Real-Time Analytics Helps Virginia Credit Union Prevent Fraud

The credit union used agile development to build an analytics system to stop fraudsters.

Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.

Virginia Credit Union has software to do that kind of after-the-fact analysis, but CIO Chris Saneda says his company saw a chance to actually prevent theft. The credit union built an analytics system to stop fraudsters who, with a bit of personal information, can con call center workers.

"We're trying to get in front of it before real fraud happens," Saneda says. Virginia Credit Union, with 570 employees and an IT department of 38, earned a CIO 100 award this year for the project.

Using an agile approach, the fraud-risk-management team, a staff developer, and a contract developer started building the analytics system last year. They identified scenarios that could indicate fraud, based on input from the fraud-risk-management department and the contact center at the credit union, which has $2.5 billion in assets. The system, called Fraud-Fighter, starts working as soon as a call comes in to the contact center, using algorithms to analyze the interaction and historical information associated with the account.

Challenges arose in accessing some of the required data, Saneda says. First, the credit union did not have all the information in its warehouse at the project's start. The team also had to forgo some information it wanted to gather from its online banking system--specifically IP addresses from recent logins. The vendor that hosts the online banking system couldn't provide the data without additional development work.

Saneda declined to disclose details about which elements of a customer interaction would raise red flags; he doesn't want to educate potential criminals. But, he says, general tip-offs include uncharacteristic online activity followed by requests for address changes or multiple calls to the contact center in quick succession. If these or other warning signs show up, the system provides a yellow or red alert to the call handler. The software also suggests steps employees can take, such as calling a manager or invoking additional authentication procedures.

4 Fishy Cases

In the first three months after Fraud-Fighter launched last September, the system flagged four cases of potential fraud, where someone who hadn't been authorized by the real account holder contacted the credit union.

The system alerted front-line staff to take extra precautions to authenticate each caller's identity. Each time, the caller failed increased authentication tests and the transaction was halted. Fraud-Fighter recouped what it cost to build in those first three months, Saneda says.

Tim Phillipps, a global consultant at Deloitte Analytics, says many call centers improve customer service and increase sales through analytics, but he hasn't seen many companies adopt analytics to fight fraud. "It's a really interesting way to combat an age-old problem," he says. "I'd be surprised if this doesn't become more common."

Virginia Credit Union plans to make the system more sophisticated to keep up with evolving social engineering and fraud tactics, Saneda says. He sees Fraud-Fighter as a tool to protect his company's 235,000 credit union members "from monetary loss and endless personal grief."

Join the CSO newsletter!

Error: Please check your email address.

Tags analyticssecurityVirginia Credit Unionbusiness analyticsfinanceindustry verticalsinternetfraud

More about DeloitteIBM Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mary K. Pratt

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts