FraudNet is a fraud detection system that identifies potentially fraudulent bill pay activity in real time using algorithms. It alerts credit unions to suspicious transactions so they can be investigated. When an alert is received, the credit union must prioritize it based on the type of fraud suspected and respond by the deadline whether to process or deny the transaction. The document provides information on how FraudNet works, common types of fraud detected, what constitutes an alert, priorities for different alert types, tips for researching alerts, and response requirements.
Uae-NO1 Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
FraudNet alerts help credit unions fight fraud
1. FraudNet can help protect
your credit union and your
members from potentially Credit unions using EasyPay powered by
devastating loss. Fiserv can now enjoy the benefits of
FraudNet.
FRAUDNET
ALERT TRAINING
Upon completion of this
training, you will be able to
understand, prioritize, and
respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
2. WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of
algorithms.
This state-of-the-art fraud-detection tool also helps credit unions
meet FFIEC requirements to monitor suspicious activity on high-
risk accounts.
3. HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by
gathering the following types of data from payments scheduled through
bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been
associated with previous fraud. Each rule is assigned a code to help the
investigator determine why an alert was triggered and how the investigation should
be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat
occurrences of fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
4. COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common
types of fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by
using authentic-looking email with the real organization’s logo in an attempt to
steal passwords and financial or personal information, or to introduce a virus
attack.
5. COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection
Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that
infects a web browser and has the ability to modify pages, change transaction
content, or insert additional transactions, all in a completely covert fashion
invisible to both the consumer and the host application. These types of
attacks can be successful whether or not security mechanisms such as
SSL/PLI and/or multi-factor authentication solutions are in place. The only
way to counter these types of attacks is to use transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer
nor the organization is aware that the communication is being illegally
monitored. The criminal is in the middle of a transaction between the
consumer and his or her bank, credit card company, or retailer.
6. COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common
types of fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s
computer without their knowledge. Trojan horses often come in links or as
attachments from unknown email senders. Once installed, the malicious
software can detect the consumer’s access to online banking sites and record
their username and password, which is then transmitted to the perpetrator.
7. WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the
ability to post instant alerts and maintain a black list shared and
viewable by financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that
pertains to a transaction relating to one of your members, they will
use AnswerBook to pass this alert on to your credit union’s FraudNet
contact, who will then need to use the Alert Priority List (referenced
on Slides 9-14) to prioritize the alert in case there are others that also
need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will
then need to research the transaction referenced in the alert to
determine whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your
FraudNet contact will need to reply through AnswerBook to request
that the transaction be processed or stopped/returned.
8. ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team
will notify you via AnswerBook during one of the two time periods listed
below. Also listed below is the time at which they’ll need your response
on whether or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by
the times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be
delivered and the member could receive late fees/penalties.
9. ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a
list of bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of
email addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number
with the payee is on a list of payee account numbers associated with
confirmed cases of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on
a list of Social Security Numbers associated with confirmed cases of
fraud.
When a Social Security Number is added, all payments made by that subscriber
are alerted in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and
never will use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of
payee address zip codes linked to confirmed cases of fraud.
10. ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet
missed or that failed to trigger an alert. It’s generated by the
sponsor to notify Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an
alert for an item that was linked to confirmed fraud data (generally
associated with email address, ZIP code, or payee account
number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their
detection statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly
added payee.
11. ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of
transactions and cumulative dollar amounts received by an
individual. Sponsors subscribing to ZashPay should work with their
fraud specialist to establish the appropriate velocity and amount
thresholds.
Personal Payment Sender Velocity: This measures velocity of
transactions and cumulative dollar amounts sent by an individual.
Sponsors subscribing to ZashPay should work with their fraud
specialist to establish the appropriate velocity and amount
thresholds.
A2A Velocity: This monitors the velocity of account-to-account
transfers being made by a specific subscriber. Variables are
dependent on the specific business unit’s needs.
12. ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created
transactions being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is
located far from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment
size. This is usually a large payment with a small chance of fraud.
13. ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number.
This rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system. Verify
the payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common
payees to become electronically enabled. This program is no longer being
used, but fraud mitigation practices still exist to monitor MOE merchants who
are still electronically enabled within the Fiserv bill payment network.
14. ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to
monitor velocity of payments within a particular industry or set of
industries. Contact your assigned fraud specialist to establish the
thresholds for this velocity rule. For example, this rule helps
detect multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
15. ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a
FraudNet alert. Please note that these are just recommendations and there
may be additional research required to determine whether or not a
transaction is fraudulent. When researching or making a decision on a
transaction referenced in a FraudNet alert, please follow your credit union’s
fraud/identity theft procedures.
1. Evaluate the transaction against normal member activity for the
past three months.
Why? If the transaction is out of the member’s norms, this could be a sign of
fraud.
How? From Member Inquiry, click the Transaction Activity button.
2. Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened
a long time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the
top right corner of the Contact Information tab. The sub-account open date will
be listed in the top right corner of the Member Account Inquiry screen,
accessed by clicking the sub-account and then Select.
16. ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a
FraudNet alert. Please note that these are just recommendations and there
may be additional research required to determine whether or not a
transaction is fraudulent.
3. Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents
are stored.
4. Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account
base and press Enter. Then type in action code VC and press Enter. Select the
report and click View Report.
17. ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a
FraudNet alert. Please note that these are just recommendations and there
may be additional research required to determine whether or not a
transaction is fraudulent.
5. Review any changes in contact information and by whom the
changes were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6. If, after performing the above research, you determine it’s likely
that the transaction is fraudulent, contact the member to verify
the legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
18. ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a
FraudNet alert. Please note that these are just recommendations and there
may be additional research required to determine whether or not a
transaction is fraudulent.
X
If you determine that the If you determine that the
transaction is legitimate and transaction is fraudulent and
you want the SettleMINT EFT you want the SettleMINT EFT
team to proceed with the team to deny the
transaction, respond via transaction, respond via
AnswerBook with instructions AnswerBook with instructions
to process the transaction. to stop or return the
transaction.
For response deadlines, refer to timeline on Slide
8.
19. THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the
names and contact information of three FraudNet
contacts from your credit union so that we always have
someone to speak with regarding transactions referenced
in FraudNet alerts and so that your timely response to our
alerts is ensured.