2010 alaska credit union league annual meeting emerging fraud risks facing credit unions

1CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group

2010Alaska Credit Union League Annual Meeting

Emerging Fraud Risks Facing Credit Unions

Ann Davidson, Risk Management

CUNA Mutual Group

CUP-0310-C510

2

Disclaimer

This presentation was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It is intended to be used only as a guide, not as legal advice.

Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value and implementing loss prevention techniques. No coverage is provided by this publication, nor does it replace any provisions of any insurance policy or bond.  Please read the actual policy for specific coverage, terms, conditions, and exclusions. Bond coverage is underwritten by CUMIS Insurance Society, Inc.

For general information, please contact a CUNA Mutual Sales Executive.

3

Industry Overview

• Tough economic times motivating criminals

• New schemes… old schemes with new wrinkles

• Attacks against financial institutions and consumers

• Education is the key to success

4

What You’ll Take Away…

• Awareness of emerging risks

• Information to share with your credit union staff

• Practical action steps to prevent growing threats

5

The Nature of Fraud

• Criminals are sophisticated-organized crime

• Criminals penetrate weaknesses

• Fraud schemes are utilized as long as there is a victim

• Cross-channel fraud… a new concept to manage risk

6

Emerging Trends

• New fraud landscape

• Danger of silo fraud monitoring

• New transaction options

• Challenges

• Opportunities

7

Emerging Trends

• Enhanced transaction channels

• Compliance and regulation

• Competitive pressure

• New payment alternatives

• Technology… today and into the future

8

Hottest Fraud Threats in 2010

1. Phishing, smishing & vishing

2. ID fraud

3. System intrusion

4. Cyber crime

5. Data breaches

6. Transaction fraud (ACH,Wire,Checks,Cards)

9

10 Hottest Schemes in 2010

7. Mortgage fraud8. Internal fraud9. External fraud10. Other emerging risks

– Compliance and regulation– New account– Existing account– Check image on home banking– Health care fraud

10

Phishing. Smishing. Vishing

• Risk– Increase attacks in 2009– 90% of attacks directed at financial services*– Focused on smishing (text message)– Threat to mobile banking members

• Prevention– Phishing takedown and monitoring services– Member education is critical

Source: Anti-Phishing Working Group

1

11

ID Fraud

• Risk– Identity theft is on the rise– Identify fraud grew rapidly in 2009

• Prevention– Industry efforts to curtail fraud and increase

consumer education.

Source: Identify Theft Resource Center

2

12

ID Fraud

• What to watch for:– Fraudsters are conducting their schemes quicker– Low-tech methods to obtaining information – Lack of security

2

13

System Intrusion

• Risk– Detecting network intrusions sometimes can be trickier than

preventing them– SQL injection– Assault on authentication– Malware and keylogging

• Prevention– Regular monitoring of network activity– Strong intrusion detection systems

3

14

Cyber Crime

• Online crime complaints– Record high in 2008

– 275,284 complaints

– 33.1% increase vs. 2007

• Online fraud total dollar loss– $265 million

– $25 million increase vs. 2007

• Average individual loss amounted to $931

Source: Internet Crime Complaint Center (IC3) 2008 Annual Report

4

15

Cyber Crime

• Risk– Sophisticated computer fraud schemes– Financial data migrates to the Internet

• Prevention– Cooperation in fighting cyber crime– Education and awareness– Up-to-date malware protection

4

16

Data Breaches

• Economy sinks….data breaches rise

• Jumped nearly 50 percent in 2008

• Captures information to create a financial loss

Source: Identity Theft Resource Center (ITRC)

5

17

Transaction Fraud

• Risk– ACH– Wire– Cards – Watch for ATM skimming– Paper checks

• Prevention– Fraud prevention monitoring system– Early notification

6

18

Mortgage Fraud

• Risk– False or misleading information to obtain loans– Orchestrated purchase of properties

• Prevention– Crack down on mortgage fraud– Secure independent verification

• Income, assets, income tax history– Mortgage fraud bill (S. 386)

• Doubles FBI resources to pursue mortgage fraud and other financial crimes

7

19

Internal Fraud

• Risk– Privy to information used to open credit cards in other

employees' names• Charge items to company credit cards • Used company funds to make 25 personal car payments • Wired company money to herself via Western Union• Booked at least one cruise for her family • Purchased several airline tickets

• Prevention– Require background checks on all employees – Establish levels of authority for employees– Conduct regular audits

8

20

External Fraud

• Risk– Scam artists are more creative– Focus on financial benefit– Methods vary across all types of transactions

• Prevention– Utilize a fraud management system for all account

transactions– Member education on the types of exposures

9

21

Other Emerging Risks

• New account• Existing account• Compliance and regulation• Home banking check image • Telephone based fraud• Mobile banking• Social media – Facebook, Twitter, Linked-in

10

22

Check Image Exposure

• Successful “phishing” attack puts online banking members at risk

• Fraudster travels to the check image page• Information captured from the check image:

– Members account number– Signature– Address– Phone– Possible Social Security Number– Any information on the check image is at risk

• Fraudster either creates paper checks, performs ACH items or pursues ID fraud

10

23

Check Image Exposure10

Fraudster goes to check image page

Fraudster captures

information

Account numberSignatureAddressPhone

Possibly SS Number

Fraudulent activities via

Paper checksACH

ID fraud

Successful “phishing” attack puts online banking members at risk

24

Check Image Prevention

• Eliminate the information displayed on the check image

• Member “opt in” feature to view check image

• Member education

10

25

Common Theme is Prevention

• Identify the root cause

• Utilize a fraud management system to prevent or minimize fraud

• Educate employees

• Educate members

26

Lessons Learned

• Best practices do prevent fraud– Engage all credit union employees

• Measure savings by the “effectiveness” of the loss prevention tool

• Sharing information helps other credit unions and members

• Focus resources on root causes of the loss

• Being proactive pays off

27

Credit Unions Taking Action

• Ensure prevention processes and tools are in place and delivering intended results

• Find the critical balance between risk management and member service for your credit union

• Implement a cross-channel fraud prevention solution– All transactions– Credit union member account level

• Working together helps ensure success credit union success

28

Credit Union Protection Resources

• Credit Union Protection Response Center at 800.637.2676• Credit Union Protection Resource Center at

www.cunamutual.com/prc– RISK Alerts; Webinars; White Papers; Templates

– UserID and Password required

• For insurance coverage information at 800.356.2644

29

It’s Question Time…

30CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © CUNA Mutual Group

Thank You!

Ann DavidsonRisk Management, CUNA Mutual Group

800.356.2644, ext. 7117ann.davidson@cunamutual.com