In our last article, we outlined the different forms of fraud that are increasing at credit unions across the country, and the impacts of CNP fraud through payment apps and BIN attacks. Here, we’re going to share some expert insights on how credit unions can manage their cybersecurity to protect member data and provide a frictionless experience, while shoring up against financial and reputation risk.
A robust data strategy and collaboration can pay big dividends for credit unions. Consumer behaviors have changed quite a bit, so understand your baseline, analyze the data, and look for anomalies – across all your member touchpoints, from your call center to your website and mobile apps to in-person transacting. Consider:
- Are you seeing a lot of PIN changes or requests to tokenize an account to load it into an app?
- Are you monitoring web traffic logs to keep an eye on the rapid guessing of user credentials?
- Are you using multifactor authentication for all transactions?
- Are all departments and team members aware of risk functions for each layer of authentication? Are your authentication layers enough for detection, prevention, and response?
- Are your vendor partners using strong authentication measures and tools? How is the contract worded regarding liability for cyberattacks?
- Are you taking advantage of 3D Secure, which requires customers to complete an additional verification step with the card issuer when paying, such as directing the customer to an authentication page on their credit union’s website to enter a password associated with the card or a code sent to their phone?
- Are you or should you be considering adopting machine learning authorization tools?
Unfortunately, one of the weakest links in the fight against cyber-fraud is credit union members. Ann Davidson, Vice President of Risk Consulting at Allied Solutions, says to expect not only a spike in this activity, but also new twists on it, “because the bad actors are extremely creative and aggressive.” Credit unions, however, can turn the challenge of educating members to protect themselves into a real marketing and relationship building opportunity as well. Teach members about the importance of:
- Using stronger passwords, including capital and lower case letters and special characters. Not using their children’s or pets’ names; everyone has that information from social media accounts. Not reusing passwords. Changing them monthly.
- Signing up for real-time transaction alerts and proactively locking down credit reports. Credit unions should be offering members these types of programs.
- Planting their flag. Log into general government sites, like the IRS, and create an account before the bad guys do it in your name.
- Properly and safely disposing of checks after Walmart scans them as an ACH—NOT simply tossing them in the trash afterward.
- Applying a healthy degree of skepticism.
Eric Kraus, Vice President and Business Executive at FIS, told us that fraud victims tend to be more connected through multiple devices and social media channels. That is why aggregating data to pick up on signals and anomalies across different payment channels and devices, along with multifactor authentication and biometrics, is critically important.
Davidson offered her own insights on this: “Look at your layers of authentication. That is going to be really key in 2021. Are you using dynamic authentication based on the questions that you ask? A password as authentication doesn’t cut it in 2021.”
Identity theft is one of the scarier situations a member can face in their financial lives. Giving them the knowledge and tools to help them feel in better control of their financial data is important for them and crucial for helping your credit union build a relationship with them. At the foundation of that relationship is trust, and credit unions earn it every day when you keep member data safe from the bad actors by following fraud prevention and cybersecurity best practices.