MADISON, Wis. (9/13/10)--Credit unions nationwide are reporting another round of wire/Home Equity Line of Credit (HELOC) fraud, according to a July 29 Risk Alert from CUNA Mutual Group. There are several steps credit unions can take to mitigate risk. CUNA Mutual said that in most cases, the fraudster “hijacked” member home phone numbers by impersonating the member and requesting that the member’s telephone carrier forward all calls to the fraudster’s untraceable cell phone. In a recent case, the fraudster cited flooding problems as the reason for requesting the home phone to be forwarded. In other cases, fraudsters were successful in having the member’s phone number on the account changed on the credit union’s system. Both methods resulted in a positive confirmation of the wire during the callback verification, CUNA Mutual said. Perpetrators have targeted members with large lines of credit via HELOC loans, said Gary Pate, CUNA Mutual director of insurance compliance and risk management. The perpetrator sends a fax or email requesting the credit union process a funds/wire transfer. Usually, the transfer requests are received at credit unions with call centers. “What’s making these scams even more insidious is that the credit union's caller ID indicates the call is going to the member's number of record,” Pate said. “Additionally, the fraudsters have detailed member information, which is enabling them to answer additional challenge questions from credit union staff.” Credit unions should consider requiring members to request large dollar wire transfers in-person at a branch office, which is a common practice in the financial services industry. CUNA Mutual Group said it supports this position. Some risk mitigation recommendations:
* Establish a monetary threshold for requiring wire transfer requests to be made in-person; * Encourage members to add a password to their account; * Review member account details to determine if large dollar wire transfers are “reasonable” for the member. If not, require the member to make the wire transfer request in-person; * For large dollar wire transfer requests, check the member’s account to determine if there was a recent advance against the member’s HELOC to fund the wire. If a HELOC advance was made to fund the wire, require the member to make the request in-person; * Employees who perform callback verifications should always check the member’s account to ensure the phone number has not been changed in the past 30 days prior to performing the callback. This step should be added to the callback verification section of the credit union’s wire transfer form, or other form used to document callbacks made; * Adopt a series of strong out-of-wallet questions to be used during the callback verification; * Adopt a written wire transfer agreement with both consumer-members and business members in which both the credit union and member agree to a commercially reasonable security procedure that verifies payment orders submitted by the member. The written wire transfer agreement with business members should identify the business’ employees authorized to submit payment orders to the credit union on behalf of the business; and * Consider adding a fraud monitoring tool that is capable of monitoring transactions in real-time across all payment channels like checks, automated clearinghouse, wires, payment cards, as well as transactions initiated through the online banking system.