Mitigating Plastic Card Risks Holds Down Losses, Insurance Costs

Plastic card losses are escalating to unprecedented levels as criminals exploit the Internet, mail, ATMs, and retail merchants to pilfer plastic card information. There’s been much publicity about the theft of debit and credit card information from databases retained in violation of card association rules at nationally known retailers including BJ’s Wholesale Club, DSW, Chipotle’s and Polo Ralph Lauren. CUNA Mutual is the fidelity bond insurer for more than 94% of all U.S. credit unions, and we are extremely concerned about mounting losses. In the last year alone, CUNA Mutual has seen plastic card losses more than double. As a value-added benefit for our policyholders, CUNA Mutual is spearheading and fronting the costs for legal action against BJ’s Wholesale Club to recover millions of dollars in losses incurred by CUNA Mutual and nearly 200 Bond policyholder credit unions joining us in the suit. Our action is also intended to pressure merchants to finally comply with card association rules that forbid using point-of-sale software systems that capture and store full magnetic stripe information. In today’s increasingly challenging environment, with narrowing margins and heightened competition, the key to success will be to work together to reduce incidents of plastic card fraud. Plastic card fraud occurs in many ways. Card issuers that put proper security measures in place and utilize them effectively can help minimize fraudulent actions. Limiting exposures to fraud losses can ultimately help keep down the cost of insurance premiums and deductibles. There are too many prevention tools to mention in this space, but here are three of the most essential elements of a fraud prevention program. We urge card-issuing credit unions to be aware of the potential risks and the “risk mitigators” that can be used to avoid losses. 1. Neural network is a system that tracks spending patterns of cardholders and typical fraud transactions to detect suspicious card activity. Fraud exposure: A thief uses a stolen card or card number for multiple transactions that are outside of the cardholder’s normal spending behavior.The real cardholder doesn’t notice the activity until receiving a monthly statement, but the damage is done. Risk mitigator: Subscribe to a processor’s neural network to track behavioral patterns such as geographical location, amount of purchase and type of merchant. Extraordinary purchases are flagged, alerting the credit union to potential fraud. The credit union staff/processor should monitor these alerts 24/7 and take action immediately. 2. Card activation: Plastic cards are sent to members in an “inactive” mode. Cardholders must activate the card through a verification process. Fraud exposure: A thief who has access to a cardholder’s Social Security Number and/or the cardholder’s mother’s maiden name can acquire an inactive card and activate it using one of these pieces of information. Risk mitigator: Implement a card activation method more stringent than using easily acquired information, such as the last four digits of a Social Security number or a mother’s maiden name. More secure methods include activating cards by calling from the home phone (ANI-Automated Number Identifier), or performing a first transaction in which a PIN is generated. 3. Name matching is a tool that combats skimming fraud when Track 1 of the magnetic stripe is transmitted in the card authorization. This loss prevention tool is especially critical today as it targets counterfeit skimming losses which appear to be the fastest growing type of plastic card fraud today. Fraud exposure: A thief changes the name on a credit card, and also changes the name that is stored on magnetic Track 1. The merchant transmits magnetic Track 1 data during authorization, and the card issuer accepts it despite the altered cardholder data. Risk mitigator: Set up the system to match the Track 1 name to the cardholder’s name stored on the credit union’s master cardholder file. In addition to acquiring loss prevention tools, it’s essential that they be used as effectively as possible. As our 24 risk managers around the country visit our policyholders onsite, their most significant recommendations usually focus on how to more effectively use the plastic card fraud tools that are already in place at the credit union. The credit union system needs to work together and immediately put pressure on card associations to enforce compliance of their own rules. This is long overdue. Likewise, card processors should make all loss preventions tools available immediately. Most of us have encountered major fraud losses that could have been avoided. Likewise, credit unions, which are blameless for these types of losses, have had their reputations questioned by frustrated members impacted by fraud as credit unions have all too often been forced to block and reissue compromised cards. Fortunately, our greatest success occurs when we come together and address a common issue with a collective and strong voice that is heard more loudly as a system than would be possible individually. We can sustain the competitive advantage credit unions enjoy.