the top ten credit union fraud claims and how to prevent them (conference presentation slides)
DESCRIPTION
How do your experiences with fraud stack up against other credit unions? In this 2012 Technology & Security Conference session presentation we get a unique look into data provided by several major providers of credit union bond coverage and reveal the top ten credit union fraud claims. Even more important, we uncover the latest techniques and strategies for preventing them. This presentation and shared information allows listeners to benchmark their experience against this first-of-its kind industry-wide information shared from multiple service providers.Presented by Don Thompson, Independent Consultant, Allied SolutionsAllied Solutions is the NAFCU Services Preferred Partner for Insurance - Bond, Overdraft, Creditor Placed (CPI), Guaranteed Auto Protection (GAP), Mechanical Breakdown Protection (MBP) and for MoneyAisle Reverse Car Loan & CD Auctions.More info at http://www.nafcu.org/alliedTRANSCRIPT
Ten Largest Loss Exposures
for Credit Unions
Don Thompson, CFE
Risk Management Consultant for
Allied Solutions
Jay Slagel, Vice President
Claims and Risk Management
Allied Solutions
Largest Exposures to Loss
• Employee Dishonesty
• Faithful Performance
• Wire Transfer
• Burglary
• Robbery
Largest Exposures to Loss
Continued
• Plastic Card
• Forgery
• Fraudulent Deposit
• E-Fraud
• Employment Practices
Agenda
• Robbery
• Burglary
• Wire Transfer
Robbery
• Robbery is defined as “taking something of
value from a person using violence or the
threat of violence”
• Unlike burglary, robberies generally occur
during business hours
On Premise Coverage Robbery / Burglary
• Loss of Property resulting from Theft committed
by a person physically present on Premises..
• Loss of damage to offices, furnishings, fixtures,
supplies … resulting directly from Theft on
Insured Premises ..
• Loss resulting from mysterious disappearance,
misplacement, damage or destruction while on
the Premises ..
Coverage Definition
Property means:
Physical items in which the Insured has a financial
interest or which are held by the Insured in any
capacity:
currency, coin, bank notes,
Checks, drafts or share drafts,
original mortgages, documents of title,
evidences of debt, security agreements,
money orders, certificates of deposits; or
precious metals, jewelry, gemstones, tickets,
stamps or coupons.
Coverage Definition
Theft means: Taking property …
W/out consent and with the intent to
deprive the CU of property, or
By false pretense and with the intent to
deprive the CU of property.
Theft does not mean taking of property by
forgery, alteration or Counterfeit.
Coverage Definition
• Premises means: any of the Insured’s offices;
the Insured’s retained attorneys’ office;
the Insured’s ATM located anywhere within the building
housing the CU office; or
the Insured’s ATM located in a parking lot, driveway or
sidewalk immediately adjacent to the Insured’s office
but not greater than 500 feet from the Insured’s office.
Premises does not include a Service Center’s place of
business.
The Robber
Looking for 3 things:
Element of surprise
Cash on hand
Lack of witnesses
Opening
Closing
Robbery
October 2011---loss, $156,000
– Occurred at opening
– Turned off alarm
– Forced to open vault
– Tied up
Robbery, What Went Wrong?
One person arrived alone
Ambush code
Inadequate separation of duties
Robbery
• Written procedures
• Opening procedures
– 2 employees arrive together
– 1 remains in vehicle
– Ambush code
– All clear sign
– Call police
Robbery
Ambush Code
• Does everyone know it?
Separation of Duties
• No one employee should have the alarm code
and the full safe/vault combination
Arrive in Pairs
• Remote actuator
Robbery
• Loss $186,700
• Takes teller drawers, then vault
• Other employees observed the robbery
• Did not set the alarm until the robber left
Robbery
When do you set the alarm?
• When it is SAFE to do so
Burglary
• Holes cut in roof or adjacent walls, during
weekend
• Cut alarm system wires
• Cut open safe
Burglary, What Went Wrong?
• Inadequate motion sensors
• Inadequate alarm line security
• Inadequate safe/vault alarm components
Motion Sensors
• Throughout office
• Safe/Vault area
• Control cabinet area
Currency Vault Alarm
Components
• Door Contact
• Heat Sensor
• Audio accumulator
Currency Vault, Old Style Door
New Currency Vault Door
Safe Alarm Components
Safe components:
1. Door Contact
2. Heat Sensor
3. Seismic Device
Or
1. Door Contact
2. Capacitance
Alarm Systems
• Line Security
– Cellular back-up
• Battery back-up—48 hours
• Check regularly
• Separate codes for perimeter/area and
safe/vault
• Time clocks for after hours
SAFES
Do these safes look good to you?
SAFES
Not the best choice for cash
Composite Money Safe
Vault/Safe Ratings
• Cash should only be stored in vaults with a
rating of Class I or better
OR
• Safes with a rating of TL-15 or better
Funds Transfer Coverage (key coverage language)
Covers loss resulting directly from a fraudulent instruction
through email, fax or phone from a person purporting to be
your member provided you:
– Performed a Callback Verification involving the
instruction or
– Followed a commercially reasonable procedure set
forth in the Funds Transfer Agreement that governs
the instruction.
Instruction rec’d must be logged or recorded by the CU
and cause a debit or credit to the account.
Wire Transfer Fraud
• Telephone request to transfer $98,562 from
HELOC to money market account
• 10 minutes later, another call to wire funds to
Moscow, Russia
• Answered authentication questions
• 1 week later $45,000 transferred to MM account
by home banking
• $63,100 wired to Bangkok Thailand
Wire Transfer Fraud
• Telephone request to transfer $105,000 to
Korea
• Faxed copy of signature and driver’s
license
• Compromised member’s call forwarding
• Second request, tried a LOC advance,
member’s cell phone called
Wire Transfer Fraud
• Two transfer requests by telephone,
$28,600 & $44,300
• Caller knew:
– Money was in the account
– Internet banking ID
– Social Security #
– Recent account activity
– Year account opened
– Faxed copy of fraudulent Driver’s License
QUESTION?
If a member uses home banking, why
would they call to transfer funds from a
HELOC to checking?
AUTHENTICATION Telephone Requests
• ALWAYS perform callbacks
– Most bonds require callbacks for
coverage
• Limit amount that can be transferred by
telephone
• Check for recent address or telephone
number changes
• Be extra cautions of foreign wire transfer
requests
AUTHENTICATION
Telephone Requests
• DO NOT USE
–Social security number
–Date of birth
–Address
–Mother’s maiden name
Coverage Definitions
Callback Verification
Outgoing call must be made by the CU to:
1. Verify the identity and authority of the
member,
2. A Secure Telephone Number and
3. Confirm that the instruction for the wire was
sent by the member who the CU believes to
be an authorized sender to initiate the wire
transfer.
Coverage Definitions
Secure Telephone Number means a phone
number:
Provided by the member when acct. opened,
Provided after the acct. opened by the member while physically present on CU premises,
Provided in a signed written funds transfer agreement with the account holder,
That was a replacement number provided the CU confirmed legitimacy of the change by direct contact with the member,
That the CU obtained through a public or private telephone directory, or
Was a replacement number for the member that the CU received at least 30 days prior to the wire transfer instruction.
Authentication What to Use
• Password or pass phrase;
• Year member’s account was opened;
• Branch at which member’s account was opened;
• Type or year of vehicle securing member’s loan;
• Source of direct deposit;
• Do you use bill pay service?
AUTHENTICATION What to Use
• Name two non-utility payees;
• Do you get paper or e-statements;
• Payable on death beneficiary;
• List other accounts on which you are joint owner;
and
• Last loan paid off, approximate date, and
collateral used.
Callback Documentation
– Callback Information
• Name of employee performing the callback;
• Phone number used for the callback;
• Source or verification of the secure telephone number;
Callback Documentation
• Name of person (member or members authorized representative or employee) confirming the funds transfer request;
• Date of the request and the “callback verification” request;
• Time of the request and the “callback verification” request; and
• Identification questions used
Callbacks
• Should be conducted by an employee other than
the one taking the request
• Listen for delays, clicks, etc. which could
indicate call forwarding
Funds Transfer Best Practices
Set appropriate limits for wire transfers through telephone, fax, and e-mail requests
Develop and use a clear and complete Funds Transfer Agreement
Clearly establish a Callback Verification process using a password and/or information not easily obtained by others
Log all calls – Date, time, method of identification (includes questions and answers), member providing the information, and employee initials.
s s
Funds Transfer Best Practices
Segregate duties between employees receiving the transfer request, conducting the call back, and making the transfer
Train staff regarding call forwarding scams and to listen for audible clues
Be wary of a telephone number that was changed within 30 days of the transfer request
Communicate policies and procedures with all staff
THANK YOU
Don Thompson, CFE
503 705-7796
Jay Slagel, Vice President
(800)785-5527
www.nafcu.org/allied