PowerPoint Presentation

FraudNet alert trainingUpon completion of this training, you will be able to understand, prioritize, and respond to FraudNet alerts you receive from the SettleMINT EFT team.

FraudNet can help protect your credit union and your members from potentially devastating loss.Credit unions using EasyPay powered by Fiserv can now enjoy the benefits of FraudNet.

What is fraudnet?FraudNet is a cutting-edge fraud-detection system that identifies fraudulent bill pay activity in real time using a complex set of algorithms. This state-of-the-art fraud-detection tool also helps credit unions meet FFIEC requirements to monitor suspicious activity on high-risk accounts.

how does fraudnet work?The FraudNet Detection Engine identifies unusual bill pay activity by gathering the following types of data from payments scheduled through bill pay:Behavioral dataPredefined rules are used to target specific types of behaviors that have been associated with previous fraud. Each rule is assigned a code to help the investigator determine why an alert was triggered and how the investigation should be approached.Negative dataExtracted from confirmed fraud cases, this data is used to detect repeat occurrences of fraud.Statistical dataThis data permits FraudNet to detect and return more negative alerts.

Common types of fraudThe definitions below are provided to help you better understand common types of fraud detected by the FraudNet Detection Engine.

Electronic kitingThe perpetrator uses a funding account with limited or no funds to process payments via bill pay. PhishingThis is the practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organizations logo in an attempt to steal passwords and financial or personal information, or to introduce a virus attack.

Man in the browserRelated to man in the middle, described below, this is a Trojan horse that infects a web browser and has the ability to modify pages, change transaction content, or insert additional transactions, all in a completely covert fashion invisible to both the consumer and the host application. These types of attacks can be successful whether or not security mechanisms such as SSL/PLI and/or multi-factor authentication solutions are in place. The only way to counter these types of attacks is to use transaction verification.Man in the middleThe perpetrator funnels communication between a consumer and a legitimate organization through a fake website. In these attacks, neither the consumer nor the organization is aware that the communication is being illegally monitored. The criminal is in the middle of a transaction between the consumer and his or her bank, credit card company, or retailer.

Common types of fraud (continued)The definitions below are provided to help you better understand common types of fraud detected by the FraudNet Detection Engine.

Third-party receiver of fundsA person who transfers money and reships high-value goods that have been fraudulently obtained in one country, usually via the Internet, to another country, typically where the perpetrator lives.Trojan horseA program that installs malicious software (malware) on a consumers computer without their knowledge. Trojan horses often come in links or as attachments from unknown email senders. Once installed, the malicious software can detect the consumers access to online banking sites and record their username and password, which is then transmitted to the perpetrator. Common types of fraud (continued)The definitions below are provided to help you better understand common types of fraud detected by the FraudNet Detection Engine.

What is a fraudnet alert?FraudNet harnesses the power of collaboration by offering users the ability to post instant alerts and maintain a black list shared and viewable by financial institutions across the nation. When the SettleMINT EFT team receives a FraudNet alert that pertains to a transaction relating to one of your members, they will use AnswerBook to pass this alert on to your credit unions FraudNet contact, who will then need to use the Alert Priority List (referenced on Slides 9-14) to prioritize the alert in case there are others that also need to be researched. Once the alert is prioritized, your credit unions FraudNet contact will then need to research the transaction referenced in the alert to determine whether or not it is fraudulent. Once the legitimacy of the transaction has been determined, your FraudNet contact will need to reply through AnswerBook to request that the transaction be processed or stopped/returned.

alert timelineIf there is an alert that requires your attention, the SettleMINT EFT team will notify you via AnswerBook during one of the two time periods listed below. Also listed below is the time at which theyll need your response on whether or not to process the transaction referenced in the alert.Between 8-9 AM ET (Respond by 2 PM ET same day.)Between 2-3 PM ET (Respond by 8 AM ET next day.)Note: Cases will not be worked on weekends and holidays.It is extremely important that you respond to the SettleMINT EFT team via AnswerBook by the times listed above as we cannot make the decision on your behalf regarding whether to process or stop the transaction. If we do not hear from you with a decision by the times indicated above, then:The payment will remain on hold for up to 5 business days.After that, the payment will be cancelled, in which case the payment would not be delivered and the member could receive late fees/penalties.

Alert priority LISTfirst priorityNegative List DDA: The subscribers bank account number is on a list of bank accounts associated with confirmed cases of fraud. Negative List Email: The subscribers email address is on a list of email addresses associated with confirmed cases of fraud.Negative List Payee Account #: The subscribers account number with the payee is on a list of payee account numbers associated with confirmed cases of fraud.Negative List SSN: The subscribers Social Security Number is on a list of Social Security Numbers associated with confirmed cases of fraud. When a Social Security Number is added, all payments made by that subscriber are alerted in FraudNet. Prior to adding a Social Security Number to the Negative List, you must obtain a Declaration of Fraud, which is a letter stating that the subscriber never has and never will use bill pay.Negative List ZIP + 11: The payees 11-digit ZIP code is on a list of payee address zip codes linked to confirmed cases of fraud.

Alert priority LISTfirst priority (continued)Manual Alert: This is externally reported fraud that FraudNet missed or that failed to trigger an alert. Its generated by the sponsor to notify Fiserv of the missed data. Manual Alert Search: A sponsor using FraudNet generated an alert for an item that was linked to confirmed fraud data (generally associated with email address, ZIP code, or payee account number).It is crucial that these accounts be entered into the FraudNet system so fraud analysts can track and modify client-scoring parameters in the event their detection statistics begin to drop.Quick Hitter Rule: Multiple payments have been made to a newly added payee.

Alert priority LISTSecond prioritySubscriber Info Change: The subscribers email address has recently changed.Personal Payments Receiver Velocity: This measures velocity of transactions and cumulative dollar amounts received by an individual. Sponsors subscribing to ZashPay should work with their fraud specialist to establish the appropriate velocity and amount thresholds. Personal Payment Sender Velocity: This measures velocity of transactions and cumulative dollar amounts sent by an individual. Sponsors subscribing to ZashPay should work with their fraud specialist to establish the appropriate velocity and amount thresholds.A2A Velocity: This monitors the velocity of account-to-account transfers being made by a specific subscriber. Variables are dependent on the specific business units needs.

Account Transfers Sleep: This monitors for previously created transactions being scheduled on a previously dormant account.Bust-Out: The subscriber is attempting to make a payment to a recently added payee, and the payees address is located near the subscribers address.Bust-Out II: The subscriber is attempting to make a payment to a recently added payee, and the payees address is located far from the subscribers address.Model: This is a statistical rule that is usually triggered by payment size. This is usually a large payment with a small chance of fraud.Alert priority LISTSecond priority (continued)

Alert priority LISTthird priorityDDA = Payee Account #: This monitors for transactions where the funding account matches the receiving or payee account number. This rule monitors both electronic and paper transactions.MOE (Merchant Online Enrollment): This rule monitors all newly established MOE merchant payments in the Fiserv system. Verify the payment with the subscriber. MOE was a process created at Fiserv that allowed unmanaged, non-common payees to become electronically enabled. This program is no longer being used, but fraud mitigation practices still exist to monitor MOE merchants who are still electronically enabled within the Fiserv bill payment network.

Managed Velocity Payment: This is an optional rule used to monitor velocity of payments within a particular industry or set of industries. Contact your assigned fraud specialist to establish the thresholds for this velocity rule. For example, this rule helps detect multiple payments being transmitted to various credit card numbers, not just the same number.Transfer Monitor: This monitors newly created account-to-account transfers, timeframes, and amount thresholds per business unit specifications. Bank by Mail: This monitors transactions being remitted directly to financial-institution branches for deposit into a checking account.Effective fall 2011

Alert priority LISTthird priority (continued)

Alert research tipsThe tips below are guidelines for researching a transaction flagged in a FraudNet alert. Please note that these are just recommendations and there may be additional research required to determine whether or not a transaction is fraudulent. When researching or making a decision on a transaction referenced in a FraudNet alert, please follow your credit unions fraud/identity theft procedures.Evaluate the transaction against normal member activity for the past three months.Why? If the transaction is out of the members norms, this could be a sign of fraud.How? From Member Inquiry, click the Transaction Activity button. Review the open date of the membership or sub-account. Why? If the membership/sub-account was recently opened or if it was opened a long time ago with no activity until recently, this could be a sign of fraud.How? Within Member Inquiry, the membership open date will be listed in the top right corner of the Contact Information tab. The sub-account open date will be listed in the top right corner of the Member Account Inquiry screen, accessed by clicking the sub-account and then Select.

Review documents used at account opening (i.e. copy of drivers license).Why? If the members ID looks fake or suspicious, this could be a sign of fraud.How? Follow your specific credit union procedures for where these documents are stored.Review the members credit report.Why? If the credit score has suddenly plunged, this could be a sign of fraud.How? From MNLOAN #1-Process Member Applications, enter the account base and press Enter. Then type in action code VC and press Enter. Select the report and click View Report.

Alert research tips (continued)The tips below are guidelines for researching a transaction flagged in a FraudNet alert. Please note that these are just recommendations and there may be additional research required to determine whether or not a transaction is fraudulent.

Review any changes in contact information and by whom the changes were made.Why? Identity thieves often change contact information to reroute mail to themselves. How? Go to MNAUDT #24-Audit File Maintenance.If, after performing the above research, you determine its likely that the transaction is fraudulent, contact the member to verify the legitimacy of the transaction. Tip: Use any previous contact information that may exist for the member to reduce the chances of contacting the identity thief.

Alert research tips (continued)The tips below are guidelines for researching a transaction flagged in a FraudNet alert. Please note that these are just recommendations and there may be additional research required to determine whether or not a transaction is fraudulent.

If you determine that the transaction is legitimate and you want the SettleMINT EFT team to proceed with the transaction, respond via AnswerBook with instructions to process the transaction.Alert research tips (continued)The tips below are guidelines for researching a transaction flagged in a FraudNet alert. Please note that these are just recommendations and there may be additional research required to determine whether or not a transaction is fraudulent. XIf you determine that the transaction is fraudulent and you want the SettleMINT EFT team to deny the transaction, respond via AnswerBook with instructions to stop or return the transaction.

For response deadlines, refer to timeline on Slide 8.

Thank you for attending this web conference.ReminderPlease contact us no later than Friday, March 1 with the names and contact information of three FraudNet contacts from your credit union so that we always have someone to speak with regarding transactions referenced in FraudNet alerts and so that your timely response to our alerts is ensured.