Table of Contents
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening payment security. As cybercriminals leverage social engineering and AI-driven tactics, Scaffidi explains how innovation in authentication, real-time monitoring, and member education can enhance security without sacrificing the member experience.
Which fraud schemes, such as account takeover, card-not-present fraud, or synthetic identity fraud, are posing the biggest challenges for credit unions?
Threats have shifted toward high-velocity, socially engineered attacks that exploit trust and urgency, particularly imposter calls that trick people into making instant, irreversible transfers, like sending money through crypto ATMs or quick-pay apps.
Account takeover and card-not-present fraud are driven by hybrid social-tech attacks such as phishing, vishing, and smishing that harvest one-time passcodes and device-based prompts, with credential replay further accelerating the problem.
We know that staying safe from fraud starts with smart habits and strong tools. That’s why we always remind our members: never share your passcodes or account credentials, and don’t trust anyone who pressures you into something that doesn’t feel right.
The sooner members let us know about suspicious activity, the better chance we have to stop transfers and get law enforcement involved to help protect them.
Do you see tokenization, digital wallets, or biometric authentication changing the game for payment security at credit unions?
Member security isn’t just a technology problem, it’s a human and now an AI battle. Scammers use pressure and speed across different channels to catch people off guard.
Member and customer security are always a top priority. The goal is to build systems that works quietly in the background, consolidating data, moving fast, and making smart decisions to keep their accounts safe.
We want to make it harder for scammers and easier for members. When we improve the experience and raise the cost of attacks, we boost both security and member satisfaction. Staying ahead means stopping social engineering tactics before they lead to stolen credentials or passcode abuse. That’s why we team up with our fraud experts and rely on smart tools like SIEM, behavior analytics, and threat intelligence to keep our members protected.
Many credit unions face tighter budgets and smaller security teams than large banks. How can they balance fraud prevention with member experience and cost constraints?
Having great support at the executive and board levels and relying on what makes credit unions great, which is the more personal interaction with the members. That means helping to increase awareness with our technology to introduce authentication and step-up security challenges when something seems off like a new device, unusual location or rapid transfers to keep transactions smooth.
Real time alerts by text, email and in-app help catch fraud early and reduce the time it goes unnoticed.
Proactive transaction monitoring and customizable member alerts also push detection to the edge and ease the load on contact centers. Behind the scenes, focusing a lot on streamlining processes and consolidating tools to respond faster because that is where we can gain efficiency to respond faster and connect the dots across endpoints, identity, and cloud so we can make quick, smart decisions that keep members protected.
When budgets and people are limited, getting teams to punch above their weight is paramount to being successful and identifying how those team members learn and being the leader they need at the right time creates success.
Where do you see the biggest opportunities for credit unions to innovate in payment security without overburdening members?
We don’t choose our threats, our threats choose us. We do our best to stay ahead of the bad actors and to protect our members. We want to simplify processes so that complexity doesn’t get in the way for members or employees.
By using tools like behavioral analytics, velocity controls, and device history, we can spot unusual activity more easily. And with contextual education, we help members stay resilient against different types of attacks across our environment.
