CUNA Mutual Distributes Best Practices to Fight Plastic Card Fraud
Credit Unions Urged to Adopt All Recommendations to Maintain Viable Plastic Card Program
MADISON, WI – In a concerted effort to stem the tide of runaway plastic card fraud losses, CUNA Mutual Group recently delivered a comprehensive set of fraud prevention “best practices” to its 5,500 card-issuing policyholder credit unions, along with a strong call to action.
The nine-page booklet covers 13 security measures and provides more than 70 specific recommendations that card-issuing credit unions should immediately adopt, if they have not done so already. The booklets were mailed to credit unions, and electronic copies are available to policyholders within the Credit Union Protection area of www.cunamutual.com.
“Fighting plastic card fraud is CUNA Mutual’s number one priority,” said Jeff Post, president and CEO. Credit unions incurred $100 million in plastic card fraud losses in 2005, which represents a 15 percent increase over 2004 losses and a 50 percent increase over those in 2003.
“Credit union plastic card losses in 2006 are already ahead of last year’s $100 million pace, and what’s more troubling is that the worst may be yet to come,” Post said. “Most of the losses are coming from about 1,000 credit unions, but we fear it’s only a matter of time before the majority of card-issuing credit unions also face plastic card losses. This makes the need for change even more urgent.”
CUNA Mutual developed the Plastic Card Security Best Practices following extensive research of claim files to determine why losses occurred; on-site assessments at hundreds of policyowner credit unions; and consultation with processors and industry experts. Following is a brief summary of the most critical best practices CUNA Mutual strongly recommends credit unions immediately adopt:
· 24 X 7 review of potentially fraudulent activity – This goes beyond simply having a fraud model or rules that “score” a transaction around the clock. 24 x 7 review means having the ability to take action on alerts any time, day or night.
· CVV (Visa) and CVC (MasterCard) Validation- If credit unions do not check CVV/CVC on PIN-debit transactions, members can be duped into providing their name, account number, expiration date and PIN number to the criminals – that’s all they need to commit fraud.
· CVV2/CVC2 – This three-digit code on the cardholder’s signature panel is used to authenticate Internet, mail, telephone and key-entered transactions. These should be declined when a mismatch occurs.
· Daily Limits – A criminal with access to a working card will spend every dime as quickly as possible. Establishing and enforcing daily limits is a critical measure that puts a lid on fraudulent activity.
· Compliance/Recovery – Most credit unions aren’t asserting their rights to recover fraudulent losses from merchants that improperly store card data and later suffer a compromise that puts member data in the hands of organized, high-tech crime rings. Increase pressure on merchants by holding them accountable for irresponsible data management and violation of card association compliance rules.
· Name Matching – Set up the authorization system to decline for all card programs when the name transmitted on the magnetic stripe doesn’t match the cardholder’s name stored on the credit union’s master file.
· Exact Cardholder Expiration Date – An expiration date mismatch should be set to decline for both swiped (magnetic stripe read) and manually-keyed transactions.
· Card Activation – Use an effective activation procedure for all credit and debit card programs, such as PIN-driven or calling from a home phone.
· Address Verification Service (AVS) – Support the AVS tool to allow mail, telephone order and Internet merchants to automatically match a cardholder’s billing address to the shipping address.
Not all of the best practice security measures included in the booklet are contractually required, but their utilization, along with a credit union’s claims experience, will be factored into future underwriting decisions, Post said.
In addition to the distribution of best practice recommendations, CUNA Mutual continues to pursue a multi-pronged approach to fighting fraud, including credit union education and on-site risk assessments, RISK Alerts, merchant litigation, lobbying of card associations, and partnering with card processors.
CUNA Mutual Group is the leading provider of financial services to credit unions and their members worldwide. More information on the company is available on the company’s Web site at www.cunamutual.com.