Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
What to do to mitigate breach risks--CUNA Mutual
MADISON, Wis. (4/2/12)--The large-scale data breach revealed Friday at Atlanta-based card processor Global Payments Inc. has prompted CUNA Mutual Group to send its credit union bond policyholders a Risk Alert with advice on what they should do.

CUNA Mutual said it was informed of the breach by the card associations such as Visa and MasterCard. The breach involves both credit and debit cards, and the card data at risk involves the entire magnetic stripe information, both Track 1 and Track 2, the alert, issued Friday, said.

"Credit unions impacted have an exposure to future magnetic stripe fraud," said CUNA Mutual. "We strongly recommend credit unions consider blocking and reissuing the impacted open card numbers. Credit unions electing not to block and reissue could experience magnetic stripe fraud in the future," the alert said.

Among the steps to take to mitigate the risks are:

  • Determine fraud exposure. Evaluate the card number compromise information to determine if your credit union has an increased exposure for future magnetic stripe fraud.
  • Match names for Track 1. Confirm the credit union uses name matching to help prevent future card fraud where the fraudsters change cardholder names on Track 1.
  • Report to the credit bureau.  Since Track 1 carries the cardholder name, the cardholder may want to place an initial fraud alert with the credit bureaus to prevent identity fraud.
  • Review card association alerts. The alerts are:  Visa CAMs US-2012-0244A-PA (Proactive alert) and MasterCard's alert MCA0238-US-12.
  • Review open accounts. Determine which cards contained in the alerts are still active (open).
  • Move up card expiration dates.  Accelerate the card expiration date on active cards contained in the alert if the card number will expire in the next 30 to 180 days. Credit unions could reissue those cards now.
  • Review other accounts.  Determine which cards contained in the alerts have been closed due to fraud.  Analyze the fraud pattern on the closed accounts to detect the possible common point of compromise.
  • Identify compromised location.  If you identify a common point of purchase (CPP), report the location to Visa using its common point-of-compromise form or MasterCard (or your processor) using their ADC (account data compromise) form.  These forms can be found on their secure websites.
  • Take recovery action.  Confirm the card association's available dispute action on the compromised cards, as well as any timeframes.
  • Engage in ongoing monitoring. Continue to watch for any follow-up information tied to this breach and if additional action is needed.
  • Confirm fraud reporting. Confirm all fraud associated with the event has been reported to the card associations and to CUNA Mutual Group. (Visa: Fraud Reporting System--TC-40. MasterCard--Safe System. Plastic Card Customer Card Center.)
CUNA Mutual Groups said it will continue to monitor the situation with Visa and MasterCard and will notify policyholders when new information becomes available.

Like CUNA Mutual, the Credit Union National Association (CUNA) is monitoring events related to the breach and is seeking more detail  from card associations. RELATED STORY: News Now's article "CUNA seeks CU info in massive breach."
Other Resources


News Now LiveWire
.@NACHAOnline report: ACH volume increases to 23B payments in 2014
1 day ago
.@CUNA's @HampelBill in @washingtonpost on options for wary mortgage borrowers:
1 day ago
Housing starts thaw, mortgage rates stand pat #Market #NewsNow
1 day ago
.@CUNA files #RBC2 comment, urges #CU system to be heard #NewsNow
1 day ago
#NewsNow Youth Month attracts 100,000th member for Mich. CU
1 day ago