User login

Best Practices for Fighting Account-Based Fraud

Account takeover fraud is not isolated to a single industry. The potential for account takeover exists whenever a company allows consumers to establish accounts that store any information of value. Account takeover can involve any type of account including government benefit accounts, wireless phone contracts, mortgage loans, checking accounts, credit cards and e-commerce accounts.  

Financial fraud is one of America’s largest growth industries, creating annual losses of $189 billion, according to Meridian Research, Inc. Also, according to the FTC, identity theft is escalating at 40 percent a year and is particularly problematic compared with more traditional forms of financial fraud. Greater access to credit, an abundance of information, faster electronic communications and intense competition among financial institutions make it easier than ever for criminals to steal identities and falsify information.  

The U.S. Department of Justice calls it “one of the most insidious forms of white collar crime.” Identity theft tends to be more damaging to both consumers and institutions. It typically results in multiple instances of fraud, which are often of higher dollar value than other types of fraud.   

What's a credit union to do? There are a number of internal controls that should be reviewed and evaluated regularly, such as:   

  • Conduct periodic surprise audits and annual reviews of procedures.
  • Provide for the physical security of all checks – this includes cashier checks, branch checks and deposited checks.
  • Provide for the temporary physical security of electronically deposited checks, including storage in a secure facility along with secured shredding.
  • Ensure appropriate security is in place over signature plates, cards and software.
  • Require an additional review process for all checks over a specified amount.
  • Remove individuals from financial institution transaction authority immediately upon resignation or termination.
  • Ensure that controls exist for the storage and destruction of all documents that contain account and other related information.
  • Determine that appropriate controls are present if employees access financial and banking systems from remote sites.
  • On an annual basis, request a legal review of all changes in laws regarding liability as it relates to fraudulent transactions.
  • The controls listed above are a sample of controls to be considered. Additional internal controls must also be evaluated by the financial institution.  

There are a number of ways to prevent fraud losses and protect consumers from identity theft. Chances are that your credit union probably already has a number these best practices in place, but you might want to review them (below). 

1. Strengthening verification procedures for new accounts:
  • Incorporate more information into the decision process, especially for high-dollar unsecured transactions.
  • Break away from conventional thinking. Traditional credit scoring and underwriting procedures do not identify fraudulent applications.
  • Dig deeper to verify identify beyond using Social Security numbers or other single pieces of data.
  • Look for and assess the fraud potential of inconsistency among all data available, not just in address and credit bureau information. Does the phone number go with the address? Do the age and Social Security number match?  
2. Strengthening verification procedures for existing accounts in online or call center transactions:
  • Positive verification: comparing information provided by the consumer with a trusted third-party source, such as a consumer reporting agency.

3. Basic level:  Credit report data to verify name, address, phone number, Social Security number, date of birth and driver’s license number.

  • Logical verification: using commercially available analysis tools to determine the consistency of information from various sources.
  • Negative verification: checking information provided by the consumer against databases of known fraud, bad checks and government lists.

4. Strengthening the notification process to the consumer for changes made to the consumers’ existing accounts. Any changes made to a member’s account need to be verified with the member. This can be accomplished by the following: 

  • Sending a confirmation email to the original email provided by the consumer.
  • follow-up letter to the original address of the consumer.
  • A phone call to the original phone number on file.     

5. Implement third-party fraud prevention products for additional assurance

  • TrueChecksTMfrom Advanced Fraud Solutionsidentifies counterfeit, NSF, and closed account issues in real-time at the teller window. It provides tellers with Reg CC-compliant hold recommendations and integrates seamlessly with existing workflows. 
  • TrueCards® is the only package that allows institutions to determine the true point of compromise and block the cards at risk almost immediately.
  • DEPOSIT CHEK® service delivers data to the frontline staff to with a real time, web based solution for every teller in the organization.

Additional resource: BCI Business Credit Information, Inc./Experian – “Best Practices for Preventing Fraud Losses and Protecting Customers from Identity Theft,” March 2015.

This article includes content shared by CO-OP, and it was originally entitled "Best Practices - Fighting Account-Based Fraud."