4 minutes
The best tool for fighting fraud is education.
Sponsored by Envisant
Fraud is on the rise, and the use of synthetic identities (combining different people’s stolen personal information to form false identities) has a particularly strong financial impact. According to a report by FiVerity, synthetic identity fraud represented $20 billion in losses for financial institutions in 2020 (up from $6 billion in 2016).
Don’t let these third-party fraud nightmares get the better of you or your credit union! Like all challenges we face, the best tool to fight fraud is education, education, and you guessed it—education! Keep reading to gain some practical tips for educating yourself, your team and your members on how to keep personal information safe.
Phishing Communications
Fraudsters often trick people into sharing personal or financial information via phone calls, texts and emails by impersonating credit unions or other legitimate companies. Some tips to share with members on how to recognize a phishing communication and avoid its bait are below.
- Remind members they can’t rely on a caller ID to know if a call is legitimate; these can be manipulated. Emails and text messages can also be spoofed to look like they are coming from a trusted source.
- Remind members that your credit union will never ask for personal information, card number, personal identification number, CVV2 or online banking credentials via phone, email or text.
- Be sure members also know to be wary of calls that are supposedly from your processor requesting full card number, PIN or CVV2.
- Reassure members that it’s OK to say no, request information in writing, or hang up and call back using a reliable number they trust if they are feeling uncomfortable or pressured to respond on a phone call.
Suspicious Links and Websites
Being able to spot phishing links and websites is vital to protecting information from fraudsters. While links received in unsolicited texts or emails should never be clicked, checking suspicious document or URL links in any communication, on social media or elsewhere online is an important habit to develop. Some methods for verifying links are below.
- Make sure a link has the correct URL. Using your mouse to hover over a link with your cursor reveals a dialogue box at the bottom left of the browser with the actual URL being used. Check if the URL in the dialogue box matches the address displayed on the page or if it leads to the website or document suggested by the anchor text. (Tapping and holding does the same on a mobile device.) For example, the displayed URL: https://www.envisant.com/ should match the dialogue box below when hovering over the link.
- Extra care should be taken with shortened URLs. These are good places to hide bad links. To check their legitimacy, you will need to first use another online tool that returns them to their full length. One example of such a tool is urlex.com.
Below are some ways to help identify legitimate websites.
- Look for a lock icon in the address bar and click on it to bring up a menu. Check that it says “certificate is valid” under the “connection is secure” submenu.
- Legitimate sites usually also have a physical address and contact information listed along with privacy policies.
- Be wary of poorly constructed websites with poor spelling and grammar.
- If the website is for an unknown company, check around online to see if they have a social media presence or endorsements from websites already known to be trustworthy.
- Use an online tool that reviews a website’s reputation. You can right-click a link to access a copy option and then paste the URL into the search bar.
Social Media
Members and credit union employees alike need to be careful when posting on social media. Friends aren’t the only ones checking out your updates. Fraudsters are lurking on social media as well. That 40th birthday trip post, complete with pictures of your celebratory dinner, not only alerts fraudsters that you’re not home but also reveals your birthdate, which is often used to verify identity.
Protective Measures
In addition to fraud-savvy habits, credit union staff and members can take protective measures to stop hackers from bypassing them to steal vulnerable information.
Credit unions and individuals can protect computers/laptops/phones/tablets by making sure software is automatically updated to the current version and that anti-virus software is installed and up to date as well. Also, be sure to remind your staff and members to never leave a device unattended and unlocked.
Establishing strong passwords for every device is another key preventative measure. Make sure passwords have a mix of numbers, letters and special characters. Use words not in the dictionary like “P@55word.” Also, using unique passwords for each device and website keeps the damage to a minimum if one of these sources is compromised. Credit unions should also enable multifactor authentication whenever possible. This feature creates a solid backup to stop fraudsters if they manage to get hold of a member’s password.
By educating staff and members, credit union leaders can frustrate fraudsters’ attempts to create financial nightmares for all. From applying smart habits to harnessing empowering tools, everyone has the opportunity to take part in confronting third-party fraud and enjoy greater peace of mind.
Mary Anne Colucci, director of fraud and risk, has worked nearly two decades within the card services department at Envisant. She is primarily responsible for delivering strategy and products to minimize the risk associated with LSC‘s credit unions’ card portfolios.