The Michigan Credit Union League, its members and CUNA are advocating for stronger merchants and card network accountability after a Wendy's restaurants breach forced several credit unions to cover associated costs.
According to CUNA, industry sources estimated the fraudulent charges have been even larger than in other recent data breaches such as those at Target and Home Depot, which combined cost credit unions more than $90 million. On Wednesday, CUNA announced it was joining a data breach lawsuit against the restaurant chain.
Vicki McIntosh, president/CEO of the $21.5 million, Richmond, Mich.-based Belle River Community Credit Union, said her cooperative paid $8,000 in fraudulent charges. In addition, the credit union paid $1,000 in out-of-pocket costs to issue new cards because of the breach, which Wendy's reportedly first discovered in fall 2015.
McIntosh, Michigan credit union leaders and the Michigan Credit Union League CEO Dave Adams called on lawmakers to require retailers to be held to the same federal data breach standards credit unions are subject to, and to enforce the laws currently in place.
“The current system is broken, retailers big and small experience a breach and months go by without any notice to credit unions of which cards are compromised, which results in a spike in fraud losses, and once again local credit unions are left holding the bag,” Adams said. “Again, we call on lawmakers and regulators to use their full authority to ensure both retailers and card network companies are doing their part to protect customer's information instead of leaving credit unions to continually shoulder the burden.”
Cybersecurity expert Brian Krebs first reported the breach in January. According to Wendy's, malware was discovered on some of the franchise restaurants' POS systems. In mid-May, the company announced in its first quarter financial statement that the fraud only affected 5% of stores, fewer than 300 locations.
However, a number of sources in the fraud and banking community told Krebs there was no way the Wendy's breach only affected 5% of stores, given the volume of fraud the financial institutions traced back to Wendy's customers.
The Wendy's chain includes about 6,500 franchise and company operated restaurants in the United States, 28 other countries and U.S. territories worldwide. Most of the U.S.-operated stores are franchises.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
