Strategic Solutions Home  
 
PromotionsProducts & ServicesNews & EventsClient Corner
   
  CUcorp Home » CUstrategic Solutions Home » Client Corner » CUNA Mutual Group (CMG)
   
 

Plastic Card Fraud: Discredit Where It’s Due

 

For those of us in financial services, the notion of plastic card fraud is a lot like a rainstorm, an almost inevitable burden with which we have to cope and address. However, it’s been raining too hard for too long with seemingly no one doing anything to shelter us from the storm. Recent security breakdowns among major retailers have turned that increasingly heavy downpour into a potential flood of fraudulent charges, many of which will wash over credit unions and their members.

The most recent example of this breach is also among its most heinous occurrences. As reported in the Jan. 18 Wall Street Journal, TJX Cos.. which owns retailers TJ Maxx, Marshall’s  and others, has suffered a wide-spread security breach that will leave customers worldwide exposed to identity theft and fraudulent charges based on transactions that date back to 2003. The number of exposed cards could exceed 40 million, affecting transaction brands that span the entire spectrum of credit and debit instruments, including Visa, Mastercard, American Express and Discover cards.

The source of this carelessness once again appears to be retailers’ failure to follow card association rules regarding retention of magnetic stripe information. Even though they will face inconvenience, the majority of cardholders, including credit union members whose personal information has been compromised, will be protected from loss.  Unfortunately, similar covenants and contracts will protect merchants and card processors, whose poor security practices enabled thieves to breach the system in the first place.

Who pays? The burden will be shouldered, as it always is, by the institutions that issue the cards – including credit unions – and the insurance companies that protect those institutions. In the credit union industry, that responsibility largely falls on the back of CUNA Mutual.  This is an unfortunate scenario, and one in which everyone but the merchant and card processors suffer from the fraud they have helped perpetrate. In our industry, credit unions, their members and CUNA Mutual are paying a price that should be covered elsewhere. Given the way laws have been written and agreements drafted, there is little that currently can be done.

Card issuers are also bearing costs other than for just fraud.   When informed of breaches, credit unions, banks and other card-issuing institutions have to scramble to either monitor card accounts for fraud or cancel them and reissue new cards with new account numbers.  Replacing plastic cards is a painstaking and expensive process costing institutions up to $20 or more per card.  In addition to millions in expenses, these institutions are left to address the questions, concerns, and fears of angry cardholders.  Even though card issuers are not responsible for the breaches, each breach undermines the relationship cardholders have with their issuing institution.  It’s a classic example of “kill the messenger.” 

Consumers are paying a price, too. The myriad of difficulties of identity theft and countless hours needed to restore one’s credit and good name are well known.  But even if cardholders are not directly defrauded, they still may face the hassle and inconvenience that comes when a card is blocked and reissued. 

Card issuers are not the villains in the TJX Cos. case, or any other data breach.  At clear fault are those who have maintained customer data at the magnetic stripe level in clear violation of card association rules. But it’s the rest of us who are paying the price.

In a similar case, CUNA Mutual filed suit on behalf of its policyholders against another major retailer whose database was compromised, asking for compensation totaling millions of dollars in restitution. Ultimately, however, litigation is not the answer and we’ve joined with CUNA Mutual in calling for more rigorous standards, enforcement and credit card industry requirements. Payment system parties that continue to violate card association rules should be held fully accountable for all fraud losses and operating expenses incurred as a result of these avoidable data breaches.

It’s high time we apply the discredit for these situations where it’s due. And it’s time we band together to fight this growing problem before the floodwaters of plastic card fraud open up and drown us all.

# # #

© CUNA Mutual Group 2007.  Used with permission.

BOND-0307-6808

 

Top