As you read this article, a significant data compromise is almost certainly taking place somewhere in the world. Unfortunately, it can take months, even years to discover. Account data compromises continue to haunt the payments industry – from card issuers, to acquirers, businesses and, of course, cardholders - your members. Data compromises contribute to fraud. The cost of fraud in write-offs for issuers averages six basis points of loss every year ($600 per $1 million in charge volume). The overall cost to U.S. issuers is estimated to be $1 billion annually.
In addition to dollars lost, time and resources must be diverted by issuers to respond to these data breaches. Until the industry develops a cost-effective method to render the account number of no value, data compromises will almost certainly continue to occur. Just as bank robbers continue to rob banks despite improvements to deter and identify them, in cyberspace hackers continue their sinister work and the payment industry continues to play a catch-up game of defense.
What will finally stop data compromises? The use of chip cards with PINs would be a good step forward – but will require association mandates and years to implement. The industry continues efforts to tighten security – but technology is not perfect and the criminal element is extremely sophisticated and has thus far been able to maneuver around established barriers. Data compromises will likely cease only when we are able to render account data useless. This will require a 'system' that can be cost effectively deployed worldwide, and that is designed to enable cardholders to continue to enjoy global acceptance of their payment cards without the worry of transaction and personal data being stolen.
Until the payment industry can solve the problem, as an issuer there are three steps you can take to better cope with the ever-present challenge of data breach and the potential for fraud:
1. Educate your members in order to make them less vulnerable to fraud. Reinforce what cardholders may already know by reminding them to shred all documents containing account data and to be vigilant in reviewing their credit and debit card statements for suspicious charges. Remind cardholders to contact your credit union as soon as they suspect something is amiss on their statements, or if a card is lost or stolen.
2. Work with your credit and debit service providers to develop customized neural network strategies that properly balance risk against the cardholder's use profile at the point-of-sale. Employ technology that analyzes transactions in real time, monitoring every authorization as it happens. This technology, combined with human oversight provided by experienced case management analysts, can flag suspected fraud and compare the actions with the cardholder's purchasing profile history.
3. Maximize customer service by recognizing that not every data breach warrants an automatic mass card reissue. Data breaches that took place years ago and are just now being detected may have no adverse consequences. Consider more closely monitoring the transaction activity for the cardholder. If fraud does occur, assure the member that fraudulent charges will be immediately removed and a new card issued and delivered expediently. The customer service aspect of fraud management cannot be overstated, so work with a service provider who has the same customer service values as you.