This article previously ran on CUInsight.com.
According to finextra.com, London-based analysis firm Oakhall estimates the total annual cost of card fraud to issuers at an alarming $31 billion. The 2014 Target breach alone cost U.S. credit unions approximately $30 million, which, according to PYMNTS.com, equates to approximately $45,000 per credit union.
While advanced detection and mitigation technologies can help credit unions reduce their exposure to fraud, educating employees and members on security measures they can take is just as important.
What Employees Need to Know
“Employees should be educated on all types of fraud, know how to recognize fraud – and understand what steps to take in response,” said John Buzzard, CO-OP’s fraud expert. “Increasingly, credit unions need to have basic knowledge of a variety of fraud and scam techniques in order to better protect the enterprise.”
Buzzard adds that employees should be well versed in new, more secure payment technologies, from EMV chip cards and digital wallets to MasterCard’s MasterPass, Visa Checkout, and smartphone apps for card controls and alerts. “Branch employees and call center agents should be able to demonstrate these products to members and explain why they are secure,” he said.
Buzzard also advises credit unions to teach employees how to properly monitor ATM security, including how to conduct visual inspections in compliance with the Payment Card Industry Data Security Standards Council guidelines. “ATMs should be upgraded to the latest ATM technology available from the vendor, including – but not limited to – EMV technology,” he said.
Communicate with Caution
And as a best practice, Buzzard recommends maintaining a conservative approach to any disclosures regarding internal fraud detection tactics. “Assume that fraudsters are reading your marketing materials, and keep private any details that could put members at risk,” he said.
What Members Need to Know
Buzzard notes that members can easily open the door to fraud if they are not using their payment cards in a secure manner. And the most effective way for members to secure their cards, he adds, is by employing a mobile app for card controls and alerts that allows them to monitor, authorize and restrict card usage in very exacting ways.
“If consumers aren’t engaged and actively aware of their balances, they are leaving themselves unnecessarily vulnerable,” he said. “There are many options in the marketplace that can increase a member’s awareness of – and control over – account security, including CO-OP’s CardNav mobile app.”
And when members use their cards at the point of sale, they should know that the less information they provide, the better. “Chip-enabled and tokenized payments are more secure because they rely on encryption as a means of authentication,” he said.
Avoid Suspicious ATMs
According to Buzzard, members should be advised to pay close attention to their surroundings whenever they use an ATM. “They should only use machines located in safe, secure and well-lit areas, and if they encounter a POS or ATM that somehow makes them uneasy, it is best to conduct the transaction elsewhere,” he said.
Protecting Online and Mobile Transactions
“Using the same credentials repeatedly can put all accounts in jeopardy,” he said, adding that members should change their login IDs at least every month or quarter, and use e-commerce solutions such as Visa Checkout and MasterCard MasterPass to increase security.
“Members should never purchase online or by phone from a retailer they don’t recognize, and they shouldn’t click on links embedded in unsolicited e-mails or pop-up ads, either,” he said. “If an offer is of interest, they should access the merchant’s website directly from a browser. Any offers that are valid will be available on the site itself, and it is risky to click on e-mail and pop-up links.”
Expect Authentication to Be Long and Involved
While these measures will go a long way toward safeguarding data in cyberspace, Buzzard emphasizes that there is no substitute for a secure, multi-step authentication process.
“The more complicated the authentication process is, the more protection the member receives,” he said, noting that members should be instructed on how to keep their personal information secure across online and mobile channels. Buzzard adds that consumers should be encouraged to always use a virus protection program on every computing device to further protect personal information from spyware and malware attacks because today, more than ever, consumers are under siege by cybercriminals in their own homes and offices.
“Keeping staff and members educated on security may take time, funds and resources, but these investments are well worth it,” he said. “Information is powerful in the fight against fraud – and an educated, vigilant credit union community is always a safer one.”