How Financial Partners CU Reacted To Target Data Breach
Credit Union Journal – February 7, 2014
DOWNEY, Calif. — With financial data breaches becoming almost commonplace these days, credit unions are feeling the member impact and looking for new ways to fortify existing safeguards.
“Anyone who offers credit or debit cards experiences fraud,” said Lori Reeves, vice president of operations and e-services for Financial Partners Credit Union. “The key is how best to manage and mitigate both the expected, like skimming, and the unexpected, like the Target breach.”
In response to the media attention surrounding the massive Target Corp. data breach, Reeves said calls from members increased significantly. To address these warranted concerns, the $860 million credit union, which has 61,500 members, focused on messaging.
“We felt internal communication was more important and more effective than external communication in this situation,” said Reeves. “We made sure staff, particularly our member-facing staff, understood what was factual as there was a lot of misleading information being reported and that they knew what actions we were taking to protect our members’ and could articulate this to the member in a way that inspired confidence.”
Though she declined to release the exact number of members impacted by the data breach, Reeves said the credit union solicited feedback from the member-facing groups to get a “read on what members were asking and how this was affecting them.”
In total, nearly 40% of impacted members were contacted directly by staff. “This is pretty significant and without our communication process, it could have been a disaster,” she added.
Fraud Due Diligence
While many credit unions think they are prepared for a fraudulent attack, cyber criminals are almost always one step ahead of the curve. To this end, C-level executives have to be progressive in respective fraud efforts.
“The most important strategy in mitigating fraud early on requires a swift, methodical execution while also being flexible to handle the uniqueness of the fraud case,” said Sabeh Samaha, CEO of Samaha & Associates, a technology and e-business consulting firm.
Financial Partners CU has worked with Samaha & Associates since 2003 when the credit union was then building its credit card business.
According to Reeves, Samaha and his team assisted the CU in developing a fraud strategy that could “leverage technology to identify and mitigate fraud while using staff for the critical role of monitor and gatekeeper.” In recent years, updated efforts have transpired.
In mid-2011, CO-OP’s financial Services Real Time Falcon was selected and implemented with the assistance of Samaha & Associates. Reeves said that the solution recognizes typical fraudulent card use behavior and categorizes probable fraud accurately.
“As a result, these transactions are declined, which reduces the incidence of wrong diagnosis to the cardholder,” said Reeves. “Additionally, we use rule writing with CO-OP to manage special circumstances often involving both international and localized fraud trends, or a situation like the Target breach.”
Samaha stressed that CUs should be able to tap in “the chatter” related to fraud reporting. These include engaging not only member activity, but processors, networks, social media, law enforcement and subcontractors, the Federal Bureau of Investigation and card issuers.
“Credit unions have to be able to quickly react and analyze data,” he said. “Card issuers will take longer to react because they have to be sure of their findings. So there is a lag time, and thieves prey on this lag time.”
Another Tool In The Toolbox
Reeves said that her credit union has also adopted another CO-OP product, Revelations, which is a transactional data base that identifies points of compromise.
“There have been more than a few occasions when we have been able to identify a compromise before the CAMs [Compromised Account Management System, specific to Visa] were received,” she said. “As they frequently come up to six months after the actual compromise.”
When Financial Partners CU implemented Real Time Falcon, changes in procedures and processes were also undertaken. These initiatives include training staff to be focused on how to spot fraud occurring in a branch or contact center with an emphasis on identity theft or account take over.
In the credit union’s newsletter, information is frequently included on phishing or other fraud schemes. And Reeves said that “Balance Financial Fitness,” which provides free identity theft assistance, is also available to members.
While she wasn’t comfortable sharing specific fraud figures since implementing new safe guards, the investment is working, Reeves said: “I am confident that using this technology and applying real-time decisioning is paying for itself in fraud loss avoidance. We implemented the solution in mid-2011 and while we continue to grow transactions, our fraud losses declined in 2011 and have remained fairly flat.”