Guarding credit and debit transactions: Best practices for credit unions and members

As consumers increasingly use their credit and debit cards to shop online, fraud concerns continue to rise. Proactive action against potential threats is an important part of nurturing member trust. Combining multi-layered security measures with member education on data safety is the key to an effective fraud prevention strategy.

Common scam tactics

• Phishing/vishing/smishing: Fraudsters may pretend to be from a person’s credit union to trick that person into providing sensitive information. This can happen via phone calls, texts, and emails.
• BIN attacks: Using compromised BIN numbers, scammers make multiple attempts at online transactions to guess and discover additional card information.
• Account takeover: Compromised information is used to access members’ accounts and lock them out while stealing funds or racking up charges.

Layers of security

To counter the many types of fraud tactics, credit unions need to take a multi-layered approach including:

• Data masking: EMV chip and tokenization technology both mask card data to prevent it from being collected by fraudsters either by skimming cards at point of sale or through malicious code on websites.
• Fallback limits: Sometimes scammers break chip readers so they can make fallback transactions with a copied magnetic strip. Setting spending limits on these types of transactions can help reduce their impact.
• Two-factor authentication: This can hinder fraudsters from taking over accounts with compromised information.
• Real-time fraud monitoring: This tactic can help detect fraud early and save both your credit union and members a great deal of money. For example, a sudden increase in authorization requests can alert you to BIN attacks. Some platforms may allow you to set alerts when certain parameters are reached while artificial intelligence algorithms can take this a step further and analyze patterns of behavior similar to how a human might.

Member education

Technology is not enough to protect against fraud. Educating members on safe card use is also a critical layer in fraud prevention. Some best practices include:

Online transactions:

• Warn members to be wary of new websites. Encourage them to check for reviews from trusted sources and look up if any complaints have been made about the unfamiliar site.
• Also remind members to be wary of online offers that seem too-good-to-be true even from familiar vendors because these might be from fake copycat websites or the result of a breach.
• Use only secure internet connections rather than public Wi-Fi when shopping online.
• Make sure personal firewall protection software is up to date.

In-person transactions

• Choose ATMs or gas pumps at well-lit locations and close to buildings, which are less likely to be compromised.
• Use tap and pay to help prevent skimming.
• Cover keypads while inputting pin numbers and don’t keep a written pin number that could be lost or stolen.

Watching out for fraud

• At every opportunity possible, let members know that your credit union will never request details like a full card number, social security number, PIN, one-time passcode, or two-factor authentication code. Also, remind members not to share their online banking credentials with anyone.
• Monitor transactions regularly online or via an app to catch fraud as soon as possible.

Ongoing maintenance and trend monitoring

All these layers of security need to be regularly updated and maintained to keep up with fraud trends. Staying on top of new tactics can help your staff watch out for them as well as better inform members. Regular platform updates are also critical to making sure your own website and ATMs remain uncompromised.

As fraudster tactics become increasingly advanced, a multi-layered approach can greatly reduce their success. It’s an important way to build trust and help members feel secure using your credit union’s debit or credit card, making them more likely to make it top-of-wallet.

At Envisant, an award-winning CUSO, our Fraud Team utilizes advanced tools and carefully monitors transactions for fraud in real-time. To learn more how Envisant can help your credit union offer a debit and credit program with strong fraud protection, visit our website at https://www.envisant.com/.