The chances are pretty good that your financial institution will need to deal with a card compromise at one point or another. Taking proactive steps to come up with best practices can make a big difference to your financial institution’s bottom line. To get some guidance on the topic, we spoke with Vantiv, now Worldpay, security experts Eric Stowell, data fraud analyst, and John Winstel, senior product manager.
What steps should a financial institution take when it learns that a breach has occurred?
A: The first thing an FI should do upon learning that a breach has occurred is identify the cards in its portfolio that are impacted by the breach. If the FI’s payment processing partner manages its fraud strategies, the processor can flag these cards for more stringent fraud monitoring strategies, since cards that have been affected by a breach have a higher likelihood of ongoing fraud.
Then, a decision needs to be made regarding card reissuance which isn’t as simple as it was a few years ago. The two key factors to consider are how many cards are compromised and how much money is the FI losing to fraud. Card reissuance can be expensive and can also have a negative impact on cardholders. But weighed against the institution’s average fraud loss, it could be worth it.
What are some of the mistakes that FIs make when addressing a breach?
A: There are two common mistakes FIs make following a breach. First is not taking the time to review the fraud run rate of the breach, an important factor in the decision about whether to reissue cards. Second is not notifying its processor of the breach and thereby failing to create fraud strategies to more closely monitor cardholder activity. Reputable processors like Worldpay have many tools and strategies to help FIs monitor fraud activity and mitigate their risk.
After a breach has occurred, what can an FI do to re-instill trust with its cardholders?
A: Re-instilling cardholder trust is very important in order to prevent further damage from a breach. Educate your cardholders about proactive ways they can protect themselves ― use your institution’s antifraud tools, review account statements more closely, and pay bills on secure online portals. Make sure your cardholders are aware of phishing scams and other common fraud threats. Most consumers feel they are equally responsible for protecting themselves against credit and debit card fraud.
It’s important to note that FIs should be cautious about giving legal advice related to a breach. If the wrong advice is given, the FI could end up being liable and sued by the cardholder. Always let cardholders know about the risk, and be clear about what your institution is doing to mitigate that risk.
What can an FI do to mitigate the effects of a breach and prevent one from happening in the first place?
A: One of the most effective things an FI can do to mitigate the effects of a breach is to work closely with its processor to develop and implement effective fraud-fighting strategies. In order to protect themselves from being targeted by fraudsters, FIs will want to make sure they have strong protections in place and have a team dedicated to monitoring security for their institution.
Contact Lauren Gonnella at firstname.lastname@example.org to find out more about the tools and technologies that can help your financial institution prevent a cardholder breach and mitigate the effects if one does occur.