FraudNet can help protect your credit union and your members from potentially devastating loss. Credit unions using EasyPay powered by Fiserv can now enjoy.
Download ReportTranscript FraudNet can help protect your credit union and your members from potentially devastating loss. Credit unions using EasyPay powered by Fiserv can now enjoy.
Slide 1
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 2
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 3
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 4
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 5
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 6
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 7
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 8
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 9
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 10
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 11
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 12
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 13
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 14
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 15
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 16
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 17
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 18
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 19
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 2
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 3
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 4
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 5
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 6
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 7
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 8
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 9
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 10
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 11
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 12
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 13
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 14
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 15
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 16
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 17
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 18
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.
Slide 19
FraudNet can help protect your
credit union and your members
from potentially devastating loss.
Credit unions using EasyPay powered by Fiserv
can now enjoy the benefits of FraudNet.
FRAUDNET ALERT
TRAINING
Upon completion of this training, you
will be able to understand, prioritize,
and respond to FraudNet alerts you
receive from the SettleMINT EFT
team.
WHAT IS FRAUDNET?
FraudNet is a cutting-edge fraud-detection system that identifies
fraudulent bill pay activity in real time using a complex set of algorithms.
This state-of-the-art fraud-detection tool also helps credit unions meet
FFIEC requirements to monitor suspicious activity on high-risk
accounts.
HOW DOES FRAUDNET WORK?
The FraudNet Detection Engine identifies unusual bill pay activity by gathering
the following types of data from payments scheduled through bill pay:
Behavioral data
Predefined rules are used to target specific types of behaviors that have been associated
with previous fraud. Each rule is assigned a code to help the investigator determine why an
alert was triggered and how the investigation should be approached.
Negative data
Extracted from confirmed fraud cases, this data is used to detect repeat occurrences of
fraud.
Statistical data
This data permits FraudNet to detect and return more
negative alerts.
COMMON TYPES OF FRAUD
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Electronic kiting
The perpetrator uses a funding account with
limited or no funds to process payments via bill pay.
Phishing
This is the practice of luring unsuspecting Internet users to a fake website by using
authentic-looking email with the real organization’s logo in an attempt to steal
passwords and financial or personal information, or to introduce a virus attack.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand
common types of fraud detected by the FraudNet Detection Engine.
Man in the browser
Related to “man in the middle,” described below, this is a Trojan horse that infects a
web browser and has the ability to modify pages, change transaction content, or
insert additional transactions, all in a completely covert fashion invisible to both the
consumer and the host application. These types of attacks can be successful whether
or not security mechanisms such as SSL/PLI and/or multi-factor authentication
solutions are in place. The only way to counter these types of attacks is to use
transaction verification.
Man in the middle
The perpetrator funnels communication between a consumer and a legitimate
organization through a fake website. In these attacks, neither the consumer nor the
organization is aware that the communication is being illegally monitored. The
criminal is in the middle of a transaction between the consumer and his or her bank,
credit card company, or retailer.
COMMON TYPES OF FRAUD (continued)
The definitions below are provided to help you better understand common types of
fraud detected by the FraudNet Detection Engine.
Third-party receiver of funds
A person who transfers money and reships high-value
goods that have been fraudulently obtained in one
country, usually via the Internet, to another country,
typically where the perpetrator lives.
Trojan horse
A program that installs malicious software (malware) on a consumer’s computer
without their knowledge. Trojan horses often come in links or as attachments from
unknown email senders. Once installed, the malicious software can detect the
consumer’s access to online banking sites and record their username and password,
which is then transmitted to the perpetrator.
WHAT IS A FRAUDNET ALERT?
FraudNet harnesses the power of collaboration by offering users the ability
to post instant alerts and maintain a black list shared and viewable by
financial institutions across the nation.
When the SettleMINT EFT team receives a FraudNet alert that pertains to
a transaction relating to one of your members, they will use AnswerBook to
pass this alert on to your credit union’s FraudNet contact, who will then
need to use the Alert Priority List (referenced on Slides 9-14) to prioritize
the alert in case there are others that also need to be researched.
Once the alert is prioritized, your credit union’s FraudNet contact will then
need to research the transaction referenced in the alert to determine
whether or not it is fraudulent.
Once the legitimacy of the transaction has been determined, your FraudNet
contact will need to reply through AnswerBook to request that the
transaction be processed or stopped/returned.
ALERT TIMELINE
If there is an alert that requires your attention, the SettleMINT EFT team will
notify you via AnswerBook during one of the two time periods listed below.
Also listed below is the time at which they’ll need your response on whether
or not to process the transaction referenced in the alert.
Between 8-9 AM ET (Respond by 2 PM ET same day.)
Between 2-3 PM ET (Respond by 8 AM ET next day.)
Note: Cases will not be worked on weekends and holidays.
It is extremely important that you respond to the SettleMINT
EFT team via AnswerBook by the times listed above as we cannot
make the decision on your behalf regarding whether to process
or stop the transaction. If we do not hear from you with a decision by the
times indicated above, then:
The payment will remain on hold for up to 5 business days.
After that, the payment will be cancelled, in which case the payment would not be delivered
and the member could receive late fees/penalties.
ALERT PRIORITY LIST
FIRST PRIORITY
Negative List – DDA: The subscriber’s bank account number is on a list of
bank accounts associated with confirmed cases of fraud.
Negative List – Email: The subscriber’s email address is on a list of email
addresses associated with confirmed cases of fraud.
Negative List – Payee Account #: The subscriber’s account number with the
payee is on a list of payee account numbers associated with confirmed cases
of fraud.
Negative List – SSN: The subscriber’s Social Security Number is on a list of
Social Security Numbers associated with confirmed cases of fraud.
When a Social Security Number is added, all payments made by that subscriber are alerted
in FraudNet.
Prior to adding a Social Security Number to the Negative List, you must obtain a
“Declaration of Fraud,” which is a letter stating that the subscriber never has and never will
use bill pay.
Negative List – ZIP + 11: The payee’s 11-digit ZIP code is on a list of payee
address zip codes linked to confirmed cases of fraud.
ALERT PRIORITY LIST
FIRST PRIORITY (CONTINUED)
Manual Alert: This is externally reported fraud that FraudNet missed or
that failed to trigger an alert. It’s generated by the sponsor to notify
Fiserv of the missed data.
Manual Alert Search: A sponsor using FraudNet generated an alert for
an item that was linked to confirmed fraud data (generally associated
with email address, ZIP code, or payee account number).
It is crucial that these accounts be entered into the FraudNet system so fraud
analysts can track and modify client-scoring parameters in the event their detection
statistics begin to drop.
Quick Hitter Rule: Multiple payments have been made to a newly added
payee.
ALERT PRIORITY LIST
SECOND PRIORITY
Subscriber Info Change: The subscriber’s email address has recently
changed.
Personal Payments Receiver Velocity: This measures velocity of transactions
and cumulative dollar amounts received by an individual. Sponsors
subscribing to ZashPay should work with their fraud specialist to establish
the appropriate velocity and amount thresholds.
Personal Payment Sender Velocity: This measures velocity of transactions
and cumulative dollar amounts sent by an individual. Sponsors subscribing to
ZashPay should work with their fraud specialist to establish the appropriate
velocity and amount thresholds.
A2A Velocity: This monitors the velocity of account-to-account transfers
being made by a specific subscriber.Variables are dependent on the specific
business unit’s needs.
ALERT PRIORITY LIST
SECOND PRIORITY (CONTINUED)
Account Transfers Sleep: This monitors for previously created transactions
being scheduled on a previously dormant account.
Bust-Out: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s
address is located near the subscriber’s address.
Bust-Out II: The subscriber is attempting to make a
payment to a recently added payee, and the payee’s address is located far
from the subscriber’s address.
Model: This is a statistical rule that is usually triggered by payment size.
This is usually a large payment with a small chance of fraud.
ALERT PRIORITY LIST
THIRD PRIORITY
DDA = Payee Account #: This monitors for transactions where the
funding account matches the receiving or payee account number. This
rule monitors both electronic and paper transactions.
MOE (Merchant Online Enrollment): This rule monitors all newly
established MOE merchant payments in the Fiserv system.Verify the
payment with the subscriber.
MOE was a process created at Fiserv that allowed unmanaged, non-common payees
to become electronically enabled. This program is no longer being used, but fraud
mitigation practices still exist to monitor MOE merchants who are still electronically
enabled within the Fiserv bill payment network.
ALERT PRIORITY LIST
THIRD PRIORITY (CONTINUED)
Managed Velocity Payment: This is an optional rule used to monitor
velocity of payments within a particular industry or set of industries.
Contact your assigned fraud specialist to establish the thresholds for
this velocity rule. For example, this rule helps detect
multiple payments being transmitted to various
credit card numbers, not just the same number.
Transfer Monitor: This monitors newly created
account-to-account transfers, timeframes, and
amount thresholds per business unit specifications.
Bank by Mail: This monitors transactions being remitted directly to
financial-institution branches for deposit into a checking account.
Effective fall 2011
ALERT RESEARCH TIPS
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent. When
researching or making a decision on a transaction referenced in a FraudNet alert,
please follow your credit union’s fraud/identity theft procedures.
1.
Evaluate the transaction against normal member activity for the past
three months.
Why? If the transaction is out of the member’s norms, this could be a sign of fraud.
How? From Member Inquiry, click the Transaction Activity button.
2.
Review the open date of the membership or sub-account.
Why? If the membership/sub-account was recently opened or if it was opened a long
time ago with no activity until recently, this could be a sign of fraud.
How? Within Member Inquiry, the membership open date will be listed in the top
right corner of the Contact Information tab. The sub-account open date will be listed
in the top right corner of the Member Account Inquiry screen, accessed by clicking
the sub-account and then Select.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
3.
Review documents used at account opening
(i.e. copy of driver’s license).
Why? If the member’s ID looks fake or suspicious, this
could be a sign of fraud.
How? Follow your specific credit union procedures for where these documents are
stored.
4.
Review the member’s credit report.
Why? If the credit score has suddenly plunged, this could be a sign of fraud.
How? From MNLOAN #1-Process Member Applications, enter the account base and
press Enter. Then type in action code VC and press Enter. Select the report and click
View Report.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
5.
Review any changes in contact information and by whom the changes
were made.
Why? Identity thieves often change contact information to reroute mail to
themselves.
How? Go to MNAUDT #24-Audit File Maintenance.
6.
If, after performing the above research, you determine it’s likely that
the transaction is fraudulent, contact the member to verify the
legitimacy of the transaction.
Tip: Use any previous contact information that may
exist for the member to reduce the chances of contacting
the identity thief.
ALERT RESEARCH TIPS (CONTINUED)
The tips below are guidelines for researching a transaction flagged in a FraudNet
alert. Please note that these are just recommendations and there may be additional
research required to determine whether or not a transaction is fraudulent.
X
If you determine that the
transaction is legitimate and you
want the SettleMINT EFT team
to proceed with the transaction,
respond via AnswerBook with
instructions to process the
transaction.
If you determine that the
transaction is fraudulent and you
want the SettleMINT EFT team
to deny the transaction, respond
via AnswerBook with
instructions to stop or return
the transaction.
For response deadlines, refer to timeline on Slide 8.
THANK YOU FOR ATTENDING THIS
WEB CONFERENCE.
REMINDER
Please contact us no later than Friday, March 1 with the names
and contact information of three FraudNet contacts from
your credit union so that we always have someone to speak with
regarding transactions referenced in FraudNet alerts and so that
your timely response to our alerts is ensured.