It’s all over the headlines: financial fraud is higher and costlier than ever before. Credit unions in particular have been hit hard by the meteoric rise in financial fraud: according to Alloy’s 2024 State of Fraud Benchmark Report, 79% of credit unions and community banks experienced more than $500,000 in direct fraud losses in 2023—higher than any other segment surveyed.
While digital channels are critical for providing high-quality member experiences, their increasing prevalence in financial services has provided fraudsters with new opportunities to infiltrate and attack credit unions and their members.
Account takeovers are hitting credit unions hard
One of the most insidious forms of fraud to emerge in the era of digital financial services is account takeover fraud, which is when a fraudster gains unauthorized access to a member’s account.
Account takeover fraud may occur when a member is scammed into revealing personal information, ultimately opening the door for fraudsters to access and take control of their account. Account takeover can also occur on other channels, such as if a fraudster impersonates a member at a branch, making it difficult to detect and address.
Once a fraudster has obtained a legitimate member’s credentials, they may alter the member’s personally identifiable information (PII), such as their address, or even additional data such as the email address or phone number associated with the account.
This action better disguises the fraudster’s activity and prevents the member from receiving notifications. The fraudster can then impersonate the legitimate member to complete transactions, add themselves as an authorized user on the account, or even request a new card, so they have one in their physical possession.
Account takeover fraud has likely driven many of this year’s financial losses for credit unions. According to TransUnion’s 2023 State of Omnichannel Fraud Report, account takeover fraud has increased by 81% since 2019. Javelin’s 2024 Identity Fraud Study also found that account takeover fraud resulted in nearly $13 billion in customer losses in 2023 (up from $11 billion in 2022).
While any type of fraud can erode members’ confidence in their credit union’s security, account takeover fraud has a particularly severe effect on brand reputation because it involves bad actors directly controlling customers’ personal accounts. As a result, it often winds up being a highly emotional and violating experience for members that can cause them to lose trust in their financial institution.
What can credit unions do?
To prevent account takeover fraud, credit unions need to develop a better understanding of their members before any funds leave their accounts. This requires a shift in strategy: from tracking fraudulent activity through transaction monitoring to concentrating on identity, which allows for a more proactive and holistic risk assessment using fraud indicators that emerge much earlier.
In other words, credit unions will have a better chance of preventing fraud before it happens. To do this, credit unions should layer identity-focused fraud prevention measures on top of their real-time transaction monitoring.
More specifically, credit unions can start by incorporating tools that monitor device and behavioral changes. They should also ensure they are monitoring suspicious events such as a change in a member’s PII. If a change in a member’s PII occurs, credit unions can then trigger a step-up verification method, such as document verification, to thwart the account takeover.
Monitoring members at onboarding will give credit unions a more accurate depiction of how their members’ risk profiles evolve over time. With this information, credit unions can then identify any anomalies that emerge. Then they can interdict, alerting the member about the risky behavior soon after it occurs. Ultimately, members will have a higher level of confidence in their credit union, and the institution will be more secure.
As a first line of defense, credit unions should also ensure their members’ are armed with adequate fraud prevention knowledge. They can do this by encouraging the use of unique and non-repeat passphrases, requiring multi-factor authentication to sign into accounts when available, providing ongoing education about phishing attacks and social engineering scams, and sending reminders about the types of information their customer service agents require, and what they will never ask.
Have a plan in place
Account takeover fraud is scary, but if credit unions can adopt an identity-centric, layered approach, they will be well-posed to prevent it. Ultimately, this will result in a better experience for their members, cementing the brand loyalty that sets credit unions apart from other financial institutions.
