Tuesday, May 14, 2013

Changes to VISA Debit Cards

Unfortunately many of our members using VISA Debit Cards are all too familiar with recent merchant data breaches over the past few years that have resulted in unauthorized activity on some member accounts. So far in 2013 the credit union has seen card fraud losses of over $35,000 on fraudulent transactions resulting from data breaches taking place with merchants. Neither the credit union nor the members have done anything wrong with these well publicized data breaches. Zaxby’s and Mapco Express are the most recent well publicized merchants involved with data theft of cards used at their establishments.

Members are not responsible for unauthorized charges on their accounts. That leaves the credit union to cover the losses associated with these data breaches and the counterfeit card activity that comes afterwards. To reduce the losses being realized by North Alabama Educators Credit Union, the following data changes are being made to VISA Debit Card operating rules for members when they utilize their cards. (Please note that all card issuers have similar operating rules in place);

A daily max limit of $3,000 for purchases will be in effect for VISA Debit Cards. If members know that they will have purchases that will exceed this daily amount they can call or visit one of our branch offices to request a temporary purchase limit increase for that day. Members could also write a check for larger purchase amounts if accepted by the merchant.

An hourly number of individual VISA Debit Card purchases will be limited to no more than 7 transactions per hour. Scammers and stolen card thieves hit hard and quickly when using someone else’s card. Our Fraud Monitoring Service constantly monitors VISA Debit Card transactions and scores them according to a risk score created by where and how the card is being used. Purchasing multiple gift cards with stolen cards is becoming more commonplace among card thieves. Once a card is declined, card thieves move on to another card.

The Credit Union is also pursuing more aggressive live fraud monitoring options that could decline a fraudulent transaction BEFORE it occurs. Denying transactions live before they receive an authorization is a balancing act between actual risk and perceived risk. Members these days can wake up in Huntsville, Alabama and be anywhere else in the country later that same day. It is very important that the credit union have accurate cell phone and other contact phone numbers to contact members when a card transaction is deemed to be suspicious. Our Fraud Monitoring Team will never call and ask for your personal information but will instead ask you about specific card activity taking place on your card to verify if they are valid or not.

We regret having to make these operational changes with regards to VISA Debit Cards. Consumers have grown very accustomed to using VISA Debit Cards like cash. Unfortunately the thieves have also grown fond of VISA Debit Cards. Since North Alabama Educators Credit Union is ultimately responsible for all unauthorized card activity, we have no choice but to take appropriate steps to reduce the card losses that affect the entire credit union membership.

Friday, May 10, 2013

$45 Million Cyber Bank Heist

It has been reported throughout many news outlets this week about the big cyber theft ring that was able to steal $45 Million in CASH from ATM's throughout the world across 26 countries. You read a headline like that and wonder "How can that happen?".

Unlike some of the other merchant data breaches that all financial institutions have seen over the years, this theft did not impact any individual consumer accounts. These cyber thieves were able to hack into the databases of prepaid debit cards and eliminate the normal daily cash limits and ATM limits. These cyber thieves produced their own cards and PIN numbers based upon card numbers registered within the databases. 

The first wave of worldwide ATM cash outs netted $5 Million in roughly 4,500 ATM transactions across 20 countries.

The second wave of attacks produced some 36,000 transactions in the span of 10 hours, withdrawing $40 Million from ATM's in 24 countries. 

These ATM's would be totally depleted of money. Once an ATM was empty of cash they would move on to the next ATM. It is amazing to think of the sheer logistics of having that many people hitting individual ATM's within a short period of time and over multiple countries. 

A few arrests were made in the New York area but that group only represented a local cell that had stolen $2.4 million in the New York area. It should be noted that all of the banks involved which suffered losses were foreign banks based in the Middle East. 

This was a huge story in the financial world this week. Additional security measures and monitoring will no doubt be upgraded throughout the world following this theft. I would also anticipate individual ATM owners imposing daily amounts for non-customers to avoid this situation where one person would perform one cash withdrawal after another until the ATM was empty.