Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

CUs Facing Costly Fraud Threats from Multiple Sources
Thursday, September 19, 2013 6:25 AM

Difficult economic times create opportunities for good organizations, but they also create opportunities for criminals, which is why credit unions need to adopt loss controls to mitigate the most serious risks, according CUNA Mutual Group President and CEO Jeff Post.

According to Post, employee dishonesty ranks low in terms of number of insurance claims but is by far the leader in claim dollars paid. Most losses are caused by cash theft, fraudulent loans and ledger manipulation. Citing the Association of Certified Fraud Examiners’ 2012 Report to the Nations on Occupational Fraud and Abuse, Post said employee dishonesty fraud lasts a median of 18 months before being detected, with a median loss of $140,000. However, the study showed more than one-fifth of these cases caused losses of at least $1 million. The longer a perpetrator works for an organization, the higher fraud losses tend to be.

“For credit unions, there is no immunity to this exposure based on geography, asset size, or employee tenure. The one common denominator has been that the credit union either lacked the controls to catch fraud from the beginning or got more relaxed about the controls over time, which provides the ideal environment for a dishonest employee,” Post said.

He recommends three “Ds” to reduce employee dishonesty:

  • Deter – Vet job applicants and establish a written fraud policy.
  • Detect – Segregate duties, require mandatory vacation and reward whistleblowers. In addition, conduct surprise internal audits and have specific controls on cash handling, loan processing and access to member accounts.
  • Discipline – Develop a fraud policy that includes detailed procedures for handling these situations and guidelines for terminating or suspending dishonest employees. Train employees regularly on the fraud policy.

Another large loss area for credit unions involves fraudulent transfers from home equity lines of credit. Post said credit unions reported more than $25 million in losses from 2007-2012, with the average loss being $175,000. Some approached $1 million.

“Telephone callbacks are too easily defeated by criminals, who hijack the member’s home phone number through call-forwarding. So don’t rely only on callbacks.” He said credit unions should be wary of large-dollar HELOC transfers, limit the dollar size of transactions not requested in person and implement layered security, such as requiring passwords in addition to callbacks.

“I know convenience is important in attracting and retaining members, but in these large-dollar transactions, credit unions need to be prudent as well as convenient,” Post said.

Regarding plastic card fraud, which was rampant when he became CEO in 2005, Post said credit unions have made good progress in managing fraud, but sophisticated crooks are still identifying weaknesses. Targeted payment fraud exposures, card data breaches, phishing scams and system intrusions continue to be legitimate threats.

Migration to EMV (Europay, MasterCard and Visa) chip technology provides added security by making the skimming of magnetic stripe data more difficult, but credit unions should plan their migration to EMV carefully. “The new cards will contain a chip, but it will still have a magnetic stripe for a while. Educate your members about using chip technology at merchants and ATMs that offer that capability.”

In discussing data breaches at a credit union itself, Post said the biggest concern is exposing members’ personal identifiable information. “Breaches are often caused by lost or stolen devices, as well as by hackers. They’re expensive and can put your credit union’s reputation at risk.”

Electronic crime is also increasing and CUNA Mutual Group is seeing more examples of outgoing funds and account takeovers. “I would characterize data breaches and electronic crime as not necessarily being high-loss areas yet, but they are definitely high-risk and have the potential to produce significant losses.”

Post urges credit unions to not get complacent. “Just because you may not have had a loss doesn’t mean you should curtail your fraud prevention efforts.”