Over the past three-to-four years, bank fraud has become a more consistent issue, regardless of the institution. With electronic payment usage at an all-time high, how does the banking industry combat the increased risk of compromised information?
Where is member information obtained by scammers?
As the manager of a shared resource credit union contact center, my team helps members through the beginning stages of fraud situations multiple times a week. In my experience with early-stage fraud or fraud concerns, it is a lot more common for members to experience fraud with their credit or debit card than via an ACH or check transaction. This is partly due to the amount of usage with a credit or debit card.
Members may not be aware of how or when their information has been compromised in every situation. Occasionally, members will recall a suspicious scenario they by-passed without caution. In today’s world, it is very common for someone to order food, clothes, entertainment, or groceries using the internet or a mobile application. But they might not always be careful when inputting their personal account information.
Some credit unions choose to block card transactions based on the region or vendor security. A credit union representative would need to approve the transaction attempt or allow the purchase for a specific period. Credit unions will also work with third-party fraud security vendors to assist with recognizing suspicious activity and having members first approve the charge before processing.
Being strategic with account verification
Once personal information is obtained by a scammer, there is an added risk of additional information being obtained. This can happen through online or audio banking but also potentially by phone. Every financial institution’s call process should begin with account verification. Without this process members also run the risk of larger external transfers if they are able to obtain enough information to consistently pass the verification process.
Verification is essential to limiting fraudulent callers. Account code words are a great tool for verification but can be obtained if members are not interacting in a secure location. Asking for one to two additional transactional-based verification questions creates reassurance that you have the correct account and actual member on the line. When asking transactional-based verification questions, it is important to be creative, but not difficult for the actual member to recall.
What are good member verification questions?
When possible, you want to ask verification questions that only the member would know. Some examples are recent transactions, direct deposit or loan payment amounts, the date the account was opened, joint owners listed on the account, or the make and model of the vehicle on the loan. These questions can serve as a great base for creative questions to ask other than out-of-pocket information.
But what’s wrong with asking out-of-pocket questions? Well, out-of-pocket questions are typically the easiest pieces of information to compromise. Utilizing these types of questions, you run the risk of a family member calling or members who are not secure with their personal documents. An example: you most likely know your sibling’s date of birth, mother’s maiden name, address, and contact information.
If a transactional-based verification question is answered incorrectly, give the caller a second chance to answer another transactional-based question to verify. It is understandable for members to stumble on a specific transaction, but if they cannot answer multiple questions, it should raise a red flag.
What should employees do when they recognize a red flag?
First, the employee should notify a supervisor. If the supervisor can listen in on the interaction, that is a helpful way to guide the employee and get a second opinion on the suspicion. If the supervisor is not able to assist with the interaction, employees should look for an avenue to have the caller receive a call back from a specific representative for assistance. These steps may frustrate the caller, but if needed the employee should notify the caller this is for their account security and that a supervisor will be contacting them as soon as possible.
If it turns out the call was in fact a scammer, there are multiple options to consider. If enough information was compromised from an account, it should be closed and a new account opened. If you are confident minimal or no information was compromised, adding an account comment to warn employees of suspicious activity is a great way to make sure the account continues to stay secure. This is often the most efficient option when a member’s debit or credit card was compromised but no-account information was obtained. In most cases, members can then be reissued a new card with a different sixteen-digit number.
Play it safe
All in all, keeping members’ information safe should be the number one priority for credit unions. Therefore, it is essential that employees be strategic and vigilant when it comes to keeping an eye out for fraud. Remember to limit verification questions to account or transaction-based as personal information can easily be learned by others and always err on the side of caution. Your members will thank you for having their back!