MADISON, Wis. (4/11/12)--CUNA Mutual Group is advising credit unions to warn their members about the potential for increased phishing attacks on the heels of a recent data breach at Atlanta-based Global Payments Inc.
In a risk alert to its credit union policyowners , CUNA Mutual also said the attacks could target members who were not impacted by the data breach. The company also has posted a video update to Google+ and YouTube featuring Risk Manager Ann Davidson discussing the alert. (To access the video, use the link.)
Global Payments "contained" the breach to less than 1.5 million debit and credit cards, Global said in a press release on April 1. Track 2 data may have been stolen, the company said. Track 1 and Track 2 data include names, card numbers and validation codes. Cardholder names, addresses and Social Security numbers were not obtained by cyber criminals who hacked part of its system. The hacking called Visa to drop the company from its "compliant service providers" list (News Now
Credit unions should alert members to be aware--especially in the next several days or weeks--of any suspicious e-mails, text messages or phone calls requesting any personal or financial information, especially card data, said CUNA Mutual's risk alert, the second issued since the Global Payments breach.
Card information that may be requested includes cardholder billing address, three digit CVV2/CVC2 code found on the back of the card, or enrollment criteria/passwords for Verified by Visa or MasterCard SecureCode. "This card information was not part of the recent Global Payments breach. Criminals may ask members for this information to add to the other card data they may have obtained from the breach to perform card present (key entered) or card not-present (mail/telephone/internet) non-magnetic stripe transactions," the alert said.
Continue to advise members to never respond to e-mails, text messages or phone calls requesting this type of information. If members receive suspicious requests advise them to contact the credit union, said CUNA Mutual.
CUNA Mutual offered these risk mitigation tips:
- Educate the membership on phishing e-mails, text messages and phone call scams.
- Record warnings on your telephone system and post notices on the credit union's website, in newsletters, and in branch lobbies stating the credit union will never solicit personal or financial information.
- Advise members to not open unsolicited e-mails or text messages, or any links in unsolicited e-mails and text messages.
If a member has responded to a phishing scam with the requested information, take these steps:
- Block and reissue the credit/debit card number;
- Flag the member's account;
- Advise the member to report the incident to the credit bureau, order a credit report, report the incident to the Federal Trade Commission, and file a complaint with the Internet Crime Complaint Center at www.ic3.gov;
- Advise members to monitor their financial accounts closely and report any discrepancies.
CUNA Mutual will continue to monitor the Global Payments breach and notify its policyholders when new information becomes available.