InfoSec People Profile: Suncoast Credit Union’s Nicole Allen
- Roy Urrico
- 6 hours ago
- 5 min read
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity, fraud prevention, and/or information governance to protect data and transactions at credit unions, other financial institutions, and fintechs serving the financial services industry.

In her role as Vice President of Fraud Risk Management at the $20.7 billion Tampa, Fla.-based Suncoast Credit Union, Nicole Allen leads an enterprise-wide fraud program spanning the full fraud lifecycle – from prevention and detection through investigation and recovery.
“My role focuses on building and scaling a multi-pillar fraud operating model, ensuring fraud risk is proactively managed while aligned to organizational risk appetite, regulatory expectations and member experience,” Allen told Finoptamus.
Early Involvement in Fighting Fraud
Allen grew up in Oklahoma City and attended the University of Central Oklahoma in Edmond, Okla. on a tennis scholarship. She said it is a passion “I still carry with me today. My experience as a student-athlete helped shape my discipline, competitiveness and focus, which have stayed with me throughout my career.”
Her involvement with fraud began early in her career, “driven by a natural interest in data, patterns and problem-solving.” Drawn into understanding how anomalies occur and how to identify and prevent them at scale led into fraud risk management.
Throughout her career, Allen said she’s remained focused within the fraud space, working across different organizations in the same domain while relocating to multiple markets, including New Mexico, California, Texas, Pittsburgh and now Florida. “This experience has allowed me to build deep expertise in fraud while also gaining diverse perspectives on how fraud evolves across regions, member populations and operating environments.”
A key differentiator in her journey has been a commitment to continuous learning. “I’m largely a self-taught coder and business intelligence practitioner, which has enabled me to bridge strategy with analytics and execution. This foundation has been critical in helping me turn complex data into actionable fraud prevention strategies and scalable solutions.”
Current Role in Fraud Prevention
In her current role, she described overseeing the following core pillars:
Fraud operations and investigations — Leading end-to-end fraud case management, dispute resolution and recovery efforts, while enhancing investigative workflows and law enforcement coordination to improve outcomes.
Fraud prevention and detection — Driving layered controls across authentication, transaction monitoring and real-time interdiction, leveraging advanced analytics and AI to identify and stop fraud before losses occur.
Fraud analytics — Building and scaling a centralized analytics capability that enables early detection, fraud network visibility and data-driven decisioning across all fraud functions.
Fraud training and awareness — Strengthening organizational awareness and ensuring employees across the credit union can identify, escalate and prevent fraud risks.
Insider threat — Managing internal fraud risk through monitoring, governance and controls designed to detect and prevent employee-related threats.
Security operations (enterprise focus) — Directing security operations as a distinct function, focused on protecting both members and employees, and ensuring alignment between operational monitoring, incident response and overall organizational safety.
Business continuity (enterprise-wide) — Supporting enterprise business continuity to ensure resilience and continuity across all critical systems and operations within the credit union including Bureau of Indian Affairs (BIA) modernization and broader resilience planning.
“A key priority in my role is ensuring these pillars operate as a cohesive, integrated program, supported by strong governance, real-time capabilities and clear accountability across the business,” said Allen. “Ultimately, my responsibility is to protect the organization from evolving fraud threats while enabling secure growth and maintaining a seamless member experience.”
Suncoast’s Fraud Prevention Operations
At Suncoast Credit Union, which serves more than 1.3 million members across Florida with 80 full-service branches, fraud prevention is structured as a multi-layered, enterprise-wide operating model designed to identify, prevent and respond to fraud risk across the full member lifecycle, according to Allen. “Our approach is anchored in several core components.” (detailed by her below).
Layered fraud prevention and detection — “We deploy controls across authentication, transaction monitoring and real-time interdiction. This includes behavioral analytics, risk-based authentication and channel-specific monitoring to proactively identify anomalies and stop fraud before loss occurs.”
End-to-end fraud operations and investigations — “Dedicated teams manage fraud case intake, investigations and recovery, ensuring timely resolution while minimizing member impact. This includes strong coordination with operations and external partners to drive recovery outcomes.”
Centralized fraud analytics — “Analytics is a core enabler of our program. We leverage data to detect emerging trends, enhance early-warning capabilities, and continuously refine controls through performance insights and fraud intelligence.”
Fraud governance and oversight — “Fraud controls are owned by the business, with fraud risk management providing governance, oversight and formal review and challenge. This ensures controls are effective, aligned to risk appetite, and supported by clear accountability.”
Employee awareness and training — “We focus on building a fraud-aware culture by equipping employees with the knowledge to identify, escalate and respond to fraud risks across all channels.
Cross-functional integration — “Fraud prevention is closely coordinated with operations, digital teams, and enterprise functions to ensure controls are embedded into processes, not applied after the fact.”
“Overall, our model is designed to be proactive, data-driven and integrated, allowing us to stay ahead of evolving fraud threats while maintaining a strong member experience,” noted Allen.
Threats Causing Sleepless Nights
“The threats that concern me most are those evolving faster than traditional controls, particularly the rapid expansion of AI-enabled fraud, sophisticated scams and social engineering,” said Allen. “We’re seeing fraudsters leverage AI to scale attacks in ways that are more convincing and harder to detect, especially when combined with social engineering through digital and social media channels. These attacks increasingly exploit human behavior rather than just system vulnerabilities, which makes them more complex to prevent.”
Another growing concern is the rise in third-party and indirect fraud risk, maintained Allen. “As ecosystems expand and organizations rely more on external platforms and partners, visibility becomes more limited, making fraud harder to detect and control in real time.”
What makes these trends especially challenging, she noted, “is the speed, scale and adaptability of fraud, requiring us to continuously evolve our controls, strengthen awareness and stay ahead of increasingly sophisticated threat actors.”
Top Fraud Dangers to Credit Unions
For credit unions such as Suncoast there are many concerns. “Some of the most significant threat vectors we’re seeing today are increasingly centered around social engineering, third-party fraud and targeted impersonation tactics,” explained Allen.
She listed them as:
Third-party and social engineering fraud — “One of the fastest-growing risks is fraudsters leveraging social media and external channels to recruit or manipulate both new and existing members to facilitate fraud knowingly or unknowingly. These schemes often result in large-dollar losses and are difficult to detect because they sit outside traditional transaction monitoring controls.”
Account takeover (ATO) and phishing campaigns — “We are seeing more targeted phishing campaigns that mimic trusted institutions, including fraud departments, to gain member trust. These campaigns are highly convincing and designed to capture credentials or bypass authentication controls, leading to account compromise.”
Impersonation and brand exploitation (URLs and domains) — “Fraudsters are increasingly exploiting URL and domain vulnerabilities, creating spoofed websites or communication channels that imitate legitimate organizations. The window between detection and takedown creates a critical exposure period where members can be impacted at scale.”
Coordinated, multi-vector attacks — “These threat vectors rarely occur in isolation. Fraudsters are combining social engineering, phishing, and account takeover techniques to execute coordinated attacks that increase both success rates and speed of loss.”
“What makes these threat vectors particularly challenging is that they rely on trust exploitation rather than system gaps, requiring a combination of member awareness, rapid response and adaptive controls to effectively mitigate,” emphasized Allen.
