A recent Chicago Tribune data breach story featured a bank based in Elk Grove Village, Illinois that filed a complaint with the City of Chicago. According to the complaint, the bank is experiencing what it calls a "pattern of fraudulent transactions" after consumer debit and credit cards were used to pay for local taxi cab rides. Of course, it’s not all that unexpected that another merchant may have fallen victim to a data breach. What IS surprising is that an impacted card issuer chose to alert the local media and consumers of the danger.
Disclosing a localized data breach without the consent of the affected merchant is a bold move indeed, and one that must have been borne out of extreme fraud frustration. It reflects what I’d argue is a perceptible shift in how payment card issuers are reacting, as they seek faster and more efficient means of data breach disclosures in the US.
There is a safer, more effective way to control the risk around any data breach, and that’s investing in robust fraud detection analytics and decision technology. In this case, an issuer could quickly create real-time business rules that deny high-risk transactions and, as questionable transactions are denied, reissue payment cards as needed. Customer engagement technologies can also help issuers notify impacted customers right away using each consumer's communication channel of choice.
Using technology solutions to address volatile fraud situations may not be as invigorating as calling a press conference or alerting the media. But it will cut down on your fraud losses much faster, not to mention save you countless hours of frustration—and maybe even some litigation!
