How do your experiences with fraud stack up against other credit unions? In this 2012 Technology & Security Conference session presentation we get a unique look into data provided by several major providers of credit union bond coverage and reveal the top ten credit union fraud claims. Even more important, we uncover the latest techniques and strategies for preventing them. This presentation and shared information allows listeners to benchmark their experience against this first-of-its kind industry-wide information shared from multiple service providers.
Presented by Don Thompson, Independent Consultant, Allied Solutions
Allied Solutions is the NAFCU Services Preferred Partner for Insurance - Bond, Overdraft, Creditor Placed (CPI), Guaranteed Auto Protection (GAP), Mechanical Breakdown Protection (MBP) and for MoneyAisle Reverse Car Loan & CD Auctions.
Robbery• Robbery is defined as “taking something of value from a person using violence or the threat of violence”• Unlike burglary, robberies generally occur during business hours
On Premise Coverage Robbery / Burglary• Loss of Property resulting from Theft committed by a person physically present on Premises..• Loss of damage to offices, furnishings, fixtures, supplies … resulting directly from Theft on Insured Premises ..• Loss resulting from mysterious disappearance, misplacement, damage or destruction while on the Premises ..
Coverage DefinitionProperty means:Physical items in which the Insured has a financialinterest or which are held by the Insured in anycapacity: currency, coin, bank notes, Checks, drafts or share drafts, original mortgages, documents of title, evidences of debt, security agreements, money orders, certificates of deposits; or precious metals, jewelry, gemstones, tickets, stamps or coupons.
Coverage DefinitionTheft means: Taking property … W/out consent and with the intent to deprive the CU of property, or By false pretense and with the intent to deprive the CU of property.Theft does not mean taking of property byforgery, alteration or Counterfeit.
Coverage Definition• Premises means: any of the Insured’s offices; the Insured’s retained attorneys’ office; the Insured’s ATM located anywhere within the building housing the CU office; or the Insured’s ATM located in a parking lot, driveway or sidewalk immediately adjacent to the Insured’s office but not greater than 500 feet from the Insured’s office.Premises does not include a Service Center’s place ofbusiness.
The Robber Looking for 3 things: Element of surprise Cash on hand Lack of witnesses Opening Closing
RobberyOctober 2011---loss, $156,000 – Occurred at opening – Turned off alarm – Forced to open vault – Tied up
Robbery, What Went Wrong? One person arrived alone Ambush code Inadequate separation of duties
Robbery• Written procedures• Opening procedures – 2 employees arrive together – 1 remains in vehicle – Ambush code – All clear sign – Call police
RobberyAmbush Code• Does everyone know it?Separation of Duties• No one employee should have the alarm code and the full safe/vault combinationArrive in Pairs• Remote actuator
Robbery• Loss $186,700• Takes teller drawers, then vault• Other employees observed the robbery• Did not set the alarm until the robber left
RobberyWhen do you set the alarm?• When it is SAFE to do so
Burglary• Holes cut in roof or adjacent walls, during weekend• Cut alarm system wires• Cut open safe
Burglary, What Went Wrong?• Inadequate motion sensors• Inadequate alarm line security• Inadequate safe/vault alarm components
Motion Sensors• Throughout office• Safe/Vault area• Control cabinet area
Vault/Safe Ratings• Cash should only be stored in vaults with a rating of Class I or better OR• Safes with a rating of TL-15 or better
Funds Transfer Coverage (key coverage language)Covers loss resulting directly from a fraudulent instructionthrough email, fax or phone from a person purporting to beyour member provided you: – Performed a Callback Verification involving the instruction or – Followed a commercially reasonable procedure set forth in the Funds Transfer Agreement that governs the instruction. Instruction rec’d must be logged or recorded by the CU and cause a debit or credit to the account.
Wire Transfer Fraud• Telephone request to transfer $98,562 from HELOC to money market account• 10 minutes later, another call to wire funds to Moscow, Russia• Answered authentication questions• 1 week later $45,000 transferred to MM account by home banking• $63,100 wired to Bangkok Thailand
Wire Transfer Fraud• Telephone request to transfer $105,000 to Korea• Faxed copy of signature and driver’s license• Compromised member’s call forwarding• Second request, tried a LOC advance, member’s cell phone called
Wire Transfer Fraud• Two transfer requests by telephone, $28,600 & $44,300• Caller knew: – Money was in the account – Internet banking ID – Social Security # – Recent account activity – Year account opened – Faxed copy of fraudulent Driver’s License
QUESTION?If a member uses home banking, whywould they call to transfer funds from aHELOC to checking?
AUTHENTICATION Telephone Requests• ALWAYS perform callbacks – Most bonds require callbacks for coverage• Limit amount that can be transferred by telephone• Check for recent address or telephone number changes• Be extra cautions of foreign wire transfer requests
AUTHENTICATION Telephone Requests• DO NOT USE –Social security number –Date of birth –Address –Mother’s maiden name
Coverage DefinitionsCallback VerificationOutgoing call must be made by the CU to: 1. Verify the identity and authority of the member, 2. A Secure Telephone Number and 3. Confirm that the instruction for the wire was sent by the member who the CU believes to be an authorized sender to initiate the wire transfer.
Coverage DefinitionsSecure Telephone Number means a phonenumber: Provided by the member when acct. opened, Provided after the acct. opened by the member while physically present on CU premises, Provided in a signed written funds transfer agreement with the account holder, That was a replacement number provided the CU confirmed legitimacy of the change by direct contact with the member, That the CU obtained through a public or private telephone directory, or Was a replacement number for the member that the CU received at least 30 days prior to the wire transfer instruction.
Authentication What to Use• Password or pass phrase;• Year member’s account was opened;• Branch at which member’s account was opened;• Type or year of vehicle securing member’s loan;• Source of direct deposit;• Do you use bill pay service?
AUTHENTICATION What to Use• Name two non-utility payees;• Do you get paper or e-statements;• Payable on death beneficiary;• List other accounts on which you are joint owner; and• Last loan paid off, approximate date, and collateral used.
Callback Documentation– Callback Information • Name of employee performing the callback; • Phone number used for the callback; • Source or verification of the secure telephone number;
Callback Documentation• Name of person (member or members authorized representative or employee) confirming the funds transfer request;• Date of the request and the “callback verification” request;• Time of the request and the “callback verification” request; and• Identification questions used
Callbacks• Should be conducted by an employee other than the one taking the request• Listen for delays, clicks, etc. which could indicate call forwarding
Funds Transfer Best Practices Set appropriate limits for wire transfers through telephone, fax, and e-mail requests Develop and use a clear and complete Funds Transfer Agreement Clearly establish a Callback Verification s process using a password and/or information not easily obtained by others Log all calls – Date, time, method of identification (includes questions and answers), member providing the information, and employee initials.
Funds Transfer Best Practices Segregate duties between employees receiving the transfer request, conducting the call back, and making the transfer Train staff regarding call forwarding scams and to listen for audible clues Be wary of a telephone number that was changed within 30 days of the transfer request Communicate policies and procedures with all staff
THANK YOU Don Thompson, CFE Donald.firstname.lastname@example.org 503 705-7796 Jay Slagel, Vice President (800)785-5527Jay.Slagel@alliedsolutions.net www.nafcu.org/allied