Identity theft hasbecome a rite of passage for both enterprises and individuals. Forcredit unions, making the right decisions about breaches andidentity theft can protect reputations and save time and moneybetter spent on growing the world of possibilities for yourmembers.

A wrong decision can mean extinction.

Credit union members often enjoy a huge advantage over customersat larger financial institutions because of the member-centric wayyou do business. A great way to enhance member acquisition andretention efforts, as well as build goodwill, is to provide freeaccess to meaningful credit and identity theft education,transactional monitoring programs and high touch resolutionservices. While your competitors in the banking world offer likeservices to their customers, few – if any – provide them at nocost. In fact, most charge a great deal for monitoring productsthat are long on bells and whistles and short on services. Just askthe OCC.

That said, your competitive advantage and goodwill can vanish,and the financial viability of your organization be jeopardized, ifyou don't adequately secure member and employee data or fail torespond to a breach with urgency, transparency and empathy.

Here are five ways your credit union can add value for yourmembers, as individuals as well as stakeholders, by minimizingrisk, monitoring systems and having a proper damage control programin place.

1. Identity Theft Education

While identity theft really no longer is an “if” in any respect,too many people still don't believe it is the “when” crime. You canadd serious value for your members, and better protect yourcommunity, by providing tools and content, and teaching personalinformation hygiene. The victimization of any employee or membercan provide a gateway for an identity thief into the organizationthereby exposing all stakeholders to losses. The better you educateyour members to the warning signs of identity theft and thepersonal and community dangers inherent in victimization, the moreinclined people will be to say something if they see something andunderstand what it is.

2. Monitoring and Damage Control

In a world awash in data due to unwitting or purposefulover-sharing on social networks and breaches that have exposed morethan one billion files containing personal identifying informationto hackers and identity thieves, the ability to quickly detectvictimization and have access to a dedicated fraud expert can meanthe difference between an unpleasant personal experience and a lifedisrupting event.

Credit union members have jobs to do and families to raise andsupport. They have neither the time nor the expertise to know whatis happening to their data as it flows through the cyber-sphere orwhat to do in the event that they are compromised.

In order to protect each member, as well as the community, youshould provide access to credit and public records monitoringprograms, as well as a damage control program (even if thevictimization didn't originate within credit union), at little orno cost. If the goal is to protect the member and defend thecommunity, then you need to offer a holistic solution with fraudexperts who work to resolve all identity theft issues and not justthose flowing from a compromise of your credit and debit cards.

3. Digital Risk Management

The barbarians are at the gate. There are bots and scoundrelsrunning 24/7 scouring the hills and dales of the Internet lookingfor a crack or crevasse through which to slither and when they findit, woe betide whoever – or more to the point, whatever – happensto reside there.

A value-add for all of your stakeholders is to engage outsideexperts to test your existing battlements (both technological aswell as human) and find the weak spots before the bad guys canexploit them. This also involves review of your compliance andtraining programs.

4. Breach Preparedness

More than 800 million records were breached last year alone, andthat number is growing exponentially every day. The best time tohave prepared for that inevitable breach was yesterday, but todaywill have to do.

There is nothing like a data breach to make your day-to-daybusiness grind to a halt. Even if your team is completely up tospeed on all the possible pitfalls that open up like hungry mawspost-breach – damage to brand erosion, loss of business, potentiallawsuits – there is a lot to navigate in the way of regulations andcompliance.

Many states have laws in place that dictate when and how aninstitution must notify people who have been affected by a databreach. They vary from almost non-existent to super stringent, withFlorida leading the way with the most on-point rules.

While regulators require credit unions to have breach responseplans in place, having a comprehensive plan and being able toimplement it from muscle memory are two very different things.

A value-add for all of your stakeholders is to proactivelyretain the services of an expert organization that can help you toprofessionally, urgently and transparently respond to a breach.Work with them to design a plan to quickly provide comprehensivenotification to state and federal authorities and affected membersand employees, effectively interact with the media and smoothlyimplement a customized solution that responds to the type and levelof compromise rather than simply offering a knee-jerk creditmonitoring solution.

5. Breach Resolution

There is a critical difference between call center operators whoread scripts that tell frightened members what to do after a breachis announced and fraud center experts who help potential victimswith fraud alerts and credit freezes and do the work to restorecredit and reputations.

It is a stakeholder value-add to find the right high-touchresolution organization, and much wiser to retain that identitytheft solutions provider pro-actively rather than reactively.

Along with death and taxes, you can pretty much count on abreach and identity theft, or an identity-related crime, happeningat some point in the cradle to grave continuum – its evolution overthe past decade moving from weird aberration to pandemic to thirdcertainty in life. Properly educating your members, helping them tomonitor their credit and transactions, providing access to fraudresolution experts, testing your defenses, preparing your creditunion for the inevitable breach and responding with urgency,transparency and empathy when the unthinkable occurs willcontribute mightily to the security of the community and lessen thelikelihood that a data compromise will result in an extinctionlevel event for your credit union.