In 2020, we launched a brand-new, fraud-focused webinar series, “Let’s Talk Fraud.” During these webinars, Allied’s fraud experts answered credit unions’ pressing fraud questions.
Here are the top 5 fraud topics we were asked to address during these 2020 events:
- ACH Fraud
Question: What are ACH fraud risks financial institutions face today and what are prevention techniques for these attacks?
Answer: ACH fraud risks take many forms today, including ACH credit, ACH debit, and ACH loan fraud attacks. ACH credit fraud attacks on unemployment insurance disbursements have been especially prevalent in 2020 with the spike in unemployment resulting from the COVID-19 pandemic. Here are fraud prevention strategies you can adopt to manage these attacks:
- To prevent ACH credit fraud
- Limit the dollar amount on outgoing ACH credits
- Set up multiple layers to authenticate ACH credit requests (e.g., passwords/passcodes, security questions, callbacks/text authorization)
- Don’t provide immediate credit on ACH funds requested
- To prevent ACH loan fraud, place holds or block ACH payments on any line of credit disbursements
- To prevent ACH debit fraud, place a hold on any incoming ACH deposit and validate where and from whom the funds came
- Remote Fraud Attacks
Question: What are key authentication strategies to prevent fraud attempted remotely (online, through call centers, and via mobile apps)?
Answer: With the COVID-19 pandemic, remote attacks and online consumer scams grew exponentially throughout 2020. Managing these attacks requires diligent accountholder fraud education, as well as the enforcement of robust authentication requirements. Strong authentication requirements include:
- Set up complex password requirements for online and mobile account access
- Ask for both identifying information (e.g., SSN) and personal information (e.g., pet’s name) for online and over-the-phone account access
- Enforce multi-factor authentication requirements (e.g., signature requirements, account passwords, PINs, security questions, code verification, and biometric identifiers) for account access or transaction requests
- Ensure your financial institution is signed up to participate in 3DSecure to better protect your accountholders from online, card-not-present fraud attacks
- Share education with accountholders and call center staff on methods they can take to protect themselves from common email, text, or phone scams
- Check Fraud
Question: What are other financial institutions seeing as far as check fraud, especially for checks deposited through remote and ATM channels?
Answer: Counterfeit business, consumer, and cashier checks continued to be a big concern in 2020. Follow these steps to reduce counterfeit check fraud exposure at an ATM, via remote deposit, or in-branch:
- Adopt automated software that captures and reports counterfeit checks
- Place holds on checks over a selected dollar amount
- Monitor and secure all possible points of entry for check fraud
- Physically review each remote deposit before releasing the funds
- Set daily transaction and/or dollar limits on remote deposits
- Establish a required waiting period before making any check funds available
- Educate accountholders and employees on the key indicators of counterfeit consumer, cashier, and corporate checks
- Adopt internal audit procedures and technology tools to spot fake or duplicate checks before the funds are released
- ATM Fraud
Question: What tips do you have to mitigate trending ATM risks in 2020 and beyond?
Answer: Above all else, update all of your ATMs to be chip-enabled to prevent fraud and self-retained fraud losses on these devices. Non-EMV machines are much easier for fraudsters to break into. Additionally, you will retain any of the losses that occur from magnetic stripe fallback transactions occurring on chip-enabled cards at non-chip-enabled ATMs. With ATM cash-out and skimming attacks continuing to be major threats today, it is also important to:
- Block non-EMV card use and fallback authorizations if you have chip-enabled ATMs
- Set transaction and dollar limits for cards used at your ATMs that are non-chip-enabled to reduce possible fallback loss exposures
- Establish daily dollar and transaction limits
- Install security software and hardware to prevent and be notified of tampering on your devices, such as an anti-skimming device and a code-protected locking mechanism
- Perform daily inspections of these devices to find the installation of unauthorized devices or settings
- Payment App Fraud
Question: What are some key methods to prevent fraud on payments apps like Venmo, Zelle, and Cash App?
Answer: Payment app fraud spiked significantly in 2020. These attacks primarily occur via phishing, vishing, or calling consumers to obtain their card or account information and fraudulently sign them up for a payment app. Managing these fraud attacks requires a mix of detection and protection methods, including:
- Validating if you offer the Payment Apps using the accountholders account number versus a debit card to properly monitor and detect possible fraud across either/both transaction channels
- Setting daily velocity limits: a max number of ACH and debit card transactions within a 24-hour timeframe
- Setting a max daily dollar limit for both ACH and debit card payment app authorizations
- Offering text or email alerts to accountholders so they may detect and report any unauthorized transactions
- Establishing strong identification requirements for all account access and information requests, across all channels
- If an online password reset is requested, wait until the accountholder has approved this via email or text before authorizing any additional account changes, such as change of address, phone number, or email requests
2020 was full of new hurdles and challenges, and on top of it all, fraud criminals remained steadfast in their efforts. However, we can all help protect our consumers and institutions from these nasty crimes if we continue to work together.
Attend our “Let’s Talk Fraud” Webinar Series to receive fraud insights, advice, and prevention strategies from Allied’s fraud and risk experts. Click here to register for these virtual events, which will kick off anew in 2021!