In Financial Institutions We Trust
Financial institutions across the globe remain one of the most trusted industry segments among their clientele. That trust is a soft asset earned through a pillar of the industry: risk management. Maintaining such trust is a key success factor for financial institutions as global cyberthreats increase and society moves to an “always-on” technology paradigm. A core element of that trust is the belief that banks and credit unions will guard personal financial information (PFI), company financial information, and other personally identifiable information (PII). While financial institutions have to stay on top of the risks inherent in their industry as a matter of survival, there is also a heightened level of awareness and concern about fraud across the general industrial landscape.
The Data Breach Problem
This is the new age of digital transformation, in which people interact with the world in cyberspace. In the background, however, nefarious entities relentlessly test and probe systemic weaknesses 24×365 to find information that can be used to conduct fraud. Data breaches remain of the highest concern, with access gained through a combination of social engineering, systems penetration, and process knowledge. Data breaches involving the loss of individuals’ financial or medical information are on the rise. Information has become the new currency in criminal circles. As a result, PII is continually available on the dark web, where it is purchased by miscellaneous criminals and would-be fraudsters as a commodity to perpetrate a variety of fraud scams. These scams include opening credit accounts using synthetic identity, accessing online banking accounts, and interloping on money movement by various means such as payment apps for Uber, PayPal, and Facebook. As CO-OP Financial Services’ specialist in fraud management points out:
People often assume that the highest–valued article for sale on the dark web is a payment card, but the real value lies in log–in names and passwords. An Uber credential is worth about $10 today, while a stolen credit card number and accompanying cardholder demographics sells for less than $1.
–John Buzzard, Industry Fraud Specialist, CO-OP Financial Services
As the global cyber shift unfolds, consumers are changing their shopping behavior from the physical store to online and mobile transactions. Fraudsters monitor consumer behavior and have followed this change by shifting their attacks from proximity payments to remote channels. At the same time, the transformation of the point of sale to a more secure payment environment, with implementation of EMV chip-enabled cards and tokenized payments, has caused fraudsters to change direction from counterfeit card fraud at the point of sale to the more opportunistic “card-not-present” (CNP) fraud online. This switch to e-commerce was expected for years, but it’s gaining traction every day as CNP remains an easier avenue to perpetrate fraud (no need to risk arrest on site in a store; easier to scale over a larger mass of retailers). The graphic below, based on the 2018 U.S. Credit Union Benchmark Study commissioned by CO-OP Financial Services and Mastercard, illustrates this shift with 35% of fraud incidents in the U.S. attributed to CNP fraud.
Countering the Threat
Given the rising global cyberthreats and fraudsters’ continual shifting of weapons and tactics, a truly fundamental requirement for banks and credit unions is to have a comprehensive plan that incorporates flexible tactics and modern tools. CO-OP Financial Services assists credit unions with risk management of fraud through a collaborative approach involving not only enterprise strategies but also individualized consultation at the credit union level.
CO-OP fraud analysts are continually behind the scenes on fraud strategies to reduce risk but this approach is paired with a consultative approach at the credit union level. Fraud scenarios are not all created equal, so we find it valuable to manage risk across the enterprise and at the individual credit union level as necessary
–John Buzzard, CO-OP Financial Services
CO-OP has developed a number of tools and approaches based on the type of threat posed, which can be summarized as follows:
- Information sharing involving provision of timely and relevant data about known breaches, developing countermeasures, and regular exchange of fraud intelligence with core constituents.
- Layered approaches to fighting fraud in corporate technology like enhanced authorization blocking, along with collaboration with individual credit unions that helps balance their members’ expectations for both protection and transaction acceptance.
- Mobile enablement and control, which is key as consumers exercise their preferences for mobile experiences. With tools like CardNav by CO-OP, consumers can receive text and email alerts, set robust individualized transaction controls, and even turn their card off and on at their leisure.
This is huge because consumers want more control over their payment cards. You lock your home at bedtime. Why not lock your card down for the night as well?
–John Buzzard, CO-OP Financial Services
- Machine learning, which is based on the ability to analyze massive data sets in milliseconds and then improve algorithmic results over time through constant data input. Machine learning is driving a lot of what CO-OP Financial Services will be doing to prevent fraud across a very sizable corporate landscape with COOPER, its latest machine learning technology described by CO-OP FS as “an advanced data-driven platform designed to detect and fight fraud faster than ever before.”
Payments fraud is a major symptom of the broader issue of cybercrime, but it can be minimized somewhat independently through planning and investing in defenses and vigilance – in effect a relentless offensive and defensive counter to the ever-present and growing chart of threats. The intersection of payment acceptance (successful completed transactions) and fraud prevention requires a multifaceted approach that combines best-in-show fraud tools and a collaborative “client-first” point of view.