The number of U.S. merchant security breaches has steadily increased in recent years, presenting challenges for financial institutions, merchants and consumers alike. In fact, while only the largest incidents make headlines, NBC News and the Credit Union National Association have reported that more than 1,500 data security breaches occurred in 2014 alone, exposing more than one billion data records.
Consider also that the widely publicized 2013 Target security breach cost credit unions well over $30 million, according to CUNA’s estimates. And that figure doesn’t even factor in the millions of new credit and debit cards credit unions had to issue in the months that followed.
So while nationwide adoption of advanced security technologies such as EMV and tokenization will help stem the tide of this troubling trend, the reality is that security breaches will continue to occur, negatively impacting credit unions and their members.
“When responding to a large merchant security breach, every minute counts,” said Tim Weaver, product manager – core products for CO-OP Financial Services. “The very first thing credit unions need to do is locate all member cards that are potentially compromised, and that requires immediate access to the right data.”
The Value of Demographics
When it comes to collecting this information, Weaver notes that there is no substitute for having an advanced analytics system already in place, one that seamlessly combines transaction data with demographic data to produce actionable results.
“In a matter of minutes, the most advanced analytics systems today can take a few data points about a known breach and produce a detailed report that includes a list of all credit union members that may be impacted, along with vital transaction and personal data such as member contact information,” he said. “Without analytics, it can take hours or even days to achieve the same results as credit union employees pour over transaction files manually.”
Analytics that leverage both transaction and demographic data are equally effective when a cardholder reports a breach. “A small gas station that has been compromised may not make the news,” said Weaver. “So credit unions sometimes first learn about security breaches from an impacted member. Using analytics, very little information is needed to zero in on the source of the breach. When more than one member reports card fraud around the same time and general location, analytics engines can determine common purchasing patterns, pinpoint exactly where, when and how fraud is occurring, and identify additional members that may be impacted. These systems are highly automated, so the entire process can be completed in minutes with just a few mouse clicks.”
Analytics as a Service
For credit unions that do not have the staffing resources to manage an analytics system, Weaver recommends outsourcing the service. “Look for an experienced provider that is skilled in creating the right filters and card groups to perform an immediate, informed analysis whenever a breach is reported,” he said. “The faster credit unions can find all of the cards affected by a major breach, the sooner they can take critical steps toward protecting cardholder information and preventing further losses.”
Creating a Strong Security Chain
While Weaver emphasizes the value of analytics, he notes that these tools are only one link in a highly effective security chain. “Security should begin at the point of sale and extend through every phase of a transaction,” he said. “We recommend providing members with new, more secure payment products, such as EMV cards and tokenized digital wallets, as well as new mobile apps that allow them to manage card usage through a system of controls and alerts. Make sure that your service provider has trained security analysts on staff as well, and advanced systems in place that can detect the presence of fraud before transactions are authorized.”
He continued, “While card fraud is still on the rise, today we have access to an unprecedented range of new technologies to fight it. Taking advantage of these resources can dramatically reduce the impact of fraud on everyone involved.”
The post A Race Against Time: What to Do When a Merchant Security Breach Hits the Headlines appeared first on Insight Vault.