6 Fraud Trends and the Best Practices for Handling Them

January 16, 2024

Over 70% of small financial institutions are experiencing an increase in fraud rates.

Fraud attacks are not only increasing, but they are also becoming more sophisticated — even some old threats are being revived with new tactics, said MaryAnn Colucci, director of Fraud and Risk at Envisant.

Envisant’s fraud team has identified six trends that credit unions should watch for in 2024. These are outlined below along with some best practices for addressing them.

1. Enumeration

This tactic involves utilizing compromised BIN numbers and submitting numerous online transaction attempts while guessing at missing details to gain more information associated with the BIN, including the full account number, CVV2, and/or expiration date. This tactic is among the top current threats.

When an enumeration or BIN attack takes place, the issuer’s authorization volume will be significantly increased. Most, if not all, will be declined. Typically, the card numbers, CVV2, or expiration date will be invalid.

Best practices

• Report the testing.
• Monitor transaction indicators such as repeated CVV2 failures, invalid expiration dates, and invalid PAN.
• Review authorization reports for a sudden increase in authorization requests.

2. Account Takeover (ATO)

Account takeover is an attack in which criminals take ownership of members’ accounts through digital and point-of-sale skimming as well as fraudulent emails, texts, and phone calls.

Best practices

• Communicate with members through email, social media, on-hold messages, and website banners that your credit union will never request them to share a full card number, Social Security number, PIN, one-time passcode, or two-factor authentication code. Advise them to avoid sharing their online banking credentials, no matter who asks.
• Provide examples of common “red flags” that are seen in fraudulent emails and texts. These include email addresses that don’t match the sender’s organization, the use of generic versus personalized language or urgent and hyperbolic language, and grammatical mistakes. They also need to watch for embedded hyperlinks to unfamiliar websites or that make use of URLs that don’t match the official site’s online address.
• Encourage members to follow their instincts. If they have any concerns about an automated call, text message, or email they should not respond. Remind members they can always call the number on the back of their card or contact the credit union directly instead.
• In the event of a breach, notify members immediately.
• Alert local law enforcement.

3. Synthetic Identity Fraud

This tactic involves combining stolen information with falsified details to form a new identity.

Best practice

• Make sure account openings follow all procedures, especially online openings. The Fed has a toolkit to help at fedpaymentsimprovement.org.

4. E-Commerce Skimming

Placing malicious code on merchant site checkout pages allows fraudsters to harvest payment data including PAN, CVV2, and card expiration date, often along with personally identifiable information. This is most common on platforms that are not regularly updated or properly secured.

Best practices

Educate members by asking them to:

• Avoid clicking on unfamiliar links.
• Update their own software protection
• Use secure acceptance technology when making online purchases, such as ApplePay, Google, or Samsung Pay. 3D Secure will also protect against online fraud.

5. Automated Fuel Dispenser (AFD) Fraud

Fraudsters are going beyond card skimming at gas pumps by taking advantage of status check authorization settings. Transactions are sent as a $1 status check authorization to ensure the payment account is valid. Issuers receive the $1 status check authorization, but if the core is not set up to hold the full amount charged fraudsters can purchase beyond what funds are available, costing issuers money.

Best practice

• Correctly managing the status check authorization — by specifying hold amounts that reflect actual transactions — prevents fraudsters from performing multiple AFD transactions and surpassing the account balance associated with the cards.

6. ATM Fraud

This was on the decline thanks to EMV chip technology, but fraudsters have begun damaging ATM readers with inserts that cause the EMV chip reader not to work. A fallback is then allowed to use the magnetic strip instead. Fraudsters take advantage of fallbacks to skim the card information. Smaller, more sophisticated skimmers and cameras are making it more challenging to detect.

Best practices

• Issuers need to set up fallback limits on the card base for ATM & POS transactions.
• Keep machine hardware well-maintained and updated.

With fraud attacks on the rise, paying attention to trends like these and the best practices to address them can help your credit union defend against fraudsters’ tactics.

Overall, member education is a key part of that strategy, along with tools like self-service controls and multi-factor authentication. Of course, your credit union also needs the most rigorous, fraud detection solutions available to react quickly.

Contact your GoWest Solutions team to find out how Envisant’s team of fraud experts can help your credit union protect against fraud attacks. 

Posted in GoWest Solutions, Top Headlines.