NEW YORK (7/7/08)--Credit unions need to keep up with aggressive thieves who are recycling types of fraud and expanding them into different payment areas. So says Ann Davidson, risk manager at CUNA Mutual Group, speaking Wednesday at the America’s Credit Union Conference & Expo last week. The event, presented by the Credit Union National Association, closed on Wednesday. “When the economy is not so good, the temptation is there,” Davidson said. The newest targets for fraud are electronic paychecks, via automated clearing house (ACH), and mobile payments via the .mobi Internet extension, she said. Today members can make payments through cash, check, credit and debit card, and online billing, via ACH, and through cell phones and personal digital assistants. “How do you manage the member’s fraud risk when that member uses six payment systems? Credit unions want to become the member’s primary financial institution (PFI), so you can manage fraud from a cross-channel protection point of view,” Davidson said. “Thieves are having educational sessions, identifying who has the weakest link. They come in and will keep coming in until you plug the hole,” she told credit unions. She noted the dangers of “silo fraud monitoring,” with each type of transaction monitored separately. “All those types of transactions get posted to the member’s account. You are seeing those transactions somewhere along the line.” Technology makes fraud easier, but it can help to manage fraud also. On March 20, 2009, credit unions will be required to have their systems ACH-compliant. Some best practices to help minimize the effects of fraud include:
* Use the fraud management system to identify and block suspect transactions; * Deactivate the mobile device in the event of theft or loss, like credit unions do with card fraud; * Use encryption of locally stored data; and * Implement personal identification number authorization and lockout.
Use the same methods in new risk areas, such as mobile devices:
* Make them compliant with the Federal Financial Institutions Examination Council; * Secure registration of mobile devices; * Require Secure Socket Layer connection; * Validate and confirm security layers are working effectively; and * Talk to your peers.
Also note that member business lending (MBL) presents “a huge risk, associated with ACH. It’s not wrong, but you need to manage it,” Davidson said. How does a credit union get connected to manage all these types of fraud? Through enterprise cross-channel management, she said. Centralize your fraud risk management, layer loss control solutions across all transactions; do this in real-time; and centralize compliance and regulatory requirements, Davidson advised. For more on the conference, use the link to Credit Union Magazine's