Card Data Breach Loss Prevention Checklist
By Ann Davidson, VP of Risk Consulting at Allied Solutions
Many of the large-scale card data breaches in 2015 involved the compromise of magnetic stripe data on both credit and debit cards. The data compromised in most of these card breaches involved either track 1 or track 2 magnetic stripe fraud (POS 90), as determined by the merchant during the transaction authorization. Because the track information can be duplicated, there will likely be a high risk for future fraud exposure if you opt not to block and reissue these cards.
For an in-depth look into payment card fraud risks that many credit unions are being hit hard with right now, watch Allied's webinar “Card Fraud on the Rise: How Financial Institutions Can Help Prevent It.”
Card Data Breach Loss Prevention Checklist:
- Evaluate the compromised card number to help determine if the risk is high
- A high risk involves the full unaltered magnetic stripe data from track 1 and/or track 2 - track 1 carries the cardholder name; track 2 does not
- Confirm you’re utilizing “name matching” if track 1 data was part of the breach
- Review card associations’ alerts and act immediately on at risk card data outlined in alert
- Analyze at risk open card accounts to determine which cards are/are not still active
- Review other card accounts to find out which cards are non-active and have already been closed due to fraud
- Identify the fraud pattern to uncover the common point of compromise (CPP)
- This is where the breach took place, not where the fraud occurred
- Once discovered, report the CPP immediately
- Block and reissue impacted, open card numbers when magnetic stripe has been compromised
- Accelerate the reissuance of active cards prior to their expiration date
- Consider reissuing the card 30 to 180 days before the date of expiration
- Ask the card association(s) to take recovery action related to any expenses
- Report the fraud to the Visa Fraud Reporting System and/or MasterCard’s Safe System, as this is a requirement under the card association(s) rules
Watch Allied's webinar “Card Fraud on the Rise: How Financial Institutions Can Help Prevent It” to learn more about payment card fraud risks.
Allied Solutions is the NAFCU Services Preferred Partner for Insurance- Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP). More educational resources and partner contact information are available at www.nafcu.org/allied.