NCUA Vice Chairman Hood Encourages Credit Unions
To Take Proactive Steps in Managing
Credit Union Members’ Data Security
and Combating Credit Card Fraud
Washington, DC, April 21, 2006 – National Credit Union Administration (NCUA) Vice Chairman Rodney E. Hood delivered remarks April 19 to the Credit Union National Association (CUNA) Payment Systems Conference.
Attracting CEOs, management, and operations staff from around the country, the three-day conference addressed payment system issues such as data security breaches, payments risks, credit card frauds, and electronic crimes.
“I have watched our country embrace the concept of a cashless society,” said Vice Chairman Hood. “Growing up in North Carolina, I fondly remember my mother collecting me from school on Friday afternoons and driving to our local branch to get cash for the weekend. When ATM cards became widely used in the 1980s, they heralded a new era in financial services. Consumers could now have access to cash when they wanted it and how they wanted it. No longer did parents have to balance children’s piano lessons, soccer games, and homework around the 3:00 p.m. branch closing time. With ATM cards came the freedom of an automated financial society that was embraced by many.”
“In today’s financial services landscape, ATM cards, debit cards, and credit cards are now standard products credit unions offer members so they have the freedom to access funds whenever they want. Unfortunately, the freedom of the cashless society has been violated. Data security breaches threaten to erode the trust consumers have developed in the electronic payment system if not detected promptly, prevented where possible, and mitigated when breaches do occur,” said Vice Chairman Hood.
The Federal Trade Commission (FTC) estimates that 10 million Americans fall victim to identity theft each year, a number that has been rising for four years. Vice Chairman Hood said he was familiar with 50 database security breaches that have occurred since January 2005 that, taken together could impact over 51 million Americans. Total costs to recover from a data breach averaged $14 million per company or $140 per lost customer record.
Vice Chairman Hood pointed out recent industry data security issues such as the report of BJ’s Wholesale Club loss of data from more than 40,000 credit and debit cards as a result of retaining magnetic stripe information in violation of Visa and MasterCard rules. “Credit unions, together with their insurers, have suffered more than $5 million in losses from the BJ’s breach alone,” said Mr. Hood.
He highlighted the plastic credit card fraud losses for the CUNA Mutual Bond Policyholders have grown exponentially from $38.6 million in 2002 to over $100 million in 2005. “The unique role that credit union insurers possess in regard to insuring credit cards could be jeopardized if this trend continues. At some point, the cost benefit analysis will not support this product line if the industry does not aggressively attack data security and credit card fraud.”
Vice Chairman Hood encouraged conference attendees to examine, pursue, and implement best practices that will address these issues. A best practice that has significantly reduced Credit Card Fraud stems from PIN-Based cards. Card Verification Values (CVV for Visa) and Card Validation Codes (CVC for MasterCard) have been mandated by the Card Associations. The best practice also notes that CVV and CVC should be encoded and validated on all PIN-based magnetic stripe authorizations. CVV /CVC mismatches should be declined where the transaction is blocked and the card is reissued after the first mismatch. One should also ensure Visa/MasterCard can validate “stand-in” authorizations.
Other best practices that have helped prevent credit card fraud include Member Education where fraud protection techniques are positioned as a credit union service; Real Time Neutral Network Scoring; and Fraud Analysis 24 hours a day – 365 days a year.
“I am committed to working hard in addressing data security and credit card fraud so that the health of America’s credit union system remains strong and vibrant,” said Vice Chairman Hood. “The data security issues facing the financial services arena are simply too profound to ignore and too enormous to solve within the confines of the credit union system. This is a seminal moment that requires the credit union systems’ cooperation with the stakeholders in the financial services arena. Money Center banks on Wall Street and Credit Unions on Main Street are all vulnerable to the financial risks and reputation risks that accompany fraud. I encourage all of you in this room this morning to find the intersection that links the long-term viability of your credit unions to the financial well-being of your members.”
The National Credit Union Administration charters and supervises federal credit unions. NCUA, with the backing of the full faith and credit of the U.S. government, operates the National Credit Union Share Insurance Fund, insuring the accounts of nearly 85 million account holders in all federal credit unions and the majority of state-chartered credit unions. NCUA’s operation is funded by credit unions, not federal tax dollars.
|
