Go to:

January 2019
< Dec Feb >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Planning Now Can Limit Future Data Breach Losses, PULSE VP of Fraud & Risk Management Says
Wednesday, March 12, 2014 6:45 AM

Financial institution executives and their cardholders, as well as merchants and other financial services organizations, are understandably on edge these days. Recent high-profile point-of-sale security breaches have revealed a pressing need to reevaluate card security. While the investigations into precisely what happened will likely help to sharpen defenses in the future, PULSE is encouraging issuers to seize this opportunity to plan for the next cyber-attack.

“Every organization involved in debit and credit card transactions are facing fraudsters who have proved to be intelligent, coordinated, strategic and stealthy,” notes Eric Lillard, vice president of fraud and risk management for PULSE. “The nonprofit Privacy Rights Clearinghouse calculates that, over the past nine years, businesses including financial institutions and retail outlets have reported 1,571 breaches involving 470 million customer financial records.”

According to Lillard, these attacks are not opportunistic in nature. They are the result of deliberate efforts and long-term planning.

“Evidence suggests the holiday breaches were likely launched much earlier in the year, with hackers compromising systems, exploring what they could without being detected and then waiting patiently for an opportune moment to exploit their plan,” he says.

Lillard says a fraud incident response plan is an essential tool that can be used to provide structure and rational thinking during the stress and anxiety that accompanies these types of events.  And any financial institution that doesn’t already have a formalized fraud incident response plan, he says, should consider developing one as part of its risk management process.

“Financial institutions that planned ahead were in a far better position to address the challenges they faced when a large number of their customer’s cards are at risk,” he suggests.

Essential elements of a Fraud Incident Response Plan include:

  • Profiles of your transaction-level activity to aid in the rule strategy development process;
  • Contact information for all process participants including internal and external departments, vendors, decision makers, approvers, etc.
  • Clear understanding of your organization’s rule strategy approval process. Time is money and you don’t want to waste valuable time;
  • An accurate inventory of all fraud strategies currently in place within your financial institution;
  • An assessment of known gaps or risks that you may have in your fraud mitigation program to help reduce surprises during the heat of the battle. Where possible, identify potential solutions to those gaps. This may include the use of third-party organizations that can provide technical and human resource consultants for your financial institution.
  • Lastly, recognizing that fraud never sleeps, documentation of the hours of operation that your fraud service provider (internal or external) is available.  Weekends and holidays are a favorite window of opportunity for fraudsters.

Cardholder behavior also can help to limit exposure to data breaches. PULSE recommends establishing an effective communications program to keep cardholders informed about emerging threats. Use this opportunity to reinforce many of the basics, such as your policy regarding disclosure of account information and Personal Identification Number (PIN). Various forms of phishing attacks often accompany breaches, so this can also be a topic to consider in terms of cardholder education. 

“Having the ability to communicate effectively and quickly with your cardholders is invaluable,” says Lillard. “Financial institutions should be diligent in their efforts in communicating with their customers about fraud. Breaches appear to be a topic that we will continue to fight at an industry level, and educating your cardholders is a valuable component in reducing anxiety.”

Finally, financial institutions need to assess their fraud mitigation tools, systems and resources.

“Fraud attacks are escalating and becoming increasingly more sophisticated,” he adds. “Financial institutions are encouraged to seize this opportunity to plan and prepare their organization for practice.”