Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
What to do to mitigate breach risks--CUNA Mutual
MADISON, Wis. (4/2/12)--The large-scale data breach revealed Friday at Atlanta-based card processor Global Payments Inc. has prompted CUNA Mutual Group to send its credit union bond policyholders a Risk Alert with advice on what they should do.

CUNA Mutual said it was informed of the breach by the card associations such as Visa and MasterCard. The breach involves both credit and debit cards, and the card data at risk involves the entire magnetic stripe information, both Track 1 and Track 2, the alert, issued Friday, said.

"Credit unions impacted have an exposure to future magnetic stripe fraud," said CUNA Mutual. "We strongly recommend credit unions consider blocking and reissuing the impacted open card numbers. Credit unions electing not to block and reissue could experience magnetic stripe fraud in the future," the alert said.

Among the steps to take to mitigate the risks are:

  • Determine fraud exposure. Evaluate the card number compromise information to determine if your credit union has an increased exposure for future magnetic stripe fraud.
  • Match names for Track 1. Confirm the credit union uses name matching to help prevent future card fraud where the fraudsters change cardholder names on Track 1.
  • Report to the credit bureau.  Since Track 1 carries the cardholder name, the cardholder may want to place an initial fraud alert with the credit bureaus to prevent identity fraud.
  • Review card association alerts. The alerts are:  Visa CAMs US-2012-0244A-PA (Proactive alert) and MasterCard's alert MCA0238-US-12.
  • Review open accounts. Determine which cards contained in the alerts are still active (open).
  • Move up card expiration dates.  Accelerate the card expiration date on active cards contained in the alert if the card number will expire in the next 30 to 180 days. Credit unions could reissue those cards now.
  • Review other accounts.  Determine which cards contained in the alerts have been closed due to fraud.  Analyze the fraud pattern on the closed accounts to detect the possible common point of compromise.
  • Identify compromised location.  If you identify a common point of purchase (CPP), report the location to Visa using its common point-of-compromise form or MasterCard (or your processor) using their ADC (account data compromise) form.  These forms can be found on their secure websites.
  • Take recovery action.  Confirm the card association's available dispute action on the compromised cards, as well as any timeframes.
  • Engage in ongoing monitoring. Continue to watch for any follow-up information tied to this breach and if additional action is needed.
  • Confirm fraud reporting. Confirm all fraud associated with the event has been reported to the card associations and to CUNA Mutual Group. (Visa: Fraud Reporting System--TC-40. MasterCard--Safe System. Plastic Card Customer Card Center.)
CUNA Mutual Groups said it will continue to monitor the situation with Visa and MasterCard and will notify policyholders when new information becomes available.

Like CUNA Mutual, the Credit Union National Association (CUNA) is monitoring events related to the breach and is seeking more detail  from card associations. RELATED STORY: News Now's article "CUNA seeks CU info in massive breach."
Other Resources


News Now LiveWire
Record # of applicants for Crash the GAC means every state & D.C. will B represented by young #CU professional at #CUNAGAC #crashthegac15
15 hours ago
.@WOCCU and @CUNA are co-hosting 2015 America’s CU Conference July 12-15 in Denver. Registration is open here:
15 hours ago
Recording of @CUNA Jan. 26 #rbc2 webinar is now available online here: Just sign in and listen.
16 hours ago
.@SEC_News 2/19 proxy voting roundtable: contested director elections, increasing retail shareholder participation
16 hours ago
.@TheNCUA posted resources 2 help consumers protect themselves,take action if they believe they were ID theft victims:
17 hours ago