There are many risk issues that credit unions face today in the management of a credit and debit card business. Card fraud is a risk that is growing each year and the impact on your business is more than monetary losses. While chargebacks reduce your actual losses and insurance coverage limits losses to the deductibles in your policy, the larger problem is the impact on your members and subsequent administrative costs. From our experience, the majority of losses are from Identity Assumption and Counterfeit cards. In both cases the member still has their card in their possession and has little, if any, control over the compromise of the information that allowed the crime to be committed. The impact on the member is more than the inconvenience of having to report the fraud to the credit union and waiting for a new card with a new account number. Today, many of the cards in circulation are debit cards and the fraud is immediately paid for from the member's checking account, which may cause checks to be returned as NSF. Many members use credit and debit cards to pay for recurring expenses, such as insurance policies, health clubs, utilities and Internet service. When fraud occurs they have to contact all these institutions to have their records changed, which is not an easy task. Credit union members are put at risk because of lax, insufficient or unenforceable internal policies. The resulting losses will affect the credit union and the member. The fraudsters are organized and persistent in finding ways to obtain the information they need to support their lifestyle. Your employees become an attractive target to fraudsters, because they access the sensitive financial and personal information maintained on your database. Many articles are written today about preventing Identity Theft, which is perpetrated when personal identity is "assumed" and used to obtain credit or change identity records of financial institutions, investment houses and public records. We are not addressing Identity Theft here, but Identity Assumption, which is different. It occurs when the address is changed on an existing account and either a new card is obtained or the account number and the CVV2/CVC2 code on the signature panel is used to commit Internet or mail order fraud. Many thieves have been stymied by the security devices and systems used to reduce fraud. These include card activation, CVV/CVC codes on magnetic stripes, fraud detection systems such as FALCON and password verification systems for Internet purchases (Verified by Visa). Even with these enhanced security precautions criminal organizations have increased their efforts to obtain confidential or sensitive data from employees of financial institutions and their processing companies. Do you feel your data is secure? If information is being compromised, can your processor or computer system track and identify everyone who accessed the account information before and after the compromise? This will identify the source of the compromise, if your accounts were illegally accessed and contributed to the theft of an Identity or if an employee was violating your policy against accessing accounts for legitimate work purposes. Do you have an effective data security program in place? Does your organization enforce a clean desk policy? Are printed reports, statement CDs and microfiche reports protected against theft and compromise? In the normal performance of their job functions do your employees require all the confidential and sensitive data they have been given access to? Often they do not, however, the information is displayed on a screen they are required to access. Counterfeit fraud has also become very difficult to prevent. The industry has protected the magnetic stripe by embedding cryptographic codes on the stripe that prevent the stripe from being altered. This does not, however, prevent the copying of the data from the stripe on a legitimate card to the stripe on a counterfeit one. The industry refers to this as "skimming". It can occur without the member knowing it happened. The only way to reduce the risk of loss from counterfeit, and other types of fraud, is early detection of the fraudulent activity. This is achieved by using a neural net system such as FALCON and by having the rules and score thresholds set properly. Large card issuing institutions have extensive fraud departments that dedicate resources to reviewing, analyzing and developing ways to counter efforts of fraudsters. They constantly change the FALCON rules, PCF settings, perform data security reviews and review operational procedures. If you lack the resources to dedicate to this effort, as most smaller card issuers do, you might ask your processor for assistance. If your processor is unable to provide this expertise, maybe they would coordinate a fraud discussion group in your region with "fraud experts" to chair the meetings and be available to answer your questions.