ST. PETERSBURG, Fla.—Convenient friction and the authentication “arms race” are two issues credit unions need to focus on as fraudsters pick up their pace of attacks during the health crisis.
Those are two of several recommendations made by cyber security experts during PSCU’s Virtual Member Forum.
A panel of experts addressed how the pandemic has markedly picked up crooks’ efforts to steal data from online transactions, as consumers flock to digital purchases. They emphasized the importance of credit unions stepping up their card defenses, stressing however those extra measures cannot frustrate or even alienate cardholders.
If the credit union becomes too restrictive in its fraud strategies, stopping too many legitimate transactions, members will move the CU’s card from the top of their wallets, attendees of the event were cautioned.
“That can be a very difficult position to regain,” noted Mark Wert, business partner, fraud, compliance and authentication at FICO.
What To Do Instead
Instead, what credit unions need to do is intercede when a transaction appears suspicious, doing so in a manner that is not too intrusive.
“It's never great to create friction in a process, but if you're able to create convenient friction—allowing a member to communicate with you through an automated text message or push notification for example—it creates a much different experience than blocking a member out of their account and then forcing them to call a call center and wait 20 minutes,” said Wert. “You need to find out quickly and easily if the transaction is fraudulent and let the person continue on with their day.”
Wert said as the pandemic has ramped up fraudster attempts, it can be easy for a credit union to get swept up in the race to find new ways to detect fraud and prevent it, without considering the experience of the member on the other end.
How to Better Use Data
Paul Dulany, chief data officer at Broadcom Payment Security, meanwhile, spoke to how credit unions must better leverage their data and all of the new capabilities that have emerged, such as biometrics and real-time payments, to gain not only a better understanding of the transaction in question—as to whether it is fraudulent or not—and also gain a clearer picture of the member, better understanding their payments habits.
Dulany said taking those steps will reduce the number of false positives that annoy and upset cardholders. He said real-time networks allow the credit union to quickly compare a transaction in question with other transactions the cardholder may have very recently made, and with payments made on the same device.
“Say a bank somewhere is getting attacked by a mobile device and then two seconds later the crook is attacking the credit union,” said Dulany. “The credit union can see it through the analytics that the fraudster was just using that device somewhere else on a different card. So, there are some really nice signals we can pick up on with the real-time network.”
It is also time more credit unions use tools to get a 360-degree view of their members to learn more about what is a normal transaction for each of their cardholders and what is not, Dulany said. That means relying on merchant spend data as well as member information the CU has in-house.
The Authentication War
But what is at the center of the fraud fight now, asserted Dulany, is the “authentication war”—improving authentication methods to thwart crooks. Dulany said greater use of 3D Secure by merchants will deter card fraud.
3D Secure, or 3DS, is a secure online payment service available for Visa and Mastercard cards. The authentication procedure involves three steps: The consumer makes a transaction, enters debit or credit card information, and then the financial institution asks the person to verify their identity by entering an authentication code.
“It’s an authentication arms race right now,” said Dulany, about issuers finding ways to deter thieves and crooks finding ways to beat the new fraud solutions. “The fraudsters become better at hacking, we become better at defending and the ball rolls up and down the hill.”