How do your experiences with fraud stack up against other credit unions? In this 2012 Technology & Security Conference session presentation we get a unique look into data provided by several major providers of credit union bond coverage and reveal the top ten credit union fraud claims. Even more important, we uncover the latest techniques and strategies for preventing them. This presentation and shared information allows listeners to benchmark their experience against this first-of-its kind industry-wide information shared from multiple service providers.
Presented by Don Thompson, Independent Consultant, Allied Solutions
Allied Solutions is the NAFCU Services Preferred Partner for Insurance - Bond, Overdraft, Creditor Placed (CPI), Guaranteed Auto Protection (GAP), Mechanical Breakdown Protection (MBP) and for MoneyAisle Reverse Car Loan & CD Auctions.
More info at http://www.nafcu.org/allied
Call Girls In Panjim North Goa 9971646499 Genuine Service
The Top Ten Credit Union Fraud Claims and How to Prevent Them (Conference Presentation Slides)
1. Ten Largest Loss Exposures
for Credit Unions
Don Thompson, CFE
Risk Management Consultant for
Allied Solutions
Jay Slagel, Vice President
Claims and Risk Management
Allied Solutions
2. Largest Exposures to Loss
• Employee Dishonesty
• Faithful Performance
• Wire Transfer
• Burglary
• Robbery
3. Largest Exposures to Loss
Continued
• Plastic Card
• Forgery
• Fraudulent Deposit
• E-Fraud
• Employment Practices
6. Robbery
• Robbery is defined as “taking something of
value from a person using violence or the
threat of violence”
• Unlike burglary, robberies generally occur
during business hours
7. On Premise Coverage
Robbery / Burglary
• Loss of Property resulting from Theft committed
by a person physically present on Premises..
• Loss of damage to offices, furnishings, fixtures,
supplies … resulting directly from Theft on
Insured Premises ..
• Loss resulting from mysterious disappearance,
misplacement, damage or destruction while on
the Premises ..
8. Coverage Definition
Property means:
Physical items in which the Insured has a financial
interest or which are held by the Insured in any
capacity:
currency, coin, bank notes,
Checks, drafts or share drafts,
original mortgages, documents of title,
evidences of debt, security agreements,
money orders, certificates of deposits; or
precious metals, jewelry, gemstones, tickets,
stamps or coupons.
9. Coverage Definition
Theft means: Taking property …
W/out consent and with the intent to
deprive the CU of property, or
By false pretense and with the intent to
deprive the CU of property.
Theft does not mean taking of property by
forgery, alteration or Counterfeit.
10. Coverage Definition
• Premises means:
any of the Insured’s offices;
the Insured’s retained attorneys’ office;
the Insured’s ATM located anywhere within the building
housing the CU office; or
the Insured’s ATM located in a parking lot, driveway or
sidewalk immediately adjacent to the Insured’s office
but not greater than 500 feet from the Insured’s office.
Premises does not include a Service Center’s place of
business.
11. The Robber
Looking for 3 things:
Element of surprise
Cash on hand
Lack of witnesses
Opening
Closing
13. Robbery,
What Went Wrong?
One person arrived alone
Ambush code
Inadequate separation of duties
14. Robbery
• Written procedures
• Opening procedures
– 2 employees arrive together
– 1 remains in vehicle
– Ambush code
– All clear sign
– Call police
15. Robbery
Ambush Code
• Does everyone know it?
Separation of Duties
• No one employee should have the alarm code
and the full safe/vault combination
Arrive in Pairs
• Remote actuator
16. Robbery
• Loss $186,700
• Takes teller drawers, then vault
• Other employees observed the robbery
• Did not set the alarm until the robber left
24. Safe Alarm Components
Safe components:
1. Door Contact
2. Heat Sensor
3. Seismic Device
Or
1. Door Contact
2. Capacitance
25. Alarm Systems
• Line Security
– Cellular back-up
• Battery back-up—48 hours
• Check regularly
• Separate codes for perimeter/area and
safe/vault
• Time clocks for after hours
29. Vault/Safe Ratings
• Cash should only be stored in vaults with a
rating of Class I or better
OR
• Safes with a rating of TL-15 or better
30. Funds Transfer Coverage
(key coverage language)
Covers loss resulting directly from a fraudulent instruction
through email, fax or phone from a person purporting to be
your member provided you:
– Performed a Callback Verification involving the
instruction or
– Followed a commercially reasonable procedure set
forth in the Funds Transfer Agreement that governs
the instruction.
Instruction rec’d must be logged or recorded by the CU
and cause a debit or credit to the account.
31. Wire Transfer Fraud
• Telephone request to transfer $98,562 from
HELOC to money market account
• 10 minutes later, another call to wire funds to
Moscow, Russia
• Answered authentication questions
• 1 week later $45,000 transferred to MM account
by home banking
• $63,100 wired to Bangkok Thailand
32. Wire Transfer Fraud
• Telephone request to transfer $105,000 to
Korea
• Faxed copy of signature and driver’s
license
• Compromised member’s call forwarding
• Second request, tried a LOC advance,
member’s cell phone called
33. Wire Transfer Fraud
• Two transfer requests by telephone,
$28,600 & $44,300
• Caller knew:
– Money was in the account
– Internet banking ID
– Social Security #
– Recent account activity
– Year account opened
– Faxed copy of fraudulent Driver’s License
34. QUESTION?
If a member uses home banking, why
would they call to transfer funds from a
HELOC to checking?
35. AUTHENTICATION
Telephone Requests
• ALWAYS perform callbacks
– Most bonds require callbacks for
coverage
• Limit amount that can be transferred by
telephone
• Check for recent address or telephone
number changes
• Be extra cautions of foreign wire transfer
requests
36. AUTHENTICATION
Telephone Requests
• DO NOT USE
–Social security number
–Date of birth
–Address
–Mother’s maiden name
37. Coverage Definitions
Callback Verification
Outgoing call must be made by the CU to:
1. Verify the identity and authority of the
member,
2. A Secure Telephone Number and
3. Confirm that the instruction for the wire was
sent by the member who the CU believes to
be an authorized sender to initiate the wire
transfer.
38. Coverage Definitions
Secure Telephone Number means a phone
number:
Provided by the member when acct. opened,
Provided after the acct. opened by the member while
physically present on CU premises,
Provided in a signed written funds transfer agreement with
the account holder,
That was a replacement number provided the CU
confirmed legitimacy of the change by direct contact with
the member,
That the CU obtained through a public or private telephone
directory, or
Was a replacement number for the member that the CU
received at least 30 days prior to the wire transfer
instruction.
39. Authentication
What to Use
• Password or pass phrase;
• Year member’s account was opened;
• Branch at which member’s account was opened;
• Type or year of vehicle securing member’s loan;
• Source of direct deposit;
• Do you use bill pay service?
40. AUTHENTICATION
What to Use
• Name two non-utility payees;
• Do you get paper or e-statements;
• Payable on death beneficiary;
• List other accounts on which you are joint owner;
and
• Last loan paid off, approximate date, and
collateral used.
41. Callback Documentation
– Callback Information
• Name of employee performing the callback;
• Phone number used for the callback;
• Source or verification of the secure
telephone number;
42. Callback Documentation
• Name of person (member or members
authorized representative or employee)
confirming the funds transfer request;
• Date of the request and the “callback
verification” request;
• Time of the request and the “callback
verification” request; and
• Identification questions used
43. Callbacks
• Should be conducted by an employee other than
the one taking the request
• Listen for delays, clicks, etc. which could
indicate call forwarding
44.
45.
46. Funds Transfer Best Practices
Set appropriate limits for wire transfers
through telephone, fax, and e-mail requests
Develop and use a clear and complete
Funds Transfer Agreement
Clearly establish a Callback Verification
s
process using a password and/or
information not easily obtained by others
Log all calls – Date, time, method of
identification (includes questions and
answers), member providing the
information, and employee initials.
47. Funds Transfer Best Practices
Segregate duties between employees
receiving the transfer request,
conducting the call back, and making
the transfer
Train staff regarding call forwarding
scams and to listen for audible clues
Be wary of a telephone number that was
changed within 30 days of the transfer
request
Communicate policies and procedures
with all staff
48. THANK YOU
Don Thompson, CFE
Donald.thompson@live.com
503 705-7796
Jay Slagel, Vice President
(800)785-5527
Jay.Slagel@alliedsolutions.net
www.nafcu.org/allied