NAFCU Journal March April 2021

31 THE NAFCU JOURNAL March–April 2021 of requests a day and your call center’s getting lit up for 100 all of a sudden, maybe there’s something there that you want to take a closer look at. Web traffic logs, I think that’s another important one. Do you have the right type of monitoring in place to ensure that you’re just not seeing rapid guessing of passwords and user credentials, only allowing so many attempts from a certain IP or the same email address? So I think the more of this that you can have a full insight into or full visibility into from a data perspective, it’s going to make you stronger because you’re going to be able to identify those anomalies much, much quicker. Randy: What are some of the unique data elements that can be leveraged to effectively determine if a transaction is valid or fraudulent? Eric: This is an area in which the indus- try is really coming a long way, and you hear over the years a lot of challenges between, hey, what can I see as the issuer and what does the merchant see that I’m not seeing? And it’s maybe not been as an effective data share as it really could have been for the good of the overall industry. So as we’ve seen more of a pivot to enrich datasets, you’re starting to see opportu- nities to leverage device-identification numbers, IP addresses, in your strategies. The requester URL. A browser’s time- zone application identification number. There’s so much more enriched data that’s coming through, and what this allows is really for issuers to become smarter with some of the information that merchants see and vice versa…And this can be effec- tively used for fraud modeling. This can be used for streamlining commerce without increasing risk, which is really the most important. So smarter, more-connected decisions are possible, and more ways to reduce that friction that your member might experience is really the power of these enhanced and enriched datasets. Randy: People are using a variety of digital devices, and far more than ever before. Most are connected to at least two or three different digital points of contact. How can credit unions main- tain the same level of fraud prevention across all of those? Eric: I think, again, we talk about data. I think there’s opportunity there when it comes to aggregating data to pick up on signals and anomalies across different payment channels. We’ve kind of talked about that, bringing it all together. But one of the things that I think the industry really needs to get more serious about is trying to get members and consumers to stop using static passwords. There are so many more effective ways now to authen- ticate through multifactor authentication. I mean, we just talked for about OTP, one- time-passwords or passcodes, being one of the opportunities there. Biometrics for mobile apps. It’s still amazing, quite frankly, about how many people don’t lock their devices. I think somewhere around 43, 45 percent [of ] Americans don’t lock their devices. And it seems pretty basic as a default. But again, multifactor authentication is critically important when it comes to your Web interfaces, and biometrics, leveraging the capabilities there, whether it’s facial recognition, even thumbprints… So just be aware, be alert, be skeptical. To hear our full conversation, go to www.nafcu.org/key-fraud-drivers. ...PIN changes, requests to tokenize my account so I can load it into an app… if you typically see 10, 20 of these types of requests a day and your call center’s getting lit up for 100 all of a sudden, maybe there’s something there that you want to take a closer look at.