Credit Unions ready to help members affected by data breach
In light of Thursday’s announcements about a data security breach at Target Corp., credit unions are already alerting members via websites and personal correspondence to keep them apprised of the situation.
News outlets nationwide reported on the Target breach Thursday morning, noting that the company confirmed nearly 40 million credit card and debit card accounts were compromised between Nov. 27 and Dec. 15. Data affected in the breach includes customer names, credit and debit card numbers, expiration dates, and CVV security codes.
“As many NAFCU members have done, credit unions can reach out to their members and alert them that they should monitor their accounts for fraudulent or unauthorized activity,” said NAFCU Director of Regulatory Affairs Mike Coleman. “Such actions may be a part of credit unions existing policies and established practices for handling data breaches. Credit unions should also closely monitor fraud alerts from VISA and MasterCard, as well as information released by Target, concerning potentially compromised account information, particularly when making decisions regarding reissuing cards to mitigate the risk of fraudulent activity.”
The KrebsOnSecurity website is already reporting that “Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”
Relatedly, NACHA issued a notice, “ACH Network Risk Management Notice” to alert credit unions and others about the consequence of the data breach in relation to Target’s REDcard, a debit card that can only be used at Target stores, on subsequent transactions. The notice states, “we do not believe that data obtained from the Target REDcard debit cards will be used for subsequent fraudulent ACH transactions.”
In letters sent to House and Senate leaders Thursday, NAFCU President and CEO Dan Berger urged them to pass bills to require merchants to adopt minimum data security standards and be accountable for breaches.continue reading »