TMG: Breach Responses Will Vary
Each card issuing credit union can and should handle its reaction to the recent card data security breach at Global Payments Inc. a little differently, according to The Members Group, a payments CUSO associated with the Iowa Credit Union League.
“The best prevention strategies will be different for every issuer,” said Karen Postma, senior risk manager for cards at TMG. “[It] will depend greatly on where and how the fraudulent activity occurs.”
For some credit unions, a reissue may be the best approach to minimizing losses. For others, Postma said, “tighter rule-setting and diligent monitoring will be sufficient.”
Postma explained that fraudsters typically test several different bank identification numbers before settling on the one or two that are most profitable. The TMG fraud department is monitoring card activity closely to identify which BINs are likely to be most impacted, the CUSO said.
Postma, who has advised credit union card-issuers through breaches like the 2008 Heartland Payment Systems compromise, said it’s too early to predict the fallout from this particular breach.
“We plan to be in close communication with each of our card-issuing clients for the next several months as the investigation into the breach continues,” Postma said. “Credit unions should absolutely be proactive, however, monitoring their portfolios very closely to understand whether and to what extent they are being affected. If they determine they are being hit with high levels of fraudulent activity, more aggressive measures are likely necessary.”