Overview of Credit Card Fraud Types

Credit Unions are increasingly becoming susceptible to fraud as are most financial institutions. However, credit unions may have more gaps in fraud prevention due to the smaller size of the institution when compared to the larger banks resulting in a lack of proper controls because of limited staff. Two areas that have shown an increase in fraud are debit card fraud and ATM skimming.

Debit card fraud occurs through data and security breaches. Credit unions can lessen the likelihood of debit card fraud by requiring the use of a PIN in areas where fraud is more common. They can also analyze the patterns and transactions that seem out of the normal usage of the credit union member. The transaction can be declined or the member may be contacted by a fraud prevention specialist to confirm if the purchase was from the true member. If a card is believed to be compromised is should be invalidated and a new card issued. This action can be inconvenient for the member but an explanation of the larger picture of the hazards fraud and identity theft should reassure the member.

ATM skimming is implemented by using devices and cameras to capture the user’s personal information. A device used for skimming is a card reader concealed as the real card reader. The card's information is scanned and stored from the magnetic strip. The fraudster still needs the PIN number which requires cameras to get a view of the PIN entered or the ATM may using a fake keypad to capture the PIN number during the transaction. Credit unions can educate their members to help them be more vigilant with their financial transactions. The three top tips are for the member to:

1. Hiding the hand used to enter the password.
2. Observe the ATM card reader to see if the reader moves or appears thicker than normal.
3. Check the account balances and transactions regularly to ensure they are all valid.

(Fraud and Scam Information, n.d.) 

Risks to credit unions are on the increase as new tactics continue to emerge as old ones are identified and targeted. The risk can be “difficult to quantify in terms of speed of onset and potential impacts.” If ignored, the credit union’s financial stability and reputation can be greatly impacted. (Is Your Credit Union Prepared for These Emerging Risks, n.d.) One example that occurred during the holiday season to North Jersey Federal Credi Union resulted in a $218 million-asset loss. The scammer mailed out “counterfeit cashiers checks drawn from the credit union.” The credit union’s call center began to receive an increase in calls to confirm the validity of checks received in the mail. (Ghosh, n.d.)

Ad-hoc testing is also referred to as Acceptance Testing or Black Box Testing. Ad-hoc testing is informal and random. They are also conducted without formal planning, procedures and the results are expected in advance. The results can be very revealing of defects that would have been overlooked using strictly audit procedures. Unfortunately, success depends on luck as well. Black box testing is a method used when the item tested is not known. The name refers to a black box where the internal structure or contents of the system are not known. (Ad Hoc Testing, n.d.)

Employee communications should be provided to all new employees and continuing education provided to existing employees. Inform the employees about fraud, how to identify and report fraud. Also included should be the punishments that have been or will be enacted if fraud is detected. The employees should also be informed of the separation of duties, job rotations will be required, and no one employee should have complete control over a process. Acceptable and unacceptable procedures and conduct should be clearly defined to avoid legal problems if a dishonest employee must be dismissed. (Fraud Detention and Deterrence, ACFE)

The should be a continuous monitoring environment that should be in place requiring internal auditors to evaluate transactions. This research should “show what patterns might be expected under conditions of in control and out of control. (Nigrini, 2011, p. 151)

Organizations should conduct regular fraud risk assessments by identifying what activities are the most vulnerable and put procedures in place to prevent it. This requires the collaboration of both management and auditors. Management understands the day to day business operations, the organization’s culture, and the organization’s resources. Auditors are trained for risk assessment, are trained in evaluating and implementing internal controls. When a combination of management and auditors is used the result will be more effective by structuring the controls around the organization’s structure.

References

• Ad Hoc Testing. (n.d.). Retrieved from Softwaretestingfundamentals.com: http://softwaretestingfundamentals.com/ad-hoc-testing/
• Fraud and Scam Information. (n.d.). Retrieved from Peoplescu.com: https://www.peoplescu.com/resource/autosmart/fraud/
• Fraud Dentention and Deterrance. (n.d.). ACFE, 3-5.
• Ghosh, P. (n.d.). New Year, New Fraud Risks. Retrieved from Credit Union Journal: https://www.cujournal.com/news/new-year-new-fraud-risks
• Is Your Credit Union Prepared for These Emerging Risks. (n.d.). Retrieved from Cuinsight.com: https://www.cuinsight.com/credit-union-prepared-emerging-risks.html
• Nigrini, M. (2011). Forensic Analytics: Methods and Techniques for Forensic Accounting Investigations. Hoboken, NJ: John Wiley & Sons, Inc.