FRAUDNET ALERT TRAINING Upon completion of this training, you will be able to understand,...
19
FRAUDNET ALERT TRAINING Upon completion of this training, you will be able to understand, prioritize, and respond to FraudNet alerts you receive from the SettleMINT EFT team. FraudNet can help protect your credit union and your members from potentially devastating loss. Credit unions using EasyPay powered by Fiserv can now enjoy the benefits of FraudNet.
FRAUDNET ALERT TRAINING Upon completion of this training, you will be able to understand, prioritize, and respond to FraudNet alerts you receive from the
FRAUDNET ALERT TRAINING Upon completion of this training, you
will be able to understand, prioritize, and respond to FraudNet
alerts you receive from the SettleMINT EFT team. FraudNet can help
protect your credit union and your members from potentially
devastating loss. Credit unions using EasyPay powered by Fiserv can
now enjoy the benefits of FraudNet.
Slide 2
WHAT IS FRAUDNET? FraudNet is a cutting-edge fraud-detection
system that identifies fraudulent bill pay activity in real time
using a complex set of algorithms. This state-of-the-art
fraud-detection tool also helps credit unions meet FFIEC
requirements to monitor suspicious activity on high-risk
accounts.
Slide 3
HOW DOES FRAUDNET WORK? The FraudNet Detection Engine
identifies unusual bill pay activity by gathering the following
types of data from payments scheduled through bill pay: Behavioral
data Predefined rules are used to target specific types of
behaviors that have been associated with previous fraud. Each rule
is assigned a code to help the investigator determine why an alert
was triggered and how the investigation should be approached.
Negative data Extracted from confirmed fraud cases, this data is
used to detect repeat occurrences of fraud. Statistical data This
data permits FraudNet to detect and return more negative
alerts.
Slide 4
COMMON TYPES OF FRAUD The definitions below are provided to
help you better understand common types of fraud detected by the
FraudNet Detection Engine. Electronic kiting The perpetrator uses a
funding account with limited or no funds to process payments via
bill pay. Phishing This is the practice of luring unsuspecting
Internet users to a fake website by using authentic-looking email
with the real organizations logo in an attempt to steal passwords
and financial or personal information, or to introduce a virus
attack.
Slide 5
Man in the browser Related to man in the middle, described
below, this is a Trojan horse that infects a web browser and has
the ability to modify pages, change transaction content, or insert
additional transactions, all in a completely covert fashion
invisible to both the consumer and the host application. These
types of attacks can be successful whether or not security
mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of
attacks is to use transaction verification. Man in the middle The
perpetrator funnels communication between a consumer and a
legitimate organization through a fake website. In these attacks,
neither the consumer nor the organization is aware that the
communication is being illegally monitored. The criminal is in the
middle of a transaction between the consumer and his or her bank,
credit card company, or retailer. COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection
Engine.
Slide 6
Third-party receiver of funds A person who transfers money and
reships high-value goods that have been fraudulently obtained in
one country, usually via the Internet, to another country,
typically where the perpetrator lives. Trojan horse A program that
installs malicious software (malware) on a consumers computer
without their knowledge. Trojan horses often come in links or as
attachments from unknown email senders. Once installed, the
malicious software can detect the consumers access to online
banking sites and record their username and password, which is then
transmitted to the perpetrator. COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection
Engine.
Slide 7
WHAT IS A FRAUDNET ALERT? FraudNet harnesses the power of
collaboration by offering users the ability to post instant alerts
and maintain a black list shared and viewable by financial
institutions across the nation. When the SettleMINT EFT team
receives a FraudNet alert that pertains to a transaction relating
to one of your members, they will use AnswerBook to pass this alert
on to your credit unions FraudNet contact, who will then need to
use the Alert Priority List (referenced on Slides 9-14) to
prioritize the alert in case there are others that also need to be
researched. Once the alert is prioritized, your credit unions
FraudNet contact will then need to research the transaction
referenced in the alert to determine whether or not it is
fraudulent. Once the legitimacy of the transaction has been
determined, your FraudNet contact will need to reply through
AnswerBook to request that the transaction be processed or
stopped/returned.
Slide 8
ALERT TIMELINE If there is an alert that requires your
attention, the SettleMINT EFT team will notify you via AnswerBook
during one of the two time periods listed below. Also listed below
is the time at which theyll need your response on whether or not to
process the transaction referenced in the alert. Between 8-9 AM ET
(Respond by 2 PM ET same day.) Between 2-3 PM ET (Respond by 8 AM
ET next day.) Note: Cases will not be worked on weekends and
holidays. It is extremely important that you respond to the
SettleMINT EFT team via AnswerBook by the times listed above as we
cannot make the decision on your behalf regarding whether to
process or stop the transaction. If we do not hear from you with a
decision by the times indicated above, then: The payment will
remain on hold for up to 5 business days. After that, the payment
will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
Slide 9
ALERT PRIORITY LIST FIRST PRIORITY Negative List DDA: The
subscribers bank account number is on a list of bank accounts
associated with confirmed cases of fraud. Negative List Email: The
subscribers email address is on a list of email addresses
associated with confirmed cases of fraud. Negative List Payee
Account #: The subscribers account number with the payee is on a
list of payee account numbers associated with confirmed cases of
fraud. Negative List SSN: The subscribers Social Security Number is
on a list of Social Security Numbers associated with confirmed
cases of fraud. When a Social Security Number is added, all
payments made by that subscriber are alerted in FraudNet. Prior to
adding a Social Security Number to the Negative List, you must
obtain a Declaration of Fraud, which is a letter stating that the
subscriber never has and never will use bill pay. Negative List ZIP
+ 11: The payees 11-digit ZIP code is on a list of payee address
zip codes linked to confirmed cases of fraud.
Slide 10
ALERT PRIORITY LIST FIRST PRIORITY (CONTINUED) Manual Alert:
This is externally reported fraud that FraudNet missed or that
failed to trigger an alert. Its generated by the sponsor to notify
Fiserv of the missed data. Manual Alert Search: A sponsor using
FraudNet generated an alert for an item that was linked to
confirmed fraud data (generally associated with email address, ZIP
code, or payee account number). It is crucial that these accounts
be entered into the FraudNet system so fraud analysts can track and
modify client-scoring parameters in the event their detection
statistics begin to drop. Quick Hitter Rule: Multiple payments have
been made to a newly added payee.
Slide 11
ALERT PRIORITY LIST SECOND PRIORITY Subscriber Info Change: The
subscribers email address has recently changed. Personal Payments
Receiver Velocity: This measures velocity of transactions and
cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to
establish the appropriate velocity and amount thresholds. Personal
Payment Sender Velocity: This measures velocity of transactions and
cumulative dollar amounts sent by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to
establish the appropriate velocity and amount thresholds. A2A
Velocity: This monitors the velocity of account-to-account
transfers being made by a specific subscriber. Variables are
dependent on the specific business units needs.
Slide 12
Account Transfers Sleep: This monitors for previously created
transactions being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a payment to a
recently added payee, and the payees address is located near the
subscribers address. Bust-Out II: The subscriber is attempting to
make a payment to a recently added payee, and the payees address is
located far from the subscribers address. Model: This is a
statistical rule that is usually triggered by payment size. This is
usually a large payment with a small chance of fraud. ALERT
PRIORITY LIST SECOND PRIORITY (CONTINUED)
Slide 13
ALERT PRIORITY LIST THIRD PRIORITY DDA = Payee Account #: This
monitors for transactions where the funding account matches the
receiving or payee account number. This rule monitors both
electronic and paper transactions. MOE (Merchant Online
Enrollment): This rule monitors all newly established MOE merchant
payments in the Fiserv system. Verify the payment with the
subscriber. MOE was a process created at Fiserv that allowed
unmanaged, non-common payees to become electronically enabled. This
program is no longer being used, but fraud mitigation practices
still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
Slide 14
Managed Velocity Payment: This is an optional rule used to
monitor velocity of payments within a particular industry or set of
industries. Contact your assigned fraud specialist to establish the
thresholds for this velocity rule. For example, this rule helps
detect multiple payments being transmitted to various credit card
numbers, not just the same number. Transfer Monitor: This monitors
newly created account-to-account transfers, timeframes, and amount
thresholds per business unit specifications. Bank by Mail: This
monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011 ALERT PRIORITY LIST THIRD PRIORITY
(CONTINUED)
Slide 15
ALERT RESEARCH TIPS The tips below are guidelines for
researching a transaction flagged in a FraudNet alert. Please note
that these are just recommendations and there may be additional
research required to determine whether or not a transaction is
fraudulent. When researching or making a decision on a transaction
referenced in a FraudNet alert, please follow your credit unions
fraud/identity theft procedures. 1. Evaluate the transaction
against normal member activity for the past three months. Why? If
the transaction is out of the members norms, this could be a sign
of fraud. How? From Member Inquiry, click the Transaction Activity
button. 2. Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was
opened a long time ago with no activity until recently, this could
be a sign of fraud. How? Within Member Inquiry, the membership open
date will be listed in the top right corner of the Contact
Information tab. The sub-account open date will be listed in the
top right corner of the Member Account Inquiry screen, accessed by
clicking the sub-account and then Select.
Slide 16
3. Review documents used at account opening (i.e. copy of
drivers license). Why? If the members ID looks fake or suspicious,
this could be a sign of fraud. How? Follow your specific credit
union procedures for where these documents are stored. 4. Review
the members credit report. Why? If the credit score has suddenly
plunged, this could be a sign of fraud. How? From MNLOAN #1-Process
Member Applications, enter the account base and press Enter. Then
type in action code VC and press Enter. Select the report and click
View Report. ALERT RESEARCH TIPS (CONTINUED) The tips below are
guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there
may be additional research required to determine whether or not a
transaction is fraudulent.
Slide 17
5. Review any changes in contact information and by whom the
changes were made. Why? Identity thieves often change contact
information to reroute mail to themselves. How? Go to MNAUDT
#24-Audit File Maintenance. 6. If, after performing the above
research, you determine its likely that the transaction is
fraudulent, contact the member to verify the legitimacy of the
transaction. Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting the
identity thief. ALERT RESEARCH TIPS (CONTINUED) The tips below are
guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there
may be additional research required to determine whether or not a
transaction is fraudulent.
Slide 18
process the transaction. If you determine that the transaction
is legitimate and you want the SettleMINT EFT team to proceed with
the transaction, respond via AnswerBook with instructions to
process the transaction. ALERT RESEARCH TIPS (CONTINUED) The tips
below are guidelines for researching a transaction flagged in a
FraudNet alert. Please note that these are just recommendations and
there may be additional research required to determine whether or
not a transaction is fraudulent. X stop or return the transaction.
If you determine that the transaction is fraudulent and you want
the SettleMINT EFT team to deny the transaction, respond via
AnswerBook with instructions to stop or return the transaction. For
response deadlines, refer to timeline on Slide 8.
Slide 19
THANK YOU FOR ATTENDING THIS WEB CONFERENCE. REMINDER Please
contact us no later than Friday, March 1 with the names and contact
information of three FraudNet contacts from your credit union so
that we always have someone to speak with regarding transactions
referenced in FraudNet alerts and so that your timely response to
our alerts is ensured.