Artificial Intelligence (AI), synthetic identities and in-person fraud at financial institutions are just a few of the schemes that are popping up in today’s climate, according to Experian’s Fraud Trends 2024 – Experian’s Future of Fraud Forecast. While these specific scams may be new, the concept of fraud in the financial industry is far from novel. In fact, it’s a given. That’s why being adept at noticing the red flags of fraud is vital to protecting your members and your institution. However, this skill doesn’t come without education and practice in knowing how to identify fraud red flags. That’s where I can help. As the payments risk analyst for Vizo Financial and an Accredited Payments Risk Professional (APRP), I’ve mastered the complexities of risk management in relation to payments, and I’m excited to share my insights with you. But before I get too far into the weeds, I’d like to take a minute to explain what a fraud red flag entails.

What are Fraud Red Flags?

Most of us know what a red flag symbolizes. It’s a warning sign that indicates there is a potential problem; it could be an irregularity in a pattern, practice or activity. It’s there to tell you that something might be wrong. You can potentially find red flags in almost any type of situation, including fraud situations at your financial institutions.  

Now when it comes to fraud or scams, there are a lot of different definitions; however, the Association of Certified Fraud Examiners (ACFE) defines fraud as, “any activity that relies on deception in order to achieve a gain.” In a similar sense, the Federal Reserve defines scams, as “the use of deception or manipulation intended to achieve financial gain.”

Using each definition in conjunction with the other, we can deduce that fraud or scam red flags are warning signs that indicate unusual activity within your institution brought about by the deception or manipulation of a member or staff member that has been conducted in order to achieve a financial gain of some sort. These red flags could appear in a variety of different ways, and I’ll provide a few examples later on in the article.

It's important to identify these red flags of fraudulent activity in order to better protect your financial institutions and your members. These warning signs could play a vital role in preventing a fraudulent attempt. However, I must mention that red flags don’t always identify or stop a fraudulent attempt, but they are a fundamental part of a comprehensive fraud strategy. So that begs the question, how do we identify these fraud red flags?

Identifying Fraud Red Flags

Identiyfing red flags is a two-fold process because these warnings could appear anywhere and at any time. Moreover, depending on the situation that’s occurring, there are a plethora of signs that could appear. First things first, before we discuss how to identify the red flags, we need to examine who is in a position to identify a red flag.

Who Should Identify:

Figuring out who should be in charge of identifying any red flags is simple because the answer is everyone in your financial institution or organization. From your front-office to your back-office and your internal staff members to your external members, they all can and should be able to identify fraud red flags.

Your front-office staff is extremely vital in identifying fraud red flags because they are the people who engage with your members every day. They know your members, and they’re more likely to realize when something is wrong or out of the ordinary. For example, with your elder members, your front-office staff are in a position where they can more easily identify if the member is being financially abused. The American Bankers Association provides an infographic that list warning signs that could indicate financial abuse. According to this infographic, these include signs like:

• A new “best friend” accompanying an older person to the bank
• Suspicious signatures on checks, or outright forgery
• New powers of attorney the older person does not understand
• A caretaker, relative or friend who suddenly begins conducting financial transactions on behalf of an older person without proper documentation

Between your member service representatives and your other member-facing personnel, they’re able to see these signs a lot quicker than your back-office staff because they’re talking to and engaging with your members on a more frequent basis. That’s why it’s important that they know the processes and procedures, so that if something is amiss, they’ll be able to quickly identify the issue. In order to properly identify any warnings signs, your front-office staff should:

• Authenticate and verify your members and their information when they engage with them to protect the members against potential identity theft.
• Make sure that the appropriate documents are collected and recorded to ensure that the member is who they claim to be.
• Keep a close eye on and be a voice for those who may be easily taken advantage of like your elder members.

This is quite the task to take on, and that’s why your front-office staff can’t do this alone; they need the help of your members. Encourage your members to:

• utilize strong passwords and authentication practices for their accounts.
• do their due diligence by monitoring their accounts and activity.
• keep an eye on their credit reports.
  • If something unusual is happening, they’ll be able to identify it sooner rather than later.

In addition to your members and front-office staff, your back-office staff is in a unique position to view business activity and transactions through the lenses of different departments, including:

• Accounting
• Investments
• Lending
• Payments
• Security and Risk

These departments are able to look at different patterns to see if there are any red flags or unusual activity within a member’s account. They’re also more likely versed on how to report these situations. While your front-office staff is well-equipped to notice behavioral or small changes in your members, your back-office staff have the resources to notice transactional changes and differences. Together, in conjunction with your members, your institution can help fight fraud by noticing these warning signs.

How to Identify Fraud Red Flags:

Now that you understand who should identify the red flags, let’s talk about how to recognize them. In order to identify a red flag, you need to know what to look for in a situation. If you come across someone portraying as a member but they’re missing documentation or information, this could be a red flag. It can also be a red flag if they try to avoid providing that information. Discrepancies in entries and/or signatures could also be a sign that something is amiss. You see, you want to train your staff to look for unusual or suspicious activity. They should look at trends and patterns of normal activity and business practices, so that when something abnormal occurs, they’ll recognize it as a red flag.

In addition to activity happening at your credit union, your staff and your members should both be aware of the various scams that are circulating. These scams can be anything from investment to romance scams, but they’ll usually include an urgent request. This is something that you will need to stay up-to-date on because these scams change and evolve quite often. It’s vital that your staff and your members don’t get caught up in the “urgent” feel of these scams, and they take the time to think them through before acting upon them.

Building Awareness of Fraud Red Flags

The key to ensuring that your staff and members can identify red flags lies in building awareness. Your back-office staff may be able to recognize red flags, but they may not know how to report them if you don’t have clear policies and procedures, and your members and front-office staff may not be able to recognize red flags if they’re not familiar with the latest schemes and fraud attempts. Awareness is key.

Within your policies and procedures, make sure you identify best practices and incorporate what the red flags are and how your staff should address them. For your systems and reporting functions, ensure that you have alerts that will notify your staff if any unusual activity is occurring. You can also utilize systems to analyze your data and alert you when something is amiss.

In addition, your security controls should include dual control and/or a four-eye review, meaning multiple people need to approve a transaction before it is allowed to process. Your financial institution should also set limits on payment transactions, in order to protect your institution and members from fraud attempts. You could also institute a policy that requires specific authorization parameters such as multi-factor authentication (MFA) requirements for both your staff and your members. This will help two-fold.

For one, this will help secure your systems, and only staff with the proper authorizations will be able to access the systems or process transactions. This will also be a safety precaution for your members because in order to log in to their accounts, they’ll need to utilize MFA or verify that they are authorized to access their accounts through an authentication process. The Federal Reserve notes that authentication is important because it, “verifies that individuals are authorized to access a platform or system, including their phones, computers, email accounts, online banking services and investment accounts.” While MFA and authentication methods aren’t foolproof, they are an extra safety precaution. As you are aware, in our digital world, you have access to your personal, professional and financial accounts through multiple digital platforms, and bad actors take advantage of this.

Furthermore, your institution should have a member risk profile for individual members and categories of members. According to the FFIEC BSA/AML Examination Manual, when creating this profile, the different risk categories that your credit union should identify and take into account are the products and services that the member uses, why the member is banking with you or using your financial institution (a business member or a member with personal accounts) and where that member is geographically located. This is important in order to be aware of any red flags that could indicate terrorism or money laundering. For those members with a higher risk profile, you should include information in your processes and procedures on how to deal with unusual activity within their accounts. I could go on and on about the importance of a member risk profile, but for the sake of your time, I’ll stop here. I do encourage you to read the FFIEC BSA/AML Examination Manual in its entirety.

Finally, make sure you’re actively educating your staff and your members. Your staff should know your products, services and processes in-depth. They should receive continuous education on how your products and services work, as well as the processes and procedures that should be followed. Both your staff and your members should be educated on past scams or fraudulent attempts, as well as new and emerging threats. This is vital because if they don’t understand what has worked in the past and/or new threats that are working now, they won’t be able to identify the red flags of a fraudulent attempt or situation. The Federal Bureau of Investigation (FBI) has a list of the most recent crimes and scheme attempts that they have and/or are dealing with, and among these crimes are business and investment fraud, business email compromise (BEC), consumer fraud, elder fraud, romance schemes, ransomware, spoofing and phishing and more. These are the types of fraud schemes and cybercrimes that you should educate your staff and members on.

In addition to education, I encourage you to provide your staff and members with the confidence they need to ask questions and provide them with the resources and tools they need to understand and recognize the signs of a fraudulent attempt. Being proactive and fostering discussions amongst staff and members will go a long way in helping your staff and members recognize the red flags of fraud.

I’ve covered a lot in this article, and I barely scratched the surface. When it comes to fraud, there are so many schemes and scams out there, which means the red flags can seem endless for these attempts. The most important advice I can give you is to stay aware. Make sure your staff and your members are aware of current and past schemes. Ensure that both your staff and members are using safety protocols like MFA and authentication to protect their accounts and the credit union as a whole. Develop processes and procedures that take into account fraud and scams and plans for them, and always follow regulations and regulatory examiner manuals and guides.

If you have any questions or if you’d like for Vizo Financial to help you prepare for some of these risks, please reach out to us at accountmanagers@vfccu.org.

Tarah Sweigart is a payments risk analyst for Vizo Financial. Her role involves supporting the BSA and fraud risk efforts, where she is responsible for transaction review and monitoring, risk assessments and payments related projects. Tarah is an Accredited Payments Risk Professional (APRP) and has mastered the complexities of risk management for ACH, check, wire, debit, credit and prepaid cards and emerging and alternative payments.