Fallout continues from Target's massive data breach. According to the latest news, the data breach has already cost Northwest credit unions an estimated $1.3 million. Furthermore, the Northwest Credit Union Association said 258,000 of its members could encounter further problems with credit and debit cards tied to the Target data theft. Their response to cut down on this risk? Mass card reissue.
“Credit unions are reissuing cards to prevent fraud, and investing in extra staff hours to answer members' calls”, said Lynn Heider, the association's vice president of public relations and communications. It will cost Northwest credit unions $5.10 for each reissued card.
A few large financial brands are following similar strategies, announcing plans to completely reissue all payment cards exposed to the Target breach. Some industry experts have applauded their action, while others scoffed at what they felt was an unnecessary and costly step.
Obviously, preemptively reissuing all impacted payment cards isn’t for every organization. For me, the primary value in doing so is less about the replacement and risk aversion gained by such an aggressive move. Rather, the value to your organization lies in the fact that consumers will recognize that you are out in front of the problem and protecting their assets. Many consumers understand the concept of “zero liability” for fraud losses on plastic cards, but some aren’t so forgiving when it comes to the criminal invasion of their checking accounts.
How do card issuers address fraud risks, customer inconvenience, and a public thirst for justice and security? Reissuing all exposed cards is just one strategy, however there are other ways to go "above and beyond" for customers as you also cut down on fraud risk. Here are a few ideas to consider:
- Provide simple information to your cardholders to let them know that you are aware of current risks and then explain how your organization provides protection 24 hours a day. Your customers will appreciate knowing – in straightforward, non-technical, non-legalese language – that you are looking out for their personal financial security.
- Offer an extra lobby hour per day to take care of accountholders who want face time. This often means opening earlier as opposed to remaining open an hour later. We've found that many people like to take care of their errands as they head to work in the morning. This measure may not need to last for a long period of time – perhaps only two business weeks – to deliver long-lasting benefit.
- Tell your accountholders, in straightforward language, that you are more than willing to reissue any payment card upon request. The offer will mean a great deal to concerned customers.
- Prepare talking points of how your financial institution is addressing basic card security, and reach out to local news organizations. In times like these, there is a constant demand for information, and you can be one of the few out in front of it.
- Leverage your website, call center and ATMs to provide important updates for accountholders. Offer them an appointment with someone in the financial center to review their accounts and address any concerns. A one-on-one appointment in person or by phone permits you to review the customer's assets, investment options and account security in the same session. These relationship-building opportunities don’t present themselves every day, so take advantage of the chance to reach out.
Besides the anti-fraud ideas shared on this blog, FICO provides several useful resources that might come in handy. Once again, I'd like to plug our Insights white paper series, where you can download Insights #72 “Best Practices for Preventing Data Breaches,” as well as Insights #60 “Managing Card Compromises from the Issuers Perspective.” In addition, you can refer your customers to our informative consumer-oriented website www.myFICO.com, to find answers to questions about credit health, scoring and security monitoring.