Posted by MeridianLink | February 13, 2024

Account Takeover: An Emerging Trend With Costly Outcomes for Community Financial Institutions

The materials available in this article are for informational purposes only and not for the purpose of providing legal advice. You should contact your own advisors with questions regarding the content herein. The opinions expressed in this article are the opinions of the individual authors and may not reflect the opinions of MeridianLink, Inc.   

The following post is provided by TransUnion®, a MeridianLink® partner.   

TransUnion’s 2023 State of Omnichannel Fraud Report indicated account takeover fraud increased 81% since 2019, and many credit unions and community banks reported seeing more of this type of fraud in the latter half of 2023. 

What is account takeover? 

Account takeover is when a fraudster gains access to a legitimate customer’s account and steals their funds or information. One of the more common ways fraudsters obtain the customer’s login credentials is by impersonating the financial institution (FI) through calls, texts, or email. 

How does account takeover show up inside community financial institutions? 

Community financial institutions may not hear about or see this type of fraud until it’s too late. Most of the time, they have a member or customer call in to ask about a transaction—usually one they did not initiate. Upon further investigation, most institutions determine the transaction was conducted by someone with unauthorized access to the account. All too often, recovery is unlikely, and these losses frequently and directly impact an institution’s bottom line. 

What’s an example of an account takeover fraud loss? 

In a recent conversation with several credit unions, TransUnion learned about two examples of account takeover that occurred due to call spoofing. Call spoofing is when a fraudster calls a consumer from what appears to be their institution’s phone number. As such, many unsuspecting consumers will answer the call from the fraudster, who is posing as a representative from their FI. The fraudster tells the customer their information has been compromised, and they’re calling to help them reset their credentials and safeguard their account. 

In the case of these two credit unions, their members received similar calls where fraudsters offered their assistance. The fraudsters began working through the credit union’s Forgot Password workflows, prompting one-time passcodes (OTP) to be sent to members. The fraudsters asked these members to repeat the codes provided to “authenticate” the members, and once they read them back, the fraudsters were able to gain access to the members’ accounts and conduct fraudulent transactions. 

One credit union member had his home equity line of credit drawn down to full utilization an $80,000 loss for the credit union. The other credit union’s member saw several thousands of dollars transferred out by way of a leading peer-to-peer account transfer service. 

Both of these situations were unrecoverable, and each institution had to write off the full loss. Additionally, these members expressed a loss of confidence in their credit union’s ability to keep their hard-earned deposits safe. Two quite unfavorable—and costly—outcomes. 

How can community financial institutions prevent account takeover fraud? 

The best fraud prevention strategies are built with several layers of protection—and the fraud prevention solutions landscape includes a robust lineup of sophisticated, proven technologies.  

TransUnion provides a suite of solutions that enables financial institutions and other organizations to digitally ‘sign’ their own outbound calls and combat call spoofing—a primary method of conducting account takeover. When a financial institution digitally signs its own calls, legitimate outbound calls get automatically identified and authenticated—while spoofed calls get blocked. 

Additionally, it’s an industry best practice for businesses to have their assigned telephone numbers vetted by an outside authority to prove ownership to others within the call ecosystem and verify businesses are authenticating their own calls. 

Solution features and functionality aside, having an intentional strategy to resolve identity across the account lifecycle is critical to combat emerging trends and avoid more costly outcomes. 

For more information on TransUnion communications solutions, visit www.transunion.com/trucontact   

For more information on TransUnion identity and fraud solutions, visit www.transunion.com/truvalidate   

Similar Posts