WASHINGTON (2/12/14)--Is your credit union preparing for the increasing threat posed by data breaches? In the event of a breach, notifying members is always a good first step, the Credit Union National Association's CompBlog
noted in the latest CompBlog Wrap-Up
Part 748 of National Credit Union Administration regulations only require credit unions to notify regulators and affected members after a breach involving member information systems maintained by a credit union or its contracted service providers. So, a merchant breach would not trigger a Part 748 member notification, CUNA explained.
"Nevertheless, notifying affected members is still a good idea, both to protect the member and the credit union from fraudulent card usage," CUNA said.
Many credit unions have alerted their members through mail and e-mail following the Target data breach, posted information on their websites and educated members on the steps they can take to protect themselves. CUNA emphasized that these efforts are still ongoing.
There are 46 states that have their own data breach notification laws, and state leagues will have information on any specific actions that are required by state law, the blog post added. (For a state law list compiled by the National Conference of State Legislatures, use the resource link.)
CUNA Mutual Group has also released a series of tips to help credit unions mitigate the risks posed by data breaches. Tips include:
Educating cardholders regarding phishing fraud (i.e., not responding to phone calls or e-mail/text messages requesting ac-count information), reporting fraudulent transactions to the credit union and placing fraud alerts on credit reports;
Reviewing the card associations alerts daily and taking action when necessary;
Evaluating compromised card numbers to determine if there will be increased fraud exposure;
Blocking and reissuing affected cards, or accelerating card expiration dates on active cards;
Making sure that all fraud associated with an event has been reported to the card associations and to the credit union's insurance company; and
Working with a fraud monitoring system vendor to create rules and strategies to help prevent future fraud on the com-promised card accounts.
For more compliance gems, use the resource link.