How Credit Unions can Combat Shared Branching Fraud
Shared branching gives credit unions a far reach, even with a smaller, targeted brick-and-mortar market. But what doors can shared branching open up for the bad actors?
What is Shared Branch Fraud?
Shared branch fraud occurs when cybercriminals use fake or stolen identity (from an employee or member) to bypass authentication layers. The bad actors then make unauthorized withdrawals at an acquirer credit union in your shared branch network.
Here’s how these shared branch attacks take place:
-
- The cybercriminal purchases an individual’s stolen information on the dark web and purchases counterfeit identity cards.
- The cybercriminal conducts an in person, online, or over-the-phone inquiry to gain access to a member’s account number. In many cases, the criminals call into contact centers to verify the account is open via an account balance inquiry or a balance transfer request.
- The cybercriminal shows a counterfeited state-issued ID and the stolen account number and credit union name at an acquirer credit union (typically out of state) in your shared branch network to take the maximum amount of available funds.
- The cybercriminal purchases an individual’s stolen information on the dark web and purchases counterfeit identity cards.
These types of fraud attacks can take place on any transaction channel, including:
-
- Checking, share, or share draft account withdrawals
- HELOC line of credit disbursements
- Credit card line of credit disbursements
The withdrawals are performed at the teller counter in the form of teller checks, cashier checks, official checks, or cash.
Best Practices for Mitigating Shared Branch Fraud
Shared branches are on par with the cooperative mission of credit unions. However, without strong authentication layers in place credit unions that participate in shared branches are more vulnerable to losses. Implement these best practices to protect your credit union and its members:
-
- Consider a policy for employees, board members, and members to opt in or out of shared branching, making sure they are informed of the benefits as well as potential risks involved.
- Consider reaching out to members with high balances and little or no shared branch activity to ask if they want to block shared branch activity on their account.
- Flag accounts that have not used shared branching to identify and look into any new, potentially fraudulent, shared branch activity occurring on these accounts.
- Consider blocking HELOC line of credit disbursement requests performed at an acquirer shared branch location.
- Block credit card line of credit disbursement requests performed at the teller counter. Redirect these transaction requests to the acquirer’s ATMs (since credit card transactions cannot be fully blocked).
- Look into inquiries received on members’ accounts before authorizing any shared branch withdrawal request. If anything seems off or suspicious, contact the member directly to validate the request and prevent fraudulent activity.
- Leverage an identity theft software that scans transactions to capture and report vulnerabilities.
- Encourage your members to freeze their credit with the 3 credit bureaus to help protect their information.
- Strengthen contact center security questions and authorization methods to protect members’ information, leveraging AI where possible.
- Work with acquirer credit unions in your shared branch network to bolster security tools, authentication requirements, and cash withdrawal limits to help prevent shared branch fraud attacks.
- Review your shared branch agreements to know when your credit union is liable for fraud losses, and to understand the authentication and security measures required of both issuers and acquirers participating in shared branching.
- Advocate that your shared branch network continues to improve their fraud detection and prevention tools.
Shared branching has changed a lot since its birth in the 1970’s. More digital doors are more open doors for fraud. With these best practices, it's possible to keep your credit union protected while offering members the convenience of shared branching.