Have comments about these projects?
We’d love to hear your feedback, use the Comments Section below
Beginning in 2018 CU*Answers started on a multi-year project to drive a business plan goal to move from compliance monitoring to fraud prevention as an active feature of our network. The focus is to make the most of our data-rich environment, on the way to building new tools and businesses that can help reduce and mitigate the effects of fraud for credit unions in our network.
Why should CU*Answers get in the fraud business? Because with the comprehensive data that’s concentrated within CU*BASE, we can gain a global perspective, across multiple channels, that other vendors just can’t get. We can also look at people, not just transactions, for a more well-rounded view of who is causing (or being victimized by) fraud. And since CU*BASE authorizes member transactions, we’re at the point of the request, which means we are in a unique position to stop fraud before it happens.
Projects in the Works
We made significant investments in learning and foundation work in 2018, and released our first software tool in the 19.05 CU*BASE release. Here’s a quick recap of projects in the works:
Project A: Gather the Data
Find out what fraud is actually occurring. This new database will give every network credit union a centralized place to log fraud incidents. We will then gather all of these stats to form a network-wide picture of fraud affecting our network. This picture will allow credit unions to begin building block lists (see projects B and C) to stop the bleeding on specific troubled members and accounts. Then we’ll use our new knowledge of fraud patterns we see to build tools that stop those things from occurring in the first place (see projects D and E).
Status: Project #47270 was implemented in the 19.05 release.
Project B: Create Block Lists
Create lists of problem members and accounts. The idea here is to give credit unions a place to log member accounts where you’ve seen fraud in the past. Block lists will be blunt instruments, in the sense that we’ll be able to look for a SSN/TIN in the list and stop a member from accessing a particular product or type of activity altogether.
This project will build the infrastructure to allow credit unions to enter the accounts and designate which products/services (things like P2P vs. bill pay vs. wire transfers, etc.) should block activity for that account. This will include both single-channel denial-of-service blocks that simply stop a member from enrolling or using a particular feature or service altogether, and multi-channel activity attribute blocks based on a particular data element, such as country of origin, merchant name, pay to name, etc., to stop specific transactions from occurring, across various delivery channels.
Block lists give us maximum flexibility to adjust and evolve these settings over time as we learn more about what fraud is actually happening in our network.
Denial-of-service block lists that will be included in this first project:
- Bill Pay Enrollment Block List
- Lending Block List (for this project, will present a warning to loan officers when loan apps are submitted by these members; in a future phase will prevent a member from receiving non-attended/auto-approved loan offers (1Click Offers/instant loans, CD-secured loans, etc.)
- Online/Mobile Banking Activation Block List
- P2P Enrollment Block List
- Wire Transfers (Incoming) Block List
- Wire Transfers (Outgoing) Block List
Transaction attribute block lists that will be included in this first project:
- Country Block List (to prevent any account from posting a transaction (debit or credit) via any of the supported channels if associated with a particular country code. First phase will include wire transfers only, future phases will add other channels where country codes are used.)
- Pay To Block List (to prevent any account from posting a transaction (debit or credit) via any of the supported channels if associated with a particular pay to name. First phase will include AP Quick Checks and Misc CU Checks, Teller/Phone checks and money orders, Loan disbursement checks, and outgoing wire transfers.
Status: Project #50898 was implemented in the 20.11 release.
Project C: Stop Transactions for Accounts on the Block Lists
Test against block lists and stop actions from being taken. Build new routines into various posting programs and interactive features to honor the settings configured on CU block lists. We already check for available funds or account freezes, now we’ll check against CU block lists at the same time.
For batch processes where there is already an exception mechanism in place, items can be stopped at the point of posting and funneled through the normal exceptions handling process. In cases where there’s no batch exception process, we’ll need to adjust the specific program that either a member or a CU employee uses, either to present an error message, or prevent the account suffix from being selected or the particular feature from being launched in the first place.
For the block lists described in Project B above, the following areas will be changed to check against the appropriate block list before allowing an enrollment or other transaction to be completed:
- Changes to Personal Banker Features (for Bill Pay/P2P enrollment & OLB lists)
- Changes to Online/Mobile Banking (for Bill Pay/P2P enrollment & OLB lists)
- Changes to Wire Transfers (for the Wire Transfers & Pay To lists)
- Changes to Process Member Loan Apps (for the Lending list)
- Changes to Teller/Phone Checks and Money Orders (for the Pay To list)
- Changes to Loan Disbursement Checks (for the Pay To list)
- Changes to AP Quick Checks and Misc Expense Checks (for the Pay To list)
Status: Project #50898 was implemented in the 20.11 release.
Project D: Enhance Abnormal Activity Monitoring Tools to Detect Fraud Patterns
Look for specific patterns that signal fraud. If block lists are blunt instruments, this project starts to build surgical scalpels to fine-tune which patterns of activity signify a possible fraud attempt. Flexible configurations will allow us to cover patterns related to velocity, product, out-of-the-ordinary activity, cross-channel activity, and idle activity fraud indicators.
The plan is to add a new configuration to the existing Abnormal Activity Monitoring toolkit, allowing CUs to configure settings that watch transactions for certain patterns, such as:
- Velocity – More than xx transactions, or a xxx% increase in transaction volume, over a specified # of days
- Out-of-the-ordinary – Transactions of more than $xx.xx, or a xx% increase in total transaction amounts, over a specified # of days
- Idle activity – Watch for a volume of transactions that occur after a period of xxx days of inactivity
The Abnormal Activity Monitoring Dashboard will analyze activity and provide a list of accounts that fit the pattern, allowing the CU to either add the member to one of the new Block Lists or take other appropriate action. This dashboard approach will also allow CUs and our AuditLink experts to fine-tune the pattern configurations, in anticipation of future automated, interactive denial-of-service blocks.
According to Jim Vilker, NCCO, CAMS, VP of Professional Services for AuditLink, “Regulatory bodies are not letting up on credit unions regarding the ongoing monitoring of anomalous activity that may be related to criminal and fraudulent activity. They’re making credit unions the new financial cops of the country. This pressure is causing many credit unions to spend on expensive ancillary products that in most cases are simply not worth the money, are unnecessary for the size and complexity of the institution, and are fraught with data governance issues. CU*Answers will surpass these systems in the coming years as we analyze the probabilities of these patterns causing loss and attach them to posting and authorization programs that will stop the transaction in its tracks.”
Status update as of June 2021: Project #53105 was implemented in the 21.05 release.
Project E: Test Transactions and Stop Ones That Match Configured Fraud Patterns
Test against fraud patterns and stop incoming transactions before they post. Build new routines to test activity against fraud pattern tests you’ve activated and automatically put accounts onto your block lists.
Status: Still in the early design phase.
Other Related Project Ideas
Also on the drawing board are tools for flagging accounts as exceptions to the rule – an “unblock” for the block list, as it were. And although we’re starting with transaction posting programs, we expect to eventually reach out to new account opening, applications, and other non-transactional processes.
Building New Businesses for Shared Execution
AuditLink Fraud Monitoring and Consulting Services
AuditLink experts can configure your CU*BASE Abnormal Activity Monitoring tools for FREE, or provide free consulting to credit unions who want to go it alone but need help getting started. AuditLink also offers daily monitoring services to actually work the daily alerts this tool generates. Visit the Store or contact AuditLink today!
Asterisk Intelligence Fraud Analysis Services
AI will also get into the act with consulting services around analyzing the fraud data you’ll be entering into your new database (see project A). Our data analysts are experts at finding patterns and translating them into actions your credit union can take now. Visit the Store or contact AI today!
Ultimately the goal is to build a community of users and use what we learn from those credit unions as well as vendors in the fraud space to help us build the new fraud pattern configurations (see project D above). We hope you will join us.
Have thoughts or ideas about these changes? We’d love to hear your feedback. Use the Comment Section below.