CUNA Mutual Expects Fraud Losses To Double During 2005

Just because you haven't been victimized by a plastic card scam doesn't mean you won't be, cautioned one expert.

Ann Davidson, CUNA Mutual Group payment systems risk manager, told CUNA Future Forum attendees plastic card fraud continues to escalate, and all card-issuing credit unions are vulnerable. "If your credit union has dodged large amounts of fraud to this point, you've been lucky," Davidson said.

CUNA Mutual, which insures roughly 5,000 card-issuing credit unions, is expecting plastic card fraud losses to double in 2005, compared to each of the six previous years. About 90% of the losses are coming from approximately 225 credit unions. "When you think about it, that's not a very high percentage of card-issuing credit unions, which means there's ample opportunity for fraudsters to expand to other institutions, particularly as more plastic is issued through popular debit check card programs."

Thieves operate in a sophisticated cyber network and collude to find new prospects. "Fraudsters have meetings and peer group forums just like we're having today. They're out there 24/7-testing, probing and pinging," she said.

Fraud continues to occur by traditional means, such as account takeover, lost or stolen cards, and intercepted card shipments. However, counterfeit skimming is now the most prevalent and fastest growing type of plastic card fraud.

Going Skimming

Skimming is a popular high-tech counterfeit technique used by thieves to copy encoded information on the magnetic stripe of debit and credit cards. Stolen information is later replicated on a blank plastic card that the thief will use to purchase luxury merchandise or other services.

Davidson said scams to capture magnetic stripe data range from telephone taps that intercept data during authorization or terminal downloads to false storefronts or "spoof shops," set up for the express purpose of stealing data. Thefts also occur frequently at retail locations and ATMs. Merchants considered high risk for skimming are those where the card is temporarily out of the cardholder's sight, such as restaurants, hotels and gas stations.

Skimming at ATMs usually occurs during legitimate transactions. Data theft likely takes place through a laptop computer or other electronic device linked to an ATM terminal as a legitimate card is swiped for authorization. "These devices appear to be part of the terminal, and people have no idea their information is being compromised," she said.

Data can also be stolen on a larger scale by criminals who hack into data storage systems that house valid account data, similar to incidents involving BJ's Wholesale Club, DSW, and CardSystem Solutions, Inc. CUNA Mutual and about 200 of its policyholder credit unions are suing BJ's and its clearing bank to recover losses resulting from the breach.

New plastic card programs such as prepaid gift cards, payroll cards or "contactless wave cards," increase the likelihood for fraud, Davidson said. She urged continued vigilance and ongoing fraud education for credit union front-line staff and members, even if plastic card losses aren't currently problematic.

Davidson offered the following tips: Work closely with your card processor and neural network provider; use every fraud prevention tool available, and use them effectively; know and recognize different types of fraud (such as skimming), and report it correctly; educate members through statement stuffers, websites, newsletters, and membership meetings.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER