As the banking sector continues to grapple with the downstream effects of recent data breaches – from the massive exposure at Target to a host of smaller incidents affecting other companies – discussions continue to swirl around the advantages of chip-and-PIN technologies.
But though the transition to more secure cards is currently slated to occur sometime in late 2015, it promises to be an expensive and time-consuming endeavor, and merchants are unlikely to tackle it sooner than necessary. That leaves financial institutions with the task of implementing other risk-reduction strategies in the interim.
Credit unions may not wield as much control over merchants as card issuers do, but that doesn’t mean there aren’t ways they may be able to influence merchant behavior when it comes to security measures.
Encourage merchants to step up their game. They can begin by carefully monitoring the cards they accept. Some fraudulent cards look very much like the real thing, but a lot of fake cards are poorly made copies. In some cases, a cursory visual inspection is enough to spot a counterfeit card. In addition, merchants should be reminded to check the signature bar of any card they accept. Those that aren’t signed often aren’t considered valid under their merchant agreement with the card issuer, and this simple practice could prevent some fraudulent transactions.
Merchants should also be reminded that their point-of-sale systems remain one of the most enticing targets for hackers and thieves. Most stores aren’t using leading-edge technology in their POS systems, and processing systems with advanced security protocols are often expensive. But by implementing more secure platforms, such as those that offer broad encryption of card transaction data, merchants have the ability to significantly reduce the likelihood their customers’ data will be exposed.
One area where credit unions enjoy significant influence is among members. Fortunately, a couple of strategies aimed at this target group can be particularly effective in limiting fraud.
Read more: Build awareness and defenses …
Remind members to monitor their cards and accounts. Members should be strongly encouraged to keep track of their payment cards and to immediately report any card that has fallen out of their control, whether they know it was stolen or they suspect they’ve simply misplaced it. Hoping that a lost card will turn up later isn’t a good approach, and members should receive regular reminders about the importance of reporting missing cards.
It’s also crucial that members keep a close eye on their accounts. They should watch their balances and check their statements regularly to detect any possible theft or fraudulent charges. Even if they still have their debit or credit card in their pocket, a fake one could have been created without their knowledge. Encourage them to report any suspicious account activity right away so your credit union can put a halt to fraudulent activity.
Maintain good awareness when shopping. Members who make online purchases should always check to be sure they retailer’s site is secure by looking for “https” in the address bar, indicating the connection is encrypted. If they’re not sure the site can be trusted, several sources — Trend Micro among them — are available to validate the website is authentic. Members simply enter the URL of the site they wish to shop at and the validation platform will check its database for any known problems.
Purchases made at brick-and-mortar locations should also be approached with caution. Remind members that they aren’t required to provide their personal information (e-mail address, phone number, ZIP code, etc.) when swiping their card. If the retailer’s database is later hacked, that additional information could potentially lead to identity theft or fraud. Card users can always decline to give out their personal information at the point of sale, and your credit union should recommend they not disclose anything beyond what is necessary.
Internal systems and processes continue to be some of the most effective methods credit unions have in the fight against payment card fraud. Making good use of these resources can greatly limit the potential for theft.
Enhance and expand your theft prevention and fraud detection tools. Credit unions have the ability to monitor members’ payment card transactions in nearly real time and halt suspicious account activity in its tracks. Data breaches large and small have been discovered by financial institutions, and credit unions are often particularly attuned to members’ purchasing behavior and typical transaction patterns.
When presented with activity that looks suspicious, vigilant credit unions are often able to mitigate their risk by examining unusual transactions and confirming the validity of specific charges. Well-developed fraud prevention strategies can alert an organization to individual transactions that appear anomalous as well as to wider patterns that may indicate a data breach.
Mark McCurley is senior information security adviser at IDT911 Consulting in Scottsdale, Ariz.