HARRISBURG, Pa. — With Target reporting that its stores have been hit with a massive credit and debit card attack involving up to 40 million accounts, credit unions across the nation are moving to inform their members and gather more information on the security breach.
Pennsylvania State Employees CU told Credit Union Journal that it is already receiving calls from members who have seen the news.
"Many are asking for their cards to be replaced," said Tom Ruback, VP of card services. "If that’s what they want, that is what we do."
Ruback explained that 28,000 PSECU cards were used at Target stores during Nov. 27 and Dec.15, the breach period outlined by the retailer. Target is based in Minneapolis and has almost 1,800 stores in the United States and 124 in Canada.
Before the $4.2 billion credit union takes any big steps to address the potential problem, it will first gather more information from Target and will look to see how many of its cards are already closed, said Ruback.
"We will then pop in some of our fraud strategies. But we have to learn more, and some of the information coming out has been inconsistent, for example, we hear this breach was all in-store, but then we also hear that CVV2 codes have been compromised, which means online as well."
At Wright-Patt CU in Fairborn, Ohio, CEO Doug Fecher said his shop is very concerned due to the size of the breach.
"This is significant," Fecher said. "Early information from public reports is that it appears the breach originated via some sort of skimming device or software on Target cash registers. We expect to receive more information soon."
The $2.7 billion CU's initial plans are to quickly determine whether or not any WPCU member cards are likely to have been compromised.
"With public reports of over 40 million cards involved, we believe it is likely WPCU members have been affected, but we have not confirmed this yet," Fecher said. "We will follow our established practice for incidents of this sort, which are designed foremost to protect our members and also protect the credit union from the effects of this compromise."
Nicole Reyes, senior fraud prevention analyst at TMG, Des Moines, Iowa, advised credit unions to stay in touch with their processors to understand what special restrictions they have put in place to mitigate losses.
"Also review MasterCard and Visa alerts," Reyes said. "Because fraud is active on this compromise, it is also important for CUs to start thinking of their plan of action. What is their fraud tolerance, that is, how much fraud are they willing to risk if they choose to keep the accounts open? Reissuing accounts can be costly, and depending on how many accounts within an individual CU are impacted, they will need to determine that fraud tolerance."
Connie Trudgeon, VP of operations at CO-OP Financial Services, Rancho-Cucamonga, Calif., advised credit unions to quickly reach out to members and advise them to pay close attention to activity on their cards.
"We are seeing that fraud from this breach is all over the place -- in many states, overseas, but also local to the cardholder -- which makes it more difficult to ID the fraud and do something through the neural network," she said.
Trudgeon noted that CO-OP has not seen any fraud from the breach that is PIN related. "At this point it appears that mag stripe information has been compromised. We have not seen anything else."
