Fraud Introduction
Last Reviewed: August 2024
Fraudulent attacks and losses have only been increasing in recent years. The Federal Trade Commission (FTC) reported over $10 billion in fraud losses and 2.6 million fraud reports in 2023. Credit Unions must implement measures to prevent, detect, and deter fraud to mitigate losses.
The fraud environment is constantly evolving and it is critical to stay aware of fraud trends, educate credit union employees and members, and implement proper anti-fraud controls.
Fraud Introduction: Overview
The NCUA Examiner’s Guide on Fraud defines fraud as any "intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.” Fraud can be categorized by the type of perpetrator – internal or external.
Internal fraud, or insider fraud, is perpetrated "by individuals associated with the credit union, such as a credit union employee, official, third party, credit union member, or some combination of these individuals working together." To deter and detect internal fraud, a credit union can implement internal controls, regularly conduct anti-fraud training for employees, develop an ethical culture, and establish policies and procedures.
To learn more about internal fraud, visit the Internal Fraud topic in the Fraud Channel.
External fraud is committed by "an individual or entity unconnected to the credit union against the credit union." According to NCU-ISAO, external threats are the most common, targeting organizations for financial gain and sensitive employee and customer information. Examples of external fraud include:
- Falsified loan or collateral documents
- Falsified membership documents
- Offering kickbacks to credit union employees
- Overstatement of third-party contracts
- Fake deposits or payments
- Cyber-enabled crimes
Be aware of fraud attacks that will impact credit union members, too. Attacks on members may leave an institution financially responsible for any losses and may affect consumers' overall trust in the financial system.
Fraud can also be perpetrated by two or more individuals, known as collusion fraud, as discussed in the CPA Journal. Collusion fraud schemes can involve internal parties, external parties, or both parties working together to commit fraud.
Fraud Introduction: Common Fraud Scams
The NCUA Fraud Prevention Center shares key information on common scams, identity theft, and cybercrimes. It is important to be aware of trends and common scams that credit union members may experience.
This document outlines common fraud trends, scams, and cybercrimes as mentioned by the NCUA Fraud Prevention Center. This includes Advance-Fee Fraud, Business and Job Opportunity Scams, and more! You will also find red flags and tips for each item.
Fraud Introduction: Reporting Fraud
The NCUA Fraud Prevention Center provides the following information on what to report and where to report suspected fraud.
What to Report | Where to Report |
Report anything you think may be identity theft - in a scam, cybercrime, or data breach - and get a recovery plan. | Identitytheft.gov |
Report unwanted calls from telemarketers and register your number on the national do not call registry. | Donotcall.gov |
Report anything you think may be a fraud, scam, or bad business practice. | Reportfraud.ftc.gov |
Report any suspected cybercrime. | Ic3.gov |
Report a suspected investment fraud or a problem with your investments. | Sec.gov |
Report a potentially fraudulent, illegal, or unethical investment activity. | Finra.org |
Report a violation of the Commodity Exchange Act or Commission regulations. | Cftc.gov |
Report a suspected financial/economic crime or fraud (e.g., mortgage fraud or investment fraud). | Fbi.gov |
Report any fraud related to natural or man-made disasters. | Justice.gov |
Fraud Introduction: Top Reported Fraud
The Federal Trade Commission (FTC) collects data on consumer reports regarding fraud and identity theft, storing the reports in the Consumer Sentinel Network.
The FTC reported the following in 2023:
Top 10 Fraud Categories:
- Imposter Scams
- Online shopping
- Business and job opportunities
- Internet services
- Investment related
- Telephone and mobile services
- Health care
- Travel, vacations, and timeshare plans
- Prizes, sweepstakes, and lotteries
- Mortgage foreclosure relief and debt management
Fraudsters will often impersonate credit unions in imposter scams. Educate members on these scams and promote best practices - do not share login credentials and personally identifiable information, verify legitimacy by stopping any communication and then contacting the credit union directly, look out for red flags such as pressure to act quickly, and do not transfer money over online channels or the phone.
Top Fraud Reports by Payment Method:
- Credit cards
- Debit cards
- Payment app or service
- Bank transfer or payment
- Cryptocurrency
- Wire transfer
- Gift card or reload card
- Cash
- Check
- Money order
Stay aware of payment fraud and emerging trends. A credit union may be liable for any unauthorized transactions and losses associated with these payment methods and must be prepared to protect themselves and their members.
Top Identity Theft Types:
- Credit card
- Other identity theft
- Loan or lease
- Bank account
- Employment or tax-related
- Government documents or benefits
- Phone or utilities
Stay informed of fraud trends through resources like the FTC’s Consumer Sentinel Network. Although the credit union may not be at risk for all fraud types, members likely are. To mitigate fraud risk, regularly train and educate both your employees and members on fraud and how to detect and prevent it.
Fraud Introduction: Warning Signs
The CFPB lists the following classic warning signs of fraud:
- Someone claiming to be from the government, from a bank or credit union, from a trusted or well-known business, or a family member and is asking for money or sensitive information.
- Requests for money or taxes to be paid upfront to receive a gift or prize.
- Requests for a wire transfer, cryptocurrency, money through a payment app, prepaid card, or gift card.
- Someone asking for access to your ATM cards, bank accounts, credit cards, cryptocurrency wallet keys or access codes, or investment accounts; or asking for sensitive information such as your passwords or social security number.
- A sense of urgency and high-pressure tactics.
- A deal that is too good to be true.
Educate credit union frontline staff and members on these signs and other red flags. If you believe a member is a victim of fraud, proceed with caution, ensure the member understands the risks of sending money or sharing sensitive information, and escalate accordingly.
Fraud Introduction: Laws & Regulations
Fraud Introduction: Additional Resources
Related InfoSight Topics:
NCUA Resources:
- NCUA Cybersecurity Resources
- NCUA Examiner’s Guide on Fraud
- NCUA Fraud Hotline Form
- NCUA Fraud Discovery Checklist for CU Board of Directors
- NCUA Fraud Prevention Center
- NCUA Fraud Prevention Resources
- NCUA Warns of Fake Check Scams
Other Resources:
- AICPA Managing the Business Risk of Fraud: A Practical GuideCFPB Beware of New CFPB Imposter Scams
- CFPB Class Warning Signs of Possible Fraud and Scams
- CFPB Fraud and Scams Key Terms
- Consumer Sentinel Network Data Book 2023
- FTC Consumer Sentinel Network Reports
- FTC Public Fraud Tableau Reports
- National Credit Union ISAO
- OCC Fraud Resources
Fraud Introduction: Model Policies
CU PolicyPro contains the following model content which can be used to help you craft your own policies and guidance on this topic:
- Model Policy 1100: Credit Union Culture and Governance
- 1100.17: Audits
- Model Policy 1500: Staffing and Human Resources
- 1500.10: Whistleblowing Protection
- Model Policy 1645: Fraud
- Model Policy 2225: Digital Banking
- 2225.10: Anti-Phishing
- Model Policy 11009: Identity Theft Red Flag Guidelines
- Model Policy 11012: Disclosure of Information to Victims of Identity Theft
Click to login if your credit union subscribes to CU PolicyPro
If you're not sure if your credit union subscribes, contact policysupport@cusolutionsgroup.com for assistance.