Credit unions must take action to reduce plastic card fraud losses
Plastic card fraud has been increasing – seemingly unabated, growing into a $100 million issue for credit unions.
CUMIS Insurance Society, Inc., a member of CUNA Mutual Group, is the fidelity bond insurer for more than 94 percent of all U.S. credit unions. We pioneered plastic card fraud coverage to our Credit Union Bond policyholders. Our total paid plastic card claims for 2005 were more than double those paid in 2003, and 54 percent higher than those paid in 2004. Losses in 2006 are already ahead of last year’s pace.
What’s most troubling is that the worst may be yet to come. Today’s plastic card problems take place on a number of fronts – data breaches, “phishing,” and counterfeit “skimming” are primary contributors to plastic card fraud losses.
Closing these security breaches is CUNA Mutual’s number one priority, but we can’t do it alone. The criminal minds perpetrating these acts of thievery on unsuspecting individuals and businesses are resilient, resourceful and relentless. It will take the power of credit union cooperation to find ways to prevent these losses and protect the viability of credit union plastic card programs.
CUNA Mutual has shared its concerns with the card associations about the recurring card compromises occurring at one retailer after another as a result of the associations’ ineffectiveness in enforcing their own compliance rules. CUNA Mutual has also worked extensively with plastic card processors that support credit unions’ card programs and encouraged them to more actively promote loss prevention services and tools, as well as develop and offer additional tools to help credit unions significantly reduce plastic card fraud losses.
We’ve extensively assessed the current and emerging causes of fraud losses and developed additional loss prevention training programs and tools to help our Bond policyholders address this challenge.
We’ve sent Credit Union Bond policyholders with plastic card coverage a Plastic Card Security Best Practices document that was developed based on our work with credit unions, card processors, and industry experts. These practices are designed to help credit unions reduce fraud and, in doing so, reduce losses.
How You Can Fight Fraud
If your credit union doesn’t currently have a plastic card fraud problem, don’t assume it won’t. Use every available fraud prevention tool as effectively as you can. 24/7 vigilance is key.
Following is a brief summary of the most critical best practices CUNA Mutual strongly recommends credit unions immediately adopt:
• 24 X 7 review of potentially fraudulent activity – This goes beyond simply having a fraud model or rules that “score” a transaction around the clock. 24 x 7 review means having the ability to take action on alerts any time, day or night.
• CVV (Visa) and CVC (MasterCard) Validation- Card associations require that CVV/CVC be validated for all signature transactions when credit and debit cards are presented at a point of sale. What many credit unions don’t realize is that CVV/CVC should also be checked for PIN-driven transactions at both merchant and ATM locations. If credit unions do not check CVV/CVC on PIN-debit transactions, members can be duped into providing their name, account number, expiration date and PIN number to the criminals – that’s all they need to commit fraud.
• CVV2/CVC2 – This three-digit code on the cardholder’s signature panel is used to authenticate Internet, mail, telephone and key-entered transactions. These should be declined when a mismatch occurs.
• Daily Limits – A criminal with access to a working card will spend every dime as quickly as possible. Establishing and enforcing daily limits is a critical measure that puts a lid on fraudulent activity.
• Compliance/Recovery – Most credit unions aren’t asserting their rights to recover fraudulent losses from merchants that improperly store card data and later suffer a compromise that puts member data in the hands of organized, high-tech crime rings. Increase pressure on merchants by holding them accountable for irresponsible data management and violation of card association compliance rules.
• Name Matching – Set up the authorization system to decline for all card programs when the name transmitted on the magnetic stripe doesn’t match the cardholder’s name stored on the credit union’s master file.
• Exact Cardholder Expiration Date – An expiration date mismatch should be set to decline for both swiped (magnetic stripe read) and manually-keyed transactions.
• Card Activation – Use an effective activation procedure for all credit and debit card programs, such as PIN-driven or calling from a home phone.
• Address Verification Service (AVS) – Support the AVS tool to allow mail, telephone order and Internet merchants to automatically match a cardholder’s billing address to the shipping address.
For the sake of credit union members everywhere, we must all do our part to help stem this rising tide of plastic card fraud. We will continue to communicate with policyholder credit unions about this vitally important issue. For more information in the meantime, visit www.cunamutual.com or call 1-800-637-2676.
Jeff Post is president & CEO of CUNA Mutual Group.