When security breaches lead to card fraud, credit unions’ No. 1 method of defense is education–of their members, other credit unions and the community at large.

Most recently, a payment-processing system breach in the Inland Northwest led to credit unions and other financial institutions to put restrictions and holds on card purchases. This–in addition to notifying card holders of the fraud and issuing new cards–helps reduce or even prevent fraudulent transactions from going through.

Credit unions in the Spokane, Wash., area began receiving increased reports of card fraud from their members in September. The common point of purchase: grocery stores that use URM Stores Inc. for their payment processing (The Spokesman-Review Dec. 15). Rosauers, Harvest Foods, Huckleberry’s Natural Market, Yoke’s Fresh Market and Super 1 Foods are among the grocers that use the network.

The exposed credit card data were sold on the black market and ended up on counterfeit cards. Fraudulent purchases have been reported globally.

The losses are mounting into the thousands, and it’s not merchants or member/customers who cover the loss.

“Almost 100% of the time, it’s the financial institution,” said Debra Keesee, CEO, Spokane (Wash.) Media FCU.

Credit unions have fraud insurance, but because the losses must meet certain deductibles, the credit unions often are still on the hook for the losses.

A similar fraud scenario occurred in Indiana. A credit union’s card company and its core processor identified a common point of purchase relating to compromised card information (Herald-Times  Dec. 3). Indiana University CU, Bloomington, had to re-issue roughly 4,000 debit cards with new numbers. To protect the members, the credit union put the cards into a fraud-monitoring program that blocks signature-based “swipes” at the point of sale. Reissuing the cards is an inconvenience, said Bryan Price, president/CEO of the $761 million-asset credit union, but it is a practical way to control the fraud.

continue reading »