BY STEVE RUWE
After a history of ups and downs, fraud levels are at an all-time peak. In this data breach era, it is more important than ever for credit unions to know how to react when a breach strikes – because sooner or later it will. EMV and tokenization are two new risk management tools intended to mitigate such threats.
It comes as a shock to few people that we’re currently in a period of high fraud. We reside in an environment that can be characterized with words like “high risk” and “unstable.” We’ve been here before – the history of fraud in the U.S. market has consistently been one of ups and downs in terms of its activity level. Most of these swings in fraud levels were driven by new threats and the remediation of those threats. Those of us who were around pre-CVV remember fraud to-sales ratios in the 17 to 18 bps range as the norm of the time.
Now, the data breach era is upon us. In 2012, there were a total of 1,154 data breach alerts nationwide; that number rose to 1,434 in 2013 and 1,697 in 2014. These breaches varied in size from very small to very large (think Target and Home Depot), but in total they affected hundreds of millions of cardholders. The question is no longer if you’ll be involved in a breach but when and how you’ll react when it happens.
So what does the current fraud situation really look like? And how did we get here?
Attacks on data have become more sophisticated. Merchant PCI-DSS compliance isn’t close to where it should be, especially for mid-size and smaller merchants. Data thieves are aggregating stolen data from disparate sources. And the change in fraud patterns to “footprint” attacks makes it harder for our prevention systems to detect fraud. That is because the perpetrators are now shopping in our members’ own backyards, where they would normally shop.
With all this being said, is there any good news?
Thankfully for members everywhere, being involved in a breach doesn’t necessarily mean you will become a victim of fraud – it just means you were involved in a breach. At PSCU, while we have seen an increase in the number of fraud cases, we’ve been successful in limiting the dollar loss in each of those cases.