Wire Transfer Fraud
Wire transfer fraud continues to be a problem due to fraudsters adapting to the advancing technology and gaining information on credit union safeguards. It is important for Credit Unions to continually monitor and adapt to the threat of wire transfer fraud and to use a variety of controls to defend against it. Read the full article to learn controls that may help you prevent wire transfer fraud.May 10, 2017
By Kevin Hageman and Alison Herrick, CPA
Wire transfer fraud continues to be a problem due to fraudsters adapting to the advancing technology and gaining information on credit union safeguards. The process is often more complex than an individual sending phishing emails to trick members into providing information. Complex fraud organizations now exist with specialists that can focus on specific areas such as gathering member and credit union information to execute wire transfers. We continue to see wire transfer fraud involving the fraudster calling to request a large wire transfer, either out of the member account or as a HELOC advance, re-routing the call back number and successfully answering the challenge questions. In these instances, the credit unions had followed their own internal policies and procedures, but unfortunately the fraudsters were one step ahead.
So what can the credit union do, besides requiring that all wire transfer requests be made in person? The best defense is multiple layers of controls. Below is a list of some ideas:
- Consider limitations on not-in-person requests, such as dollar amounts, limiting international wires, and/or limiting the wire beneficiary to be to the member only.
- Consider setting up a PIN for not-in-person wire requests that must be initially established in person.
- Consider increasing the level of out of wallet questions using information from the member's account activity and/or loans with the credit union, perhaps something about the branch they frequent, or questions about local stores they may frequent, type of car they drive, etc.
- Consider having "higher risk" wire transfer call backs performed by the right employees with the proper training to be mindful of unusual situations. The "right" employee is one that will think critically and cautiously. For instance, they would consider the voice of the person making the request and how it matches with the member profile, does it make sense for the member to be sending a wire to the requested destination?
- Employees performing call back verifications should look for any recent member information maintenance such as address or phone number changes.
- Consider a review of online account history for "higher risk" wires for any unusual activity, such as login from a different geographical location or from a previously unregistered device.
- Consider requiring the member be present to initiate wire transfers from inactive accounts.
- Information gathering and sharing within the credit union can assist in detecting potential attacks or risks with current procedures. Reporting and logging any time a member fails authentication or challenge questions could be helpful to detect trends. Fraudsters may attempt changes to test the credit union's systems before committing the fraud.
It is important for Credit Unions to continually monitor and adapt to the threat of wire transfer fraud and to use a variety of controls to defend against it.
Another unfortunate trend we continue to see is fraud against seniors and other vulnerable members. Some of the fraud has been discovered by the credit union, as personnel look back through wire logs, and determining that the member did not authorize the wire and had not noticed because the member victim had an inactive account. The other type of fraud we are seeing is members knowingly wiring money to the fraudster because they have developed a personal relationship online or they think they are helping a family member in another country. Though this "personal relationship fraud" is not the responsibility of the credit union, educating members on how easy it is to fall victim to these scams is the type of service and commitment that make credit unions a trusted partner in the community.
Kevin Hageman is an Associate in the Credit Union Internal Audit Services at Macpage, LLC. Alison Herrick, CPA is a Principal specializing in financial statement and internal audits of credit unions at Macpage, LLC. Please feel free to contact them at email@example.com or firstname.lastname@example.org.