Financial Services

PSCU: Elastic reduces risk by blocking millions of dollars in credit union fraud


  • $35 million
    in fraud prevention savings over 18 months
  • 99%
    decrease in MTTK

Instant ROI for their credit union customers

Moments after turning on the new Elastic-based fraud detection platform, PSCU discovered and prevented $35,000 in fraud

Proactive fraud detection & mitigation

By deploying machine learning and alerting features of the Elastic Stack, PSCU proactively detects and stamps out financial fraud before it impacts member accounts

From security to observability to boost customer satisfaction

By standardizing on the Elastic Stack, PSCU was no longer limited in the number of data sources it could ingest. With this, PSCU could better respond to call center delays and potential customer-facing impacts like natural disasters

Creating a new dedicated Fraud Intelligence business unit

With the instant success of the Elastic Stack-driven fraud detection project, PSCU created a Fraud Intelligence unit that is now providing member credit unions with industry leading protection and satisfaction

Company Overview

PSCU, the nation’s premier Credit Union Service Organization, supports the success of 1,500 credit unions representing more than 3.8 billion transactions annually. PSCU’s payment processing, risk management, data and analytics, loyalty programs, digital banking, marketing, strategic consulting and mobile platforms help deliver seamless member experiences for more than 40 years. Comprehensive, 24/7/365 member support is provided by contact centers located throughout the United States.

PSCU embarks on the Elastic journey

For years, the organization's Enterprise Risk Office had been operating under a legacy Jade Database platform. This architecture restricted PSCU to only being able to ingest logs from just a few curated data sources for the purpose of detecting insider threats like theft of funds by PSCU staff, vendor partner staff, and credit union employees. To say the least, it was difficult to comprehend the siloed data in Excel spreadsheets and to visualize in Power BI. And, over time, as the database grew, ingesting data became more challenging as it took a day to load the previous day's data.

A 24-hour ingest delay is simply too long, especially when it comes to ferreting out financial fraud. So, one of the organization's contractors suggested that PSCU migrate those logs into Elasticsearch because it's well suited for any amount or type of data. Following this advice, PSCU transitioned to the Elastic Stack in 2018 and began adding more and more data sources such as member online logins, IP and home addresses, and their contact center call history — to name just a few—to better monitor and visualize logs to combat financial fraud.

Within days of deploying Elastic, PSCU blocked $35,000 in fraudulent activity. Now, PSCU has prevented $35 million in fraud just 18 months after deploying their Elastic-powered system dubbed "Linked Analysis."

PSCU's Fraud Intelligence Team has used Linked Analysis to save over $35 million fraud dollars for our credit union members since the platform was created. A majority of that was predictive, which offers a great value to our member credit unions

– Jack Lynch, SVP, Chief Risk Officer and President, CU Recovery at PSCU

After the transition to Elastic, Jonathon Robinson, manager of Fraud Intelligence at PSCU, discovered that Elasticsearch could handle as many data sources as PSCU could throw at it — with ease. So, he expanded the Elastic use case from the original insider fraud detection solution and added more logs from a growing number of financial-related data sources for the purpose of preventing external fraud at its 1,500 member credit unions across the United States.

With an expanded number of data sources, a new, first-layer of fraud prevention was created: one that stops financial fraud before it occurs. Previously, PSCU didn't know about fraudulent activity until after it occurred or when it was occurring. "Thanks to Elastic, now we see fraud before it's committed so we can stop it," Robinson says.

Later on, the PSCU Elastic journey would evolve. Since PSCU already had the data in its system, it was a natural progression for PSCU to provide operational insights for its contact center operations. In addition, Elastic paved the way to a new PSCU emergency management protocol that harnessed Kibana and Elastic Maps to alert credit unions to pending natural disasters. During events like hurricanes or wildfires, they could adjust their localized customer support accordingly to make sure members can access their money and credit.

All the while, PSCU has remained committed to the original pursuit of fraud detection, prevention, and mitigation. To date, that ongoing mission has saved its owner credit unions tens of millions of dollars.

As we were building out with the Elastic Stack, we found that we were able to detect fraud a lot easier. And as we were adding more and more datasets to the Elastic platform, we got a view of our data that we really were never able to look at before. Because of our use of Elastic, we created a new branch to combat fraud — the Fraud Intelligence section. Now we're not only able to detect fraud that was occurring, but also detect it before it happens.

– Jonathon Robinson, Manager of Fraud Intelligence at PSCU

Fraud intelligence "Linked Analysis"

Robinson explains how Linked Analysis brought a recent credit card fraud ring to light that initially appeared to involve two credit cards from one credit union. Robinson noticed it when a machine learning job reported anomalies.

In one particular instance, while checking in on an alert, Robinson's team used the graph features of Elastic to find 35 additional cards that were linked via phone numbers and amalgamations of the original billing address on file with those two cards. The team realized that several credit unions, not just the original one where the alert originated from, were being scammed by the same fraud ring. So the PSCU team was able to quickly notify the affected credit unions, disable the cards, stop any of them from being used to make purchases, and also save their end members the frustration and inconvenience of having to replace a compromised credit card.

Graph of fraud intelligence linked analysis

As a result, this combination of addresses, phone numbers, names, and other identifying information was blacklisted, and PSCU would be alerted to any future activity from this fraud ring no matter where it happened in their credit union network.

"The intel Elastic provided us was instantly used to protect the acutely impacted credit unions, but due to the blacklist we established, we also used it to protect any of the credit unions we service moving forward," Robinson says. "Without being able to correlate this data between credit unions, we would never have been able to see the patterns, even though we would have been fighting the same fraudulent actors across multiple fronts."

"There's something satisfying," Robinson adds, "about cracking down on fraud. That's because the fraudsters still try to use credit cards after PSCU has blacklisted them."

Fraud detection with machine learning

For the Fraud Intelligence team, machine learning is making it possible to deliver on the needs of 1,500 credit unions. Machine learning and alerting gives the team instant insights that otherwise wouldn't be immediately available when manually sifting through reports.

When it comes to fraud prevention, machine learning jobs at PSCU monitor activity that happens before a credit card is swiped at a checkout terminal. That's how PSCU took down that fraud ring. Activity PSCU is monitoring includes a combination of data center calls, online activity, and "a bunch of different data sources that give us a clue to what's going on with a card," Robinson says.

For example, if a customer typically logs in from their home computer, machine learning helps PSCU identify anomalous login attempts, or discover similar email addresses, phone numbers, IP addresses, Social Security numbers, and physical residential addresses being used to open or access accounts across different credit unions. With machine learning and alerting, once a customer appears to veer outside their normal behavior, the team is notified and can take measures to contact the individual member and, if necessary, shutter a card or account to stop fraud in its tracks.

Additionally, with the graph features available in Kibana, Robinson and PSCU can now crack down on the fraud by visualizing and exploring the connections and relations in the data in a quick way that wouldn't have been possible in a spreadsheet or any other parts of their legacy solution.

Addressing fraud is not easy. However, the question of whether our system, with Elastic at the center of it, can handle this is something I don’t have to worry about anymore.

– Jonathon Robinson, manager of Fraud Intelligence at PSCU

Spaces, security

About half a dozen departments have access to different datasets that are visualized in Kibana. Some of the data might be essential to one group but not to another. With Kibana Spaces and role-based access control provided by the security features of the Elastic Stack, staff members can be assigned access to certain visualizations and be blocked from others unrelated to their work. It is a crucial feature that is important within the highly regulated industry in which PSCU exists.

"So, if somebody from the contact center is logging in, I don't want them to see the tab for monitoring or for almost anything else. I only want them to see what they're permitted to access and what's relevant to them, and I can do that with Spaces."

Spaces, Robinson adds, also keeps data "looking nice and tidy too, which is important to leadership."

Screenshot of Kibana spaces

The Spaces image above shows that PSCU creates different environments and datasets for a variety of departments. Every space is customized to a department’s business requirements.

Sometimes, however, things get messy. Mother Nature, for example, can cause as much or more financial havoc than credit union fraudsters. PSCU cannot prevent hurricanes, wildfires, or other environmental catastrophes. But with Elastic, it can make sure credit union members in the path of destruction have access to their money.

Contact Center, disaster planning

When Hurricane Dorian was projected to slam into the east coast of Florida in late summer 2019, Robinson harnessed Elastic Maps and added a weather layer from the United States National Oceanic and Atmospheric Administration (NOAA) in addition to home address data from members who were in the hurricane's path. The results provided a visualization to credit unions about which of their card holders could be impacted. With this information, the credit unions could adjust their fraud prevention measures and not automatically block purchases that appeared outside a user's normal activity—like suddenly buying expensive generators, lumber, or an outsized number of canned goods.

This emergency management practice has now become the norm ahead of or during disasters, including recent wildfires in California.

Map of wildfires in California

In addition, because credit unions in the path of destruction likely will be closed, this type of preparedness allows PSCU to take over contact center operations for the affected credit unions to handle a deluge of expected calls.

PSCU is using Elastic in the contact center context for more than just emergencies, but for other use cases including business analytics and operational management purposes.


The Contact Center handles phone calls on behalf of hundreds of credit unions, which requires incredible coordination of resources and monitoring of events across all financial institutions. Their use of real-time machine learning lets them spot issues buried in a sea of data before they become a problem.

For example, operational logs visualized with Kibana give managers at credit unions a real-time look as to why there might be too many calls coming in to their contact centers at one time. The Kibana visualizations might show if there's an internal issue, a promotion, or a business matter that is prompting an overload of calls.

With this data, contact center staffing operations can be adjusted as necessary, even before a deluge of calls. And it gives managers at the individual credit unions the ability to visualize operational insights in Kibana without having to call PSCU to find out what's going on at a contact center.

In short, the competitive advantage of observability through Elastic gives PSCU insights that it never had or could provide to credit unions before.

"With these Kibana dashboards, we're showing credit union managers the answer instead of showing them the path to the answer with Excel spreadsheets," Robinson says. "They don't need to have any technological know-how, either."

Return on investment

Eighteen months into their Elastic journey, Robinson says there's been a whopping 48,000% return on investment. That figure combines the millions of dollars Elastic has saved member credit unions in fraud, minus how much PSCU has spent on infrastructure and an Elastic subscription over that same period.

In addition, Robinson says his bosses "were thrilled" with how much fraud the Elastic Stack has prevented—$35 million and counting.

"Any additional layer of protection we can offer our credit unions is always good. So, when a credit union has to pay out fraud losses, that means that the dividends that go to the credit union members are lower," Robinson says. "With the tools we've been using over the last 18 months, the credit unions are now saving members money and are investing in new services for their members."

In addition to the hard dollars and cents saved, Elastic has also helped PSCU increase customer satisfaction for their credit union members.

"When we call the individual credit union member, we're not saying, 'Hey, someone has spent $1,000 on your credit card.' That's not a great feeling. Instead, we're calling in and asking if they have logged in from a certain place and letting them know that nothing has been stolen. In the end, the cardholder knows that the credit union, and PSCU by extension, is watching out for them," Robinson says.

Future proofing with the Elastic Stack

As far as fraud-prevention data goes, Robinson says there is seemingly an endless supply of data sources to be ingested into Elastic to feed this project. Given that, PSCU will continue this real-time data centralization project with Elastic by adding more data sources and by modifying existing sources.

Our primary goal is to just keep adding additional data sets, and keep adding additional channels of business that allow us to compare things on one platform with other platforms. We can just keep going and going with Elastic.

– Jonathon Robinson, manager of Fraud Intelligence at PSCU