A Credit Union’s Five-Point Anti-Fraud Strategy Pays Off
By Chris Palumbo, SVP and CRO at Citadel Credit Union
Simple Subscribe
Subscribe Now!
Need to Know:
- Seven out of ten financial institutions are seeing major increases in financial fraud. Citadel Credit Union is attacking the problem with a combination of AI, trained staff and law enforcement allies.
- Citadel’s key fraud metrics have been falling as it continues to beef up its anti-fraud program.
- Citadel’s chief risk officer shares the outline of its efforts and practical tips for progress.
At Citadel Credit Union, protecting our members’ financial security means staying several steps ahead of increasingly sophisticated fraud schemes. Traditional defenses like voice verification, two-factor authentication, even the most complex passwords, no longer suffice to stop criminals. They adapt faster than ever.
Our efforts have resulted in material anti-fraud improvement over the past 15 months:
- Card fraud losses: Down 42% from peak in August 2024
- Non-card charge-offs: Down 72% from peak
- Average loss per non-card incident: Down 62% from peak
- Non-card fraud volume: Down 30% from peak
(“Non-card” includes such items as automated clearinghouse transactions, check deposits, and wire transfers.)
The stakes are rising across the industry. A 2025 study by Alloy found that 70% of institutions have reported major increases in fraud, with organized fraud rings being held responsible for a majority of fraud attempts. Nearly a third of financial organizations reported direct losses of over $1 million, an increase from 2024 where it was a quarter of institutions. There has been an increase of 1,100% in fraudsters using AI, deepfakes, and synthetic identities to commit fraud.
That reality drove Citadel, which serves members across the Greater Philadelphia region, to completely realign our fraud operations.
By blending machine-driven detection, human expertise, and active law enforcement collaboration, we’re not just reducing fraud losses, we’re working to eliminate the opportunity for fraud altogether. What’s emerged is a repeatable model:
- Systems that surface suspicious patterns earlier.
- Staff trained to respond with urgency.
- Investigators who treat each case as a link in a broader network of threats.
Over the past year, this structure has helped us reduce credit and debit card losses by 42%, and slash average non-card fraud losses by 62%.
The progress we’ve made represents a foundation for what comes next.
Lesson 1: Applying Intelligence Over Intuition
Fraud is a moving target, but it rarely starts at random. Most schemes leave behind clues such as subtle data inconsistencies, irregular behavioral patterns, or unusual device activity.
To combat this, our organization has adopted a suite of advanced tools designed to prevent fraud proactively, not just reactively. These include:
- AI-driven models that detect abnormal transaction activity in real time.
- Machine-learning algorithms trained on historical spending trends and behavioral patterns.
Alerts now trigger on more nuanced data points, complex enough to spot fraud that previously would have gone undetected.
Practical Tip: Other banks and credit unions can start small by monitoring device-level behavior (such as multiple account logins from a single device) before moving into full AI-driven modeling. Fraudsters are using the same phone or device to commit fraud on multiple accounts, many times in different time zones and also using various IPs. This indicates ring activity being initiated in foreign countries. Institutions can look for patterns such as this to implement advanced defenses.
Some credit unions have also layered biometric authentication and behavioral analytics into account access systems, adding security without slowing down legitimate users. Automated decisioning helps accelerate fraud detection at scale, while transaction-level analysis flags spending anomalies that merit deeper investigation.
Tap customer and member input: Citadel reviews member complaints as part of an iterative process to refine fraud controls and adapt to emerging tactics.
We have learned that scams have increased by over 50%, with members sharing with fraudsters their one time passcode (OTP). This is the leading driver for mobile wallet driven fraud. This is also the top cause of complaints.
Read more: Four Ways Banks Can Turn Fraud Into a Loyalty Play
Lesson 2: Real-Time Response Requires Human Action Too
Scammers grow increasingly advanced at bypassing prevention measures put in place, meaning technology alone can’t prevent fraud. That’s why Citadel has meticulously trained retail and fraud staff to spot risk at the moment it walks through the door and prevent identity-based fraud at the point of account creation. New systems validate applications more rigorously, blocking attempts to open accounts using stolen identities before funds ever leave a member’s control.
Examples of the human element’s essential role:
- Frontline employees are encouraged to act quickly, escalating suspicious behavior, verifying identity through deeper questioning, and collaborating with fraud teams in real time.
- Team members identify patterns of behavior, elevating suspicious-looking IDs and verification documents.
- The fraud team sends out information to the branches on suspicious red flags to look for and possible known suspects.
We have successfully stopped multiple individuals attempting to open accounts with stolen identities in as little as one hour between entering the branch and being escorted out of the lobby in police custody.
Practical Tip: Create simple escalation playbooks for frontline staff. These can include “Five Questions to Verify Identity” or a “Red Flag Checklist” that triggers an immediate fraud team call. Here are examples of questions for this checklist:
- How much is a member depositing?
- And by what method?
- Are there any failed responses in ChexSystems?
- Is the applicant requesting immediate issue debit card or immediately applies for credit card.
- Is the behavior out of pattern for the member?
Read more: Why Fraud Resolution is Critical to Building Customer Trust
Lesson 3: Bake Law Enforcement Collaboration Into the Workflow
Rather than treating law enforcement as a last resort, we’ve built it into the workflow. Citadel’s fraud investigations team refers a number of cases a year to local, state and federal agencies, including the FBI and the Secret Service. We detect a sizable number of fraud cases per month, with a percentage of those being escalated to law enforcement for further action. With a growing team of employees who are trained in fraud detection, we expect these numbers to increase as our organization continues to grow.
In June 2025, Citadel played a key role in the conviction of a ringleader behind a nationwide bank fraud conspiracy. Our data, case timeline, and internal documentation helped secure a federal judgment after a multi-week trial.
Practical Tip: Credit unions should cultivate direct contacts with local police and FBI field offices. They should have a dedicated official with resources for fraud investigative work. Maintaining those points of contact reduces response times and builds mutual trust.
The objective is to dismantle repeat threats early, not just react to individual offenders.
Lesson 4: Closing the Loop with Members
Our members can be assured that when fraud occurs, Citadel will respond immediately. Stolen funds are returned quickly, credit reporting is corrected, and teams communicate directly with affected members to reduce the chance of recurrence.
As new fraud tactics surface, we alert members through digital channels and provide clear guidance on how to protect themselves. In one recent case, an account-opening scam was stopped before the member even knew their identity had been compromised. That scenario now serves as a core example in Citadel’s member education efforts.
Practical Tip: Institutions should issuer regular, short fraud alert bulletins to members via text or email. Avoid generic messages, instead describing the exact scam patterns to watch for. Here is an example of one such alert:
Read more: How Banks Can Combat Customer Fraud Flying Under the Radar
Lesson 5: Measure Anti-Fraud Results Relentlessly to Support Expansion
Fraud prevention can be more than a cost saver for banks and credit unions; it can be a differentiator, helping you stand out among the competition while safeguarding those you serve.
For organizations willing to invest in smarter detection, faster action, and deeper collaboration, the effort means fewer losses, safer members or customers, and a stronger foundation of trust.
Beyond the results outlined earlier in this article, specific investments drive their own payoffs. For example, we estimate that the return on investment for one of the new tools we have implemented currently sits at over 57%.
Practical Tip: Track metrics beyond dollars lost. Track such factors as time-to-detection, time-to-member-restitution, and percentage of cases escalated to law enforcement. Including these KPIs demonstrates real impact for the organization and the members and customers protected.
As fraud challenges continue to grow, meticulous tracking will establish grounds for continual investment in fighting the threats.
Read more: Is That Your Boss or a Deepfake on the Other Side of That Video Call?
