Old scam, new damage: Protecting your members from overpayment fraud
Digital channels bring new risks, costing consumers billions of dollars each year. Understand how these scams work, and what is being done to protect consumers—and credit unions—from fraudulent transactions.
Overpayment scams—once written off as an old-fashioned check con—are making a big comeback in today’s online marketplaces. Criminals send a check for more than an item’s advertised price, then pressure the seller to refund the “difference” digitally before anyone realizes the check is fake. It’s a scheme that can drain victims’ accounts in a matter of days.
Fraud of all kinds is “definitely a pressing concern, if not the top concern, for a lot of credit unions,” says Andrew Morris, Director of innovation and Technology for America’s Credit Unions. With annual fraud-related financial losses reaching billions of dollars, unchecked criminal activity not only harms members but in some cases can impact the safety and soundness of smaller credit unions that aren’t equipped to absorb large, fraud related losses.
Exploiting the timing mismatch: Why overpayment scams still work
One often-overlooked reason these overpayment scams still succeed is the timing mismatch between instant digital transfers and slower check settlement. Even though scammers urge sellers to “refund the difference” using a near-immediate payment app, the check itself may not clear for days. By the time the check is flagged as fraudulent or uncollectible, the scammer has already received the digital funds, leaving both the member and their credit union scrambling to recoup losses. From chemical check-washing operations to digital credential theft, fraudsters will exploit any gap they can find—but credit unions are rising to meet the challenge.
Digital channels and the liability puzzle
Digital channels bring their own risks. Morris points to the distinction between truly unauthorized transactions (where a member’s login credentials are stolen and used without their knowledge) versus “fraudulently induced” transactions (where a victim is deceived into authorizing a payment).
Fraudsters often target seniors who may be less familiar with digital banking or more trusting. In many states, credit unions must navigate complex regulations to freeze suspicious transactions and alert family members. Efforts are underway to streamline legal authority so credit unions can intervene quickly when they spot signs of elder financial exploitation. The FTC has published a guide documenting the laws that apply to financial holds in different states.
By advocating for sensible limits on financial institution liability, supporting efforts to improve the security of payments, and pushing for modernization of outdated check rules, America’s Credit Unions is helping the credit union industry stay one step ahead of increasingly sophisticated scammers.
Navigating Regulation E: Authorized vs. unauthorized transactions
America’s Credit Unions’ advocacy team often receives questions about how policymakers are addressing the murky line between unauthorized versus authorized transactions. For the CFPB, that distinction has become the focal point of recent litigation, the ultimate effect of which could be greater liability for financial institutions. Scammers have always had better luck tricking consumers rather than breaking through the layered security of a financial institution, and that has prompted regulator discussion about how to externalize costs—even when poor consumer judgement is involved. “Under EFTA, transactions where the consumer was in full control of their account but was tricked into sending money to a stranger cannot be classified as truly unauthorized,” Morris says. While many assume any misdirected funds must be reimbursed automatically, reality is more nuanced under the Electronic Fund Transfer Act (EFTA) and Regulation E—a consumer financial protection regulation found in the Code of Federal Regulations (CFR).
How EFTA’s definitions operate in the context of fraudulently induced transactions is at the heart of credit unions’ push to keep liability standards fair and not overburden institutions with losses beyond their control.
Stopping the liability shift for fraud
If all scams automatically triggered credit union responsibility, the financial burden could become unmanageable. That could threaten the stability of institutions—especially smaller ones—and divert resources away from essential member benefits, like favorable rates or better customer service.
America’s Credit Unions adamantly opposes expanding Regulation E coverage to address the growing cost of fraud. Not only is such an approach unsustainable, but it also fails to address root causes behind many types of scams, such as telephone spoofing or outdated funds availability rules for certain types of checks.
Morris underscored how critical it is for policymakers to recognize that even the best fraud controls cannot always prevent a determined scammer from tricking a victim who authorizes a payment in good faith. Ensuring that the law continues to differentiate between unauthorized and authorized but fraudulent transactions remains a primary advocacy goal.
Strengthening fraud prevention tools
While limiting liability shifts is crucial, credit unions remain dedicated to preventing fraud altogether. Morris cited modernization of check rules as an area where better safeguards could make a real impact.
For example, existing regulations often require credit unions to make funds from cashier’s checks available quickly—even if the credit union suspects potential fraud. Longer hold times or more flexible rules would give credit unions a better chance to detect counterfeit or altered checks.
Holding fraud enablers accountable
A key objective for credit unions fighting fraud every day is stopping the criminal entities from being truly responsible and ensuring accountability. By pushing for enforcement against those who enable scams or attempt to deflect responsibility—websites that turn a blind eye, or platforms that inappropriately seek to shift liability onto credit unions—America’s Credit Unions believes trust in the financial system can be preserved. Morris notes that some credit union members mistakenly think the credit union can easily recoup their funds from any scammer, but once money is sent, retrieval is often extremely difficult unless law enforcement or platform policies intervene swiftly.
As scammers continue to evolve their methods, credit union professionals must remain vigilant and unified. By pushing for sensible policy reforms, investing in training and technology, and rallying the entire movement against financial criminals, credit unions can uphold their commitment to member well-being—even in a rapidly changing threat environment.