Credit unions (CUs) have been known historically for their member-first mentality and intimate face-to-face banking model. This business structure has worked in their favor, but it also has left some CUs less prepared for the pandemic-driven shift to digital-first banking and its associated risks — particularly the risk of online fraud.
Recent data revealed credit unions’ specific vulnerabilities in this area, which include leaked employee credentials, insecure email networks and subpar software patch management. These weaknesses translate to an estimated yearly financial risk of direct fraud attacks that can range from $190,000 for small CUs to $1.2 million for large CUs.
Indirect risks to CUs via their third-party vendors may be even more damaging. Technology solutions to these issues exist in the market, making it essential that credit unions implement cybersecurity innovations to avoid potentially devastating effects on both revenues and members’ trust. This month, PYMNTS examines the intensifying fraud risks confronting credit unions and the innovative technologies helping CUs mitigate these risks.
Fraud Risks Affecting CUs and Vendors
Vendors that serve credit unions are a key variable affecting fraud’s overall impact on CUs. The financial risk of a third-party attack on a single vendor runs upward of $300,000 for small CUs and more than $1 million for large CUs, and that risk multiplies with each vendor that has access to a CU’s sensitive data.
Fraudsters frequently use leaked credentials to execute schemes such as ransomware deployment, and credit unions are relatively easy targets. Recent research indicated that 86% of CUs and 76% of their vendors had employee credentials circulating on the dark web. Out-of-date systems are another contributing factor to credit unions’ fraud risk, as they left 48% of CUs and 58% of their vendors open to possible cyberattacks. CUs and vendors that do not innovate their operational systems make themselves more susceptible to hackers navigating well known security gaps.
Consumer awareness also has led to increasing data security concerns. PYMNTS’ research from August 2021 shows that 11% of CU members turn to other financial institutions (FIs) for certain offerings because they feel those institutions reduce their chances of data theft — and 9% of members do so because they believe these other FIs offer a lower risk of fraud.
Thus, member perception and brand reputation offer additional incentives for CU executives to implement strong cybersecurity measures. Greater numbers of consumers are deciding how to pay based on payment options’ perceived security, according to a PSCU report. The share of consumers basing payment decisions on security doubled between 2019 and 2020 alone, from four in 10 to eight in 10. The same study showed that more CU members than nonmembers reported a charge dispute in the previous 60 to 90 days, at 25% versus 13%, respectively. CU members also were more likely to take advantage of mobile fraud alerts than their nonmember counterparts.
How CUs Are Leveraging Innovations to Strengthen Cybersecurity
Legacy, rules-based fraud prevention systems are the most popular across the board for all banking institutions, with 40% of FIs using such equipment. Additionally, 26% still rely on antiquated manual reviews to identify fraudsters. Synthetic identity theft now is the fastest-growing financial crime in the U.S., and it poses an increasing threat to credit unions utilizing such weak fraud defenses.
Artificial intelligence (AI) and machine learning (ML) are among the technologies that CUs are leveraging to boost their risk management efforts. AI systems can sift through large quantities of data to guard against synthetic accounts without manual review, offering CUs valuable cost savings. CUs implementing AI platforms for fraud prevention can lower the occurrences of both false positives and human errors, reducing customer friction and freeing up staff to focus on improving the member experience.
CUs are working to catch up to other FIs’ data security innovations to combat fraud.
Recent PYMNTS’ research shows that 93% of CUs are funding security, authentication or digital identity initiatives in 2021, up from just 42% in 2020 and a mere 35% in 2019. Investments to address fraud and prevent money laundering also have taken a sharp upward trajectory this year, following a drop in 2020.
Though just 69% of CUs said they were investing in fraud prevention innovations in 2021, down from a recent high of 72% in 2018, this year’s figure still represents a big improvement from 2020, when just 45% made these investments.
AI can help credit unions prevent fraud so that they can continue to do what they do best: delight members by meeting their demands and expectations. As fraudsters continue to innovate their avenues of attack, CUs may benefit the most from partnering with AI-based anti-fraud solution providers that can deliver strong security while optimizing the member experience.