Advances in technology are making consumer transactions seemingly more secure, but cybercriminals are still finding sophisticated ways to beat systems and commit financial fraud. A 2018 study on payment fraud mitigation reported that 75 percent of financial institutions (FIs) experienced fraud losses. Three common forms of fraud that can threaten credit unions (CUs) are check fraud, card fraud and automated clearing house (ACH) fraud, and fraudsters often deploy phishing emails to deceive and defraud customers. These schemes have become all the more common during the COVID-19 pandemic because the number of Americans working remotely has increased.
The following Deep Dive explores the rise of certain fraud attacks and details how data analytics and advanced learning tools such as machine learning (ML) can help CUs safeguard their platforms and customers against potential threats.
Rise in Phishing Attacks and Data Breaches
With consumers hyper-focused on COVID-19 in this uncertain time, phishers are taking advantage of fear and disrupted routines to steal sensitive information. The situation has gotten so bad that the number of phishing sites used to launch attacks has increased by 640 percent, according to a recent report. This increase illustrates fraudsters’ efforts to leverage pandemic-related information to manipulate consumers.
Fraudsters’ tactics have gotten increasingly creative since the COVID-19 pandemic emerged earlier this year. Many bad actors have now turned to non-targeted phishing campaigns, using COVID-19 as a lure in the email subject line. These phishing emails can come from imposters pretending to be representatives from the CDC, for example, and include links to fake COVID-19 maps showing recipients’ neighborhoods and updates on how many people have been infected. Clicking can initiate malicious attacks and spyware that can steal passwords, credit card numbers and other data from browsers.
Cybercriminals are also developing a variety of threats including clone phishing, spear phishing, smishing and other specialized types of phishing. The difference between legitimate and phishing emails is thus becoming difficult, which makes it imperative for CUs to educate their customers about the risks and urge them to be mindful about validating email addresses.
Phishing attacks can also target CU employees. Some 1,473 breaches revealed 164.7 million sensitive records in 2019, with the financial services industry accounting for only approximately 7 percent of incidents but more than 60 percent of breached records, according to the San Diego-based Identity Theft Resource Center. This rise in data breaches and phishing attacks can significantly impact the relationship between credit unions and their members. CUs must therefore invest in capabilities that can identify and report phishing attacks, monitor abnormal system and network activity, review incident response and containment procedures and contact law enforcement agencies for support. They must also invest in harnessing their customer data to better identify fraud so they are not left playing catch-up.
How Data Analytics Can Help Credit Unions Solve Fraud Issues
Credit unions must act fast when information related to fraud or a breach comes to light, since losses can significantly increase as time passes.
Several solutions can help CUs stay two steps ahead of bad actors. Data analytics tools — along with ML technologies — can help CUs assess their customer data and find fraud patterns that may otherwise not be visible to human analysts across numerous products and services. Data-driven approaches to managing fraud risk can help credit unions identify emerging threats across their card portfolios, for example, enabling CUs to assess growth in card-not-present (CNP) fraud and identify relationships between transactional data and instances of fraud. Combining data analytics tools with ML can also help CUs apply insights from existing data toward future fraudulent attempts.
A proactive approach that wields data analytics tools can detect breaches more quickly at the source, and potentially make a huge difference. Savvy risk management thus begins with determining how data can be used to sooner identify and act on fraud.