by MaryAnne Colucci, Director, Fraud & Risk
In 2023, 34% of financial institutions with assets at or under $5 billion saw a growth in debit/prepaid fraud while 56% of larger institutions also witnessed an increase (PYMNTS). The impact of compromised cards and the resulting fraud can be significant for both credit unions and their members. Taking a closer look at the trending tactics for collecting card information and using it for fraud attacks can help credit unions take more effective, proactive steps to guard against it.
Card skimming
While there are many ways for fraudsters to gain card information, the number of debit cards compromised via skimming grew 77% year over year between 2022 and 2023 (FICO). High tech, deep insert skimming, which is difficult to detect, has been a major factor in this trend. It can happen at ATMs and other points of sale like gas pumps. Miniscule skimmers less than a millimeter in size can be inserted into a card reader to collect magnetic stripe information. These skimmers are usually accompanied by keypad overlays or hidden cameras to record pin numbers so fraudsters can make full use of the compromised cards.
Protecting against compromised cards requires vigilance from both credit unions and cardholders. A credit union can deter fraudsters by making sure the area around their ATMs is brightly lit. Regularly checking terminals for signs of tampering is also important way to safeguard member information from skimmers.
Credit unions also need to keep their members well-informed. This includes instructing them on tell-tale signs of tampering like tiny holes in paneling and loose keypads as well as best practices like covering keypads during use or choosing indoor vs outdoor terminals. These simple steps can help prevent compromised cards.
Fraud attacks using compromised cards
If fraudsters are successful in collecting card information, they can use it in a variety of ways that impact both cardholders and credit unions.
Card draining: Scammers can use a member’s debit card information to shop online until they drain the associated checking account. Since there are generally fewer fraud loss protections for debit cards, this has a big impact on credit unions who are often responsible for some or all of the lost funds.
To address this risk, advise members to regularly check their balances and to limit the amount of money they store in accounts linked to their debit cards. Also, remind members that your credit union will never reach out and ask for account information or online banking credentials in case fraudsters try to contact them for more sensitive account information.
Synthetic fraud: Compromised debit information can be used in the creation of synthetic or false identities used to open fake accounts and gain approval for loans that ultimately cost credit unions when these fraudsters take the money and disappear.
The best way to block this type of fraud is by reviewing loans, either manually or through auto-decision flagging, for suspicious applications and checking applicants’ credit reports to be sure they aren’t for terminated accounts or merely “authorized users.”
ATM fraud: Scammers can also use card information to create fake cards. They then circumvent EMV chip readers at ATMs by taking advantage of fallback transactions to fraudulently withdraw money at ATMs, resulting in a costly loss for credit unions when this happens on their own machines.
Blocking or setting limits on the number and amount of fallback transactions on your credit union’s BIN is a simple way to reduce the impact of this type of fraud.
Thus, as debit fraud rises, credit unions need to work with their members to be vigilant and maintain an awareness of the trending tactics used by fraudsters along with the best practices for addressing them. Compromised debit cards represent a significant potential loss for credit unions and members alike, but fortunately there are steps that each can take to make a big impact in the fight against fraud. To learn how we can help, please contact @ E1-800-942-7124.