Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Fraudsters still testing cards from Heartland breach
MADISON, Wis. (1/12/10)--Fraudsters are still testing and successfully accessing credit and debit card numbers not blocked or canceled in last year's Heartland Payment Systems data breach. CUNA Mutual's Risk Protection Center Friday reported to its policyholder credit unions that cards not blocked or canceled during the breach continue to be hit with card fraud, reported the New Jersey Credit Union League (Daily Exchange Jan. 11). During the holidays several credit unions experienced card fraud on accounts that were compromised by the Heartland breach but not blocked or reissued. Last week two scenarios occurred:
* The fraud management system of a credit union that didn't block or reissue cards noticed a fraud trend on the monitored cards, with cards on a specific BIN targeted. Initially, the fraud was focused in the Midwest but migrated to the West and to some international locations. The fraud appeared to be concentrated at superstores, supermarkets and gas stations. The credit union is taking action to block and reissue the cards. * A credit union that did block and reissue cards from the breach noticed an increase in card "testing," with fraudsters testing cards for an authorization within seconds of each other. Because the cards were blocked, they were not authorized and the credit union did not experience any further fraud.
CUNA Mutual also alerted both Visa and MasterCard about the increase in activity and the scenarios. The insurer "strongly recommends" that credit unions that opted to monitor their members' cards instead of block and reissuing the cards after the breach go ahead and block and reissue any active cards that have not expired from Visa CAMS and MasterCard alerts. It anticipates that the "extremely active" fraud ring will continue to target the cards until they no longer provide approved authorizations. Even if a credit union has seen little or no fraud, it should stay alert to the fact that fraudsters may find a BIN of card numbers that provide an approved magnetic stripe authorization. Credit unions that blocked and reissued cards won't likely see subsequent magnetic stripe fraud from the breach because the reissued cards have new CVV/CVC values and card expiration dates.
Other Resources

RSS





print
News Now LiveWire
Maine credit unions put Food Mobile on the road to relieving hunger in rural areas http://t.co/R0xpt6BAZE
10 hours ago
.@TheNCUA's Matz: PALS should be exempt from Military Lending Act proposal #NewsNow http://t.co/Vy9uNhOIEr
11 hours ago
#NewsNow Iowa loan growth 3 times national bank rate http://t.co/fUvudPLg5d
13 hours ago
.@ICBA tallies its Home Depot data breach costs: $90M, 7.5M cards http://t.co/iJgRDC2AKZ
15 hours ago
.@icul's Jury elected treasurer of @WOCCU exec committee http://t.co/HEF1UChN8f
15 hours ago