Dig Deep into the Root Causes of Fraud to Prevent Future Attacks

Similar documents
Equifax Data Breach: Your Vital Next Steps

State of Card Fraud: 2018

protect fraudulent against transactions your business Introduction What is a fraudulent transaction? Merchant Responsibilities Card Present

Get the most out of your membership

Defending Against the Latest Fraud Trends

IDENTITY THEFT RED FLAG POLICY/GUIDELINES JULY 2008

Handling Debit Card Chargebacks

Financial Transactions and Fraud Schemes

CONSUMER FRAUD GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

Chargebacks 101. Do draft retrievals result in upfront debits? No, draft retrievals are non-monetary.

Focused on card fraud prevention

CoreLogic Credco First American Way Poway, CA (800)

The Interagency Guidelines on Identity Theft Detection, Prevention and. Mitigation, commonly referred to as the Red Flag Rules, require each financial

Subject: Identity Theft, G-113 Department: All & Branches References: Part 717, NCUA Rules and Regs, FACT Act, Companion SOP s G-30 (Opening New

Amstar Brands Payment Methods Manual. First Data Locations

The Stark Reality of Synthetic ID Fraud How to Battle the Leading Identity Fraud Tactic in The Digital Age

Good From The Inside Out. Saturday, April 8, 2017

PREPAID CARD GLOSSARY

Identity Theft Prevention Program Lake Forest College Revision 1.0

Red Flag! Now What? An SME s Guide for FACTA Red Flag Compliance. see} white paper

Eastpointe Community Credit Union Identity Theft and Deterrence Policy

Consumer Electronic Fund Transfer Agreement and Disclosure

minimise card fraud in your business.

Overview of Card Regulations, Disputes, & Fraud. Tina Giorgio, President & CEO ICBA Bancard Inc.

Experience business banking with more control.

Palomar Community College District Procedure AP 5900 PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

Clarion University Identity Theft Prevention Program

EMV Chargeback Best Practices

Data Facts Fraud Prevention Information You Trust

U.S. BANK FOCUS CARD. Frequently Asked Questions. The Focus Card. What is the Focus Card? How does the Focus Card work?

A report showing the merchant s settlement. The acquirer settlement report is generated by the acquiring bank at the end of every billing cycle.

Examiner Expectations for the Supervisory Committee

Exactly what kind of bank is South State Bank?

Busting Fraud Rings with. Social Link Analysis

ATTENTION: SECTION 8 CLIENTS WHO RECEIVE UTILITY ASSISTANCE PAYMENT Posted: November 2017

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

Risk Management on Prepaid Cards

Chart 1 How Fraudulently Used Consumer Information is Obtained M A Y

Pay Card - Recipient Frequently Asked Questions

LexisNexis Developing an Effective Red Flags Rule Program

Jack Byrne Ford & Mercury Identity Theft Program (ITPP)

Chapter Five: Student Services and Operations AP 5800 PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

Banking and Receivables

April 2017 Discover Interchange Qualification Guide

ELECTRONIC FUNDS TRANSFER ( EFT ) AGREEMENT

emoneysafe debit Mastercard Terms and Conditions of Use

Synthetic Identities. Are you chasing invisible footprints? 2018 Fair Isaac Corporation. All rights reserved.

Customer Protection Policy (Unauthorized Electronic Banking Transactions)

Quick Credit Repair Guide

cardholder USER GUIDE Travel

2012 Payments Fraud Survey

Note: Action items are italicized

ARC s Guide to Travel Agency Payment Card Acceptance, Risk Mitigation and Chargeback Management

Fitchburg State College Identity Theft Prevention Program updated 11/17/09

Secure Opening Plus Requirements for the Identity Theft Red Flag Program

VISA SIGNATURE CONSUMER CREDIT CARD AGREEMENT

A to Z Jargon buster. Call +44 (0) to discuss your upgrade options

Financial Transaction

Reconsidering Key Entry and Voice Authorizations

Declined - An invalid expiration date was used. The merchant may reattempt the transaction with the correct expiration date.

Best Practices for Handling Retrievals and Chargebacks. Lodging

MASTERCARD REWARDS/MASTERCARD CASHBACK CONSUMER CREDIT CARD AGREEMENT

Welcome. Credit Card

2014 AFP Payments Fraud and Control Survey

ADMINISTRATIVE PROCEDURE 5800 DESERT COMMUNITY COLLEGE DISTRICT

PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

COMP3441 Lecture 10: Risk/Case Studies

AP 5800 PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

THE COOPER UNION FOR THE ADVANCEMENT OF SCIENCE AND ART. February 24, 2010

Ethoca Alerts. Pioneering a Better Way to Avoid Chargebacks & Stop Fraud Loss

Presented by: Michael Moreau, CFE, CIA, CFSA Manager, Credit Union Group Macpage LLC

Authorization Approval of a transaction by the financial institution that issued a paycard or other payment card.

FOUNDATION SERIES ON DEMAND. Fraud Red Flags Workbook

RentWorks Version 4 Credit Card Processing (CCPRO) User Guide

Number: Identity Theft Program Procedures and Protocol Responsible Office: Business and Finance

Prevention of Identity Theft in Student Financial Transactions

Bill Payment and Electronic Funds Transfer Service Agreement

FARMERS INSURANCE FEDERAL CREDIT UNION

FRAUD TRENDS TO WATCH FOR IN Presented by: Daniel J. Mahalak

Ball State University

University of Connecticut IDENTITY THEFT PREVENTION PROGRAM

16 CFR Duties regarding the detection, prevention, and mitigation of identity theft.

UPCOMING PAYMENT SCHEMES RULES CHANGES

AN 1213 Revised Standards Signature Requirements

Riverside Community College District Policy No Student Services PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

Understanding Your Credit Card Essentials

11/9/15. Fraud in Non-profit Organizations: What You Need to Know NOW!

FAQs - Personalized Pay Cards

Identity Theft Prevention Program. Approved by the Board of Trustees on February 20, 2009

Chargebacks. Your guide to reducing the hassle and cost of chargebacks.

Funds Transfer Services

Bank of america online bill pay credit card

CONSUMER CREDIT CARD AGREEMENT

YOUR RIGHTS AND RESPONSIBILITIES

INCREASING INVESTIGATOR EFFICIENCY USING NETWORK ANALYTICS

Red Flag Rule Procedures Under Princeton University s Identity Theft Prevention Program Effective: December 31, 2010

Investors Choice Commercial Leasing, LLC Credit Policy. Effective August 1, 2017

Blackbaud Merchant Services TM Portal Features Overview Transaction Management Through the Blackbaud Merchant Services Web Portal

Transcription:

Dig Deep into the Root Causes of Fraud to Prevent Future Attacks Presented by: Ann Davidson, VP of Risk Consulting at Allied Solutions & Tammy Behnke, Credit Union Program Director at ProSight Specialty

How can your credit union more effectively keep the bad guys from coming back for more in the world of fraud exposure?

Agenda How to dig into the top fraud risks happening right now Understand the cause of these attacks Address strong fraud prevention and mitigation strategies Understanding the right questions to proactively ask to combat fraud and minimize fraud exposure Understand what critical information to include when performing risk assessments Q & A

Polling Question Are you doing a deep dive to get to the root causation of your fraud today? Yes No Not Sure

Polling Question Do you share the causation of the fraud attack internally and externally to help prevent future attacks of the same nature? Yes No Not Sure

Deep Dive into Payment Fraud What type of fraud is my credit union experiencing? Pull all the material associated with the fraud. For example, if it s card fraud, what type? Debit or credit cards card present or card not present? Is it PIN/signature fraud or both? How many card transactions were able to get authorized? Is the dollar limit of each fraud authorization below the daily dollar limit? What is the point of sale entry mode? Or electronic commerce indicator code? Why did our fraud tools and solutions allow the fraud to get through?

The Many Arms of Card Fraud Address Verification (AVS) fraud PINless fraud Credit card payment fraud Online fraud Non CHIP (EMV) card fraud Chip fallback fraud Cash disbursement (Advance) at the teller counter Lost/stolen fraud Magnetic stripe - PIN fraud or non-pin (signature) fraud Online fraud - Verified by Visa or MasterCard SecureCode fraud Authentication fraud Skimming ATMs Recruitment fraud Skimming point-ofsale (Pay at the pump) Card Not Received fraud (NRI) Card or Card Number PIN Change fraud CVV2/CVC2 fraud Account takeover fraud Key entered - card present or card not present fraud New account fraud Travel alert fraud

Understand the Cause of the Attack Looking at the fraud: Is it just one fraud cause or are there multiple fraud cases of the same type? Get in when the first case happens and track if you see a second case of the same nature Plug the hole before the bad guy keeps coming back for more Are you tracking the cause of the attack? i.e. is it all VBV or MCSC fraud attack and you have no chargeback rights? WHY?

Fraud Prevention Strategies Are you using the following loss prevention and mitigation solutions across ALL types of fraud? Daily $ limits Fraud monitoring tool early notification solution(s) Tracking types of fraud impacting an individual member or credit union account(s) Sample: Corporate or cashier checks Utilize positive pay or payee positive pay Sample: Chip Fallback authorization Block key entered chip fallback Require the PIN to be used for all chip fallback authorizations Set a dollar limit (no more than $50 or $100) and allow one chip fallback Track and analyze all chip fallback fraud to dig deep and find out why it is happening

Questions to Ask to Combat Fraud Why is our credit union experiencing the fraud? What type of fraud are we experiencing? Why is the fraud happening? Do we have a weak link that the bad guys are continuing to attack? Map out the process from beginning to end - will help identify the weak link. Discuss with risk consulting to help get to the root cause. Sample: Card PIN fraud Are we allowing a VRU change? What type of authentication layers are being used to allow the PIN change? Understand how your credit union allows PIN changes. Ask internal and ask your 3 rd party card processor or core data processor.

Risk Assessment Example: Card Fraud 1. Uncover immediate opportunities to help address ongoing card fraud Setting daily dollar limits for credit and debit card transactions Research Multiple Transactions on a Fraudulent Cardholder Account Real Time Authorizations Deploy EMV (Chip-and-PIN) on All Card BINs Country Code Blocks Credit and Debit card fraud cases Cardholder education to help ID Fraud and Report It Early On Name Matching for Track 1 Fraud Review Card Program Parameters on Each BIN Card Security Layers

Risk Assessment Example: Card Fraud 2. Uncover Future Opportunities to Help Address Ongoing Card Fraud Centralize Card Processing for both Credit Cards and Debit Cards to One Card Processor Use Instant Issue Proper Fraud Reporting Enforce Sound Cash Advance (Disbursement) Procedures for the Tellers Monitor the ATM Network Card Program Gift Card Merchant Category Code Verified by Visa and MasterCard SecureCode risk Robust Card Security Tools in 2017

Auto Loan Fraud Deep Dive We have all seen the headlines: Auto Loan Fraud Accelerating at Credit Unions Prolific Con Artists Indicted in Alleged $500,000 Car Loan Fraud Scheme Credit Unions Face an Uptick in Auto Loan Fraud

Auto Loan Fraud Big increase in auto loan fraud claims (almost daily!) Story seems to be the same: New member joins credit union New member applies for an auto loan New member never makes a payment on the auto loan Later discovered that the new member is not who they say they are

Auto Loan Fraud On the Rise So what is happening and why credit unions? Fraud in the U.S. is moving to easier targets Application fraud is an easier target due to identity data that s available for purchase Auto finance is a prime target lower level of control

Auto Loan Fraud Claims So are these claims covered by your Fidelity Bond? In many cases no. Losses directly or indirectly from the complete or partial nonpayment of or default on a loan transaction are excluded. Forgeries may be covered but the definition of instrument must be met. In general, loan documents such as an application for auto loans do not meet the definition of instrument. A forged document of title does meet the definition but it has to be an original. What this means: these losses must be borne by the credit union and affect your bottom line! Growing your top line at the expense of the bottom line is costing credit unions money and hurting your membership.

Synthetic Identity Fraud Synthetic Identity Fraud is hitting the industry very hard Synthetic ID is created by using a SSN that may belong to a person without an established credit history, such as a minor Paired with a fake address and even fake utility bills After a credit history is established, credit cards are used for small purchases Many of these claims could be avoided by making sure you know who you are lending your money to - new members are not worth the potential losses.

Auto Loan Fraud Case Large $7 million auto loan fraud scheme how did it happen? Straw buyers were used False information on applications $7 million in loans on 200 cars Key to scheme as all borrowers and car dealers intentionally misled the lender about their intent The loans all went into default

Dealer Fraud Monitoring Tools What Should Be Monitored? Dealer Fraud Monitoring Tools need to be established Industry statistics tell us less than 10% of the dealers account for 100% of the fraud Using scorecards can show anomalies in employer information, unusual patterns of default loans, unusual patterns of income/straw borrowers across applications Implement An Application Fraud Score/Employment Validation These have been used by mortgage lenders for the past 10 years and fraud has been reduced by 50% over the course of 3 years

Dealer Fraud Monitoring Tools What Should Be Monitored? Implement Income Validation or Verification Income Fraud is prevalent in about 80% of fraud cases Three methods that can be used by auto lenders: Income Reasonability Model does the income match the rest of the information on the application? IRS Verification Use Form 4506T and go directly to the IRS to validate income Financial Institution Verification access financial institution accounts to validate income

Dealer Fraud Monitoring Tools - What Should Be Monitored? Implement Straw Borrower Identification Straw borrowers are used extensively in auto lending due to face to face lending nature and they are easy to recruit Straw borrowers can be detected by looking for these red flags: Thin credit bureau file High income with no trade lines on credit report Borrower appears coached with responses Assets don t match income Following up with a phone call to a home number may also raise a red flag

Actual Loan Fraud Claim Facts: Member committed fraud on VISA and vehicle loan. Vehicle loan was $34,326.32. Loan application received from indirect vendor CUDL from dealership. Assumption by CU that dealership has done their due diligence in verifying the identity of individual, per agreement with CUDL. CU and dealer were unable to agree to terms and no loan transaction was executed. 10 days later, member called CU directly, he had applied for a loan for a vehicle located at a dealership in Alabama. CU is located in a Midwestern state. Identifying documents and proof of income were provided, employment was verified.

Actual Loan Fraud Claim Loan was approved 2 days later, funds sent to the dealer. In addition, the member applied for and was approved for a VISA with a $10,000 limit. A month later, CU receives two more direct applications from out of state applicants, dealer in Alabama was the same as prior loan. Discrepancies were found in the documentation and the applications were denied. At this time, CU checked records and found they had not received title for loan that was approved from the dealer or the state - CU contacted member and dealer and was assured title was on its way. Title never received and loan has become delinquent.

Actual Loan Fraud Claim CU did track down the vehicle to another dealership, they were able to provide documentation that they had purchased the vehicle and subsequently sold it. In addition, member maxed out VISA card, made a large payment and maxed card again. Twenty days later, payment was charged back. Also should be noted, member resided in an Eastern state. So we have a member in one state, a car in one state and a credit union in another state. In addition, the member is employed by a firm in another state. Address on credit report does not match applicant on claim file. Credit report also states several inquiries and SSN issues. I did a quick Google search for the employer addresses didn t match and business had been closed, while the applicant indicated he had worked there for 7 years. Income was suspect as well for industry noted in application.

Top Fraud in 2017 Internal fraud (separation of duties) Cash (Advance) disbursement fraud Loan fraud Card fraud Credit card attacking the line of credit Debit card skimming and fallback chip fraud Remote Deposit capture fraud Wire and ACH fraud Authentication fraud Bad guys will continue to find the weakest link - are you digging deep to find out how the bad guys are breaking in?

Key Takeaways Better understanding of: Digging deep into ALL fraud is key to prevent the same type of fraud in the future Working together and sharing what you are doing with others to help get to the root causation Utilize all available tools and solutions to help manage ALL types of fraud risk Education, understanding, sharing and networking is key to help all of us work together in order to stay ahead of the fraudsters! Stay connected!

Time for Questions! If you have remaining questions that were not addressed today, please contact the presenter: ann.davidson@alliedsolutions.net To receive ongoing education on industry-related topics: Sign-up for our fraud education newsletter: http://tinyurl.com/yaayxv29 Sign-up for our corporate newsletter: http://tinyurl.com/yagc4rj7 Follow us on social media

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback