Card Data Breach Loss Prevention Checklist

By Ann Davidson, VP of Risk Consulting at Allied Solutions

Many of the large-scale card data breaches in 2015 involved the compromise of magnetic stripe data on both credit and debit cards. The data compromised in most of these card breaches involved either track 1 or track 2 magnetic stripe fraud (POS 90), as determined by the merchant during the transaction authorization. Because the track information can be duplicated, there will likely be a high risk for future fraud exposure if you opt not to block and reissue these cards.

For an in-depth look into payment card fraud risks that many credit unions are being hit hard with right now, watch Allied’s webinar “Card Fraud on the Rise: How Financial Institutions Can Help Prevent It.”

Card Data Breach Loss Prevention Checklist:

  • Evaluate the compromised card number to help determine if the risk is high
    • A high risk involves the full unaltered magnetic stripe data from track 1 and/or track 2 – track 1 carries the cardholder name; track 2 does not
  • Confirm you’re utilizing “name matching” if track 1 data was part of the breach
  • Review card associations’ alerts and act immediately on at risk card data outlined in alert
  • Analyze at risk open card accounts to determine which cards are/are not still active
  • Review other card accounts to find out which cards are non-active and have already been closed due to fraud
  • Identify the fraud pattern to uncover the common point of compromise (CPP)
    • This is where the breach took place, not where the fraud occurred
    • Once discovered, report the CPP immediately
  • Block and reissue impacted, open card numbers when magnetic stripe has been compromised
  • Accelerate the reissuance of active cards prior to their expiration date
  • Consider reissuing the card 30 to 180 days before the date of expiration
  • Ask the card association(s) to take recovery action related to any expenses
  • Report the fraud to the Visa Fraud Reporting System and/or MasterCard’s Safe System, as this is a requirement under the card association(s) rules

Watch Allied’s webinar “Card Fraud on the Rise: How Financial Institutions Can Help Prevent It” to learn more about payment card fraud risks.

Allied Solutions is the NAFCU Services Preferred Partner for Insurance- Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP). More educational resources and partner contact information are available at www.nafcu.org/allied.

 

Don’t Wait Until 2015! Do The Following Before The End of 2014

This article originally appeared in the December 2014 issue of VantageScore Solutions’ monthly newsletter, The Score. Subscribe here.

Guest post by John Ulzheimer, Nationally Recognized Credit Expert

John Ulzheimer

New Years resolutions are great, but before you start focusing on them, take a look at this list of personal-credit resolutions to fulfill before New Years.

Claim your free credit reports. For over a decade, everyone in this country has had the right to claim his or her credit reports once every twelve months, for free, from each of the three major credit-reporting companies (CRCs) – Equifax, Experian, and TransUnion. Nevertheless, many free credit reports go unclaimed every year. Don’t let yours for 2014 go unclaimed!

Depending on where you live you may be entitled to additional free credit reports because of your state’s law. You can claim your Federally-guaranteed reports at www.AnnualCreditReport.com and state-guaranteed reports at each national credit reporting company’s website: www.Equifax.com, www.Experian.com, and www.TransUnion.com. Remember, the CRCs have no obligation to proactively send you credit reports.  You have to actually ask for them.

Read more