MADISON, Wis. (12/18/13)--When security breaches lead to card fraud, credit unions' No. 1 method of defense is education--of their members, other credit unions and the community at large.
Most recently, a payment-processing system breach in the Inland Northwest led to credit unions and other financial institutions to put restrictions and holds on card purchases. This--in addition to notifying card holders of the fraud and issuing new cards--helps reduce or even prevent fraudulent transactions from going through.
Credit unions in the Spokane, Wash., area began receiving increased reports of card fraud from their members in September. The common point of purchase: grocery stores that use URM Stores Inc. for their payment processing (The Spokesman-Review Dec. 15). Rosauers, Harvest Foods, Huckleberry's Natural Market, Yoke's Fresh Market and Super 1 Foods are among the grocers that use the network.
The exposed credit card data were sold on the black market and ended up on counterfeit cards. Fraudulent purchases have been reported globally.
The losses are mounting into the thousands, and it's not merchants or member/customers who cover the loss.
"Almost 100% of the time, it's the financial institution," said Debra Keesee, CEO, Spokane (Wash.) Media FCU.
Credit unions have fraud insurance, but because the losses must meet certain deductibles, the credit unions often are still on the hook for the losses.
A similar fraud scenario occurred in Indiana. A credit union's card company and its core processor identified a common point of purchase relating to compromised card information (Herald-Times Dec. 3). Indiana University CU, Bloomington, had to re-issue roughly 4,000 debit cards with new numbers. To protect the members, the credit union put the cards into a fraud-monitoring program that blocks signature-based "swipes" at the point of sale. Reissuing the cards is an inconvenience, said Bryan Price, president/CEO of the $761 million-asset credit union, but it is a practical way to control the fraud.
Another way for credit unions to protect each other and members is to share information about other types of fraud. Internet Archive FCU, New Brunswick, N.J., said it had been presented with a fraudulent official check that had been drawn off HEB FCU. On its website, the San Antonio-based HEB FCU urged that people call the credit union to verify official checks.
Last week, debit-card holders in Vermont received automated telephone calls that attempted to collect account numbers (Newsline Express Dec. 13). The Association of Vermont Credit Unions advised credit unions to be alert and educate members about the calls. Credit unions should emphasize that they would never request an account number by phone, text or email because they already have that information.
These educational reminders--as well as collaboration with law enforcement divisions and other financial institutions--support credit unions' work to mitigate the impact of fraud.