual, and fragmented processes — emails, chat messages, spreadsheets, or institutional memory — to report and share information about suspected fraud. These ad hoc workflows fail to scale, create blind spots across teams, and leave gaps that fraudsters can exploit.

How does it increase member value?

Fraud risk flagging empowers agents to confidently assist legitimate members while handling higher-risk interactions with appropriate caution. By removing manual reporting burdens and uncertainty, agents stay focused, composed, and efficient — leading to faster resolutions and more consistent member experiences.

For members, the value is twofold: convenience and protection. Legitimate callers experience friction-free phone banking when no risk is present, while suspicious behavior is identified earlier and addressed proactively. The result is greater trust in a holistic voice security approach that safeguards members without compromising accessibility or service quality.

What differentiates this innovation from competitors?

Unlike many fraud tools that introduce operational complexity, fraud risk flagging is designed to be easy to use, simple to manage, and immediately valuable without requiring dedicated staffing or specialized expertise. The intuitive user interface allows agents and managers to act on risk confidently without adding new workflows, monitoring teams, or manual alert triage.

The solution fits natively into IllumaSHIELD, extending value from an existing deployment rather than layering on another standalone system. It recognizes that agents are a critical part of a credit union’s fraud defense and makes that role easier — allowing them to focus on serving members instead of managing alerts or reports.

Importantly, fraud risk flagging is purpose-built for credit unions of all sizes. It delivers the same protection for low call-volume and smaller operations while scaling seamlessly as demand grows—without customization, lengthy deployments, or additional resources often required by solutions designed primarily for large enterprises.

Quavo

David Chmielewski, Chief Product Officer & Co-Founder, Quavo Inc.
David Chmielewski, Chief Product Officer & Co-Founder, Quavo Inc

Describe your innovation.

Quavo has introduced Aria, who is our super-agent working within Quavo Fraud and Disputes (QFD), our fraud and dispute management platform. Aria, armed with advanced AI, business logic, and best-in-class integration capability, is constantly at work in the system automating work that is traditionally done manually by users. In addition, Aria also analyzes Quavo’s extensive data repository on past dispute actions and examines user work, recommending actions to take as they are performing their tasks. Aria is a coach, a protector, an automator of work, and a manager of resources, routing the most important work to users.

What opportunity or challenge does it address?

Fraud and disputes are a very complex use case at a credit union. When something goes wrong with a payment or a member doesn’t recognize a transaction, it can be difficult to make it right. The challenge is even greater doing this at scale. Aria ensures members receive quick and fair resolutions, creating significantly better outcomes for both the credit union and members alike.

How does it increase member value?

When a member has an issue with a purchase they made or is the victim of fraud, it is a moment that matters in their relationship with their credit union. Aria not only automates large amounts of work, she allows the credit union staff the ability to focus on making the right decisions, making sure that compliance is a given, and focusing on what truly matters: the member experience.

What differentiates this innovation from competitors?

Quavo has been in this industry for over a decade. We are not just software providers. We are partners, and we are experts at getting to know your business, how you want to treat your members, and how to bring industry best practices into your business. When it comes to AI and innovation, we have created datasets that simply do not exist anywhere else in the industry, which power extremely accurate and tested recommendations and automated actions.

Quinte

Chris Poor, Vice President, Strategic Solutions, Quinte
Chris Poor, Vice President, Strategic Solutions, Quinte

Describe your innovation.

Quinte’s flagship solution, CaseHUB, is an AI-driven case management orchestration platform engineered to automate disputes, fraud, and complaints in a centralized cloud-based system. By replacing fragmented and disconnected processes with intelligent orchestration, CaseHUB delivers a configurable, end-to-end solution for enterprise case management on a single, coordinated platform.

The platform is comprised of three modules designed to streamline modern case management:

  • CaseHUB For Disputes reduces handling time by up to 40% through end-to-end automation across all payment types, including card, digital, ATM, ACH, EFT, and check. Built-in regulatory timelines ensure compliance, while communications and ledger activity are automated within the platform. Agentic AI further streamlines dispute resolution by auto-triaging and resolving low-risk disputes. Combined, these capabilities are strategically deployed, empowering staff to enhance engagement points with members while safeguarding the credit union.
  • CaseHUB For Fraud unifies payment and non-payment fraud into a single investigative workspace. Investigations can be more proactively managed through auto case creation and sound throughputs. Additionally, SAR filing capabilities and link analysis enable teams to identify patterns and trends across related cases. For check fraud, CaseHUB leverages image forensics AI to deliver accurate detection of signature mismatches, amount tampering, and altered items.
  • CaseHUB For Complaints strengthens member experience and institutional reputation by offering flexible, configurable intake options that meet members where they are. Credit unions can customize dynamic forms tailored to business lines, risk categories, or workflow needs, ensuring complaints are captured accurately and without friction. Members can submit complaints through mobile, web, email, phone, or at a branch.

CaseHUB brings these innovations together to deliver the best-in-class standard expected from leading financial service providers, backed by Quinte’s business process management and data analytics support.

What opportunity or challenge does it address?

Credit unions often struggle with fragmented tools and legacy silos when managing operational cases, particularly in areas like fraud, disputes, and compliance. As volumes and complexity rise, these disjointed systems hinder teams’ ability to maintain consistency, visibility, and control. CaseHUB offers credit unions a powerful opportunity to prioritize meaningful member engagements while adopting a more productive, efficient, and enterprise-wide approach to compliance and operations.

To overcome these challenges, credit unions need a standardized, unified system of work that provides end-to-end visibility, enabling teams to identify, prioritize, and automate high-impact tasks with built-in governance. Quinte Financial Technologies delivers this through CaseHUB, its cloud-based, AI-powered enterprise case management platform. It orchestrates the automation of every case, task, workflow, and audit within a single, intuitive system by streamlining operations, ensuring regulatory compliance, and enhancing overall efficiency.

By centralizing operations, CaseHUB reduces redundant steps, enforces consistent workflows, and ensures every case aligns with institutional policies and regulatory requirements. Teams gain complete audit trails and cross-departmental visibility.

How does it increase member value?

Quinte knows member trust is paramount for credit unions and that trust weakens when investigations stall or when members receive inconsistent updates due to fragmented, outdated tools. CaseHUB provides avenues for more focused and insightful engagement with members.

CaseHUB addresses this challenge by orchestrating the automation of investigations across all case types within a single, cloud-based system. This exclusive capability, a single investigative workspace, elevates member sentiment by replacing complexity with clarity and consistency across every interaction.

For one of the largest credit unions, CaseHUB closed long-standing gaps between different fraud types. The credit union has adopted CaseHUB specifically to unify fraud investigations, giving teams consistent visibility across related cases that were previously managed in parallel systems.

Another California-based credit union describes CaseHUB as a “gamechanger” for fraud management. By consolidating all fraud case activity into a single system, teams are able to identify emerging patterns quickly, respond more effectively, and improve investigative accuracy through stronger visibility and coordination.

Across both credit unions, the impact is tangible. Members feel protected, issues are resolved faster, and service quality remains strong as volumes grow. By transforming fragmented investigations into coordinated, transparent experiences, CaseHUB enables scalability and reinforces trust at every touchpoint.

What differentiates this innovation from competitors?

CaseHUB differentiates itself as an enterprise case management platform by bringing cloud-based orchestration and automation to compliance. While most systems focus on a single case management function, CaseHUB manages the full lifecycle for multiple case types from the moment they enter the credit union through final resolution. Additionally, our ServiceDESK is an embedded CaseHUB feature that accelerates resolutions, reduces costs, and scales compliance.

In the current market, most solutions are designed to address only one part of the problem. Some solutions focus on disputes, others on fraud alerts, check analysis, or complaint intake. These systems operate independently and stop short of managing the full investigation and resolution process, leaving credit unions to bridge the gaps with manual handoffs, spreadsheets, and disconnected workflows.

CaseHUB serves as the strategic bridge solution, eliminating swivel-chair moments and replacing multiple tools with a single 360° investigation backbone for the enterprise. Disputes, payment and non-payment fraud, check fraud, and complaints are orchestrated within one system of record, ensuring investigations move seamlessly across teams rather than breaking at system boundaries.

This enterprise foundation also delivers cross-team visibility for leadership. Rather than assembling updates from different platforms, leaders can see case progress, risk exposure, and outcomes across all investigation types in one place, enabling better oversight and prioritization. Customized reports can be generated using built-in business intelligence and delivered to your inbox on a daily, weekly, monthly, or quarterly basis.

CaseHUB further optimizes execution through AI-driven case summaries and SAR narratives, reducing manual effort while maintaining consistent, audit-ready documentation. Automating cases across the lifecycle results in faster resolution, clear ownership, and traceability that supports operational efficiency at scale.

TTEC Digital

Michael Schrall, Director, Product Management, TTEC Digital
Michael Schrall, Director, Product Management, TTEC Digital

Describe your innovation.

TTEC Digital’s SmartApps Cloud is an intelligent, cloud-based fraud orchestration platform purpose-built for the credit union contact center.

What opportunity or challenge does it address?

Rather than relying on a single authentication method, SmartApps Cloud unifies device-, voice-, and identity-verification into a single, seamless workflow that authenticates members in real time, often before an agent even answers the call. What makes SmartApps Cloud innovative is not just the individual technologies, but how they are orchestrated together. By integrating TransUnion Authenticator Plus, VoxEQ voice biometrics, and IDgo device-based authentication, SmartApps Cloud transforms complex, multi-layered fraud defenses into an invisible, automated experience for members. The platform dynamically applies the right level of authentication based on risk, allowing legitimate members to move quickly while stopping sophisticated threats such as AI-driven scams, deepfake voices, and repeat fraudsters. This orchestration-first approach modernizes contact center security, replacing static, knowledge-based authentication with a future-ready, adaptive fraud framework that continuously evolves alongside emerging threats.

How does it increase member value?

SmartApps Cloud enables credit unions to deliver a rare combination members expect but rarely experience: strong security without friction. By authenticating members through passive and password-less methods, SmartApps Cloud dramatically reduces the need for repetitive security questions, long verification times, and call transfers, resulting in faster resolutions and a more respectful member experience.

From a member perspective, the value is immediate and tangible:

  • Faster access to help – Many members are verified before the call connects, reducing handle time and frustration.
  • Greater peace of mind – Advanced fraud protection reassures members that their financial identity is protected, even against emerging AI-driven threats.
  • Consistent, seamless experiences – Authentication feels effortless and transparent, reinforcing trust rather than creating friction.

For credit unions, this translates into stronger member trust, higher satisfaction, and reduced fraud losses — without sacrificing the personalized service model that differentiates them from large banks. SmartApps Cloud allows credit unions to protect what matters most while strengthening the member relationship at every interaction.

What differentiates this innovation from competitors?

SmartApp’s Cloud combines numerous best-in-market solutions, creating a multilayered fraud prevention solution.

Check Out The Other Innovation Series Categories

The post Meet The Finalists For The 2026 Innovation Series: Fraud Prevention And Resolution appeared first on CreditUnions.com.

]]>
QFD® by Quavo | Product Overview https://creditunions.com/supplier_demos/qfd-by-quavo-product-overview/ Sun, 01 Feb 2026 11:00:29 +0000 https://creditunions.com/?post_type=supplier_demos&p=106964 Quavo is a leading technology partner and strategic advisor, helping financial institutions (FIs) build trust-driven customer relationships through faster, more transparent dispute resolutions. Our mission is to restore financial trust by simplifying fraud and disputes. Quavo’s award-winning technology automates the entire dispute lifecycle, from intake to resolution. FIs can pair this end-to-end solution with our […]

The post QFD® by Quavo | Product Overview appeared first on CreditUnions.com.

]]>
Quavo is a leading technology partner and strategic advisor, helping financial institutions (FIs) build trust-driven customer relationships through faster, more transparent dispute resolutions. Our mission is to restore financial trust by simplifying fraud and disputes. Quavo’s award-winning technology automates the entire dispute lifecycle, from intake to resolution. FIs can pair this end-to-end solution with our expert-led back-office investigation team in one turnkey managed service. Scalable for institutions of all sizes, Quavo’s solutions reduce losses, ensure compliance, and enhance customer loyalty. Learn more at www.quavo.com.

Book a Demo

The post QFD® by Quavo | Product Overview appeared first on CreditUnions.com.

]]>
Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 1) https://creditunions.com/features/cybersecurity-is-under-fire-and-credit-unions-are-fighting-back-part-1/ Mon, 06 Oct 2025 04:00:56 +0000 https://creditunions.com/?p=108829 Bad actors don’t rest. Credit unions are beefing up cybersecurity with smarter tools, stronger teams, and sharper defenses.

The post Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 1) appeared first on CreditUnions.com.

]]>

The arms race of AI versus AI will continue, so we’re investing in tech that supports scalable, automated response — things like phishing takedowns and fraud detection in loans.

Mark Burgess, President & CEO, Credit Union 1

Cyber threats are evolving fast. So are the defenses credit unions use to stop them and the regulatory expectations and tools at their disposal.

From phishing attacks powered by generative AI to increasingly sophisticated social engineering schemes, bad actors are escalating their tactics, prompting financial cooperatives to respond with new tools, stronger policies, and tighter collaboration across departments.

Leaders from 11 credit unions talk about tackling today’s top cybersecurity and fraud threats, what cross-functional strategies help them scale security, and how they’re adapting to changing regulations like the end of the FFIEC Cybersecurity Assessment Tool (CAT).

Enjoy reading all of the insights across this two-part series, or click to skip to insights from: Bay Federal , BCU, Credit Union 1, MariSol FCU , MSUFCU, Royal Credit Union, Seattle Credit Union, Shoreline Hometown Credit Union, Sunward FCU, Teachers FCU, and UVA Community Credit Union

The Cornerstone Of Cybersecurity

Richard Roark, Bay Federal Credit Union
Richard Roark, SVP & CTO, Bay Federal Credit Union

Richard Roark joined Bay Federal Credit Union ($1.8B, Capitola, CA) in 2016 and leads the organization’s technology and information security departments, the project management office, and the business intelligence area.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Richard Roark: Financial institutions like ours are high-value targets, and attackers are now using AI to generate highly convincing emails, texts, and even voice scams that make it harder for employees and members to detect fraud.

We’ve built a layered defense strategy. Our Vulnerability Extermination Team (VET) focuses on eliminating critical and severe vulnerabilities using the CISA framework to prioritize based on real-world exploitability. We also run nightly internal/external scans and bring in third parties to conduct penetration testing and social engineering exercises throughout the year, ensuring we’re not just checking boxes but actively validating our defenses.

AI and automation play a central role in our response. We’re using AI-driven tools to enhance anomaly detection, cut down on false positives, and speed up response times. Just as importantly, we’ve expanded cybersecurity training to include our board and supervisory committee while continuing regular phishing simulations and fraud awareness campaigns

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

RR: Collaboration is the cornerstone of cybersecurity. It can’t live in a silo — every department has a role to play. Our VET pulls in people from across our organization, making security a shared responsibility and solving issues faster with perspectives from across the organization.

For smaller credit unions with fewer resources, my advice is to build your own mini task force, even if it’s just one person each from IT, operations, and compliance. Focus on staff and board training — it’s one of the most cost-effective defenses. Lean on peer groups and industry collaboratives to share intelligence. And, finally, prioritize ruthlessly. Not every vulnerability is critical. Use a risk-based approach and tackle the ones that really threaten your members and your institution.

How are you adapting your fraud prevention strategy in response to regulatory changes?

RR: With the sunset of the FFIEC Cybersecurity Assessment Tool, we’ve shifted to a more dynamic, risk-based approach. At Bay Federal, we now align with the CISA framework from the Cybersecurity & Infrastructure Security Agency, which maps better to today’s evolving fraud threats.

We treat NCUA exams as opportunities, not just audits. When findings come in, we use them to drive new initiatives. That has included our VET and expanded information security training for board and supervisory committee members.

On the fraud side, we’re leveraging our systems, layering in real-time tools with our payments partners and building cross-department collaboration so fraud isn’t fought in silos.

2 Distinct Strategies

Stephenie Southard, BCU
Stephenie Southard, Chief Security Officer, BCU

Stephenie Southard has been with BCU ($6.2B, Vernon Hills, IL) for six years and has 15 years of experience in chief security officer and chief information security officer roles.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Stephenie Southard: We approach cybersecurity and fraud with distinct strategies, though both aim to prevent unauthorized access and harm. Cybersecurity focuses on threats like phishing, social engineering, and ransomware, whereas member fraud concerns digital account takeovers, identity theft, and organized schemes.

By investing in human-centered recovery, member education, and intelligence sharing, credit unions can address evolving risks. Effective solutions include AI-powered anomaly and synthetic identity detection, automated transaction monitoring and MFA, advanced identity verification, human-AI collaboration, predictive analytics, compliance, and ongoing member engagement. This comprehensive strategy improves speed, accuracy, and resiliency and maintains a member-focused approach.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

SS: Collaboration within cybersecurity has become essential for effective defense strategies. As the threat landscape grows increasingly sophisticated, attackers exploit technical, operational, and human vulnerabilities. The absence of collaboration can lead to organizational silos, resulting in communication issues, overlooked risks, and delays in incident response.

A collaborative approach offers distinct advantages. Involvement from HR, finance, legal, operations, and communications teams enhances comprehensive threat identification and enables holistic risk assessment through varied perspectives. Accelerated incident response is facilitated by shared expertise, well-defined roles, and cross-functional coordination, ensuring prompt action and continual reduction of human error. Such teamwork fosters trust, collective responsibility, and heightened awareness of security among all personnel.

Cultivating a culture of security awareness empowers employees to actively contribute to organizational resilience. Participation in threat intelligence sharing further strengthens capabilities beyond internal capacity. By adopting these practices, organizations — regardless of size or resources — can enhance their security effectiveness, minimize risk, and proactively address emerging cyber threats.

How are you adapting your fraud prevention strategy in response to regulatory changes?

SS: BCU began transitioning from the CAT [FFIEC’s Cybersecurity Assessment Tool] a few years ago after hearing initial reports of changes. Many credit unions, including us, have updated their cybersecurity strategies to maintain compliance and address evolving risks.

This shift involves moving from a compliance-based approach to a risk-informed, resilience-focused cybersecurity framework. Adaptations include adopting alternative frameworks such as NIST Cybersecurity Framework (CSF 2.0), Cybersecurity Risk Information (CRI), or CIS Critical Security Controls, which provide guidance on threat modeling, risk assessment, and mitigation, supporting the development of structured cybersecurity practices.

This evolved process at BCU includes increasing the use of risk-based assessments through routine security evaluations of systems, third-party vendors, and cloud environments; conducting service and privileged account audits to identify vulnerabilities; and performing penetration testing and third-party risk evaluations to simulate attack scenarios.

From a fraud and member data perspective, BCU has implemented additional biometric authentication, behavioral analytics, and personalized security alerts to protect member digital platforms and data. BCU continues to follow NCUA guidance, maintain vendor partnerships, seek industry feedback, and participate in intelligence sharing communities like NCU-ISAO to make sure we understand the requirements of our regulators.

AI Vs. AI Arms Race

Mark Burgess, Credit Union 1
Mark Burgess, President & CEO, Credit Union 1

Mark Burgess joined Credit Union 1 ($1.5B, Anchorage, AK) seven years ago as the cooperative’s CTO. He has been president and CEO for the past three years. He says he consulted with his assistant vice president for enterprise security, Steven Greenbaum, on these answers.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Mark Burgess: The biggest evolving threat we face is AI used by attackers to create fake account documents, launch smarter phishing campaigns, and target our systems. We’re responding with AI-powered defenses like next-gen firewalls, antivirus, fraud detection, and loan origination tools. The arms race of AI versus AI will continue, so we’re investing in tech that supports scalable, automated response — things like phishing takedowns and fraud detection in loans.

Vendor cyber risk is also rising. We’re using AI to vet vendor documentation and pushing partners to meet our security standards. Sometimes that means reworking how we integrate their tech.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

MB: Cybersecurity takes everyone from infrastructure to help desk to security and risk teams sharing intel and aligning efforts. Training employees and tracking fraud trends also require coordination.

For smaller credit unions, prioritize training and simplify your security processes. Partner closely across departments and invest strategically. Your size is an advantage. Faster response and less complexity can help deter attackers, especially if you raise the cost of targeting your members.

How are you adapting your fraud prevention strategy in response to regulatory changes?

MB: The FFIEC CAT helped us get started, but it’s too generic for our risks as an Alaskan credit union. We moved to tailored cybersecurity models and built custom control evaluations using out-of-the-box tools layered with input from different teams.

Now, our strategy uses tech-specific risk platforms, tailored controls, and more precise threat assessments, giving us a stronger fraud and cybersecurity program. Frameworks like CAT are just a starting point. They need to evolve with the organization.

The 3 As: Articles, Acronyms, And Assessments

Robin Romano, MariSol FCU
Robin Romano, CEO, MariSol FCU

Robin Romano took the helm of MariSol Federal Credit Union ($49.4M, Phoenix, AZ) in 1999 after eight years as a principal examiner with the NCUA.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Robin Romano: Ransomware continues to concern us. We have created additional training for our management staff. We created tags for all computers that say, “pull me in case of an attack.” We created tags in our computer room for easy shutdown. Disconnection is a primary step in dealing with this type of attack. 

Phishing fraud remains an issue. We have messages on our website and send emails to members that warn them against such threats.

We have seen an uptick in fraudulent account opening combined with loan applications. Perhaps AI could help with recognizing these applications, as we have found they come in groups and often use similar phone numbers and addresses.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

RR: Communication is always the key. For the past four years, we have held monthly meetings to go over all things related to IT, which include patch management, exceptions to policy, penetration testing, firewall reports, and more.

Our credit union league also has quarterly meetings for small credit unions. At the last meeting, it shared information on fraud and AI that was relevant and useful and recommended that a group from each of our league’s states create a fraud group and share information. We hope that happens.

Internally, MariSol has made it a priority to increase compliance classes on cybersecurity and fraud. We are doing more frequent training in all-staff meetings, it is a part of weekly manager meetings, and we share threats and concerns internally through staff meetings and emails.

MariSol belongs to several smaller groups, such as the Credit Union Women’s Leadership Alliance (CUWLA), that share information regarding issues with cybersecurity and fraud. We share that information with all members of the management team.

How are you adapting your fraud prevention strategy in response to regulatory changes?

RR: Honestly, it’s keeping up with all the relevant articles, acronyms, and assessments that’s hard for a small credit union.

MariSol has joined NCU-ISAO. The goal of the organization is “to advance credit union-specific cyber resilience.” To meet that lofty goal, there are a number of reports issued during the month, some daily, and a schedule of meetings for networking and information sharing.

So far, our review of its reports has led to useful information. It provides daily, monthly, and periodic email briefings on cybersecurity. There are also online calls and tabletop exercises. It’s a great way to deepen the credit union’s knowledge.

Business Strategy Integration

Jim Hunsanger, MSUFCU
Jim Hunsanger, Strategic Enablement Officer, MSUFCU

Jim Hunsanger is strategic enablement officer at Michigan State University Federal Credit Union ($8.2B, East Lansing, MI). He joined the world’s largest university-sponsored credit union in 2011 and has led risk management and multiple other areas over the years, most recently adding the cyber security department.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Jim Hunsanger: Social engineering and phishing attacks continue to pose a significant risk to both our credit union and the members we serve. These threats are evolving rapidly, with adversaries targeting not only our organization directly but also our members.

The consequences of a successful phishing campaign are real and impactful, ranging from financial losses to reputational damage. Threat actors are now leveraging artificial intelligence to craft highly convincing, targeted messages that are difficult to distinguish from legitimate communications.

In addition to being part of the problem, AI is also a critical part of the solution. Many of the advanced security controls we deploy today incorporate AI and machine learning to establish behavioral baselines and detect anomalies in real time. These technologies enable us to identify and respond to suspicious activity faster and more effectively.

Alongside advanced tools for detecting and reporting suspicious activity, the credit union places strong emphasis on regular training, testing, and communicating with employees about potential risks and appropriate responses. Well-informed employees are a vital part of our overall fraud prevention strategy.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

JH: Cybersecurity is most effective when integrated with business strategy. Modern security leadership balances risk management with enabling innovation, agility, and growth.

This requires strong relationships between security leaders and business stakeholders, built on trust, transparency, and shared accountability. When security is embedded in decision-making, it serves as a catalyst rather than a constraint.

Smaller credit unions face unique resource and staffing challenges, but their lean structures enable more direct communication and faster alignment between security and business priorities. By leveraging specialized vendors and tools aligned with their goals, these institutions can strengthen fraud prevention while maintaining operational efficiency.

How are you adapting your fraud prevention strategy in response to regulatory changes?

JH: Our fraud prevention strategy continues to work toward a holistic approach to monitoring, mitigation, and controls. This includes using data and analyzing activity not just related to transactions, but also access, identity, and authorization. Using this approach brings more precise alerting and quicker handling times.

We continue to evaluate the fraud experience, digesting and responding to existing and known threats, while also partnering with peers and vendor partners to understand other threats. Protecting our members’ funds is of utmost importance. We also aim to educate and equip our members to safeguard not only their finances but also their identities and other personal information.

Interviews have been edited and condensed.

Don’t Stop Here. Read “Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 2)” to hear from Royal Credit Union, Seattle Credit Union, Shoreline Hometown Credit Union, Sunward FCU, Teachers FCU, and UVA Community Credit Union.

The post Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 1) appeared first on CreditUnions.com.

]]>
Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 2) https://creditunions.com/features/cybersecurity-is-under-fire-and-credit-unions-are-fighting-back-part-2/ Mon, 06 Oct 2025 04:00:55 +0000 https://creditunions.com/?p=108836 Cyber threats never stop. Credit unions share how collaboration, AI, and smarter strategies protect members and institutions.

The post Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 2) appeared first on CreditUnions.com.

]]>

The same AI tools boosting our productivity are also helping bad actors. This has escalated the cat-and-mouse game between us and them. To stay ahead, we’ve created a dedicated AI role to ensure member protection remains central as AI evolves.

Zachary Hill, SVP of Technology, Sunward FCU

Cybersecurity threats are growing sharper, faster, and more sophisticated. From AI-powered phishing to deepfake scams, credit unions are facing an arms race where every vulnerability matters.

To stay ahead, cooperatives are combining smarter tools, layered defenses, and cross-functional collaboration. Across the industry, smaller and larger institutions alike are rethinking traditional strategies, embracing AI as both a risk and a solution, and transforming cybersecurity from a technical requirement into a core part of organizational resilience.

Leaders from 11 credit unions talk about tackling today’s top cybersecurity and fraud threats, what cross-functional strategies help them scale security, and how they’re adapting to changing regulations like the end of the FFIEC Cybersecurity Assessment Tool (CAT).

Enjoy reading all of the insights across this two-part series, or click to skip to insights from: Bay Federal, BCU, Credit Union 1, MariSol FCU, MSUFCU, Royal Credit Union, Seattle Credit Union, Shoreline Hometown Credit Union, Sunward FCU, Teachers FCU, and UVA Community Credit Union.

Defense In Depth

Carmen Waugh, Royal Credit Union
Carmen Waugh, Information Security Officer, Royal Credit Union

Carmen Waugh is the information security officer at Royal Credit Union ($5.6B, Eau Claire, WI). She joined the cooperative just more than three years ago and has been leading information security programs for more than 25 years.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Carmen Waugh: The most pressing cybersecurity threat is persistent social engineering that might lead to business email compromise, account takeovers, and third-party compromises. Bad actors’ efforts have now amplified with the use of generative AI to craft highly convincing attacks including the use of deepfakes that make phishing harder to detect.

To address these threats, our information security program requires a defense-in-depth approach including hardening email fraud defenses, enforcing strong authentication methods, continuous monitoring utilizing risk-scoring and analytics to identify abnormal activity, and education and awareness for both team members and members through our cybersecurity champions group.

AI is part of both a problem and the solution. We apply AI-assisted detection to these threats to accelerate identification, investigation, and containment.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

CW: Cybersecurity is a business risk that requires our teams — information security, fraud, information technology, risk, compliance — to collaborate and align with our organization’s risk appetite while supporting our business goals. Embedding these functions in business processes enables better risk management and more efficient execution.

This collaboration is key to our cybersecurity readiness and resilience to ensure that we can adapt quickly, maintain operational integrity, and safeguard member trust even in the face of evolving threats.

For smaller credit unions, my advice is to focus on mastering the basics. Concentrate on controls that mitigate the biggest risk for your organization. Use the NCUA’s Automated Cybersecurity Evaluation Toolbox (ACET) to baseline maturity, identify gaps, and plan improvements. Lean on trusted partners to extend your team and overall coverage. Join information-sharing communities, and designate champions across your organization to help promote a strong cybersecurity culture.

How are you adapting your fraud prevention strategy in response to regulatory changes?

CW: We’re aligning our program to NIST CSF 2.0 and continuing to use the NCUA’s ACET, which keeps our assessments actionable, refreshing our maturity targets and updating our internal KRIs and KPIs.

In parallel we remain aligned to the NCUA’s Information Security Examination (ISE) procedures and 2025 Supervisory Priorities, with special attention to the 72-hour cyber-incident reporting rule.

Everyone Has A Seat At The Security Table

Dave Means, Seattle Credit Union
Dave Means, CIO, Seattle Credit Union

Dave Means joined Seattle Credit Union ($1.1B, Seattle, WA) in April 2022 as the credit union’s chief information officer and has more than a decade of experience in senior information and security roles with financial institutions.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

DM: Phishing is the most pressing cybersecurity threat our credit union is facing. We rigorously train our employees from their first day of employment on how to spot phishing attempts, and we have monthly phishing campaigns to test and train our employees. We have invested in a platform that allows our own network security engineers to create different phishing testing campaigns.

Are You Smarter Than A Scammer?

From check fraud to suspicious logins, see how well you can sniff out red flags before they cost members money.

Take The Quiz

We take a layered security approach, and our first line of defense is our staff and how they handle messages. We have an AI-powered security operations center that is 24x7x365 monitoring our entire environment. We have tools for detecting ransomware attempts and tools to prevent malware from impacting our systems.

We also have data immutability (nobody can tamper with your backups) in place to help prevent bad actors from accessing our backups in case we need to restore our data after a cyber-attack.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

DM: Security is everyone’s responsibility. We collaborate with all business lines at the credit union to ensure that business needs are met while security is maintained and prioritized. Smaller credit unions should take a similar approach in their communication and make sure everyone has a seat at the security table. It is every employee’s responsibility to operate the credit union in a safe and sound manner.

How are you adapting your fraud prevention strategy in response to regulatory changes?

DM: ACET is a new tool built on FFIEC and NIST principles for self-assessment and examination. ACET is actively supported and updated by the NCUA to align with modern standards like NIST CSF 2.0. As the CAT tool is being sunsetted, we are adopting ACET at our credit union moving forward to ensure that we continue to safely and soundly manage the credit union.

Credential Management Risk Is Real

Nathan Grossenbach, Shoreline Credit Union
Nathan Grossenbach, President & CEO, Shoreline Hometown Credit Union

Nathan Grossenbach has been president and CEO at Shoreline Hometown Credit Union ($141.3M, Manitowoc, WI) since 2017. He joined the Wisconsin shop as accounting manager in 2013.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Nathan Grossenbach: Our top concern remains member behavior. We’ve intercepted hundreds of thousands in fraud tied to scams involving “celebrities,” “imprisoned relatives,” or “friends needing help.”

Phishing targeting staff also remains prevalent. Many attempts are still easy to spot, but with employees juggling 25-plus logins, credential management is a real risk — especially with widespread browser-based password storage.

We’ve implemented KeePass (free, open-source software) for secure, MFA-protected credential storage. On the email side, we upgraded to Microsoft Purview for stronger encryption and content filtering and are exploring OCR-based DLP to flag sensitive info in scanned images.

We also moved to Microsoft E5 licensing, adding advanced analytics, protection, and risk control capabilities for about $10 more per user monthly.

Social engineering testing happens monthly via automated tools that also provide reporting and training. We’ve expanded testing to include chat, inbound calls, and social media scenarios.

We’re also more selective with vendors, ensuring they’re based in trusted countries. Since many users reuse passwords, we assume any breach could create cross-platform exposure.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

NG: We outsource perimeter protection, but we still manually test tools to ensure they work. During an MSP [managed services provider] transition, we found some DLP policies weren’t triggering correctly. For example, emails with account numbers should’ve flagged our lexicon but didn’t, and that underscored the need for internal validation.

We promote app-based MFA over SMS/email for better security.

Cross-team coordination is essential. One recent fraud attempt involved a member reaching out via social media, front line, and accounting. Each interaction seemed benign on its own but collectively revealed a breach attempt. It wasn’t actually our member. We stopped the fraud in time, but it led us to:

  • Implement code-based phone authentication.
  • Invest in a stronger CRM for better communications tracking.
  • Deepen engagement with local authorities, fraud networks, and Verafin.

How are you adapting your fraud prevention strategy in response to regulatory changes?

NG: As a small credit union, we did the FFIEC CAT but I don’t know that it had a ton of value to our organization. The tool was simple enough to complete, but it did not really provide guidance or tools to improve.

We have instead engaged with third-party auditors that perform a wide range of IT assessments for us every 12 to 18 months. It is costly, but they have driven far more value to the organization than a self-assessment would.

A Game Of Cat And Mouse

Zachary Hill, Sunward FCU
Zachary Hill, SVP of Technology, Sunward FCU

Zachary Hill is senior vice president of technology at Sunward Federal Credit Union ($4.3B, Albuquerque, NM). He joined the Land of Enchantment cooperative in 2023.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Zachary Hill: A large portion of our membership is not well equipped to navigate the pressures of social engineering and modern cybersecurity attacks. This means we must constantly adapt our cybersecurity practices to maintain the delicate balance of member experience, training, fraud analysis, and cybersecurity.

What’s become increasingly apparent is that AI has increased the rate at which our members are targeted by bad actors. The very same AI tools we use today to increase our own productivity are also used by bad actors to gain a similar edge.

The same AI tools boosting our productivity are also helping bad actors. This has escalated the cat-and-mouse game between us and them. To stay ahead, we’ve created a dedicated AI role to ensure member protection remains central as AI evolves.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

ZH: Cross-functional teams and collaboration make up the foundation of our cybersecurity strategy. Cybersecurity can no longer be a checkbox, a tool you plug in to your technology, or a siloed team.

We’ve adopted something known as “DevSecOps,” a new cybersecurity framework for our credit union. It places cybersecurity at the center of everything we do. Whether it’s onboarding a new product or building out a new process, we make sure that cybersecurity has a seat at the table, first and foremost.

From there, DevSecOps involves leveraging processes and tools to implement our cybersecurity policy within the technology itself, effectively creating a safety net. Our teams can then be sure that no matter what gets created, our platforms are managing the risks automatically by blocking poor cybersecurity practices.

My advice to smaller credit unions is to find good partners — those who offer insights and ideas — while also implementing and managing tools. Then, it’s about getting good at the simple things like patching, vulnerability management, asset management, and vendor due diligence. Don’t be afraid to embrace small but mighty teams that will adopt modern toolsets.

How are you adapting your fraud prevention strategy in response to regulatory changes?

ZH: Over the past two years, we’ve adopted the NIST Cybersecurity Framework and its coinciding Maturity Assessment to better understand how we compare to fraud and cybersecurity industry standards.

We’ve also adopted a new enterprise risk management framework to empower and educate employees against the variety of risks that exist internally and externally — transactional, people, processing, and cybersecurity. Lastly, we use more modern approaches with things like threat modeling, purple teams, and Continuous Integration/Continuous Deployment (CI/CD) pipelines within cybersecurity.

The results speak for themselves: We’ve hit high marks in our examination, audits, and cybersecurity KPIs, and we’ve transformed into a proactive team that can identify and squash risks quickly.

Tech To Catch What Humans Miss

Suresh Renganathan, Teachers FCU
Suresh Renganathan, CTO, Teachers FCU

Suresh Renganathan has been chief technology officer at Teachers Federal Credit Union ($9.9B, Hauppauge, NY) since February 2020. His role encompasses enterprise IT, cybersecurity, digital, and enterprise program management.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Suresh Renganathan: We face threats on two fronts — cybersecurity and fraud — which are increasingly interconnected.

Our layered defense addresses both areas:

  • Cybersecurity: We follow a Zero Trust model with continuous re-authentication, AI-driven behavioral analytics to flag unusual logins, and automated systems that disable suspicious accounts and isolate devices. A 24/7 security operations center monitors threats in real time.
  • Fraud Prevention: We use real-time transaction monitoring, biometric MFA, cross-reference fraud consortium data, require dual approvals for large wires, and out-of-band verification for vendor changes.
  • Human Element: Ongoing phishing simulations and training help staff and members recognize AI-enhanced scams and avoid relying solely on voice or video for verification.

The key is combining AI-driven detection with a trained workforce and shared intelligence — tech catches what humans miss, and vice versa.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

SR: At Teachers Federal Credit Union, cybersecurity is a team effort. Our Information Security Steering Committee brings together leaders from IT, risk, operations, compliance, and other departments, ensuring security is baked into every decision and every member interaction.

For smaller credit unions, I recommend:

  • Build A Security-First Culture — Regular training reduces human error, often the weakest link.
  • Leverage Partnerships — Credit union leagues, CUSOs, and managed security firms can deliver enterprise-grade tools for less cost than you can on your own.
  • Focus On Fundamentals — Start with MFA, patch automation, and phishing detection. Use risk assessments to prioritize. Don’t try to fix everything at once.

How are you adapting your fraud prevention strategy in response to regulatory changes?

SR: The evolving regulatory landscape is an opportunity to strengthen our program. We’re aligning with the NCUA’s 2025 Supervisory Priorities and NIST Cybersecurity Framework 2.0.

Key areas include:

  • Meeting the 72-hour incident reporting requirement.
  • Enhancing third-party risk management, especially with vendor breaches on the rise.

We’ve implemented automated systems for real-time compliance monitoring, providing live data instead of static reports. This gives examiners up-to-date insights and shows continuous alignment with regulatory expectations. We also run regular tabletop exercises to test and refine our incident response.

The goal is clear: stay ahead of regulatory expectations as well as evolving threats while building true resilience – not just checking compliance boxes.

Advanced Technology + Heightened Awareness

Kevin Bivens, UVA Community Credit Union
Kevin Bivens, VP of Information Security, UVA Community Credit Union

Kevin Bivens joined UVA Community Credit Union ($1.6B, Charlottesville, VA)  in August 2021 and is the cooperative’s vice president for information security. He was assisted in these answers by Chris Nelson, who joined UVACCU as its vice president for fraud prevention earlier this year.

What’s the most pressing cybersecurity or fraud threat your credit union is facing? How are you addressing it?

Kevin Bivens: Social engineering, particularly phishing and vishing scams, which threaten both our members and the organization with significant potential losses. Addressing this challenge requires balancing proactive defenses with strong awareness, both internally and externally. Our cybersecurity strategy uses a layered approach, combining email, network, and endpoint protections to create multiple barriers against attacks.

On the fraud front, we are investing in AI- and machine-learning tools that analyze transaction patterns in real time, identifying anomalies far more quickly than traditional rules-based systems. Yet we recognize that technology alone is not enough. That’s why we pair these innovations with continuous education campaigns for members and employees.

Ultimately, our strategy is about balance: advanced technology plus heightened awareness. By integrating the two, we’re not just reacting to fraudsters, we’re staying ahead of them.

What role do collaboration and cross-functional teams play in your approach to cybersecurity? How can smaller credit unions navigate these challenges with limited resources?

KB: Collaboration and cross-functional teamwork is critical to our cybersecurity and fraud prevention strategies. By bringing together IT, fraud prevention, compliance, front-line staff, and operations, we identify risks early and address them in a coordinated way. With limited resources, collaboration becomes our greatest advantage. Speed and alignment often matter more than scale. For smaller credit unions, I’d recommend focusing on the following:

  1. Leverage partnerships with CUSOs and industry groups to extend expertise and awareness of malicious trends and tactics of bad actors to better protect the organization and its membership.
  2. Educate your membership on cybersecurity risks, fraud tactics, and prevention.
  3. Make cybersecurity part of your culture so every employee feels responsible for protecting members. This includes recognizing associates for identifying, preventing, and reporting potential threats.

How are you adapting your fraud prevention strategy in response to regulatory changes?

KB: With the sunset of the FFIEC Cybersecurity Assessment Tool, we’ve shifted to a more risk-based, dynamic approach. We’re aligning with the Center for Internet Security (CIS) Critical Security Controls framework, enhancing continuous monitoring with analytics, and strengthening governance so our fraud controls map directly to regulatory expectations. Our periodic exams and risk assessments are treated as learning experiences to help us stay proactive and resilient rather than just compliant.

Interviews have been edited and condensed.

Don’t Stop Here. Read “Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 1)” to hear from Bay Federal, BCU, Credit Union 1, MariSol FCU, and MSUFCU.

The post Cybersecurity Is Under Fire And Credit Unions Are Fighting Back (Part 2) appeared first on CreditUnions.com.

]]>