By now, every credit card issuer, and most consumers, have heard about the massive privacy breach at Target stores in the U.S., affecting over 40 million consumers who shopped there using credit or debit cards between November 27 and December 15. This is an overwhelming situation not to only consumers, but also to card issuers wanting to provide top-notch service to cardholders during a busy holiday shopping season.
While I recently warned you of the dangers of “data breach fatigue,” it’s also important to be aware that when a breach occurs, the gossip mill swirls, and accurate information about the impact, risk and what to do can be hard to determine. This affects consumers, financial institutions and even Target’s shareholders, who are trying to understand how, and if, this high-profile breach will affect the company’s Q4 results and long-term prospects.
Why did it take so long to discover the Target breach? Believe it or not, every mass compromise that the industry has seen this year develops over the course of several weeks. When one does occur, it’s important to listen to everything you hear, but then determine what seems logical and trustworthy. Unless the information you’re getting comes from a credible source, you might fall victim to gossip and take unnecessary measures that waste your time and resources.
So – what are the real risks? And what should card issuers do?
- Protect your high net-worth accounts aggressively. It’s not too late to consider lowering daily withdrawal limits during this period, provided the customer impact is minor.
- Talk to your customers about card fraud and how you plan to protect their accounts. This is an excellent time to re-educate everyone on how a text “smishing” scam victimizes even the savviest consumer. My recent myfico.com blog post “How the Grinch Stole my Credit Card Number” offers other smart anti-fraud tips for consumers.
- Encourage your customers to report suspicious account activity immediately, and remind them that this is the perfect time to update contact information.
- Promote electronic services that help your cardholder stay informed on their accounts. If you offer account alerts via online banking and mobile channels, I highly suggest your customer service push these offerings with every customer contact.
- Instant-issue card replacements might be a great suggestion for consumers who need to replace their cards immediately. We often forget to make that suggestion when consumers call into our service centers and want immediate results.
- Make sure that your corporate communication policy is clear so that consumers can quickly identify official communication coming from you as opposed to a fraudster.
FICO has published two informative white papers that will help provide you with more information and guidance. On our Insights white paper page, you can download copies of Insights #72 “Best Practices for Preventing Data Breaches,” as well as Insights #60 “Managing Card Compromises from the Issuers Perspective.”
Stay safe this holiday season and work smarter until we meet up again in the New Year!