Mitigating Fraud in Your Credit Union
2012 NCUA Credit Union Workshops

• Fraud Losses
• Frequency & Severity
• Mitigation Steps
• Managing Fraud
• Case Studies
• Best Practices
• Resources
• Credit Union Protection Resource Center
• Risk Management Consultants

Fraud Losses – Identify, Measure & Control
• Claims
• Frequency & Severity
• Basic Loss Mitigation
• Measure Exposure
• Loss Control Techniques
Determine Your Credit Union’s Risk Appetite

Claim Count
Claim Dollars
Incurred Losses, 2006-2010

Basic Loss Mitigation Steps
1
Identify
2
Measure
3
Control
Recognize
Exposure
Determine Impact,
Frequency & Severity
5 Techniques

High Frequency
Low Severity
• Plastic card losses
• Deposit losses
Low Frequency
Low Severity
• Teller shortages
• Courtesy pay
High Frequency
High Severity
• Subprime lending
Low Frequency
High Severity
• Employee dishonesty
• Wire transfer fraud
Severity

AVOID
Avoid the exposure
Ex: Only perform in person wire transfer requests
LOSS PREVENTION
Prevent and/or reduce frequency
Ex: Well trained employees and good written procedures
LOSS REDUCTION
Reduce severity ($ loss)
Ex: Place a dollar limit on non face to face requests
SEGREGATION
Segregate or spread exposure
Ex: Have more than one employee involved in the process
TRANSFER
Transfer some of the risk to another entity
Ex: Buying insurance

High Frequency
Low Severity
LOSS PREVENTION
Low Frequency
Low Severity
RETAIN or ASSUME
High Frequency
High Severity
AVOID
Low Frequency
High Severity
TRANSFER or
REDUCTION
Severity

• Wire Transfers
• Fraudulent Deposits
• Lending
• Employee Dishonesty
Well Trained Employees Are Critical

• Case study break out groups
– Wire Transfer
– Fraudulent Deposit
– Lending
– Employee Dishonesty
• Create a role play situation to combat fraud
– From your group; choose a note taker, narrator, appropriate
Credit Union employee(s) and a Credit Union member if applicable to case study

Wire Transfers

• $183,000 loss
• December 8, 2010: Fraudster contacted credit union by phone to request $183,000 advance against member’s Home Equity Line of
Credit (HELOC)
– Fraudster was able to answer basic security questions (member name, address, social security number, birth date, etc.)
– Funds transferred to deposit account
• December 8, 2010: Signed fax request received to wire $183,000 to
Sumitomo Bank in Japan
– Verified signature
• Performed callback verification to phone number on member’s account but number was changed shortly before the wire transfer request

Prohibit phone requests for advances against member
HELOCs
• A monetary threshold could be established for this purpose

Adopt a written wire transfer agreement with member specifying agreed upon security procedure for verifying the authenticity of wire requests
• Allows the credit union to shift liability for unauthorized wires to the member if the member’s negligence contributed to the compromise of the security procedure provided:
The security procedure is a commercially reasonable security procedure;
The credit union proves it acted in good faith; and
In compliance with the security procedure set forth in the wire transfer agreement

In the absence of a written wire transfer agreement, require members to request large dollar wires in-person at a branch office
• A monetary threshold could be established for this purpose
Callback verification to member using phone number on record
• Check member’s account to confirm phone number was not changed within last 30 days
• Use strong out-ofwallet questions to confirm member’s identity during callback

• Callback verifications are losing their effectiveness as a means of verifying the authenticity of wire transfer requests
– Fraudsters are controlling callback phone numbers
• Phone hijacking
• Contacting credit union to have member phone number changed
– Fraudsters build profiles on their victims to answer even the strongest security questions

• January 25, 2011 article from CNNMoney.com
• Tobechi Onwuhara stole a confirmed $44 million in less than three years
– FBI believes the total may be anywhere from $80 million to
$100 million
– “He preferred credit union HELOCs: They were “soft targets”
Source: CNNMoney.com

Fraudulent Deposits

• $20,700 loss
– New account fraud
• Account details
– Opened May 24, 2011
(savings and checking)
– Debit card issued
• Loss details
– Member deposited 7 checks totaling $22,000 at foreign ATMs during the period of June 9 - 16, 2011
Date of Deposit Check Amount
6/9/2011 $900
6/10/2011
6/13/2011
6/13/2011
6/15/2011
6/16/2011
6/16/2011
$2,500
$3,100
$3,000
$4,000
$3,200
$4,000

• No holds placed on deposits
• Funds withdrawn via ATMs and in-person at credit union shared branches
• Checks returned unpaid – “Account Closed”

• New member identification
– Government issued photo ID
– Should not rely solely on photo ID as a means to verify a new member’s identity
• Fake ID kits

• Screening tools for new accounts
– Assists in verifying identity of new members
• Identity verification/fraud service (e.g., Early Warning’s
IDENTITY CHEK and FIS’ FraudFinder)
• Verifies social security number and address

– FIS ChexSystems
• Identifies account abuse reported by financial institutions
• Use for approving checking accounts and ATM/debit cards
– Credit Bureau Report
• Evaluate creditworthiness in approving checking accounts and ATM/debit cards
• Assists in identifying “high-risk” members
• Assists in verifying new member’s identity
• Signature card should notify the new member a credit report may be obtained

• Most fraudulent deposit schemes are perpetrated on newer accounts within the first 6 to 12 months
• Focus check holds on newer accounts for the first 6 months or until account becomes established
– Reg CC allows extended holds on new accounts during the first 30 days of account opening
– Use regular and/or extended holds after new account period expires
• Flag new accounts on the system
– Assists tellers in identifying new accounts

• Use longer holds on deposits to savings accounts
– Subject to state law
– Subject to Regulation Ds transfer limitations for savings accounts
• Automatic holds on ATM deposits
– 2 business day holds on deposits to proprietary ATMs
– 5 business day holds on deposits to nonproprietary ATMs
• Shared branching
– Establish probationary period before new members can use shared branching
– Impose check holds on deposits made at shared branches in accordance with the shared branch network’s rules

Lending

• A credit union receives an inquiry call on membership eligibility (call received through the call center)
– Potential member asks the following questions:
• What documentation is required for opening a new account?
• Does the credit union verify ChexSystems on new accounts?
• Is there a waiting period for obtaining a loan?

• Potential member then visits a branch office to open an account
• Credit union employee obtains credit report, completes an Office of Foreign Asset Control (OFAC) check and opens the account
• The member immediately applies for an unsecured loan
– The beacon score on the credit report is 737
• To provide excellent member service, the credit union uses auto approval for all consumer lending. (They credit union uses risk-based pricing)

• The loan is approved and the member wires the loan proceeds to an account they control at another financial institution
• No loan payments are received and the unsecured loan becomes delinquent
• The collection staff identifies that the credit report was for a deceased individual
• The credit union charges-off the unsecured loan

 Alert all employees with the ability to open accounts of suspicious inquiry calls
 Ask questions of members opening accounts in person without being too invasive
 Look for identity theft red flags contained in the credit bureau reports
 Ensure no credit freeze is in place
 Scrutinize new loan request immediately following account opening

 Review a sample of new loan requests
 Inspect auto approval loans for signs of fraudulent activity
 Multiple loans using the same or similar names
 Duplicate social security numbers on application
 Misspellings or inaccurate information (ex. Street instead of Road)
 Ensure those processing wires are looking at the source of funds
 Watch for first payment default loans

Employee Dishonesty

The credit union Supervisory Committee Chairman notifies the Branch Manager that he will be in the credit union at 8 AM the next day to conduct a quarterly verification of all cash supplies.
• A $30,000 cash shortage is discovered when counting the vault cash

• The Branch Manager states:
– Cash deliveries are accepted and bulk verification of sealed plastic bags are performed by her (the branch manager)
– Dual control is used when verifying cash deliveries
(counting individual bills)
– Vault cash is under dual control (two employees are required to be present when vault cash is accessed)

 Implement forced dual control for receipt of currency shipments
 Implement forced dual control of vault
 Ensure when cash is counted both employees remain with the cash at all times
 All “surprise” cash audits should be a surprise
 The auditor should count the cash

 Mandate employee time-off
 Annual complete and comprehensive fraud policy
 Provide fraud training for employees and volunteers
 Emphasize fraud prevention and a comfortable whistleblower policy
 Perform Bondability verification and background checks

• Credit unions of all asset sizes are exposed
• Loss controls must be implemented
• Fraud prevention can help your credit union avoid/reduce losses
• Powerful temptation for some… especially in today’s economy
• It just doesn’t just happen to other credit unions, all are at risk

• Risk Management Consultants
• Credit Union Protection Resource Center @ www.cunamutual.com
– 2012 Webinar Series & on-demand webinars
– Risk Alerts
– On-line self assessments

West –
Davis – CA (Central)
Terauchi – CA – (Northern)
Bowman – UT
Conner - OR
WA
MT
Central –
Davidson - WI
Eckes – MN
Otsuka – IL
Stolzer – MO
Roossien-MI
ME
ND
MN
OR
CA
NV
ID
UT
AZ
WY
NM
CO
SD
NE
KS
OK
TX
IA
MO
AR
LA
WI
IL
MS
MI
NY
VT
NH
CT
MA RI
IN
KY
TN
AL
OH
WV
GA
SC
PA
MD
NJ
DE
D.C.
VA
NC
East –
Bouvier – MA
Open – MD
Lovingood – NC
Molina – NJ
Petrone – ME
Pilch – PA
AK FL
South –
McDuffie – FL
McNeary – TX (Houston)
Law – GA
Regional Managers -
Joette Colletts – PA
Larry Forwood - CA
HI

• Robbery
• Burglary
• Hazard Liability
• ATM Security
• Business Continuity
• Fiduciary Liability
• Forgery/Fraudulent
Deposit
• Due Diligence
• Plastic Cards
• Employment Practices
• E-Commerce
• Data & Network Security
• Funds Transfer
• ACH
• Lending (all areas)
• Internal Dishonesty
• Internal Controls

Credit Union Protection Risk Management
CUNA Mutual Group

This presentation was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It is intended to be used only as a guide, not as legal advice. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuringto-value and implementing loss prevention techniques. No coverage is provided by this presentation/ publication, nor does it replace any provisions of any insurance policy or bond. Coverage may vary or may not be available in some states. Please read the actual policy for specific coverage, terms, conditions, and exclusions. For general information, please contact our company Sales Executive. Insurance products offered to credit unions, including the Fidelity Bond, is underwritten by CUMIS Insurance Society, Inc., a member of CUNA Mutual Group.
CUNA Mutual Group Proprietary and Confidential. Further Reproduction, Adaptation, or Distribution Prohibited.
© CUNA Mutual Group, 2012. All Rights Reserved.
CUP-FRAUD-0112