Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
What to do to mitigate breach risks--CUNA Mutual
MADISON, Wis. (4/2/12)--The large-scale data breach revealed Friday at Atlanta-based card processor Global Payments Inc. has prompted CUNA Mutual Group to send its credit union bond policyholders a Risk Alert with advice on what they should do.

CUNA Mutual said it was informed of the breach by the card associations such as Visa and MasterCard. The breach involves both credit and debit cards, and the card data at risk involves the entire magnetic stripe information, both Track 1 and Track 2, the alert, issued Friday, said.

"Credit unions impacted have an exposure to future magnetic stripe fraud," said CUNA Mutual. "We strongly recommend credit unions consider blocking and reissuing the impacted open card numbers. Credit unions electing not to block and reissue could experience magnetic stripe fraud in the future," the alert said.

Among the steps to take to mitigate the risks are:

  • Determine fraud exposure. Evaluate the card number compromise information to determine if your credit union has an increased exposure for future magnetic stripe fraud.
  • Match names for Track 1. Confirm the credit union uses name matching to help prevent future card fraud where the fraudsters change cardholder names on Track 1.
  • Report to the credit bureau.  Since Track 1 carries the cardholder name, the cardholder may want to place an initial fraud alert with the credit bureaus to prevent identity fraud.
  • Review card association alerts. The alerts are:  Visa CAMs US-2012-0244A-PA (Proactive alert) and MasterCard's alert MCA0238-US-12.
  • Review open accounts. Determine which cards contained in the alerts are still active (open).
  • Move up card expiration dates.  Accelerate the card expiration date on active cards contained in the alert if the card number will expire in the next 30 to 180 days. Credit unions could reissue those cards now.
  • Review other accounts.  Determine which cards contained in the alerts have been closed due to fraud.  Analyze the fraud pattern on the closed accounts to detect the possible common point of compromise.
  • Identify compromised location.  If you identify a common point of purchase (CPP), report the location to Visa using its common point-of-compromise form or MasterCard (or your processor) using their ADC (account data compromise) form.  These forms can be found on their secure websites.
  • Take recovery action.  Confirm the card association's available dispute action on the compromised cards, as well as any timeframes.
  • Engage in ongoing monitoring. Continue to watch for any follow-up information tied to this breach and if additional action is needed.
  • Confirm fraud reporting. Confirm all fraud associated with the event has been reported to the card associations and to CUNA Mutual Group. (Visa: Fraud Reporting System--TC-40. MasterCard--Safe System. Plastic Card Customer Card Center.)
CUNA Mutual Groups said it will continue to monitor the situation with Visa and MasterCard and will notify policyholders when new information becomes available.

Like CUNA Mutual, the Credit Union National Association (CUNA) is monitoring events related to the breach and is seeking more detail  from card associations. RELATED STORY: News Now's article "CUNA seeks CU info in massive breach."
Other Resources


News Now LiveWire
.@CFPB has concerns Re:electronic paymnts networks,particularly its effects on consumers,said bureau director Cordray
1 hours ago
#NewsNow CUNA Tech Council white paper looks at EMV
2 hours ago
.@CUNA 3 pm ET Twitter chat Tues about recent customer satisfaction results ranking #CUs much higher than banks. #CUServiceExcellence.
2 hours ago
AACUL honors @DianaRDykstra with Eagle Award; Wendell Lyon re-elected chair
3 hours ago
.@NCUFoundation's Hyland, #creditunion leaders grace small screen for Va. TV program #CUNANewsNow
4 hours ago