With the January sales in full flow, the high streets are full with bustling consumers, desperate to get their hands on a bargain or two. As a card issuer, you’re geared up to combat seasonal transaction fluctuations and to keep track of spend for abnormalities and potential fraudulent spend.
But with cards hitting an increased number of touch points on the build-up to Christmas, and the sales that follow, there’s a higher chance of a data compromise. Having to design and apply a mass block and reissue strategy could become a harsh reality of the new year, and can be nightmare to manage effectively.
With US retailer Target’s high-profile data breach involving 40 million cards (including encrypted pins), knowing how to react to such an event should be at the top of every fraud manager’s priority list. If you’re an issuer, you’ll be used to receiving regular payment scheme data compromise alerts — lists of your at-risk accounts that may (or may not) have been subject to a compromise. With little or no guidance as to the nature of the compromise, or the likelihood of your customer’s details being used in a fraudulent context, you are often left wondering what to do next and how to do it.
Of course, first you need to determine your exposure. By identifying the type of data compromised, where the data was compromised, and the spending profiles of your at-risk accounts, you can build an educated tailored monitoring strategy to minimize your fraud exposure. But even in building a risk-based approach, there is a high likelihood that a large number of cards will have to be blocked and re-issued.
The most important (and often overlooked) aspect to data compromise strategies is this: How do you communicate with your impacted customers? With today’s priority on customer service, satisfaction and retention, clear and concise communication with your customers is imperative. When data breaches hit the news, customers are often left to draw their own conclusions about what they should do, and will often seek direct guidance by calling their busy branch or operations center.
Where banks are aware of risk indicators in advance, making the customers aware of the bank’s vigilance can be reassuring. In instances where a mass block and reissue event is necessary, proactive communication — identifying the problem, how it’s going to impact your customer and what you’re doing to put it right — can be a “moment of truth” for your customer relationships. The ability to keep your customers informed, via multiple channels (SMS, voice, e-mail, mobile app), whatever the event or scenario, can be true differentiator in customer satisfaction, and speed to response.
Using an advanced customer communications service integrated with your fraud management system can really help. Without the operational overhead of manually informing cardholders of a blocked account, a consistent message can be relayed to your impacted population instantly via a number of communication channels, including voice, SMS, and email. Being able to communicate any desired message with your customer base at the click of a button can certainly go some way to ensuring your data compromise strategy is ready to go!
For more guidance on data breaches, see our recent Insights white paper, Best Practices for Preventing Data Breaches (No. 72).