NAFCU Services Blog

By: DefenseStorm 

In the dynamic financial services landscape, credit unions face a persistent adversary: fraud. Traditionally, the fight against all types of cyber risk has been a reactive process, often involving separate fraud and information security (InfoSec) teams to address the threats. However, the future of fraud prevention calls for a paradigm shift towards a more proactive and unified approach. 

A Siloed Approach 

Credit unions often adopt a siloed approach to fraud prevention, treating fraud as a distinctly separate threat from traditional cyber threats. Historically, fraud and infosec teams work separately, each prioritizing their own areas. Fraud teams in credit unions focus on preventing and detecting fraudulent activity and investigating irregular transactions, while InfoSec teams prioritize safeguarding sensitive financial data, preventing security breaches, and ensuring compliance with industry regulations to preserve members' privacy and financial assets. Although their priorities differ, both teams ultimately work towards the common goal of protecting the credit union and its members from financial risks and fraud.  

Credit unions that operate with a reactive, transactional approach to detect fraud expose themselves to increased financial losses, compromised customer trust, and reputational damage. This reactive strategy not only leads to delayed response times but also allows fraudsters to capitalize on vulnerabilities, amplifying the impact of fraudulent activities and requiring recovery of funds after the money has moved. These events are incidents, and being siloed slows the process, which works contrary to what you want for incident response. The outcome is increased negative impact from fraud losses resulting in poor member experience. Often, because these teams aren’t working together, they're not leveraging all the data and insights that can prevent threats upstream. This leads to controls implemented in both areas that are disconnected to try and solve the problem, increasing costs to the credit union because of the investment in two areas separately rather than having one overarching architecture of controls. 

InfoSec and Fraud Team Fusion 

So, what does that mean for fraud prevention? Credit unions should fuse the infosec and fraud teams to proactively prevent fraud, identifying suspicious events before money ever leaves accounts. A united approach bridges the gap between security and fraud, creating an intermediary layer that facilitates communication and collaboration.  

Here’s how it works: 

According to a Spotlight Report by International Data Corporation (IDC), sponsored by PWC, “Cyber fraud fusion centers are the integration of disparate functional teams. This can be achieved by thoughtfully combining technical and operational systems and procedures. The fusion layer is the middle layer between the security and fraud layers and helps address the gaps that exist because of the siloed legacy framework.” 

Benefits of Cyber Fraud Fusion Centers 

Enhanced Visibility: Fusion centers provide a holistic view of threats. Analysts can correlate data from various sources, identifying patterns and anomalies more effectively. 

It enables faster detection and prevention of fraudulent transactions by analyzing data from multiple sources. It also improves the quality and efficiency of investigations by providing more relevant and reliable information. 

Institutional Knowledge: Skilled analysts with institutional knowledge contribute to better threat detection. They understand adversaries’ tactics, techniques, and procedures, allowing quicker response. 

It enriches the analysis of potential attacks with additional data, which can offer more context and clarity. This is especially important in the current environment of hybrid/remote work, which increases the attack surface and exposes new vulnerabilities. 

Efficient Investigations: By sharing surveillance technologies and case management tools, fusion centers streamline investigations. Teams work together to hunt threats across domains, leading to faster resolution.  

• By breaking down silos and integrating data, it can distinguish between real and false positives more accurately.  
• It improves the metrics on common cybersecurity measurements, which reflects the maturity and effectiveness of the cybersecurity program. 

The Truth is in the Data 

VP of Fraud and Information Security for Washington State Employees Credit Union (WSECU), Aaron Robel, has embarked on implementing this new approach in concert with a new focus on stopping fraudulent activity proactively during pre-login rather than post-transaction through the fusion of security and fraud teams. According to Robel, “During a recent event where a masquerading phishing site was being used to compromise member login information, the cyber and fraud teams here at WSECU worked together on the investigation to identify the masquerading site with perimeter security appliances. Then, we reviewed the log-in data as well as transactions to ultimately block the transactions. It was through this collaborative investigation that we effectively stopped the theft of nearly $23,000.” 

Steps Toward a United Front 

To unite the infosec and fraud teams effectively, credit unions can follow these recommendations: 

• Create a cross-functional team that includes representatives from both departments, as well as other relevant stakeholders such as legal, compliance, and business units. 
• Establish a common vision and goals for the team and define the roles and responsibilities of each member. 
• Develop a shared framework and methodology for identifying, assessing, and responding to cyber fraud risks and incidents. 
• Implement a centralized platform and tools that enable data collection, analysis, and sharing across the team. 
• Build trust and collaboration among the team members through regular communication, feedback, and training. 
• Measure and monitor the team's performance and impact, and adjust the strategy and tactics as needed. 

Cyber fraud fusion centers empower organizations to proactively combat fraud by breaking down silos, sharing critical information, and leveraging collective expertise. The result? A stronger defense against financial crimes.