With Target reporting that its stores have been hit with a massive data breach involving up to 40 million accounts, credit unions across the nation are moving to inform their members and gather more information on the security breach.
Pennsylvania State Employees Credit Union told Credit Union Journal that it is already receiving calls from members who have seen the news.
"Many are asking for their cards to be replaced," says Tom Ruback, vice president of card services. "If that's what they want, that is what we do."
Ruback explained that 28,000 PSECU cards were used at Target stores during November 27 and December 15, the breach period outlined by the retailer. Target is based in Minneapolis and has almost 1,800 stores in the U.S. and 124 in Canada.
Before the $4.2 billion credit union takes any big steps to address the potential problem, it will first gather more information from Target and will look to see how many of its cards are already closed, says Ruback.
"We will then pop in some of our fraud strategies. But we have to learn more, and some of the information coming out has been inconsistent. For example, we hear this breach was all in-store, but then we also hear that CVV2 codes have been compromised, which means online as well."
At Wright-Patt Credit Union in Fairborn, Ohio, CEO Doug Fecher says his shop is very concerned due to the size of the breach.
"This is significant," Fecher says. "Early information from public reports is that it appears the breach originated via some sort of skimming device or software on Target cash registers. We expect to receive more information soon."
The $2.7 billion credit union's initial plans are to quickly determine whether or not any WPCU member cards are likely to have been compromised.
"With public reports of over 40 million cards involved, we believe it is likely WPCU members have been affected, but we have not confirmed this yet," Fecher says. "We will follow our established practices for incidents of this sort, which are designed foremost to protect our members and also protect the credit union from the effects of this compromise."
Nicole Reyes, senior fraud prevention analyst at TMG, Des Moines, Iowa, advised credit unions to stay in touch with their processors to understand what special restrictions they have put in place to mitigate losses.
"Also review MasterCard and Visa alerts," Reyes says. "Because fraud is active on this compromise, it is also important for credit unions to start thinking of their plan of action. What is their fraud tolerance, that is, how much fraud are they willing to risk if they choose to keep the accounts open? Reissuing accounts can be costly, and depending on how many accounts within an individual CU are impacted, they will need to determine that fraud tolerance."
Connie Trudgeon, vice president of operations at CO-OP Financial Services, Rancho-Cucamonga, Calif., advises credit unions to quickly reach out to members and advise them to pay close attention to activity on their cards.
"We are seeing that fraud from this breach is all over the place -- in many states, overseas, but also local to the cardholder, which makes it more difficult to identify the fraud and do something through the neural network," she says.
Trudgeon notes that CO-OP has not seen any fraud from the breach that is PIN related. "At this point it appears that mag stripe information has been compromised. We have not seen anything else."