Through our partnership with credit unions coast-to-coast, our team routinely receives calls related to fraudulent activity. In this article, we outline seven types of fraud and review the steps your team can take to mitigate each.
“Fraud is constantly evolving, and what we’re seeing today is more complex and more targeted than ever before,” said Anne Bunker, Payment Training Analyst at Synergent. “The most effective defense is a combination of informed staff, proactive member education, and consistent processes across your organization.”
1. Beware of Gold Bar Scams
Gold bar scams are a notable form of fraud recently highlighted by the FBI, in which criminals manipulate victims—often seniors—into converting their savings into cash or gold and handing it off to a courier. These schemes are typically layered into other common scams, such as impersonations of government agencies, tech support, or even family members in distress, sometimes using voice spoofing. Victims are convinced that moving their funds into gold or cash will “protect” them from legal trouble or fraud and may be given verification codes to make the handoff feel legitimate.
For credit unions, mitigation starts with awareness and frontline vigilance. Staff should be trained to recognize red flags, such as members requesting unusually large cash withdrawals or expressing urgency tied to secrecy or perceived government directives. Proactive conversations with members can be critical. Asking simple questions about the purpose of funds or reinforcing that legitimate agencies will never require payment in gold or cash can help interrupt scams in progress. In some cases, members may be on the phone with the fraudster while in the branch, so staff should be alert to signs like active calls or earpieces. Strengthening member education and encouraging prompt reporting of suspicious activity can further reduce risk and help protect members before losses occur.
2. Review Card Authentication Factors
When issuing a new or replacement card, strong authentication at activation is a key layer of fraud prevention. Credit unions should consider requiring at least three matching verification factors before activating a card, such as caller ID, ZIP code, date of birth, or the last four digits of a Social Security number. Incorporating multiple data points within Risk Office—especially those unique to your institution—helps ensure the card is being activated by the rightful member and reduces the risk of unauthorized use.
3. Do Not Reopen Captured Cards
When managing compromised cards, it’s critical to follow proper closure procedures to protect both your member and your credit union. Once a card is marked as lost, stolen, or closed (“hot carded”), its status is automatically shared with Visa and Mastercard and added to the Card Recovery Bulletin, helping merchant processors identify invalid cards. Reopening a card after this point can create downstream issues, including declined transactions for the member and potential loss of fraud chargeback rights for the credit union if fraudulent activity has already been reported.
To mitigate risk, credit unions should ensure cards are fully closed prior to initiating fraud-related chargebacks and remain closed once captured. Consistent processes and staff awareness can help prevent operational missteps and preserve both member experience and recovery options.
4. Take Action Against BIN Attacks
A brute-force BIN attack is a form of fraud in which criminals use automated, trial-and-error methods to guess valid card details, including account numbers, expiration dates, PINs, and CVV codes. These attacks often appear as a high volume of declined transactions (often 100+), sometimes in rapid succession, as fraudsters test different combinations to identify usable card credentials. BIN attacks in which criminals are auto‑generating card numbers to find valid ones may include patterns such as repeated declines from a single merchant using sequential card numbers with return codes 052 (expired/non‑existent) or 077 (non‑existent).
To mitigate risk, credit unions should monitor transaction activity for unusual spikes in declines and recognize these patterns early. This can be done by reviewing the Transaction Journal to identify any significant increases in the number of denials with the response codes below from one or multiple merchants:
- 14 – Denied for invalid cardholder account number information, CVV/CVC or CVV2/CVC2
- 54 – Card is expired
- 77 – Record cannot be located
If no transactions are successfully approved, the risk of fraud is low and reissuing cards may not be necessary. However, if approvals are detected, escalation is critical. During business hours, you can contact your risk analyst; outside of business hours, the merchant ID can be blocked using a tool like Tranblocker. Additional tools such as RuleManager, merchant blocking, enhanced fraud rule management, and Risk Office Select can help contain attacks, while coordination with risk teams ensures an appropriate and timely response.
5. Review Closed – Unconfirmed Fraud Cases in CaseTracker
Timely case management plays a critical role in maintaining an effective fraud prevention strategy. Credit unions should aim to review closed or unconfirmed fraud cases daily and decision transactions as “fraud” or “no fraud” within CaseTracker. As a best practice, maintaining at least a 75% closure rate of cases as confirmed fraud or no fraud helps ensure the Enfact system remains up to date and continues to perform effectively.
If your team is looking to further refine performance, consider reviewing and updating Enfact special rules. Your risk analyst can provide guidance to help optimize settings and strengthen your overall fraud detection strategy.
6. Automatically Disable Old Cards Upon Activation of New Ones
When issuing replacement cards, it’s important to consider what happens to the old card. Even if a card is physically damaged or discarded, the card number, expiration date, and CVV may still be usable for online or manually entered transactions until the original expiration date passes. This creates a potential vulnerability if the old card remains active.
To reduce risk, credit unions should ensure old cards are deactivated as part of the replacement process. Enabling features like “disable old card upon activation” within your BIN parameters can help protect your credit union. Review your Cardbase setup in Client Workstation under “Card Management.” Taking this extra step helps protect members from unauthorized transactions and strengthens overall card security.
7. Ask Questions to Prevent Deepfake Fraud
Deepfake fraud is an emerging threat driven by AI voice-cloning technology, which can create highly convincing imitations of a person’s voice using just a few seconds of audio—often pulled from social media or voicemails. Because these tools are widely accessible and inexpensive, fraudsters can use them to impersonate members, gather sensitive information, or attempt to bypass traditional verification methods at financial institutions.
To mitigate this risk, credit unions should strengthen authentication practices by incorporating out-of-band verification questions, such as identifying joint account holders, existing loans, direct deposit sources, or recurring payment amounts. Staff training is also essential. Employees should be coached to recognize unusual requests, urgency, or inconsistencies in member interactions. As these threats continue to evolve, proactive member and staff education remains one of the most effective defenses.
Learn More
To learn more about any of these areas, please contact us today.
