CUNA Mutual Group Proprietary | Reproduction, Adaptation or Distribution Prohibited | 1007303-1017 © 2017 CUNA Mutual Group, All Rights Reserved.

Don’t Fall Victim: Loan Fraud & Scams

0000

When risk management is effective, nothing bad happens and the status quo is maintained.It is extremely difficult to prove the value of ‘nothing,’

so no one takes notice.

But if things go south and you’re blindsided by a problem, the lack of risk management takes the blame.

Five credit unions targeted by fraudsters

100+ fraudulent loan applications submitted

onlineLoans ranged from $7,500 to

$35,000$1Mcredit union’s help

investigators bust $1M fraud ring

Credit Union Times | March 05, 2019 at 10:00 AM

From just last year…

V i c t i m i d e n t i t i e s o b t a i n e d f r o m s c h o o l a n d h o s p i t a l w e b s i t e s

No intention of repaying the loans and will ultimately be

discovered at the time of first payment default

Fraudsters

Employees who have a need, see an opportunity, and who can

rationalize their actions

Employees

Fraudulent vendors or dealers trying to make a quick buck

Vendors

Members with financial problems attempting to borrow their way

out of debt

Consumers / Members

Who’s committing loan fraud?

The fraud

footprint

Email Phone Text OnlineFace-to-Face

A s yo u r c h a n n e l f o o t p r i n t g r ow s , s o d o e s yo u r f r a u d f o o t p r i n t .

6

.

O n l i n e i s j u s t a s e a s y a n d f r a u d s t e r s c a n c o n c e a l t h e i r

i d e n t i t y

7

Full ID packages

$30–$100 black market

Comprises multiple pieces

of PII such as name,

address, phone number,

SSN, email address, and

bank account number

The number of exposed

Personally Identifiable

Information (PII) records went

up 126% in 2018.

Source: 2018, Identity Theft Resource Center (ITRC)

Source: Symantec

8

Long-tail ImpactID Theft; fraudulent accounts; and loan fraud

Credit unions with nonprofit organizations

(e.g., charities) within fields of membership are attractive targets

Credit unions offering online account opening

and online loan applications are

particularly at risk

In-person applications at a branch office

ID Theft Related Losses

• New account fraud(fraudulent deposits followed by withdrawals)

• Loan fraud

Member Authentication

ChallengeB A L A N C E

Transaction SecurityVirtual Convenience

Online is usually preferred

as fraudsters can conceal their identity

New Account

Fraud Variations

Online Account Opening

and New Loan Fraud

• Loan documents completed with electronic signatures

• Some scams involve fictitious auto dealers• Disbursement checks are usually forged• Fraud rings are recruiting people to open

accounts online, and then request loans

New Accounts and

Credit Card Applications

• Accounts opened online • Credit Cards opened online (online

applications without signatures)• Fraudsters use ACH booster payments

Other Account / Loan Fraud Challenges

• Accounts / loans often opened online using stolen identities

• Verification solutions using credit reports easily defeated

• Membership qualification by joining non-profit organization

• Account funded with money order mailed to credit union

• Apply for loans online including credit cards

• Fraudulent paystubs often used

• Loans closed remotely with electronic signatures

13

• Fictitious identity using a combo of real and fabricated info

• Used to obtain credit, open deposit accounts and getdriver’s licenses and passports

• One of the most difficult to detect and fastest growing

• Patient fraudsters realize that if they build that identity,the payoff ends up much bigger

Geolocation data can compare the location of the device used with the stated location to evaluate the likelihood of fraud

Fraudsters most prized data!

Typical victims:children, elderly

or homeless

SSNof people

who don’t use credit

Synthetic Identity Theft

Risk Mitigation Tips

& Best Practices

Match application informationto trusted sources of information

Check phone records Verify email addresses Verify address location

− Let’s Get Technical

Examine device history Review IP address Calculate distance between

IP address location and applicant’s address

Utilize a fraud detection service

Validation Tools

• Credit Report• Photo ID and ID Validation• Bank Account Ownership• Knowledge-Based

Authentication• Fraud Detection Service• Out-of-Band Phone Verification

Online Applications

Online Loan

Applications:

What should

you look for?

Online Loan

Applications:

What should

you look for?

Online Loan

Applications:

What should

you look for?

Online Loan

Applications:

What should

you look for?

Emerging RisksCredit Report Review

For more validation tips, check out…An Employee’s Guide to Loan Fraud

What to look for…

• Mixed fonts• Format inconsistencies• Math does not calculate

• YTD totals not consistent with pay period• Gross (-) deductions ≠ Net Income

• Date inconsistencies

Fraudulent Paystubs

What’s happening in mortgage fraud?

23

Emerging RisksReal Estate Closing Impersonation Fraud

• Fraudsters search for upcoming closings

• Fraudulent emails sent to credit union or purchaser / member with “updated wire instructions”

• Emails look similar to actual emails; however, typically have similar faults as other phishing emails

• With social engineering fraud tactics, you need to exercise additional caution and not cave to urgent demands

2424

Impersonation Fraud

• Develop formal procedures for handling these requests• Require redundancies to sign-off on transactions• Don’t publish employee information on website

(names, titles and email addresses)• Don’t conduct business using personal email accounts• Use out-of-band method to authenticate executive’s

email requesting wire transfer

– Face-to-face

– Call extension / mobile phone

• Verify emails containing “updated wire instructions” by calling closing agent using reliable phone number

• Follow an always alert culture

Quicktip

Internal Fraud & Ways to Detect

26

Lack of Internal Controls

Lack ofManagement Review

Override of Existing Controls

Lending Oversight

30% 19% 18%

• Approving loans outside lending authority• Fictitious loans• Unauthorized loans

Primary Internal Control Weaknesses

Source: 2018 Report to the Nation on Occupational Fraud and Abuse, Association of Certified Fraud Examiner, Inc.

Source: 2014 - 2018 Internal Claims DataCUMIS Insurance Society, Inc

51% dollars paid of Bond Claims are related to

employee dishonesty & faithful performance

‹#›

Separation of Duties:• Assistant Branch manager opened accounts &

approved loans for a well qualified member that was not an active borrower

• Stole the loan proceeds & transferred using home banking.

• Advanced loan due dates to avoid delinquency.• Issued credit and debit cards in the member’s

name for his personal useSource: Claims data, CUMIS Insurance Society, Inc.

Internal Fraud$153,000+ loss

Emerging RisksCredit union impact

•Develop and maintain sound policies, procedures, and controls

‒ Segregation of Duties

‒ Internal Audit

•Be sure to address concentration risk limits and monitor results

•Report consistently to the Board

•Consider expanding into new loan segments

Lend

ing

Ove

rsig

htM

itiga

tion

Tips

Other trends in loan fraud

Loan Stacking

• Migration to online lending as preferred channel• Auto-decisioning results in a much faster

process− Less time from application to funding− Fueled by FinTech lenders

• Window of opportunity between loan approval and funding to apply for multiple loans

• Targets consumers with high FICO scores-Super prime borrowers

Wha

t is

it?

Stacked loans

4x more likely to

be fraudulent

Source: TransUnion

• Velocity Tracking

• Stronger Identity Proofing

• Multi-factor Authentication

• Identity Management

Risk Mitigation:

Loan Stacking

Phantom Loans

• Dozens of fraudulent automobile and personal loan applications in their names and the names of at least 30 other individuals recruited to participate in the scheme

• Co-conspirators created fake automobile dealerships that claim to be the sellers of vehicles purchased with the fraudulent loans

• A car is never sold, but the lender provides the proceeds of the loan to a dealer or 3rd party because they have been provided false and misleading information that a real car has exchanged hands

How

doe

s it

wor

k?

Risk Mitigation for Phantom Loans

• Scan loans for all types of fraud at the time of application

• Ensure the borrower, car, dealer, and seller are reliable before making any loan

• Apply security tests to better identify a potential member’s identity during the on-boarding process

• Consider utilizing VIN search tools to confirm ownership of collateralized vehicles

• Confirm dealership buildings appear appropriate - visit in person or use resources such as Google Earth to research the dealer address

• Apply adequate due diligence when adding auto dealerships to your indirect lending programs

Wrap-up

• The lending landscape is a

dynamic environment for fraud

• Stay ahead and evolve.

• Protect members from themselves.

• Educate staff to stay on their toes.

• Remain vigilant and scrutinize

identities, applications, and

verification tools

Q A&

CUNA Mutual Group

Risk & Protection Response Center800.637.2676riskconsultant@cunamutual.com

Ask a Risk Manager interactive form

Looking for additional assistance

Select you’re a credit union,then choose option 4

Stay on top of emerging risks

• RISK Alerts – Warning Watch Awareness• RISK Alert Library

• Risk Insider: Emerging Risks

• Loss Prevention Library (whitepapers, checklists)

• Webinars & Education

• Risk Assessments

Protection Resource Center @ www.cunamutual.com

www.cunamutual.com

This presentation was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It isintended to be used only as a guide, not as legal advice. Any examples provided have been simplified to give you an overview of theimportance of selecting appropriate coverage limits, insuring-to-value and implementing loss prevention techniques. No coverage isprovided by this presentation/ publication, nor does it replace any provisions of any insurance policy or bond.

CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, itssubsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMISInsurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group. Some coverages may not beavailable in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., ourinsurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs.For example, the Workers’ Compensation Policy is underwritten by non-affiliated admitted carriers. CUMIS Specialty InsuranceCompany, our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Data breachservices are offered by Kroll, a member of the Altegrity family of businesses. Cyber liability may be underwritten by BeazleyInsurance Group.

This summary is not a contract and no coverage is provided by this publication, nor does it replace any provisions of any insurancepolicy or bond. Please read the actual policy for specific coverage, terms, conditions, and exclusions.

© CUNA Mutual Group 2018 All Rights Reserved.