Measures to Combat Shared Branch Fraud Attacks


Produced by Ann Davidson, Vice President of Risk Consulting | July 31, 2019

Are you a credit union issuer in the shared branch network? As an issuer in the shared branch process, are you seeing an increase of multiple inquirers on your members accounts? 


Individual credit unions across the country have reported more than $30K in losses from “shared branch fraud” attacks, with total losses nation-wide reaching over $1 million

Shared branch fraud occurs when cybercriminals use the fake or stolen identity of an employee or member to pass thru authentication layers and perform unauthorized withdrawals at an acquirer credit union in your shared branch network. 

Here’s how these shared branch attacks are taking place: 


First… The cybercriminal purchases an individual’s stolen information on the dark web to commit identity theft and purchase counterfeit identity cards. It is likely that quite a few of your members have their private information waiting to be sold on the dark web, with an estimated 147.9 million Americans being exposed during the 2017 Equifax Breach alone


Next… The cybercriminal conducts an in person, online, or over-the-phone inquiry to gain access to a member’s account number. In many cases, the criminals call into contact centers to verify the account is open via an account balance inquiry or a balance transfer request. 


Last… The cybercriminal shows a counterfeited state-issued ID and the stolen account number and credit union name at an acquirer credit union in your shared branch network to take the maximum amount of available funds. Oftentimes, the shared branch outlet visited is out of state. 


Traditionally, these attacks are performed on employees’ and board members’ accounts, presumably due to the fact that many credit unions place the names and photos of these staff members on their website. However, new occurrences of these attacks are being reported on non-employee accounts.

All known shared branch fraud attacks have taken place via one of the following transactional channels:


  • Checking, share, or share draft account withdrawals performed at the teller counter in the form of teller checks, cashier checks, official checks, or cash
  • HELOC line of credit disbursements issued as teller checks, cashier checks, or official checks 
  • Credit card line of credit disbursements issued as teller checks, cashier checks, or official checks


If your credit union offers your members or employees the option to perform withdrawals from checking, share, or share draft accounts or allow line of credit advances from credit card accounts or HELOC loans at aquirer credit unions in your shared branch network, you may be at risk of loss exposures from one of these attacks.


Read the Blog:  7 HELOC Loan Fraud Prevention Stategies


Best Practices for Mitigating Shared Branch Fraud


  • Consider offering an opt-in/opt-out policy for employees, board members and members to participate in shared branching, and make sure they are informed of the potential risks involved.
  • Consider reaching out to members with high balances and little or no shared branch activity to ask if they want to block shared branch activity on their account.
  • Flag accounts that have not used shared branching to identify and look into any new, potentially fraudulent, shared branch activity occurring on these accounts.
  • Consider blocking HELOC line of credit disbursement requests performed at an aquirer shared branch location.
  • Block credit card line of credit disbursement requests performed at the teller counter. Redirect these transaction requests to the aquirer’s ATMs (since credit card transaction cannot be fully blocked).
  • Look into inquiries received on members’ account before authorizing any shared branch withdrawal request. If anything seems off or suspicious, contact the member directly to validate the request and prevent fraudulent activity.
  • Leverage an identity theft vendor that scans the dark web for member data to capture and report vulnerabilities.
  • Encourage your members to freeze their credit (for free) with the 3 credit bureaus to help protect their information.
  • Strengthen contact center security questions and authorization methods to protect members’ information.
  • Work with acquirer credit unions in your shared branch network to bolster security tools, authentication requirements, and cash withdrawal limits to help prevent shared branch fraud attacks.
  • Review your shared branch agreements to know when your credit union is liable for fraud losses, and to understand the authentication and security measures required of both issuers and acquirers participating in shared branching.
  • Advocate that your shared branch network continues to improve their fraud detection and prevention tools.
  • Notify the secret service of any fraud instances you’ve experienced to help them capture the assailants.


If you are an issuer credit union in the shared branch network, it is important you take steps right away to protect your credit union and members from exposure to these attacks.


If you are an Allied Solutions Bond client and are concerned that you may have already experienced this kind of fraud, contact immediately for support.


Click here to learn more about credit union risk solutions offered by Allied Solutions.  


About Allied Solutions

For over 20 years, Allied Solutions has been selling and underwriting customizable solutions to keep credit unions protected from unexpected risks. Allied is now the industry's largest independent producer of credit union bond and insurance business with more than 800 clients nationwide and a staff that has unsurpassed technical experience and know-how. It is this commitment and expertise that has helped Allied save clients millions in insurance premiums, and has granted us the highly esteemed 'Preferred Partner' status by NAFCU Services.


Content in the blog posts are the opinion and views of the writer, and don't necessarily reflect the opinions or views of Allied Solutions.

Most Recent