Two prominent industry group figures recently provided member credit unions with a three-pronged guide to minimizing their exposure to credit card fraud and the losses that come with it.
Ann Davidson, senior risk management consultant for the Credit Unions of North America Mutual Group, and Carlton Howard, vice president of risk management for Coastal Federal Credit Union, offered three tips for credit unions to implement with the goal of limiting the costs associated with data security breaches. Davidson and Howard, addressing all like-minded credit lenders and not just members of their own associations, urged institutions to take these proactive measures so they would not be vulnerable to such compromises, according to Credit Union Times.
Knowledge is power
Education was identified by Davidson and Howard as the first priority for credit unions seeking to limit their exposure. Negating much of the risk associated with fraud begins with the internal staff, who need to be acutely aware of the card programs in effect and the mechanisms on the security layers put in place to protect against such threats.
"Just as no two credit union credit or debit card programs are alike, no two card fraud prevention programs are alike," said Davidson. "But all programs share a few things in common, and making sure that everyone at the credit union understands the card program is a good first step."
Interestingly, Davidson noted, many credit union employees have mistakenly touted the safety of their debit card programs based on the fact that their customers were not victimized in the widespread security breaches aimed at retail giants Target and Neiman Marcus. Because PIN data was not captured by the thieves perpetrating such a sophisticated, widely effective hack, a common assumption has been that a service's protections were entirely successful.
"Of course that's wrong," Davidson said. "If both tracks of card data have been compromised, the card is at risk of being counterfeited."
Such assumptions, Davidson added, only confirm the work left to do by credit unions in terms of educating their employees about the complexity and the reach of cyber criminal activity.
Howard suggested that in accordance with such educational efforts, credit unions and other credit providers should consider re-establishing the responsibilities associated with fraud risk. In other words, addressing the risks that present themselves should also include designations of responsibility for tracking fraud within a company's operations, as well as ensuring a clear understanding of who will be held accountable.
"You almost need someone with a heart for fighting fraud," Howard said, noting in particular the ongoing nature of such responsibilities.
Equipping themselves with the tools
Davidson and Howard identified the second part of their fraud-fighting strategy as a "toolkit," one that inevitably must be tailored to the functions and resources of each individual company. Across the board, though, credit unions should equip their toolkits with well-versed understandings of their card processors, security vendors and any third-party or neutral networks used. And that knowledge should be possessed by everyone from the CEO on down, as opposed to just the employees responsible for detecting fraud.
Howard, whose company reduced its PIN debit fraud losses to $25,000 in 2013, said a network of fraud trackers is a good start for any company.
"Sometimes we change the parameter of our neutral network weekly, depending on what we see as a fraud threat that week," Howard said. "People don't realize it, but a breach happens every day - every day you can get alerts about compromised cards. Now most of the time, it may be only three or five or 10 cards, but you have to be able to work with your fraud prevention partner on short notice."
Howard also referenced a tool known as CO-OP Revelation, provided by debit processor CO-OP Financial Services, which was largely successful in sniffing out which customers had shopped at Target during the holiday season. He stressed that all credit unions or other debit providers should invest in that program or something similar. Not only are they helpful damage-control tools essential to the overall kit, but they can also facilitate preventative measures.
"It's very useful to help us plan the placement of branches or ATMs, for example, because we can tell where our members are shopping and plan accordingly," Howard said.
Finally, Davidson and Howard agreed that member involvement was the other essential element to fraud prevention among credit unions. Some measures that can be employed include consumer alerts and setting daily spending and transaction limits. The key, of course, is for members to buy in, but generally the more restrictions and parameters placed on debit and credit accounts, the more likely the provider and the customer will be to identify fraud before its repercussions become severe.
"Our members love our transaction verification calls," said Howard, offering one method of proactive protection. "When we make them they know we are protecting them and their money and they are very grateful."