In business – and especially in financial services and banking – trust is built up over decades, and can be destroyed in an instant.
And trust, as has been well-documented, is one of the hallmarks of consumers’ relationships with credit unions (CUs).
In an interview with PYMNTS, Jack Lynch, chief risk officer at PSCU and president of its CU recovery business, said that in the age of increasingly sophisticated cyberattacks, it is imperative for credit unions to look at various ways of building multi-layered systems of defense against attacks, and to be vigilant about protecting that trust.
The stakes are high, and tech is the weapon of choice in fraudsters’ ploys to gain access to sensitive data and drain accounts as they seek to exploit consumers’ trust in their CUs.
In the third quarter of 2019 alone, mass “bot” attacks on FIs and card accounts rose by 70 percent year on year, indicating that fraud is getting, well, faster.
The explosion of the Internet of Things (IoT) and connected devices also broadens the avenues of attack on consumers, said Lynch, especially with as many as 75 billion such devices in the field in just a few years. That may also mean fraudsters will eye mobile device takeovers as a tempting means of conducting their nefarious activities.
Lynch said that taking a multi-pronged approach against the bad actors involves technology, of course, but added that “from my perspective, credit unions also have to focus on the other two legs of the stool – the process and the people [within the firm].” Robust processes and dual controls within the FI, along with consumer education – especially as phishing attacks become more sophisticated and can spoof CU sites with uncanny accuracy – can keep fraudsters out of the ecosystem.
The Linked Analysis Defense
Lynch pointed to the fact that fraud has evolved in recent years, and markedly so.
Gone are the days of fraudsters sitting in their basements trying to hack passwords by brute force.
“With the explosion of devices out there today, you really do have to fight fire with fire,” he noted – especially as criminals are tapping into artificial intelligence (AI) and machine learning to conduct waves of attacks against FIs. He pointed out that PSCU has pursued a strategy of leveraging those same weapons – AI and ML – against those same attacks through Linked Analysis, a fraud-fighting solution.
Linked Analysis uses data points across the individual, card, device IP and departments within the institution to get a 360-degree view of whether a member is conducting legitimate business or has been compromised.
The connected efforts, driven by tech, can be far more effective than having hundreds of people staring at computer screens trying to detect patterns of fraud, Lynch told PYMNTS.
By way of example, he said that when an attack that originates in a call center and through the IVR, AI and ML can pinpoint the abnormal behavior, determine the various points of attempted access of a mobile device and put alerts in place that funnel back to the member. Those alerts ask whether that member is indeed trying to conduct a transaction.
“We are able to put strategies in place right now, before the attack becomes a broad compromise,” Lynch said.
Technology and a multi-layered approach to fraud-fighting are also critical in scouring the Dark Web and gathering intelligence to see what credentials may be on sale, and then taking steps to neutralize that activity – by rendering compromised card credentials useless, for example.
Looking ahead, as Lynch told PYMNTS: “It’s imperative for credit unions to start thinking about the shift to mobile. There’s no way with the ‘older tools’ that we’ll be able to keep up with the explosion of data. We're going to have to continue to look at the channel to where the fraud is shifting – and the only way to address that is through machine learning.”