Sidebar: Card Data Breaches Exact a Heavy Toll on Credit Unions

Credit union officials last week said that the fallout from security breaches involving credit card data, such as the one disclosed this month by the Sam's Club wholesale chain, can be especially hard on their companies.

The vast majority of credit unions don't have the size and scale of larger banks, making it harder for them to absorb the costs and damage to business reputations that can result from security breaches.

The breach at Sam's Club led the Alabama Credit Union in Tuscaloosa to block and reissue about 500 credit and debit cards that were tied to compromised accounts. The ACU said it was alerted to the breach last week by Credit Union National Association Inc., a Madison, Wis.-based trade group.

It wasn't the first time this year that the ACU has had to implement a block-and-reissue order, according to Kayce Bell, the credit union's chief operating officer. She said that in September, the ACU reissued about 1,550 cards after Visa U.S.A. Inc. notified it that cards compromised in a security breach at CardSystems Solutions Inc. were beginning to be used fraudulently.

Upfront replacement costs typically are about $3.50 per card, said Corinne Sherman, vice president of card services at the Pennsylvania Credit Union Association in Harrisburg. But she added that long-term costs, such as damaged reputations, customer churn and future fraud losses, are much harder to calculate.

"The members we serve are medium- to smaller-sized credit unions who don't have the economies of scale like the large issuers," Sherman said. In many cases, having to reissue even 100 cards could affect 20% of a credit union's customer base, she noted.

Currently, the biggest IT-related exposure to fraud that's faced by credit unions as well as other financial services firms involves so-called card skimming activities, said Ann Davidson, payment systems risk manager at CUNA Mutual Group, an insurer that's based in Madison.

Card skimming is an increasingly prevalent practice in which data thieves use counterfeit card-reading devices to steal information stored in the magnetic stripes of credit cards.


Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon