In the financial services arena, the balancing act between security and a seamless member experience could not be more important. Capitalizing on the knowledge of your experts and implementing analytics can help your credit union provide a safer and better member experience.
Credit unions have experienced increased fraud attempts because of the COVID pandemic – more people are shopping online, which means more card-not-present transactions, and fraudsters have used COVID to worm into systems through phishing and other methods of attack. Ensuring your credit union’s security and reputation are top notch is key to fighting all the new twists on old schemes with which cyberthieves are experimenting.
Experts have seen a material increase in CNP fraud. Eric Kraus, the general manager of fraud at FIS, explained that following nearly ubiquitous EMV implementation, bad actors moved more into the CNP realm to skirt that added security measure. He shared, “I think the pandemic certainly accelerated that. If you look at some of our internal data at FIS, at one point in the second quarter of this year, well over 75% of all fraud attempts on credit and debit cards were done through a card-not-present channel, which coincides when a lot of the world went into lockdown and didn’t have an option to conduct commerce in person.” And the ticket prices at electronic stores has grown significantly, Kraus added.
Included in the CNP fraud are payment apps, which typically require storing card information as the funding source. Apps like Zelle and Venmo have gained popularity through the pandemic. Allied Solutions Vice President of Risk Consulting Ann Davidson talked with us recently and advocated, “We as an industry need to push the payment app vendors – Zelle, Venmo, Cash App, Apple Cash, Facebook Cash – to do authentication before that money goes out the door.”
Another fraud item Kraus highlighted was high-velocity BIN attacks, another form of CNP fraud. High-speed bots guess account numbers and CVVs until they find the right combination, so it’s very important to monitor your BIN. Individually, he said, these may look like low-dollar transactions, but they can add up to a big problem in aggregate.
What’s critical to understand, Davidson said, is the difference between fraud, which a credit union can charge back, and a scam. When a member falls for scam, unwittingly participating in the scam by providing their information, the card issuer will not be able to charge back that CNP transaction. Fraud, on the other hand, is when the transaction is completely unauthorized: the member did not participate, did not give out information, did not enroll in the payment app, and only discovers the fraud after the fact. Fraudulent transactions, in certain circumstances, are eligible for a chargeback.
Keeping your credit union and your members educated and engaged in combatting all the different forms of fraud today is a must. Stay tuned for our upcoming article, where we’ll dive into how credit unions can manage their cybersecurity to protect member data and provide a frictionless experience, while shoring up against financial and reputation risk.