How to authenticate new and existing members

Fraud and data security concerns continue to rise at alarming rates across the United States. In 2020, the Federal Trade Commission reported receiving over 2.1 million consumer fraud reports and more than $3.3 billion reported losses (up from $1.8 billion reported in 2019). Reports of fraud surged during the COVID-19 pandemic, most commonly, reports of imposter fraud or online shopping fraud. 

In today’s current climate, bad actors are continually attempting to take over an individual’s identity or create a synthetic identity of someone who is not real. This makes enhanced authentication measures increasingly critical for data and financial security. One key element: educating the consumer on the importance of authentication measures. Authentication layers are critical in helping keep bad actors from using their identity or creating a fake identity with parts of the real person’s identity.

Understanding is critical in the process of prevention. For credit unions, call centers, and consumers, there isn’t one specific way to prevent fraud and it’s important to incorporate a comprehensive strategy to authenticate fully and securely.

9 Authentication Recommendations for Credit Unions:

  1. Utilize member information for identification versus only using member account information
  2. Avoid using social security numbers, date of births, mother’s maiden name or other public information since these types of authentication layers are public and can be used by the bad actor
  3. Consider using “dynamic” knowledge base authentication questions for new and existing members. These questions are unique to an individual that are not publicly accessible or easy to guess and can even be rotated. Some examples could include: 
    • What is your mortgage payment?
    • What is the color of your car
    • Who is joint on your account?
    • What branch do you use?
    • What was your last transaction?
  1. Review the FFIEC Guidelines that encourages the use of challenge questions during authentication that do not rely on information that is publicly available
  2. Configure clear and defined pass/fail requirements during the authentication process to help keep information secure
  3. For employees, outline the specific number of questions asked and number of multiple answers allowed
  4. Set time limits to prevent the bad actor from researching the answer
  5. Educate your members on how important it is they do not share any of their personal or financial information with anyone they did not call, email or text. This can include helpful resources, classes, or fraud prevention tools
  6. Research industry information on prevention of authentication fraud. Talk with peers on what action they are using to help understand the various attacks

As we continue to work together to manage risk, it is critical that we put in place a robust authentication policy to help keep the bad actors away from your members and out of your credit union.

Ann Davidson

Ann Davidson

Ann assists credit unions in identifying areas of risk in their operations and recommends sound loss control measures to help reduce loss exposures. Davidson has over 40 years working with ... Web: Details