Data Breaches a Real and Expensive Threat for all Financial Institutions—Including Credit Unions

In 2013, the financial industry had the second highest per capita data breach cost and racked up more than $11.3 billion in card fraud expenses. What’s driving these breaches?

Two Major Categories: Payment Card & Cyber Breaches

Although both types of breaches are time-consuming and expensive to resolve, there are some critical differences between them.

Payment Card

This is defined as a compromise of the payment card data and is the type of breach that’s made the news with depressing regularity over the past 12 months. The uptick in attacks started with Target in late 2013 and since that time has included Home Depot, Neiman Marcus, and Supervalu, among many, many others.

The two most common methods of payment card data theft are skimming and database compromise.

Skimming occurs when the thief installs a card reader device on a point of sale (POS) terminal or ATM. When the consumer uses their card, the skimming device reads and saves the magnetic stripe data. The thief retrieves the information and voila!, they’re ready to create a counterfeit card.

Historically, this type of skimming required a thief to physically affix a device to the POS or ATM terminal. Now clever thieves are doing it via Bluetooth and malware—which is how experts believe the 70 million+ Target thefts occurred.

Database compromise occurs in one of two ways: when a thief thwarts a merchant/third-party processor’s security tools or a merchant/third-party processor stores magnetic stripe data, which is subsequently stolen. This second method contributed to the TJ Maxx breach back in 2007. Although the card association’s data security policies prohibit this data storage, not all merchants/processors follow their lead.

Cyber Breach

A cyber breach involves the theft or loss of sensitive information or internal records. This could include everything from credit union financial data and personnel files to personally identifiable member data.

Common access points include:

The cloud—As the recent hacking of celebrity photos illustrates, the cloud is not as secure as we might like to think.

Public wi-fi—This can be a huge point of data vulnerability, especially in conjunction with the next item.

Personal mobile devicesMost companies let employees use their personal devices at work, but don’t necessarily have security protocols in place to make that a smart choice. Plus, although consumers may be relatively diligent when it comes to protecting their computers or laptops from spyware, viruses and malware, few take the same precautions with their phones and tablets.

Active employee theftMuch as we hate to admit it, a certain percentage of employees are active data thieves. Credit unions that don’t follow best practices in data protection could be vulnerable.

Human error and system problems—According to Symantec, a data security company, two-thirds of data breaches were caused by human error and system problems. Human errors could include transferring data outside the credit union or not deleting data on an appropriate schedule; system errors include inadvertent data dumps, errors in data transfer and identity and authentication failures. Employees can also cause problems by clicking on malicious links that allow malware/spyware/viruses to enter the system. 

Operating system “holes”—Most system patches resolve security issues. If you skip the update, your system is exposed.

Physical data theftAlthough we tend to focus on electronic theft, paper data is also vulnerable.

Protect your credit union from data breaches: To learn how, contact your CUNA Mutual Group Sales Executive at 800.356.2644 for information about available risk management tools and cyber liability policies.

Strategic Link is the NWCUA’s wholly-owned service corporation, using the power of aggregation to provide the Association’s member credit unions with exclusive, high-quality, competitively-priced products and discounted services. Contact Director of Strategic Partnerships Craig Reed at creed@nwcua.org today to find out how Strategic Link can help your credit union save money while meeting its goals in 2014 and beyond.

Posted in Article Post.