Creating a Collaborative Fraud Prevention Program

By: Ann Davidson, VP of Risk Consulting at Allied Solutions.

Many financial institutions in 2016 began picking up their efforts to build more robust risk management strategies. Creating a collaborative, cross-departmental risk strategy has proven to be a great way to manage fraud risk. Watch the full webinar to learn more: Collaboration is Key to Manage Fraud Risk.

One strategy your credit union may want to adopt is to create a risk culture awareness program that will help your financial institution better monitor, identify, and manage potential fraud activity.

What is a Risk Culture Awareness Program?

A risk culture awareness program is an ongoing initiative managed by leaders within your credit union to encourage enterprise-wide awareness of fraud and financial loss threats, so every member of your staff is better equipped to quickly and effectively detect and address these threats. Such programs include creating a fraud investigation unit to centralize the management of these risks, or adopting an enterprise risk management strategy that includes fraud mitigation.

What are the steps an organization should take to implement a risk culture awareness program?

1. Develop the foundational changes that will encourage this new culture of risk awareness.
2. Apply these new organizational changes and the risk culture awareness program.
3. Measure the impact of these changes to determine if they were effective.
4. Apply any necessary changes to the risk culture awareness program.
5. Adjust your risk culture awareness program as needed to meet the evolving needs of your organization and address current risks.

There is something to say about knowing your entire staff is doing their best to help ward-off fraud before it happens. There is also the added bonus of being able to tell your account holders all the hard work you are putting in to help keep their information and money protected – which will inevitably lead to good things for your organization. No matter where 2017 takes you, know that there is much to offer in the way of risk awareness and prevention.

Listen to a more in-depth discussion about how your compliance team and your risk management teams can work together to mitigate risk by watching the full webinar here: Collaboration is Key to Manage Fraud Risk 

 

Allied Solutions is the NAFCU Preferred Partner for Insurance—Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP); and rateGenius. Learn more at www.nafcu.org/allied.





Data Breach Response Planning Best Practices

By: Ann Davidson, VP of Risk Consulting at Allied Solutions

There is a high likelihood another large data breach will occur in 2016, so it is essential your financial institution is armed with a written data breach action plan that includes steps to prepare for, respond to, and recover from an attack. Provided below are best practices your credit union can take to help mitigate the financial and reputational impact of a potential data breach on your financial institution and members:

Plan

  • Establish a formal data breach response plan
    • Name your team
    • Review plan annually
    • Submit to Board of Directors (GLBA)
  • Conduct annual trainings with employees on data breach awareness and response
  • Run tabletop exercises and/or mock data breach drills annually
  • Create a security fund for unpredictable external and internal breach costs

Respond

  • Develop an internal breach action plan
  • Designate resources to draft notification letters, employee scripts, FAQs, press releases, etc.
  • Adopt fraud investigation and credit monitoring services
  • Give away entitlement to services up front to create more value and offset cost at breach

Recover

  • Consider outsourcing with a qualified organization for the following professional services:
    • Fraud counseling service to take calls, provide guidance, place fraud alerts, etc.
    • Call center service to provide multilingual enrollment assistance
    • Identity advocate service to provide identity theft investigation and recovery

Read the Data Breach Preparedness Checklist produced by NXG Strategies or watch the recording of our webinar to learn more about how to build a strong data breach response plan.

Allied Solutions is the NAFCU Preferred Partner for Insurance—Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP); and rateGenius. Learn more at www.nafcu.org/allied.

Card Fraud Lessons Exposed

By: Ann Davidson, VP of Risk Consulting at Allied Solutions

Recently Allied Solutions presented a webinar on card fraud in response to the reported increase in card fraud attacks. When polled, 81% of attendees stated they have personally experienced an uptick in card fraud during the last 12 months.

After this webinar, Allied reached out to individual financial institutions to perform an assessment of their risk programs and help uncover potential causes of the card fraud they were experiencing. Here’s what they found:

  1. Financial institutions were seeing increased instances of PIN fraud at the ATM.

Discoveries:

    • A fraud monitoring system (FMS) was not in place for PIN authorizations performed at an ATM.
    • All employees were granted the authority to change ATM PINs when requested by a caller.

Preventive Actions:

    • Confirm in writing from your PIN vendor that you have a FMS in place for all types of authorizations.
    • Ensure PIN change requests are performed using robust authentication measures, especially if you have a voice response unit (VRU); do not give your employees the authority to manually process PIN changes.
    • Review your PIN change reports to see if there is a notable increase in PIN changes.
  1. Financial institutions were seeing high daily dollar amounts on card transactions.

Discoveries:

    • Credit card limits were set at the line of credit for a 24-hour timeframe.
    • Debit signature limits were set to the available balance in the cardholder’s account.
    • Debit PIN limits for POS and ATM were set at $1500 and greater.

Preventative Actions:

    • Confirm you have daily dollar limits for ALL types of transactions.
    • Set your daily dollar limits to suit your organization’s risk appetite and tolerance.
    • Ensure daily dollar limits are set to accommodate the spending activity of your account holders.
    • Let your cardholders know they should inform your organization if they want the daily dollar limit raised to better accommodate their transactions.

The discoveries that were made after communicating with these financial institutions demonstrate the importance of ensuring you have strong security measures in place to help prevent fraud attacks, while at the same time verifying the strength of your card processors’ and vendors’ security layers.

Watch the recording of Allied’s Card Fraud on the Rise: How Financial Institutions Can Help Prevent It webinar, co-presented by Ann Davidson and Tammy Behnke, Program Executive at ProSight Specialty Insurance, to hear more about how you can remain more protected from card fraud.

Hear more about security breaches and learn what your financial institution can do to help prevent and respond to breaches by attending Allied’s upcoming webinar Data Breaches Continue to Rise: How Financial Institutions Can Prepare & Respond on May 4. Click here to register.

Allied Solutions is the NAFCU Preferred Partner for Insurance—Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP); and rateGenius. Learn more at www.nafcu.org/allied.

Card Data Breach Loss Prevention Checklist

By Ann Davidson, VP of Risk Consulting at Allied Solutions

Many of the large-scale card data breaches in 2015 involved the compromise of magnetic stripe data on both credit and debit cards. The data compromised in most of these card breaches involved either track 1 or track 2 magnetic stripe fraud (POS 90), as determined by the merchant during the transaction authorization. Because the track information can be duplicated, there will likely be a high risk for future fraud exposure if you opt not to block and reissue these cards.

For an in-depth look into payment card fraud risks that many credit unions are being hit hard with right now, watch Allied’s webinar “Card Fraud on the Rise: How Financial Institutions Can Help Prevent It.”

Card Data Breach Loss Prevention Checklist:

  • Evaluate the compromised card number to help determine if the risk is high
    • A high risk involves the full unaltered magnetic stripe data from track 1 and/or track 2 – track 1 carries the cardholder name; track 2 does not
  • Confirm you’re utilizing “name matching” if track 1 data was part of the breach
  • Review card associations’ alerts and act immediately on at risk card data outlined in alert
  • Analyze at risk open card accounts to determine which cards are/are not still active
  • Review other card accounts to find out which cards are non-active and have already been closed due to fraud
  • Identify the fraud pattern to uncover the common point of compromise (CPP)
    • This is where the breach took place, not where the fraud occurred
    • Once discovered, report the CPP immediately
  • Block and reissue impacted, open card numbers when magnetic stripe has been compromised
  • Accelerate the reissuance of active cards prior to their expiration date
  • Consider reissuing the card 30 to 180 days before the date of expiration
  • Ask the card association(s) to take recovery action related to any expenses
  • Report the fraud to the Visa Fraud Reporting System and/or MasterCard’s Safe System, as this is a requirement under the card association(s) rules

Watch Allied’s webinar “Card Fraud on the Rise: How Financial Institutions Can Help Prevent It” to learn more about payment card fraud risks.

Allied Solutions is the NAFCU Services Preferred Partner for Insurance- Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP). More educational resources and partner contact information are available at www.nafcu.org/allied.

 

Holiday Season Fraud Prevention Checklist

Produced By Ann Davidson, VP of Risk Consulting at Allied Solutions

Holiday FraudIt’s not if fraud exposure will happen this holiday season, it’s when! That’s why your credit union should help your staff and members prepare for what fraudsters have in store this holiday season.

Our gift to you this holiday is a checklist that you should provide to your credit union staff to ensure that your credit union and credit union’s members have a safe and fraud free holiday season.

Holiday Season Fraud Prevention Checklist:

Educate cardholders about the heightened risk of attacks and scams during the holiday season, such as: Phishing attacks (where the member is asked to pay the scammer money) and recruitment scams (where the member is asked to pay a bit of money up front to earn more money later on.)

Recommend to staff and members that they more closely and more frequently monitor ACH items, outgoing wires, and online transaction activity on all of their cards and accounts to look out for any unauthorized activity. Inform them to pay special attention to ACH items and outgoing wires.

☑ Utilize promotional and communication tools to increase the proliferation of information to your credit union staff and members about the increased likelihood of scams and attacks during the holiday season.

☑ Flag or block any unusual out-of-state card purchases. Inform members to alert you if they are traveling over the holidays, so that they are not affected by these preventative measures.

☑  Monitor any type of card fraud to help identify a card breach. Look for a common point of compromise and report it to the fraud department at the card association (i.e. Visa or MasterCard) immediately.

☑  Ensure that your credit union is receiving Visa alerts (CAMs) or MasterCard alerts regarding compromised cards and/or regarding information about the type of card data at risk (i.e. Track 1, Track 2, etc.).

☑  Determine if you will block and reissue or monitor compromised card numbers. In cases where the full unaltered magnetic stripe has been compromised, it is strongly recommended to block and reissue the card data.

☑  Contact cardholders to let them know when they are part of the compromised breach.

☑  Share a message on your website or phone system with any updates about the breach.

PrivacyAuthentication☑  Utilize multiple layers of authentication when validating and sending out ACH and wire transactions both online and in-person to help prevent any unauthorized withdrawals of members’ funds.

☑  Monitor PIN change activity. The criminal may make multiple attempts to perform a PIN change in order to obtain card data.

☑  Utilize an anti-skimming device on your ATMs to help prevent skimming.

☑ Review daily dollar limits for signature, internet, and PIN transactions and offer members the option to lower their daily card limits over the holiday season.

☑  Watch for multiple payments on the same day or within days of each other on credit card accounts and do not provide availability of a payment to the credit card holder until other payments clear.

☑  Watch for increased cash disbursements (advances) being performed on non-credit union issued cards at the teller counter.

☑  Perform a review of your fraud risk tools and programs to assess their effectiveness.

☑  Continue to enhance your fraud protection strategies and your fraud management systems to help prevent card exposure.

For more information, watch the “Holiday Fraud Prevention 101” webinar recording.  Ann Davidson with Allied Solutions, LLC will explain what type of risks increase during the holidays and introduce steps that you, your staff, and your members can take to help ensure you all have a safe and fraud free holiday season.

Allied Solutions Logo

Allied Solutions is the NAFCU Services Preferred Partner for Insurance – Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown (MBP); and rateGenius.  More educational resources and contact information are available at www.nafcu.org/allied