Credit Unions Overcome Legacy Tech Challenges to Tackle Fraud

Consumers often worry about the risk of fraud in the digital age, particularly as they hand sensitive information over to providers and transact more frequently than ever across digital channels.

Jack Lynch, chief risk officer at PSCU, told PYMNTS that credit unions (CUs) must retool their approaches to the battle against fraud, embracing a holistic approach to tackle vulnerabilities within their organizations — and across their vendor relationships.

Increasingly, would-be perpetrators are coming in through the front door, pretending to be legitimate members. Once they’re in, they can lie dormant and later attack the institution and its members.

Lynch said that providing innovative products that meet the members’ needs for cost-effective, convenient, easy-to-use, secure financial services “will be key to retaining those members and preventing them from going elsewhere and seeking products and services from other FIs.”

However, legacy tech infrastructure may be impeding that goal — and compromising security. The urgency for a new approach is there: As joint research between PSCU and PYMNTS has found, 11% of CU members use tools and services from other financial institutions (FIs).

Read more: How Advanced Tools Such as AI Can Help CUs Curb Fraud in the Digital Banking Age

Thankfully, consumers’ awareness of the risks that come with transacting online has grown.

“That’s been leading to increased data concerns on the part of credit union members, and a growing number of consumers, in general, are deciding how to pay based on the perceived security of different payment options,” Lynch said.

This can jeopardize member retention — and the bottom line. Lynch said that at least in some cases, end users might think that CUs are not spending enough time crafting a compelling digital experience that is also safe.

Clinging to Legacy Systems 

He said that getting streamlined and speedy security processes in place is hampered by the fact that as many as 40% of FIs (CUs included) rely on legacy, rules-based anti-fraud systems.

Lynch continued that there are several reasons for this.

“Oftentimes, complex and internal decision-making and review processes prevent credit unions from keeping up with the speed of market changes and from investing in replacement legacy systems,” he said. Firms can also face integration challenges between old and new systems.

CUs are left, then, examining and analyzing activity that has already been logged, looking at various platforms one at a time. While legacy systems may have worked well in the past, they cannot work effectively amid the newest waves of multichannel fraud.

“Many of these older systems focus solely on preventing the fraudsters from making either a transaction or ‘cash out,’ but they’re unable to stop the bad actors from succeeding earlier in the development of the fraud processing scheme,” Lynch said.

A proactive approach requires looking at users’ activities through a lens that can observe what is happening across multiple systems.

See also: New Year, New Purpose Sees Credit Unions Pick Up Pace of Innovation

Against that backdrop, he said, leveraging third-party resources — especially through partnerships — can accelerate the time to market, as CUs launch innovations and cost-effectively replace outdated solutions. The plug-and-play functionality that application programming interfaces (APIs) allow developers, he said, can make sure that CUs are not so dependent on legacy systems.

As Lynch noted of the credit unions, “You can’t just sit there and hope for the best.”

What’s Most Urgent 

The most urgent initiatives have to include security and authentication, he said, as fraudsters attack “further up the transactional pipeline” as more consumers go online to transact.

Even the attacks themselves have been changing. As Lynch stated, where fraudsters might have once focused on trying to hack into a CU’s computers, now they are intent on scouring the Dark Web for credentials.

They’re also becoming adept at grabbing identities from CUs’ trusted vendors, staging phishing and other email attacks — which means that CUs’ vulnerabilities extend far beyond their rosters of employees.

“It’s actually imperative to make sure that all the employees of credit unions understand their roles and securing the credentials — limiting the number of employees who have access to critical data,” he said.

CUs must also have insight into their vendors’ systems and what they might be doing to protect their flanks against attack.

As Lynch said, “There’s no ‘Easy Button’ in place” to help credit unions modernize and tackle the ever-evolving fraud threat.”

However, through a perimeter approach, partnerships and third-party resources, he said, “Having the right anti-fraud tools in place will be easier.”

See also: How Credit Unions Can Work to Identify and Eliminate Fraud Risks