Q&A: Safely sharing fraud-related information

CUES member David Stephen Baker, operations & security manager for $700 million Connex Credit Union, North Haven, Connecticut, shares his thoughts on how credit unions can best support fraud investigations while still complying with the rules protecting members’ private information.

Q: What information can CUs share when it comes to fraud prevention?
In an ideal world, CUs could freely communicate with each other to prevent potential losses. However, a list of legal restrictions—such as the Gramm-Leach-Bliley Act and contractual obligations with card industry vendors—protects members’ private information from being shared without their consent or a warrant issued by the government in support of the administration of justice.

Q: What if organizations ask for information that could be considered “private”?
The fraud prevention information that CUs share amongst themselves, either directly or through a common vendor, is typically high level and couldn’t be used to identify a specific member. For example, a CU might share its observation that a known fraud technique is making a comeback—or that it thinks it has spotted a new scheme being perpetrated in the marketplace. In contrast, law enforcement agencies may request specific information about a particular member or members. And that’s where credit unions need to be especially knowledgeable and cautious.

 

continue reading »